summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-07-08lib: rsa: function to verify a signature against a hashHeiko Stuebner
rsa_verify() expects a memory region and wants to do the hashing itself, but there may be cases where the hashing is done via other means, like hashing a squashfs rootfs. So add rsa_verify_hash() to allow verifiying a signature against an existing hash. As this entails the same verification routines we can just move the relevant code over from rsa_verify() and also call rsa_verify_hash() from there. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
2020-07-08display_options: Drop #ifdef for MEM_SUPPORT_64BIT_DATASimon Glass
This is defined only when __lp64__ is defined. That means that ulong is 64 bits long. Therefore we don't need to use a separate u64 type on those architectures. Fix up the code to take advantage of that, removing the preprocessor conditions. Also include the missing header file that defines MEM_SUPPORT_64BIT_DATA Fixes: 09140113108 ("command: Remove the cmd_tbl_t typedef") Signed-off-by: Simon Glass <sjg@chromium.org>
2020-07-08Update MEM_SUPPORT_64BIT_DATA to be always definedSimon Glass
Define this macro always so we don't need the preprocessor to check it. Convert the users to #if instead of #ifdef. Note that '#if MEM_SUPPORT_64BIT_DATA' does not give an error if the macro is not define. It just assumes zero. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Stefan Roese <sr@denx.de>
2020-07-08lib: rsa: add documentation to padding_pss_verify to document limitationsHeiko Stuebner
padding_pss_verify only works with the default pss salt setting of -2 (length to be automatically determined based on the PSS block structure) not -1 (salt length set to the maximum permissible value), which makes verifications of signatures with that saltlen fail. Until this gets implemented at least document this behaviour. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08lib: rsa: free local arrays after use in rsa_gen_key_prop()Heiko Stuebner
n, rr and rrtmp are used for internal calculations, but in the end the results are copied into separately allocated elements of the actual key_prop, so the n, rr and rrtmp elements are not used anymore when returning from the function and should of course be freed. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08lib: rsa: fix allocated size for rr and rrtmp in rsa_gen_key_prop()Heiko Stuebner
When calculating rrtmp/rr rsa_gen_key_prop() tries to make (((rlen + 31) >> 5) + 1) steps in the rr uint32_t array and (((rlen + 7) >> 3) + 1) / 4 steps in uint32_t rrtmp[] with rlen being num_bits * 2 On a 4096bit key this comes down to to 257 uint32_t elements in rr and 256 elements in rrtmp but with the current allocation rr and rrtmp only have 129 uint32_t elements. On 2048bit keys this works by chance as the defined max_rsa_size=4096 allocates a suitable number of elements, but with an actual 4096bit key this results in other memory parts getting overwritten. So as suggested by Heinrich Schuchardt just use the actual bit-size of the key as base for the size calculation, in turn making the code compatible to any future keysizes. Suggested-by: Heinrich Schuchardt <xypron.debian@gmx.de> Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org> rrtmp needs 2 + (((*prop)->num_bits * 2) >> 5) array elements. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-08lib: rsa: bring exp_len in line when generating a key_propHeiko Stuebner
The exponent field of struct key_prop gets allocated an uint64_t, and the contents are positioned from the back, so an exponent of "0x01 0x00 0x01" becomes 0x0 0x0 0x0 0x0 0x0 0x1 0x0 0x1" Right now rsa_gen_key_prop() allocates a uint64_t but sets exp_len to the size returned from the parser, while on the other hand the when getting the key from the devicetree exp_len always gets set to sizeof(uint64_t). So bring that in line with the established code. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08lib: rsa: take spl/non-spl into account when building rsa_verify_with_pkey()Heiko Stuebner
Right now in multiple places there are only checks for the full CONFIG_RSA_VERIFY_WITH_PKEY option, not split into main,spl,tpl variants. This breaks when the rsa functions get enabled for SPL, for example to verify u-boot proper from spl. So fix this by using the existing helpers to distinguis between build-steps. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08lib: rsa: distinguish between tpl and spl for CONFIG_RSA_VERIFYHeiko Stuebner
While the SPL may want to do signature checking this won't be the case for TPL in all cases, as TPL is mostly used when the amount of initial memory is not enough for a full SPL. So on a system where SPL uses DM but TPL does not we currently end up with a TPL compile error of: lib/rsa/rsa-verify.c:48:25: error: dereferencing pointer to incomplete type ‘struct checksum_algo’ To prevent that change the $(SPL_) to $(SPL_TPL_) to distinguish between both. If someone really needs FIT signature checking in TPL as well, a new TPL_RSA_VERIFY config symbol needs to be added. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-08tpm: add TPM2_GetRandom command supportDhananjay Phadke
Add support for TPM2 GetRandom command Signed-off-by: Dhananjay Phadke <dphadke@linux.microsoft.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-07trace: clang compatible handling of gd registerHeinrich Schuchardt
On ARM systems gd is stored in register r9 or x18. When compiling with clang gd is defined as a macro calling function gd_ptr(). So we can not make assignments to gd. Use function set_gd() for setting the register on ARM. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-07-05Merge tag 'efi-2020-10-rc1' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-efi into next Pull request for UEFI sub-system for efi-2020-10-rc1 This series comprises error corrections for the UEFI subsystem: * correct consideration of timestamps for variable authentication * correct collection of data regions for code authentication * correct unit tests to test loading dbx * enable FAT_WRITE as required by the UEFI spec The boot manager uses log functions instead of printf() and debug(). The UEFI intialization state is exported.
