Merge tag 'efi-2022-04-rc1-3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc1-3

Documentation:

* update Nokia RX-51 documentation and move it to rst
* describe boot switch settings for HiFive Unmatched board

UEFI:

* fix the checking of images hashes and signatures
* provide the RISCV_EFI_BOOT_PROTOCOL

3 files changed, 44 insertions, 1 deletions

diff --git a/include/efi_api.h b/include/efi_api.h
index 8d5d835bd0..982c200172 100644
--- a/include/efi_api.h
+++ b/include/efi_api.h
@@ -438,6 +438,10 @@ struct efi_runtime_services {
 	EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, \
 		 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
 
+#define RISCV_EFI_BOOT_PROTOCOL_GUID \
+	EFI_GUID(0xccd15fec, 0x6f73, 0x4eec, 0x83, \
+		 0x95, 0x3e, 0x69, 0xe4, 0xb9, 0x40, 0xbf)
+
 /**
  * struct efi_configuration_table - EFI Configuration Table
  *
@@ -1845,9 +1849,21 @@ struct efi_system_resource_table {
 #define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX 0x00004000
 
 /* Certificate types in signature database */
+#define EFI_CERT_SHA1_GUID \
+	EFI_GUID(0x826ca512, 0xcf10, 0x4ac9, 0xb1, 0x87, \
+		 0xbe, 0x01, 0x49, 0x66, 0x31, 0xbd)
+#define EFI_CERT_SHA224_GUID \
+	EFI_GUID(0xb6e5233, 0xa65c, 0x44c9, 0x94, 0x07, \
+		 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd)
 #define EFI_CERT_SHA256_GUID \
 	EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, \
 		 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
+#define EFI_CERT_SHA384_GUID \
+	EFI_GUID(0xff3e5307, 0x9fd0, 0x48c9, 0x85, 0xf1, \
+		 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x01)
+#define EFI_CERT_SHA512_GUID \
+	EFI_GUID(0x93e0fae, 0xa6c4, 0x4f50, 0x9f, 0x1b, \
+		 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a)
 #define EFI_CERT_RSA2048_GUID \
 	EFI_GUID(0x3c5766e8, 0x269c, 0x4e34, 0xaa, 0x14, \
 		 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 701efcd2b6..4e50f2d0c3 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -527,6 +527,8 @@ efi_status_t efi_disk_register(void);
 efi_status_t efi_rng_register(void);
 /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */
 efi_status_t efi_tcg2_register(void);
+/* Called by efi_init_obj_list() to install RISCV_EFI_BOOT_PROTOCOL */
+efi_status_t efi_riscv_register(void);
 /* Called by efi_init_obj_list() to do initial measurement */
 efi_status_t efi_tcg2_do_initial_measurement(void);
 /* measure the pe-coff image, extend PCR and add Event Log */
@@ -910,7 +912,8 @@ struct x509_certificate;
 struct pkcs7_message;
 
 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
-				 struct efi_signature_store *db);
+				 struct efi_signature_store *db,
+				 bool dbx);
 bool efi_signature_verify(struct efi_image_regions *regs,
 			  struct pkcs7_message *msg,
 			  struct efi_signature_store *db,
diff --git a/include/efi_riscv.h b/include/efi_riscv.h
new file mode 100644
index 0000000000..4bd39c4366
--- /dev/null
+++ b/include/efi_riscv.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * RISCV_EFI_BOOT_PROTOCOL
+ *
+ * Copyright (c) 2022 Ventana Micro Systems Inc
+ */
+
+#include <efi_api.h>
+
+#define RISCV_EFI_BOOT_PROTOCOL_REVISION 0x00010000
+
+/**
+ * struct riscv_efi_boot_protocol - RISCV_EFI_BOOT_PROTOCOL
+ * @revision:		Version of the protocol implemented
+ * @get_boot_hartid:	Get the boot hart ID
+ */
+struct riscv_efi_boot_protocol {
+	u64 revision;
+
+	efi_status_t (EFIAPI * get_boot_hartid) (struct riscv_efi_boot_protocol *this,
+						 efi_uintn_t *boot_hartid);
+};
+
+extern struct riscv_efi_boot_protocol riscv_efi_boot_prot;