summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)AuthorFilesLines
2022-06-06zlib: Port fix for CVE-2018-25032 to U-BootTom Rini3-65/+74
While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow deflatePrime() to insert bits in the middle of a stream.") we do have Z_FIXED support, and so the majority of the code changes in 5c44459c3b28 ("Fix a bug that can crash deflate on some input when using Z_FIXED.") apply here directly and cleanly. As this has been assigned a CVE, lets go and apply these changes. Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2022-06-04efi: test/py: authenticate fit capsulesVincent Stehlé1-42/+73
Add support for the authentication of UEFI capsules containing FIT images. The authentication code is moved out of the function handling raw images into a new function efi_firmware_capsule_authenticate(). The special case for the FMP header coming from edk2 tools is preserved. There is no functional change for capsules containing raw images. The python test for signed capsules with raw images is renamed with no functional change and a new test is added for signed capsules containing FIT images. This can be tested with sandbox64_defconfig or sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y. Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-06-04EFI: Populate descriptor_count value only when image_info_size is not zeroSughosh Ganu1-3/+2
The GetImageInfo function of the Firmware Mangement Protocol(FMP) gets called initially to query the size of the image descriptor array that would have to be allocated. During this call, the rest of the function arguments, specifically pointers might be passed as NULL. Do not populate the descriptor_count value before it is known that the call to GetImageInfo has been made with the allocated buffer for the image descriptors. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28efi: fix documentation warningsVincent Stehlé1-5/+5
This fixes the following warnings: ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version' not described in 'efi_firmware_fit_get_image_info' ./lib/efi_loader/efi_firmware.c:283: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_fit_get_image_info' ./lib/efi_loader/efi_firmware.c:369: warning: bad line: firmware image ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version' not described in 'efi_firmware_raw_get_image_info' ./lib/efi_loader/efi_firmware.c:395: warning: Function parameter or member 'package_version_name' not described in 'efi_firmware_raw_get_image_info' Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28efi_loader: bootmgr: fix a problem in loading an image from a short-pathAKASHI Takahiro1-4/+103
Booting from a short-form device path which starts with the first element being a File Path Media Device Path failed because it doesn't contain any valid device with simple file system protocol and efi_dp_find_obj() in efi_load_image_from_path() will return NULL. For instance, /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/Scsi(0,0)/\helloworld.efi -> shortened version: /\helloworld.efi With this patch applied, all the media devices with simple file system protocol are enumerated and the boot manager attempts to boot temporarily generated device paths one-by-one. This new implementation is still a bit incompatible with the UEFI specification in terms of: * not creating real boot options * not try "If a device does not support the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, but supports the EFI_BLOCK_IO_PROTOCOL protocol, then the EFI Boot Service ConnectController must be called for this device with DriverImageHandle and RemainingDevicePath set to NULL and the Recursive flag is set to TRUE." (See section 3.1.2 "Load Option Processing".) But it still gives us a closer and better solution than the current. Fixes: commit 9cdf470274ff ("efi_loader: support booting via short-form device-path") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-28efi_loader: disk: add efi_disk_is_removable()AKASHI Takahiro1-0/+27
This helper function will be used to determine if the device is removable media, initially for handling a short-path loading. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2022-05-07efi_loader: add sha384/512 on certificate revocationIlias Apalodimas2-23/+119
Currently we don't support sha384/512 for the X.509 certificate in dbx. Moreover if we come across such a hash we skip the check and approve the image, although the image might needs to be rejected. Rework the code a bit and fix it by adding an array of structs with the supported GUIDs, len and literal used in the U-Boot crypto APIs instead of hardcoding the GUID types. It's worth noting here that efi_hash_regions() can now be reused from efi_signature_lookup_digest() and add sha348/512 support there as well Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-05-07efi_loader: Select EVENT as wellJan Kiszka1-0/+1
Fixes WARNING: unmet direct dependencies detected for EVENT_DYNAMIC Depends on [n]: EVENT [=n] Selected by [y]: - EFI_LOADER [=y] && OF_LIBFDT [=y] && ... and the succeeding build breakage. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-05lib/date: Make rtc_mktime and mktime64 Y2038-readyJan Kiszka1-8/+5
