The function, pkcs7_verify_one(), will be utilized to rework signature
verification logic aiming to support intermediate certificates in
"chain of trust."
To do that, its function interface is expanded, adding an extra argument
which is expected to return the last certificate in trusted chain.
Then, this last one must further be verified with signature database, db
and/or dbx.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function was nullified when the file, pkcs7_verify.c, was imported
because it calls further linux-specific interfaces inside, hence that
could lead to more files being imported from linux.
We need this function in pkcs7_verify_one() and so simply re-implement it
here instead of re-using the code.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
The file, pkcs7_verify.c, will now be imported from linux code
(crypto/asymmetric_keys/pkcs7_verify.c in 5.7) and modified to fit
into U-Boot environment.
In particular, pkcs7_verify_one() function will be used in a later patch
to rework signature verification logic aiming to support intermediate
certificates in "chain of trust."
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
When the file, x509_public_key.c, was imported from linux code in
commit b4adf627d5 ("lib: crypto: add x509 parser"),
x509_check_for_self_signed() was commented out for simplicity.
Now it need be enabled in order to make pkcs7_verify_one(), which will be
imported in a later patch, functional.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This function will be called from x509_check_for_self_signed() and
pkcs7_verify_one(), which will be imported from linux in a later patch.
While it does exist in linux code and has a similar functionality of
rsa_verify(), it calls further linux-specific interfaces inside.
That could lead to more files being imported from linux.
So simply re-implement it here instead of re-using the code.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
This is a fixup by autopep8 after the commit ("test/py: efi_secboot:
apply autopep8").
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
'tool_is_in_path' function is no longer used anywhere after Heinrich
has removed 'sudo' version of fixture setup.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Use logging instead of printf() for messages occurring when scanning block
devices during the initialization of the UEFI sub-system.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Log messages of the bootefi command instead of simply printing them to the
console.
Do not show "## Application terminated" message when the UEFI binary
completed successfully.
Adjust the python tests testing for '## Application terminated'.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Do not reset the board when returning from an UEFI FIT image.
For failed UEFI binary we already print the return status in efi_run_image.
Remove duplicate output.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When reading a directory, EFI_BUFFER_TOO_SMALL should be returned when
the supplied buffer is too small, so a use-case is to call
efi_file_read with *buffer_size=0 and buffer=NULL to obtain the needed
size before doing the actual read.
So move the buffer!=NULL check to after the buffer size has been checked.
This fix allows the Redhat shim fallback to run and e.g. Fedora 32 now
boots out of the box.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Currently we only check for the return value of tee_invoke_func().
Although OP-TEE and StMM will correctly set param[1].u.value.a and we'll
eventually return an error, the correct thing to do is check for the
OP_TEE return code as well.
So let's check for that and move tee_shm_free() and tee_close_session()
before exiting with an error to make sure we always clear the registered
memory.
Fixes: f042e47e8f ("efi_loader: Implement EFI variable handling via OP-TEE")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Use EFI_DEVICE_ERROR for TEE communication problems.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Instead of adding the definition for the specific MM SVC used in
StandAloneMM we added the one used in the standard SMC calls.
So change the value from -4 to -5 to match the correct one defined in
EDK2 and rename them to avoid future confusion
Fixes 23a397d2e2: ("efi_loader: Add headers for EDK2 StandAloneMM communication")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
efi_var_mem_del() is in __efi_runtime because it would be needed for a
runtime implementation of SetVariable(). memmove() is not in __efi_runtime.
So we should not use it in efi_var_mem_del().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Variable efi_current_var is a pointer to a physical memory address that
becomes invalid after SetVirtualAddressMap(). Instead of converting it via
ConvertPointer() simply set it to NULL.
Fixes: b02a707152 ("efi_loader: enable UEFI variables at runtime")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When you enable CONFIG_OF_LIVE, you will end up with a lot of
conversions.
To generate this commit, I used coccinelle excluding drivers/core/,
include/dm/, and test/
The semantic patch that makes this change is as follows:
<smpl>
@@
expression dev;
@@
-devfdt_get_addr(dev)
+dev_read_addr(dev)
</smpl>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Use the _ptr suffixed variant instead of casting. Also, convert it to
dev_read_addr_ptr(), which is safe to CONFIG_OF_LIVE.
One curious part is an error check like follows in
drivers/watchdog/omap_wdt.c:
priv->regs = (struct wd_timer *)devfdt_get_addr(dev);
if (!priv->regs)
return -EINVAL;
devfdt_get_addr() returns FDT_ADDR_T_NONE (i.e. -1) on error.
So, this code does not catch any error in DT parsing.
dev_read_addr_ptr() returns NULL on error, so this error check
will work.
I generated this commit by the following command:
$ find . -name .git -prune -o -name '*.[ch]' -type f -print | \
xargs sed -i -e 's/([^*)]*\*)devfdt_get_addr(/dev_read_addr_ptr(/'
I manually fixed drivers/usb/host/ehci-mx6.c
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Currently, fdt_fixup_mtdparts() only checks the compatible property.
