From b9f217a4cbe8c808a34f824503d15996a7f8be13 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 8 Jul 2020 07:48:06 +0200 Subject: lib/crypto: use qualified path for x509_parser.h Use the path relative to /include for x509_parser.h in pkcs7_parser.h. Signed-off-by: Heinrich Schuchardt --- include/crypto/pkcs7_parser.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/crypto/pkcs7_parser.h b/include/crypto/pkcs7_parser.h index b8234da45a..906033a90e 100644 --- a/include/crypto/pkcs7_parser.h +++ b/include/crypto/pkcs7_parser.h @@ -10,7 +10,7 @@ #include #include -#include "x509_parser.h" +#include #define kenter(FMT, ...) \ pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__) -- cgit v1.2.3 From 11bafb259648dea054e07dc5c8003eb8c736f36c Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Wed, 8 Jul 2020 14:01:56 +0900 Subject: efi_loader: image_loader: verification for all signatures should pass A signed image may have multiple signatures in - each WIN_CERTIFICATE in authenticode, and/or - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE) In the initial implementation of efi_image_authenticate(), the criteria of verification check for multiple signatures case is a bit ambiguous and it may cause inconsistent result. With this patch, we will make sure that verification check in efi_image_authenticate() should pass against all the signatures. The only exception would be - the case where a digest algorithm used in signature is not supported by U-Boot, or - the case where parsing some portion of authenticode has failed In those cases, we don't know how the signature be handled and should just ignore them. Please note that, due to this change, efi_signature_verify_with_sigdb()'s function prototype will be modified, taking "dbx" as well as "db" instead of outputing a "certificate." If "dbx" is null, the behavior would be the exact same as before. The function's name will be changed to efi_signature_verify() once current efi_signature_verify() has gone due to further improvement in intermediate certificates support. Signed-off-by: AKASHI Takahiro --- include/efi_loader.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index fc9344c742..2f9fb112b3 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -765,14 +765,15 @@ struct efi_signature_store { struct x509_certificate; struct pkcs7_message; -bool efi_signature_verify_cert(struct x509_certificate *cert, - struct efi_signature_store *dbx); -bool efi_signature_verify_signers(struct pkcs7_message *msg, - struct efi_signature_store *dbx); +bool efi_signature_verify_one(struct efi_image_regions *regs, + struct pkcs7_message *msg, + struct efi_signature_store *db); bool efi_signature_verify_with_sigdb(struct efi_image_regions *regs, struct pkcs7_message *msg, - struct efi_signature_store *db, - struct x509_certificate **cert); + struct efi_signature_store *db, + struct efi_signature_store *dbx); +bool efi_signature_check_signers(struct pkcs7_message *msg, + struct efi_signature_store *dbx); efi_status_t efi_image_region_add(struct efi_image_regions *regs, const void *start, const void *end, -- cgit v1.2.3 From 7926dfb579cb17efc62ede2ce6d5c0a6f7e2f855 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Wed, 8 Jul 2020 14:01:57 +0900 Subject: efi_loader: image_loader: add digest-based verification for signed image In case that a type of certificate in "db" or "dbx" is EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains a public key for RSA decryption, but a digest of image to be loaded. If the value matches to a value calculated from a given binary image, it is granted for loading. With this patch, common digest check code, which used to be used for unsigned image verification, will be extracted from efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and extra step for digest check will be added to efi_image_authenticate(). Signed-off-by: AKASHI Takahiro --- include/efi_loader.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index 2f9fb112b3..ceabbaadd0 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -765,6 +765,8 @@ struct efi_signature_store { struct x509_certificate; struct pkcs7_message; +bool efi_signature_lookup_digest(struct efi_image_regions *regs, + struct efi_signature_store *db); bool efi_signature_verify_one(struct efi_image_regions *regs, struct pkcs7_message *msg, struct efi_signature_store *db); -- cgit v1.2.3 From 491bfe86062464b892386e8c8dfe0069975ecedc Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Tue, 16 Jun 2020 14:26:48 +0900 Subject: lib: rsa: export rsa_verify_with_pkey() This function will be used to implement public_key_verify_signature() in a later patch. rsa_verify() is not suitable here because calculation of message digest is not necessary. Signed-off-by: AKASHI Takahiro Reviewed-by: Heinrich Schuchardt --- include/u-boot/rsa.