We currently overflow due to wrong types used internally in rtc_mktime, on all platforms, and we return a too small type on 32-bit. One consumer that directly benefits from this is mktime64. Many others may still store the result in a wrong type. While at it, drop the redundant cast of mon in rtc_mktime (obsoleted by 714209832db1). Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-05-03efi_loader: bootmgr: add booting from removable mediaAKASHI Takahiro1-1/+50
Under the current implementation, booting from removable media using a architecture-specific default image name, say BOOTAA64.EFI, is supported only in distro_bootcmd script. See the commit 74522c898b35 ("efi_loader: Add distro boot script for removable media"). This is, however, half-baked implementation because 1) UEFI specification requires this feature to be implemented as part of Boot Manager's responsibility: 3 - Boot Manager 3.5.1 Boot via the Simple File Protocol When booting via the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL, the FilePath will start with a device path that points to the device that implements the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL or the EFI_BLOCK_IO_PROTOCOL. The next part of the FilePath may point to the file name, including subdirectories, which contain the bootable image. If the file name is a null device path, the file name must be generated from the rules defined below. ... 3.5.1.1 Removable Media Boot Behavior To generate a file name when none is present in the FilePath, the firmware must append a default file name in the form \EFI\BOOT\BOOT{machine type short-name}.EFI ... 2) So (1) entails the hehavior that the user's preference of boot media order should be determined by Boot#### and BootOrder variables. With this patch, the semantics mentioned above is fully implemented. For example, if you want to boot the system from USB and SCSI in this order, * define Boot0001 which contains only a device path to the USB device (without any file path/name) * define Boot0002 which contains only a device path to the SCSI device, and * set BootOrder to Boot0001:Boot0002 To avoid build error for sandbox, default file name "BOOTSANDBOX.efi" is defined even if it is out of scope of UEFI specification. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> On sandbox use binary name corresponding to host architecture. Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03efi_loader: export efi_locate_device_handle()AKASHI Takahiro1-4/+3
This function will be used in the next commit where some behavior of EFI boot manager will be expanded. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03lib/charset: add u16_strlcat() functionMasahisa Kojima1-0/+16
Provide u16 string version of strlcat(). Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03lib: fix selection of CONFIG_CHARSETHeinrich Schuchardt3-5/+2
lib/charset.c is not optional for EFI_APP || EFI_LOADER || UFS || UT_UNICODE. These must select CONFIG_CHARSET. Fixes: 726cd9836db0 ("efi: Make unicode printf available to the app") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03efi_selftest: error handling in efi_selftest_tcg2Heinrich Schuchardt1-2/+6
If memory allocation fails, write an error message. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03efi_selftest: clean up unaligned unit testHeinrich Schuchardt1-5/+4
* fix typo %s/give/given/ * don't use void * in pointer arithmetic Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03efi_selftest: buildefi_selftest_unaligned.cHeinrich Schuchardt1-1/+3
The unit test has not been built since CPU_V7 was rename CPU_V7A. Fixes: acf1500138bb ("arm: v7: Kconfig: Rename CPU_V7 as CPU_V7A") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-03efi_loader: reset colors before clearing screenHeinrich Schuchardt1-2/+2
When resetting the text console the colors have to be set before clearing the screen. Otherwise the background color may be wrong. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-05-02vpl: Add Kconfig options for VPLSimon Glass1-0/+62
Add VPL versions of commonly used Kconfig options. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-29efi_loader: disk: allow blk devices even without UCLASS_PARTITIONAKASHI Takahiro1-14/+15
While GPT partition is mandated in UEFI specification, CONFIG_PARTITION is seen optional under the current implementation. So modify efi_disk_rw_blocks() to allow accepting UCLASS_BLK devices. Fixes: commit d97e98c887ed ("efi_loader: disk: use udevice instead of blk_desc") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Mark Kettenis <kettenis@openbsd.org>
2022-04-29efi_loader: simplify efi_add_conventional_memory_map()Heinrich Schuchardt1-1/+1
Remove redundant constraint. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29efi_loader: simplify try_load_entry()Heinrich Schuchardt1-6/+2
Use function efi_create_indexed_name() to create the BootXXXX variable name. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29efi: fix devpath_is_partition()Heinrich Schuchardt1-1/+1
