Commit Graph

2457 Commits

Author SHA1 Message Date
Bin Meng
1621d3c434 lib: kconfig: Limit BINMAN_FDT for OF_SEPARATE or OF_EMBED
Generally speaking BINMAN_FDT makes sense for OF_SEPARATE or OF_EMBED.
For the other OF_CONTROL methods, it's quite possible binman node is
not available as binman is invoked during the build phase instead of
runtime. Let's only turn it on for OF_SEPARATE or OF_EMBED by default.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-19 17:01:50 +08:00
Masahisa Kojima
87316da05f lib: introduce HASH_CALCULATE option
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
48ee084602 efi_loader: Fix Kconfig for EFI_TCG2 protocol
EFI_TCG2 depends not only on TPMv2 but also on the underlying algorithms.
So select the missing SHA1, SHA256, SHA384 and SHA512 we currently support

Reported-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Add 'default y'.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
2052759a5e efi_loader: Don't stop EFI subsystem init if installing TCG2 fails
Up to now we are stopping the EFI subsystem if a TPMv2 exists but the
protocol fails to install.  Now that we've switched the config to 'default
y' the sandbox TPM fails, since it doesn't support all the required
capabilities of the protocol.

Not installing the protocol is not catastrophic.  If the protocol fails
to install the PCRs will never be extended to the expected values, so
some other entity later in the boot flow will eventually figure it out
and take the necessary actions.

While at it fix a corner case were the user can see an invalid error
message when the protocol failed to install.  We do have a tcg2_uninit()
which we call when the protocol installation fails.  There are cases though
that this might be called before the configuration table is installed (e.g
probing the TPM for capabilities failed).  In that case the user will see
"Failed to delete final events config table".  So stop printing it since it's
not an actual failure , simply because the config table was never installed
in the first place.

In order to stop printing it make efi_init_event_log() and create_final_event()
cleanup themselves and only call tcg2_uninit() when the protocol installation
fails.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
97f446a8ff efi_loader: Uninstall the TCG2 protocol if logging s-crtm fails
Instead of just failing, clean up the installed config table and
EventLog memory if logging an s-crtm event fails during the protocol
installation

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Eliminate label 'out:' by using return.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:13 +02:00
Ilias Apalodimas
b76edf6b07 efi_loader: Clean up tcg2 once in case of failure
efi_init_event_log() calls tcg2_uninit() in case of failure.
We can skip that since the function is called on efi_tcg2_register()
which also cleans up if an error occurs

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Peng Fan
bc3f465181 efi_loader: loosen buffer parameter check in efi_file_read_int
This is same issue as https://bugzilla.redhat.com/show_bug.cgi?id=1733817,
but that fix was wrongly partial reverted.

When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
EFI_FILE_PROTOCOL.Read() with *buffer_size=0 and buffer=NULL to
obtain the needed size before doing the actual read.

So remove the check only for directory reading, file reading already
do the check by itself.

Fixes: db12f518edb0("efi_loader: implement non-blocking file services")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Stefan Sørensen <stefan.sorensen@spectralink.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Sughosh Ganu
6a2e26b95f efi_loader: capsule: Remove the check for capsule_authentication_enabled environment variable
The current capsule authentication code checks if the environment
variable capsule_authentication_enabled is set, for authenticating the
capsule. This is in addition to the check for the config symbol
CONFIG_EFI_CAPSULE_AUTHENTICATE. Remove the check for the environment
variable. The capsule will now be authenticated if the config symbol
is set.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-05-18 12:36:12 +02:00
Heinrich Schuchardt
e2ae483c3b hash: Kconfig option for SHA512 hardware acceleration
Commit a479f103dc ("hash: Allow for SHA512 hardware implementations")
defined function definitions for hardware accelerated SHA384 and SHA512.
If CONFIG_SHA_HW_ACCEL=y, these functions are used.

We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
new functions hw_sha384() and hw_sha512().

For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
missing hardware acceleration functions lead to build errors on boards like
peach-pi_defconfig.

Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
and SHA512 algorithms.