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index a0bae495f0..bed1c097c2 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -112,6 +112,9 @@ int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); +int rsa_verify_with_pkey(struct image_sign_info *info, + const void *hash, uint8_t *sig, uint sig_len); + int padding_pkcs_15_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -- cgit v1.2.3 From f2d2b3a11ce18663ea95c29eb2c609efd77b7999 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 22 Jun 2020 18:10:27 +0200 Subject: efi_loader: prepare for read only OP-TEE variables We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 include/efi_variable.h (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h new file mode 100644 index 0000000000..6789118eba --- /dev/null +++ b/include/efi_variable.h @@ -0,0 +1,43 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2020, Heinrich Schuchardt + */ + +#ifndef _EFI_VARIABLE_H +#define _EFI_VARIABLE_H + +#include + +#define EFI_VARIABLE_READ_ONLY BIT(31) + +/** + * efi_get_variable() - retrieve value of a UEFI variable + * + * @variable_name: name of the variable + * @vendor: vendor GUID + * @attributes: attributes of the variable + * @data_size: size of the buffer to which the variable value is copied + * @data: buffer to which the variable value is copied + * @timep: authentication time (seconds since start of epoch) + * Return: status code + */ +efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, + u32 *attributes, efi_uintn_t *data_size, + void *data, u64 *timep); + +/** + * efi_set_variable() - set value of a UEFI variable + * + * @variable_name: name of the variable + * @vendor: vendor GUID + * @attributes: attributes of the variable + * @data_size: size of the buffer with the variable value + * @data: buffer with the variable value + * @ro_check: check the read only read only bit in attributes + * Return: status code + */ +efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, + u32 attributes, efi_uintn_t data_size, + const void *data, bool ro_check); + +#endif -- cgit v1.2.3 From 01df8cf33634a36566281af475cc520c3febad4d Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Fri, 26 Jun 2020 17:57:48 +0200 Subject: efi_loader: separate UEFI variable API from implemementation Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h index 6789118eba..3ba274fce1 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -40,4 +40,43 @@ efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, u32 attributes, efi_uintn_t data_size, const void *data, bool ro_check); +/** + * efi_get_next_variable_name_int() - enumerate the current variable names + * + * @variable_name_size: size of variable_name buffer in byte + * @variable_name: name of uefi variable's name in u16 + * @vendor: vendor's guid + * + * See the Unified Extensible Firmware Interface (UEFI) specification for + * details. + * + * Return: status code + */ +efi_status_t efi_get_next_variable_name_int(efi_uintn_t *variable_name_size, + u16 *variable_name, + efi_guid_t *vendor); + +/** + * efi_query_variable_info_int() - get information about EFI variables + * + * This function implements the QueryVariableInfo() runtime service. + * + * See the Unified Extensible Firmware Interface (UEFI) specification for + * details. + * + * @attributes: bitmask to select variables to be + * queried + * @maximum_variable_storage_size: maximum size of storage area for the + * selected variable types + * @remaining_variable_storage_size: remaining size of storage are for the + * selected variable types + * @maximum_variable_size: maximum size of a variable of the + * selected type + * Returns: status code + */ +efi_status_t efi_query_variable_info_int(u32 attributes, + u64 *maximum_variable_storage_size, + u64 *remaining_variable_storage_size, + u64 *maximum_variable_size); + #endif -- cgit v1.2.3 From 5f7dcf079de8caa5ef9c332c928bd6a3c3d12335 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 19 Mar 2020 18:21:58 +0000 Subject: efi_loader: UEFI variable persistence Persist non-volatile UEFI variables in a file on the EFI system partition. The file is written whenever a non-volatile UEFI variable is changed after initialization of the UEFI sub-system. The file is read during the UEFI sub-system initialization to restore non-volatile UEFI variables. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h index 3ba274fce1..01054209c4 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -79,4 +79,66 @@ efi_status_t efi_query_variable_info_int(u32 attributes, u64 *remaining_variable_storage_size, u64 *maximum_variable_size); +#define EFI_VAR_FILE_NAME "ubootefi.var" + +#define EFI_VAR_BUF_SIZE 0x4000 + +#define EFI_VAR_FILE_MAGIC 0x0161566966456255 /* UbEfiVa, version 1 */ + +/** + * struct efi_var_entry - UEFI variable file entry + * + * @length: length of enty, multiple of 8 + * @attr: variable attributes + * @time: authentication time (seconds since start of epoch) + * @guid: vendor GUID + * @name: UTF16 variable name + */ +struct efi_var_entry { + u32 length; + u32 attr; + u64 time; + efi_guid_t guid; + u16 name[]; +}; + +/** + * struct efi_var_file - file for storing UEFI variables + * + * @reserved: unused, may be overwritten by memory probing + * @magic: identifies file format + * @length: length including header + * @crc32: CRC32 without header + * @var: variables + */ +struct efi_var_file { + u64 reserved; + u64 magic; + u32 length; + u32 crc32; + struct efi_var_entry var[]; +}; + +/** + * efi_var_to_file() - save non-volatile variables as file + * + * File ubootefi.var is created on the EFI system partion. + * + * Return: status code + */ +efi_status_t efi_var_to_file(void); + +/** + * efi_var_from_file() - read variables from file + * + * File ubootefi.var is read from the EFI system partitions and the variables + * stored in the file are created. + * + * In case the file does not exist yet or a variable cannot be set EFI_SUCCESS + * is returned. + * + * Return: status code + */ +efi_status_t efi_var_from_file(void); + #endif -- cgit v1.2.3 From a44d2a23992ba70dfeefbad9c55249bfc6be9fbc Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 24 Mar 2020 18:05:22 +0100 Subject: efi_loader: export efi_convert_pointer() We need ConvertPointer() to adjust pointers when implementing runtime services within U-Boot. After ExitBootServices() gd is not available anymore. So we should not use EFI_ENTRY() and EFI_EXIT(). Signed-off-by: Heinrich Schuchardt --- include/efi_loader.