If the path consists only of an end node, it does not refer to a partition. Avoid returning a random value from the stack in this case. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-29efi_loader: don't call log with __func__ as parameterHeinrich Schuchardt1-4/+3
The log functions print file name, line number, and function name if selected via the log command or customizing. Don't print the function name twice. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-25nds32: Remove the architectureTom Rini2-8/+1
As removal of nds32 has been ack'd for the Linux kernel, remove support here as well. Cc: Rick Chen <rick@andestech.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Rick Chen <rick@andestech.com>
2022-04-25Merge branch '2022-04-25-initial-implementation-of-stdboot'Tom Rini1-6/+17
To quote the author: The bootflow feature provide a built-in way for U-Boot to automatically boot an Operating System without custom scripting and other customisation. This is called 'standard boot' since it provides a standard way for U-Boot to boot a distro, without scripting. It introduces the following concepts: - bootdev - a device which can hold a distro - bootmeth - a method to scan a bootdev to find bootflows (owned by U-Boot) - bootflow - a description of how to boot (owned by the distro) This series provides an implementation of these, enabled to scan for bootflows from MMC, USB and Ethernet. It supports the existing distro boot as well as the EFI loader flow (bootefi/bootmgr). It works similiarly to the existing script-based approach, but is native to U-Boot. With this we can boot on a Raspberry Pi 3 with just one command: bootflow scan -lb which means to scan, listing (-l) each bootflow and trying to boot each one (-b). The final patch shows this. With a standard way to identify boot devices, booting become easier. It also should be possible to support U-Boot scripts, for backwards compatibility only. ... The design is described in these two documents: https://drive.google.com/file/d/1ggW0KJpUOR__vBkj3l61L2dav4ZkNC12/view?usp=sharing https://drive.google.com/file/d/1kTrflO9vvGlKp-ZH_jlgb9TY3WYG6FF9/view?usp=sharing
2022-04-25lib: Add a way to find the postiion of a trailing numberSimon Glass1-2/+12
At present it is not possible to find out which part of the string is the number part and which is before it. Add a new variant which provides this feature, so we can separate the two in the caller. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-25lib: Fix a few bugs in trailing_strtoln()Simon Glass1-5/+6
At present this has a minor bug in that it reads the byte before the start of the string, if it is empty. Also it doesn't handle a non-numeric prefix which is only one character long. Fix these bugs with a reworked implementation. Add a test for the second case. The first one is hard to test. Signed-off-by: Simon Glass <sjg@chromium.org>
2022-04-23Merge tag 'efi-2022-07-rc1-3' of ↵Tom Rini6-119/+314
https://source.denx.de/u-boot/custodians/u-boot-efi Pull request for efi-2022-07-rc1-3 Documentation: * Document image size parameter of bootefi command UEFI: * avoid building partition support in SPL/TPL where not required * improve integration of EFI subsystem and driver model * restore ability to boot arbitrary blob
2022-04-23efi_loader: disk: use udevice instead of blk_descAKASHI Takahiro1-6/+16
In most of all cases, we can avoid using blk_desc which is expected to be private to udevice(UCLASS_BLK), that is, the data should not be manipulated outside the device driver unless really needed. Now efi_disk's internally use dev_read/write() interfaces if CONFIG_PARTITIONS is enabled. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23efi_loader: disk: not delete BLK device for BLK(IF_TYPE_EFI_LOADER) devicesAKASHI Takahiro1-2/+6
When we create an efi_disk device with an UEFI application using driver binding protocol, the 'efi_driver' framework tries to create a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to calling a PROBE callback, efi_disk_probe(). In this case, however, we don't need to create another "efi_disk" device as we already have this device instance. So we should avoid recursively invoke further processing in the callback function. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23efi_loader: disk: a helper function to delete efi_disk objectsAKASHI Takahiro1-0/+88
This function is expected to be called, in particular from dm's pre_remove hook, when associated block devices no longer exist. Add efi_disk_remove() function. This function removes an efi_disk object for a raw disk device (UCLASS_BLK) and related objects for its partitions (UCLASS_PARTITION). So this function is expected to be called through driver model's "remove" interface every time a raw disk device is to be disconnected. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23efi_loader: disk: not create BLK device for BLK(IF_TYPE_EFI_LOADER) devicesAKASHI Takahiro1-3/+11
When we create an efi_disk device with an UEFI application using driver binding protocol, the 'efi_driver' framework tries to create a corresponding block device(UCLASS_BLK/IF_TYPE_EFI). This will lead to calling a PROBE callback, efi_disk_probe(). In this case, however, we don't need to create another "efi_disk" device as we already have this device instance. So we should avoid recursively invoke further processing in the callback function. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-23efi_loader: disk: a helper function to create efi_disk objects from udeviceAKASHI Takahiro4-101/+141