Fixes: a479f103dc ("hash: Allow for SHA512 hardware implementations")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Reviewed-by: Simon Glass <sjg@chromium.org>
2021-05-18 12:36:12 +02:00
Heinrich Schuchardt
700f68c354 efi_loader: build warning in efi_tcg2_hash_log_extend_event
Building 32bit boards with the TCG2 protocol enabled leads to a build
warning due to a missing conversion.

    lib/efi_loader/efi_tcg2.c:774:27:
    error: cast to pointer from integer of different size
    [-Werror=int-to-pointer-cast]
    774 |  ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
        |                           ^

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-05-18 12:36:12 +02:00
Patrick Delaunay
feb7ac457c dm: core: Add address translation in fdt_get_resource
Today of_address_to_resource() is called only in
ofnode_read_resource() for livetree support and
fdt_get_resource() is called when livetree is not supported.

The fdt_get_resource() doesn't do the address translation
so when it is required, but the address translation is done
by ofnode_read_resource() caller, for example in
drivers/firmware/scmi/smt.c::scmi_dt_get_smt_buffer() {
...
	ret = ofnode_read_resource(args.node, 0, &resource);
	if (ret)
		return ret;

	faddr = cpu_to_fdt32(resource.start);
	paddr = ofnode_translate_address(args.node, &faddr);
...

The both behavior should be aligned and the address translation
must be called in fdt_get_resource() and removed for each caller.

Fixes: a44810123f ("dm: core: Add dev_read_resource() to read device resources")
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
2021-04-29 03:23:39 -07:00
AKASHI Takahiro
2c1a684049 efi_loader: capsule: return a correct error code at find_boot_device()
In case of failure at efi_get_variable_int("BootOrder"), we should
skip examining boot option variables and return an appropriate error
code which is the one the function returned.

Fixes: CID 331153 Code maintainability issues  (UNUSED_VALUE)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Jose Marinho
3627cf4bff efi: Fix ESRT refresh after Capsule update
Indicated by Coverity Scan CID 331147

The ESRT was being refreshed in situations where the UpdateCapsule
procedure failed. In that scenario:

1) the ESRT refresh was superfluous.
2) a failed ESRT refresh return code overwrites the UpdateCapsule error
return code.

This commit ensures that the ESRT is only refreshed when the
UpdateCapsule performs successfully.

CC: Heinrich Schuchardt <xypron.glpk@gmx.de>
CC: Sughosh Ganu <sughosh.ganu@linaro.org>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
CC: Tom Rini <trini@konsulko.com>
CC: Andre Przywara <andre.przywara@arm.com>
CC: nd@arm.com

Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Ilias Apalodimas
6fe8b4a39d efi_loader: simplify tcg2_create_digest()
Bumping the digest list count, for all supported algorithms,  can be
calculated outside of the individual switch statements.  So let's do that
for every loop iteration instead and simplify the code a bit.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Heinrich Schuchardt
a07ee3c198 efi_loader: missing include in efi_string.c
To avoid diverging function definitions we need to include efi_loader.h.

Fixes: fe179d7fb5 ("efi_loader: Add size checks to efi_create_indexed_name()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-24 06:53:40 +02:00
Patrick Delaunay
6d66502bc7 lmb: Add 2 config to define the max number of regions
Add 2 configs CONFIG_LMB_MEMORY_REGIONS and CONFIG_LMB_RESERVED_REGIONS
to change independently the max number of the regions in lmb
library.

When CONFIG_LMB_USE_MAX_REGIONS=y, move the lmb property arrays to
struct lmb and manage the array size with the element 'max' of struct
lmb_region; their are still allocated in stack.

When CONFIG_LMB_USE_MAX_REGIONS=n, keep the current location in
struct lmb_region to allow compiler optimization.

Increase CONFIG_LMB_RESERVED_REGIONS is useful to avoid lmb errors in
bootm when the number of reserved regions (not adjacent) is reached:
+ 1 region for relocated U-Boot
+ 1 region for initrd
+ 1 region for relocated linux device tree
+ reserved memory regions present in Linux device tree.

The current limit of 8 regions is reached with only 5 reserved regions
in DT.

see Linux kernel commit bf23c51f1f49 ("memblock: Move memblock arrays
to static storage in memblock.c and make their size a variable")

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
4fa0150d6c lmb: move MAX_LMB_REGIONS value in Kconfig
Move MAX_LMB_REGIONS value in Kconfig, the max number of the regions
in lmb library.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
00fd8dad4d lmb: add a max parameter in the struct lmb_region
Add a max parameter in lmb_region struct to handle test
in lmb_add_region without using the MAX_LMB_REGIONS
define.