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index ceabbaadd0..be6cede92f 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -397,6 +397,9 @@ efi_status_t efi_root_node_register(void); efi_status_t efi_initialize_system_table(void); /* efi_runtime_detach() - detach unimplemented runtime functions */ void efi_runtime_detach(void); +/* efi_convert_pointer() - convert pointer to virtual address */ +efi_status_t EFIAPI efi_convert_pointer(efi_uintn_t debug_disposition, + void **address); /* Called by bootefi to make console interface available */ efi_status_t efi_console_register(void); /* Called by bootefi to make all disk storage accessible as EFI objects */ -- cgit v1.2.3 From 724d28171e5bd239866cdf885a7b70c059ddd563 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Tue, 24 Mar 2020 17:52:40 +0100 Subject: efi_loader: optional pointer for ConvertPointer If the EFI_OPTIONAL_PTR is set in DebugDisposition, a NULL pointer does not constitute an invalid parameter. Signed-off-by: Heinrich Schuchardt --- include/efi_api.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/efi_api.h b/include/efi_api.h index 759d911875..5744f6aed8 100644 --- a/include/efi_api.h +++ b/include/efi_api.h @@ -251,6 +251,8 @@ struct efi_rt_properties_table { u32 runtime_services_supported; }; +#define EFI_OPTIONAL_PTR 0x00000001 + struct efi_runtime_services { struct efi_table_hdr hdr; efi_status_t (EFIAPI *get_time)(struct efi_time *time, -- cgit v1.2.3 From b0dd8cb4076ea178df93ad56be6636dcdb444c33 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 28 Jun 2020 16:30:29 +0200 Subject: efi_loader: new function efi_memcpy_runtime() Provide a memcpy() function that we can use at UEFI runtime. Signed-off-by: Heinrich Schuchardt --- include/efi_loader.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include') diff --git a/include/efi_loader.h b/include/efi_loader.h index be6cede92f..98944640be 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -792,6 +792,9 @@ bool efi_secure_boot_enabled(void); bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, WIN_CERTIFICATE **auth, size_t *auth_len); +/* runtime implementation of memcpy() */ +void efi_memcpy_runtime(void *dest, const void *src, size_t n); + #else /* CONFIG_IS_ENABLED(EFI_LOADER) */ /* Without CONFIG_EFI_LOADER we don't have a runtime section, stub it out */ -- cgit v1.2.3 From f1f990a8c9584b558bb1449dad3807858bbbcc49 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sun, 22 Mar 2020 09:07:50 +0100 Subject: efi_loader: memory buffer for variables Saving UEFI variable as encoded U-Boot environment variables does not allow support at runtime. Provide functions to manage a memory buffer with UEFI variables. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h index 01054209c4..bc5985cfdb 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -141,4 +141,58 @@ efi_status_t efi_var_to_file(void); */ efi_status_t efi_var_from_file(void); +/** + * efi_var_mem_init() - set-up variable list + * + * Return: status code + */ +efi_status_t efi_var_mem_init(void); + +/** + * efi_var_mem_find() - find a variable in the list + * + * @guid: GUID of the variable + * @name: name of the variable + * @next: on exit pointer to the next variable after the found one + * Return: found variable + */ +struct efi_var_entry *efi_var_mem_find(const efi_guid_t *guid, const u16 *name, + struct efi_var_entry **next); + +/** + * efi_var_mem_del() - delete a variable from the list of variables + * + * @var: variable to delete + */ +void efi_var_mem_del(struct efi_var_entry *var); + +/** + * efi_var_mem_ins() - append a variable to the list of variables + * + * The variable is appended without checking if a variable of the same name + * already exists. The two data buffers are concatenated. + * + * @variable_name: variable name + * @vendor: GUID + * @attributes: variable attributes + * @size1: size of the first data buffer + * @data1: first data buffer + * @size2: size of the second data field + * @data2: second data buffer + * @time: time of authentication (as seconds since start of epoch) + * Result: status code + */ +efi_status_t efi_var_mem_ins(u16 *variable_name, + const efi_guid_t *vendor, u32 attributes, + const efi_uintn_t size1, const void *data1, + const efi_uintn_t size2, const void *data2, + const u64 time); + +/** + * efi_var_mem_free() - determine free memory for variables + * + * Return: maximum data size plus variable name size + */ +u64 efi_var_mem_free(void); + #endif -- cgit v1.2.3