Add efi_disk_probe() function. This function creates an efi_disk object for a raw disk device (UCLASS_BLK) and additional objects for related partitions (UCLASS_PARTITION). So this function is expected to be called through driver model's "probe" interface every time one raw disk device is detected and activated. We assume that partition devices (UCLASS_PARTITION) have been created when this function is invoked. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23efi_loader: split efi_init_obj_list() into two stagesAKASHI Takahiro1-9/+49
In the next commit, CONFIG_EFI_SETUP_EARLY will become mandated in order to support dynamic enumeration of efi_disk objects. This can, however, be problematic particularly in case of file-based variable storage (efi_variable.c, default). Non-volatile variables are to be restored from EFI system partition by efi_init_variables() in efi_init_obj_list(). When efi_init_obj_list() is called in board_init_r(), we don't know yet what disk devices we have since none of device probing commands (say, scsi rescan) has not been executed at that stage. So in this commit, a preparatory change is made; efi_init_obj_list() is broken into the two functions; * efi_init_early(), and * new efi_init_obj_list() Only efi_init_early() will be called in board_init_r(), which allows us to execute any of device probing commands, either though "preboot" variable or normal command line, before calling efi_init_obj_list() which is to be invoked at the first execution of an efi-related command (or at efi_launch_capsules()) as used to be. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23efi_loader: disk: compile efi_disk when CONFIG_BLKAKASHI Takahiro1-1/+1
Now we can build efi_loader with block device support (CONFIG_BLK) and without CONFIG_PARTITIONS. So change Makefile. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
2022-04-23efi_loader: PARTITION_UUIDS should be optionalAKASHI Takahiro2-3/+8
In the current implementation, partition table support (either GPT or DOS) is not mandatory. So CONFIG_PARTITION_UUIDS should not be enabled (selected) unconditionally. Fixes: commit 17f8cda505e3 ("efi_loader: set partition GUID in device path for SIG_TYPE_GUID") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-22fdt: Fix TPL SEPARATE_BSS check when locating DTBAndrew Abbott1-1/+1
Commit 690af71850149bf242502f688eca80fb302d1f76 changed this condition from an explicit IS_ENABLED(CONFIG_SPL_SEPARATE_BSS) to CONFIG_IS_ENABLED(SEPARATE_BSS) The documentation for CONFIG_IS_ENABLED() in include/linux/kconfig.h implies that we will get the correct behaviour, but the actual behaviour differs such that this condition is now always false. This stopped TPL being able to load the device tree blob at least on the ROCKPro64 board (RK3399 SoC), since the wrong device tree location was chosen. The issues causing this behaviour with CONFIG_IS_ENABLED() are: 1. The documentation implies that CONFIG_SPL_BUILD => CONFIG_SPL_<option> is considered before the TPL equivalent. Actually, the TPL options have higher priority - see definition of _CONFIG_PREFIX. 2. The documentation implies a fallthrough, eg. if CONFIG_SPL_BUILD is defined but the CONFIG_SPL_<option> is not, then it will proceed to check if CONFIG_TPL_BUILD Actually, if CONFIG_TPL_BUILD is defined, then it stops there and CONFIG_SPL_BUILD is not considered - see definition of _CONFIG_PREFIX. During TPL build, at least for the ROCKPro64, both CONFIG_TPL_BUILD and CONFIG_SPL_BUILD are defined, but because of the above, only TPL options are considered. Since there is no CONFIG_TPL_SEPARATE_BSS, this fails. Fixes: 690af71850 ("fdt: Correct condition for SEPARATE_BSS") Signed-off-by: Andrew Abbott <andrew@mirx.dev>
2022-04-21crc16: Move standard CRC-16 implementation from ubifs to libPali Rohár2-0/+61
This implementation provides standard CRC-16 algorithm with polynomial x^16 + x^15 + x^2 + 1. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-21crc16-ccitt: Rename file with CRC-16-CCITT implementation to crc16-ccitt.cPali Rohár2-5/+5
U-Boot CRC-16 implementation uses polynomial x^16 + x^12 + x^5 + 1 which is not standard CRC-16 algorithm, but it is known as CRC-16-CCITT. Rename file crc16.c to crc16-ccitt.c to reduce confusion. Signed-off-by: Pali Rohár <pali@kernel.org> Reviewed-by: Stefan Roese <sr@denx.de>
2022-04-15efi_loader: simplify efi_serialize_load_option()Heinrich Schuchardt1-1/+1
Use u16_strsize(). Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15efi_loader: EFI_HII_STRING_PROTOCOL.GetString()Heinrich Schuchardt1-1/+1
Use u16_strsize(). Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15lib: simplify u16_strdup()Heinrich Schuchardt1-1/+1
Use u16_strsize() instead of duplicating it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15lib: convert u16_strlen() into a macroHeinrich Schuchardt1-12/+0