It is pointless to fix up the disabled node.
Skip the node if it has the property:
status = "disabled"
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Platform code can call fdt_fixup_mtdparts() in order to hand U-Boot's
MTD partitions over to the Linux device tree.
Currently, fdt_fixup_mtdparts() calls mtdparts_init() in its entry.
If no target MTD device is found, an error message like follows is
displayed:
Device nand0 not found!
This occurs when the same code (e.g. arch/arm/mach-uniphier/fdt-fixup.c)
is shared among several boards, but not all of them support an MTD device.
Parse the DT first, then call mtdparts_init() only when the target MTD
node is found.
Yet, you still need to call mtdparts_init() before device_find().
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Running 'ut dm' on the sandbox without -D or -d results in segmentation
faults due to NULL pointer dereferences.
Check that device pointers are non-NULL before using them.
Use ut_assertnonnull() for pointers instead of ut_assert().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Tested-by: Philippe Reynes <philippe.reynes@softathome.com>
Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3 so the TI K3 SoC
driver can be used for SoC detection.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Enable CONFIG_SOC_DEVICE and CONFIG_SOC_DEVICE_TI_K3 so the TI K3 SoC
driver can be used for SoC detection.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add a sandbox SOC driver, and some tests for the SOC uclass.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Introduce UCLASS_SOC to be used for SOC identification and attribute
matching based on the SoC ID info. This allows drivers to be provided
for SoCs to retrieve SoC identifying information and also for matching
device attributes for selecting SoC specific data.
This is useful for other device drivers that may need different
parameters or quirks enabled depending on the specific device variant in
use.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add a new documentation file for UCLASS_SOC and its usage to describe
the SoC Device ID framework that allows SoC identification and device
data matching.
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This function is only called from fdt_fixup_mtdpart() in the same file.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The user can either count the number of patches, or provide a
tracking branch.
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Setting sendemail.suppresscc to all or cccmd leads to --cc-cmd
parameter being ignored, and emails going either nowhere, or
just to the To: line maintainer.
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 3ebe09d09a.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This reverts commit 118f4d4559.
There is no user of this split function that's why remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The commit 361377dbdb ("ARM: rmobile: Merge prior-stage firmware DT
fragment into U-Boot DT on Gen3") reverted changes introduced by commit
175f502734 ("ARM: renesas: Configure DRAM size from ATF DT fragment")
that's why there is no reason to use functions with _fdt() suffix because
parameter is gd->fdt_blob as is already for functions without _fdt()
suffix.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The unsupported Commit-xxx option are silently skipped
and removed as 're_remove=Commit-\w*', this patch adds
warning message in this case to detect misspelled issue
for the 2 supported options:
Commit-notes:
Commit-changes:
For example: the final 's' is missing (Commit-note:)
NB: no issue for Series-xxx option as only the supported
options are accepted (see valid_series in series.py)
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The function fdt_find_regions look in the exclude list for each
property, even if the name is NULL. It could happen if the fit
image is corrupted. On sandbox, it generates a segfault.
To avoid this issue, if the name of a property is NULL, we report
an error and avoid looking in the exclude list.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Detect unexpected 'END' line when a section is not detected.
This patch detect issue when tag name for section start is misspelled,
for example 'Commit-note:' for 'Commit-notes:'
Commit-note:
....
END
Then 'Commit-note:' is removed silently by re_remove = "Commit-\w*:"
but 'END' is kept in commit message.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These functions should not modify the device. Convert them to const so
that callers don't need to cast if they have a const udevice *.
Signed-off-by: Simon Glass <sjg@chromium.org>
FIT (Flat Image Tree) is the main image format used by U-Boot. In some
cases scripts are used to create FITs within the U-Boot build system. This
is not ideal for various reasons:
- Each architecture has its own slightly different script
- There are no tests
- Some are written in shell, some in Python
To help address this, add support for FIT generation to binman. This works
by putting the FIT source directly in the binman definition, with the
ability to adjust parameters, etc. The contents of each FIT image come
from sub-entries of the image, as is normal with binman.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a method for adding a property containing arbitrary bytes. Make sure
that the tree can expand as needed in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Some binary blobs unfortunately obtain their position in the image from
other binary blobs, such as Intel's 'descriptor'. In this case we cannot
rely on packing to work. It is not possible to produce a valid image in
any case, due to the missing blobs.
Allow zero-length overlaps so that this does not cause any problems.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
When warnings and errors are produced by tools they should be written to
stderr. Update the tout implementation to handle this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Sometimes it is useful to build an image even though external binaries are
not present. This allows the build system to continue to function without
these files, albeit not producing valid images.
U-Boot does with with ATF (ARM Trusted Firmware) today.
Add a new flag to binman to request this behaviour.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>