This patch allows to modify these size independently for
memory of reserved regions in the next patches.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
8f167da9c5 lmb: remove lmb_region.size
Remove the unused field size of struct lmb_region as it is initialized to 0
and never used after in lmb library.

See Linux kernel commit 4734b594c6ca ("memblock: Remove memblock_type.size
and add memblock.memory_size instead")

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Patrick Delaunay
77b8cfef53 lmb: move CONFIG_LMB in Kconfig
Migrate CONFIG_LMB in Kconfig.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-22 14:09:45 -04:00
Karl Beldan
227c53de87 lz4: Fix unaligned accesses
Signed-off-by: Karl Beldan <karl.beldan+oss@gmail.com>
2021-04-20 07:31:12 -04:00
Masahisa Kojima
b1a7a5e0b8 efi_loader: fix possible buffer overflow
Variable "final" will have SHA512 digest, but currently
the array size is not sufficient. Let's fix it.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:32 +02:00
Heinrich Schuchardt
e8287b0fb2 efi_loader: memory leak in efi_capsule_scan_dir()
If realloc() fails, we should free the old buffer.

Fixes: c74cd8bd08: ("efi_loader: capsule: add capsule_on_disk support")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:32 +02:00
Sughosh Ganu
7d823747c6 efi_loader: esrt: Remove incorrect invocations of EFI_CALL macro
Remove function invocations using the EFI_CALL macro for those
functions that do not have an EFI_ENTRY call in their definition. Such
functions can use u-boot api's which rely on u-boot global data(gd)
pointer. The Arm and RiscV architectures maintain a separate gd
pointer, one for u-boot, and a separate gd for the efi application.

Calling a function through the EFI_CALL macro changes the gd pointer
to that used for the efi application, with u-boot gd being
unavailable. Any function then trying to dereference u-boot's gd will
result in an abort.

Fix this issue by removing the EFI_CALL macro for all of such
functions which do not begin by an EFI_ENTRY function call.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-17 20:01:31 +02:00
Chan, Donald
fbc777429f lib/rsa: Use EVP_PKEY instead of RSA
Most modern OpenSSL engines have methods overridden at the EVP level rather
than at RSA level, to make these engines work properly with mkimage, the RSA
signing code needs to switch to using EVP_* APIs as much as possible.

Signed-off-by: Donald Chan <hoiho@lab126.com>
[trini: Rebase on top of keyfile changes]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-04-14 17:45:04 -04:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
824ee745fb lib/rsa: Use the 'keyfile' argument from mkimage
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the RSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
4c17e5f691 lib/rsa: Make fdt_add_bignum() available outside of RSA code
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Alexandru Gagniuc
0bcb28dfb9 lib: Rename rsa-checksum.c to hash-checksum.c
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00
Sean Anderson
9af869c414 lib: string: Implement strlcat
This introduces strlcat, which provides a safer interface than strncat. It
never copies more than its size bytes, including the terminating nul. In
addition, it never reads past dest[size - 1], even if dest is not
nul-terminated.

This also removes the stub for dwc3 now that we have a proper
implementation.

Signed-off-by: Sean Anderson <seanga2@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-12 17:44:55 -04:00
Sean Anderson
d3358ecc54 lib: string: Fix strlcpy return value
strlcpy should always return the number of bytes copied. We were
accidentally missing the nul-terminator. We also always used to return a
non-zero value, even if we did not actually copy anything.

Fixes: 23cd138503 ("Integrate USB gadget layer and USB CDC driver layer")

Signed-off-by: Sean Anderson <seanga2@gmail.com>
2021-04-12 17:44:55 -04:00
Joel Stanley
a479f103dc hash: Allow for SHA512 hardware implementations
Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting  CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-04-12 17:17:11 -04:00
Patrick Delaunay
a2535243e0 lib: optee: migration optee_copy_fdt_nodes for OF_LIVE support
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.

This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".