The function u16_strlen() can be implemented as call to u16_strnlen(). Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2022-04-15FMP: Remove GUIDs for FIT and raw imagesSughosh Ganu1-4/+0
The capsule update code has been modified for getting the image GUID values from the platform code. With this, each image now has a unique GUID value. With this change, there is no longer a need for defining GUIDs for FIT and raw images. Remove these GUID values. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
2022-04-15efi: Define set_dfu_alt_info() for boards with UEFI capsule update enabledSughosh Ganu2-0/+7
Currently, there are a bunch of boards which enable the UEFI capsule update feature. The actual update of the firmware images is done through the dfu framework which uses the dfu_alt_info environment variable for getting information on the update, like device, partition number/address etc. The dfu framework allows the variable to be set through the set_dfu_alt_info function defined by the platform, or if the function is not defined, it gets the variable from the environment. Using the value set in the environment is not very robust, since the variable can be modified from the u-boot command line and this can cause an incorrect update. To prevent this from happening, define the set_dfu_alt_info function when the capsule update feature is enabled. A weak function is defined which sets the dfu_alt_info environment variable by getting the string for the variable from the platform. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-15capsule: Put a check for image index before the updateSughosh Ganu1-3/+5
The current capsule update code compares the image GUID value in the capsule header with the image GUID value obtained from the GetImageInfo function of the Firmware Management Protocol(FMP). This comparison is done to ascertain if the FMP's SetImage function can be called for the update. Make this checking more robust by comparing the image_index value passed through the capsule with that returned by the FMP's GetImageInfo function. This protects against the scenario of the firmware being updated in a wrong partition/location on the storage device if an incorrect value has been passed through the capsule, since the image_index is used to determine the location of the update on the storage device. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-15capsule: FMP: Populate the image descriptor array from platform dataSughosh Ganu1-69/+29
Currently, the image descriptor array that has been passed to the GetImageInfo function of the Firmware Management Protocol(FMP) gets populated through the data stored with the dfu framework. The dfu data is not restricted to contain information only of the images updatable through the capsule update mechanism, but it also contains information on other images. The image descriptor array is also parsed by the ESRT generation code, and thus the ESRT table contains entries for other images that are not being handled by the FMP for the capsule updates. Fix this by populating the image descriptor array from the structure initialised in the board file. The other issue fixed is assignment of a separate GUID for all images in the image descriptor array. The UEFI specification mandates that all entries in the ESRT table should have a unique GUID value as part of the FwClass member of the EFI_SYSTEM_RESOURCE_ENTRY. Currently, all images are assigned a single GUID value, either an FIT GUID or a raw image GUID. This is fixed by obtaining the GUID values from the efi_fw_images array defined per platform. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
2022-04-11lib/crypto: support sha384/sha512 in x509/pkcs7Dhananjay Phadke2-0/+8
Set digest_size SHA384 and SHA512 algorithms in pkcs7 and x509, (not set by ported linux code, but needed by __UBOOT__ part). EFI_CAPSULE_AUTHENTICATE doesn't select these algos but required for correctness if certificates contain sha384WithRSAEncryption or sha512WithRSAEncryption OIDs. Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-04-11lib: rsa: Update function padding_pss_verify (any-salt)SESA6444251-8/+11
Modify function to support any salt length instead of max length only. Function now detects salt length by parsing the content of db buffer. Note that it works with (but is not limited to) zero-length, digest-length and max-length Signed-off-by: SESA644425 <gioja.hermann@non.se.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2022-04-11lib: rsa: Leverage existing data buffer instead of systematic copySESA6444251-19/+18
Prior to introduction of modifications in rsassa_pss functions related to padding verification, doing a pass to reduce memory consumption of function by replacing memory copies of parts of const buffer by pointers to the original buffer (masked_db and h are subparts of msg buffer which is declared const, salt is a subpart of db which is a working buffer, unmodified after being filled). New pointers scope is limited to the function where they are declared (not returned to caller by any mean), zeroing risk of memory fault related to the change. Signed-off-by: SESA644425 <gioja.hermann@non.se.com> Reviewed-by: Simon Glass <sjg@chromium.org>