The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-12 14:25:31 -04:00
Ilias Apalodimas
f8cd72d1ac efi_loader: Change ptr arithmetics tcg eventlog buffer
Although ptr arithmetics are allowed with extensions in gcc, they
are not allowed by the C spec. So switch to (void *)(uintptr_t) instead

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
2021-04-10 12:00:24 +02:00
Heinrich Schuchardt
8c4488677f efi_loader: esrt: wrong type for LocateHandleBuffer()
efi_locate_handle_buffer() expects no_handles to be of type efi_uintn_t *.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Heinrich Schuchardt
7631c9d0a4 efi_loader: use correct printf codes
For printing u32 use %u not %d.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Sughosh Ganu
5c3de47caa efi_loader: efi_esrt: Fix the build warning for 32 bit systems
Fix the build warning when building for 32 bit systems by using the
length modifier for size_t.

lib/efi_loader/efi_esrt.c: In function ‘efi_esrt_populate’:
include/efi_loader.h:126:8: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 8 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Sughosh Ganu
dd40cf6f1f efi_loader: Kconfig: Select IMAGE_SIGN_INFO when capsule authentication is enabled
Enable building of the crypto helper functions used during capsule
authentication by selecting IMAGE_SIGN_INFO.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Ilias Apalodimas
f4dc1bc9f0 efi_loader: Cleanup get_var duplication
get_var() is defined statically in efi_bootmgr.c and doesn't properly
check a buffer allocation.  Remove it completely and use the exported
function from efi_var_common.c that does the same thing

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-04-10 12:00:24 +02:00
Tom Rini
90eba245a6 Merge branch 'next' 2021-04-05 11:29:57 -04:00
Heinrich Schuchardt
d084f20233 efi_loader: typo 'devide path'
Fix a typo in helloworld.efi.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-31 06:34:33 +00:00
Heinrich Schuchardt
0809cd5f93 efi_loader: Uart device path missing break
In the devicepath node to text conversion for Uart nodes a break statement
is missing.

Indicated by Coverity Scan CID 330038
Fixes: 62df6e9c99 ("efi_loader: Uart device path")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-31 06:22:22 +00:00
Simon Glass
f2c1442e96 bloblist: Make BLOBLIST_TABLES depend on BLOBLIST
Add an extra condition here since we cannot put x86 tables in a bloblist
when bloblists are not supported.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
dc2886b039 binman: Show a message when changing subnodes
This change seems important enough to warrant a visible message. Change
the log_debug() to log_info().

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
272e62cb83 smbios: Allow writing to the coreboot version string
When U-Boot is booted from coreboot the SMBIOS tables are written by
coreboot, not U-Boot. The existing method of updating the BIOS version
string does not work in that case, since gd->smbios_version is only set
when U-Boot writes the tables.

Add a new function which allows the version to be updated by parsing the
tables and writing the string in the correct place. Since coreboot
provides a pointer to the SMBIOS tables in its sysinfo structure, this
makes it easy to do the update.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 13:59:37 +13:00
Ilias Apalodimas
ac30aad210 efi_loader: Clean up file size calculations
We recently added a common function for calculating file size,
instead of copy pasting the code around.  Switch one of the
occurences over to the common function

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviwed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 21:03:51 +01:00
Heinrich Schuchardt
5e21958c02 efi_selfest: redefine enum efi_test_phase
Setup will always occur before ExitBootServices(). So eliminate
EFI_SETUP_AFTER_BOOTTIME_EXIT. Put the SetVirtualAddressMap() test into a
separate class so that we can execute it last.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-03-25 20:54:12 +01:00
Ilias Apalodimas
f69a2016b6 efi_loader: Add an S-CRTM even for firmware version
TCG PC Client Platform Firmware Profile Spec mandates that an S-CRTM
event for the version identifier using the event type EV_S_CRTM_VERSION
must be measured.

So since we are trying to add more conformance into U-Boot, let's add
the event using U_BOOT_VERSION_STRING, extend PCR[0] accordingly and log
it in the EventLog

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:45:44 +01:00
Ilias Apalodimas
d8cf113fe5 efi_loader: EFI TCG2 free efi memory on protocol failure
Current code doesn't free the efi allocated memory in case the protocol
failed to install

Fixes: c8d0fd5825 ("efi_loader: Introduce eventlog support for TCG2_PROTOCOL")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-03-25 20:45:41 +01:00