2020-07-05Merge branch '2020-07-01-kconfig-etc-updates' into nextTom Rini
- Resync Kconfiglib with the v14.1.0 release. - Re-sync our <linux/compiler*h> files with v5.7-rc5 from upstream. - Fully resync checkpatch.pl with v5.7 release. To safely to all of the above, we have a few bugfixes about functions that need a 'static inline' but weren't. We also stop setting CROSS_COMPILE in arch/*/config.mk. Finally, with the above changes boards can now opt-in to optimizing inlining and we do this for the socfpga stratix10 platform for space savings.
2020-07-03efi_loader: imply FAT, FAT_WRITEHeinrich Schuchardt
The UEFI spec requires support for the FAT file system. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: export initialization stateHeinrich Schuchardt
Export the UEFI sub-system initialization state. This will allow to treat the setting of UEFI variables during and after initialization differently. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: rtc_mktime() called twiceHeinrich Schuchardt
Don't call rtc_mktime() twice with the same argument in efi_variable_authenticate(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: use log function in boot managerHeinrich Schuchardt
When booting via the boot manager use log function for user messages instead of printf() and debug(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: time based authenticationHeinrich Schuchardt
When overwriting an existing time base authenticated variable we should compare to the preceding time value and not to the start of the epoch. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: add missing validation of timestampHeinrich Schuchardt
The UEFI specification requires that when UEFI variables are set using time based authentication we have to check that unused fields of the timestamp are zero Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: fix efi_image_region_add()Heinrich Schuchardt
Use start and end address consistently as half-open interval. Simplify the code. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: image_loader: replace debug to EFI_PRINTAKASHI Takahiro
Just for style consistency, replace all the uses of debug() to EFI_PRINT() in efi_image_loader.c. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: variable: replace debug to EFI_PRINTAKASHI Takahiro
Just for style consistency, replace all the uses of debug() to EFI_PRINT in efi_variable.c. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: signature: replace debug to EFI_PRINTAKASHI Takahiro
Just for style consistency, replace all the uses of debug to EFI_PRINT in efi_signature.c Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-03efi_loader: change efi objects initialization orderAKASHI Takahiro
The simplest solution to revert the commit b32ac16f9a32 ("test/py: fix test_efi_secboot/conftest.py") is to move efi_console_register() forward before efi_disk_register(). Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-07-01compiler*.h: sync include/linux/compiler*.h with Linux 5.7-rc5Tom Rini
Copy these from Linux v5.7-rc5 tag. This brings in some handy new attributes and is otherwise important to keep in sync. We drop the reference to smp_read_barrier_depends() as it is not relevant on the architectures we support at this time, based on where it's implemented in Linux today. We drop the call to kasan_check_read() as that is not relevant to U-Boot as well. Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-01lib: Always set errno in hcreate_rSean Anderson
This could give a confusing error message if it failed and didn't set errno. Signed-off-by: Sean Anderson <seanga2@gmail.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-06-30Merge tag 'mips-pull-2020-06-29' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-mips into next - net: pcnet: cleanup and add DM support - Makefile: add rule to build an endian-swapped U-Boot image used by MIPS Malta EL variants - CI: add Qemu tests for MIPS Malta
2020-06-29efi_loader: fix incorrect use of EFI_EXIT()Heinrich Schuchardt
efi_get_variable_common() does not use EFI_ENTRY(). So we should not use EFI_EXIT() either. Fixes: 767f6eeb01d3 ("efi_loader: variable: support variable authentication") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-24efi_loader: size of secure boot variablesHeinrich Schuchardt
The variables SetupMode, AuditMode, DeployedMode are explicitly defined as UINT8 in the UEFI specification. The type of SecureBoot is UINT8 in EDK2. Use variable name secure_boot instead of sec_boot for the value of the UEFI variable SecureBoot. Avoid abbreviations in function descriptions. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-24efi_loader: type of efi_secure_modeHeinrich Schuchardt
Variable efi_secure_mode is meant to hold a value of enum efi_secure_mode. So it should not be defined as int but as enum efi_secure_mode. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-19Merge https://gitlab.denx.de/u-boot/custodians/u-boot-spi into nextTom Rini
- Convert fsl_espi to driver model (Chuanhua) - Enable am335x baltos to DM_SPI (Jagan) - Drop few powerpc board which doesn't have DM enabled (Jagan)
2020-06-15Merge tag 'efi-2020-07-rc5' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-efi Pull request for UEFI sub-system for efi-2020-07-rc5 Use correct printf code in efi_image_parse(). Add random number generation to HTML documentation.
2020-06-15Revert "lib: Improve _parse_integer_fixup_radix base 16 detection"Sean Anderson
This reverts commit 0486497e2b5f4d36fa968a1a60fea358cbf70b65. The strtoul has well-defined semantics. It is defined by the C standard and POSIX. To quote the relevant section of the man pages, > If base is zero or 16, the string may then include a "0x" prefix, and the > number will be read in base 16; otherwise, a zero base is taken as 10 > (decimal) unless the next character is '0', in which case it is taken as > 8 (octal). Keeping these semantics is important for several reasons. First, it is very surprising for standard library functions to behave differently than usual. Every other implementation of strtoul has different semantics than the implementation in U-Boot at the moment. Second, it can result in very surprising results from small changes. For example, changing the string "1f" to "20" causes the parsed value to *decrease*. Forcing use of the "0x" prefix to specify hexidecimal numbers is a feature, not a bug. Lastly, this is slightly less performant, since the entire number is parsed twice. This fixes the str_simple_strtoul test failing with test/str_ut.c:29, run_strtoul(): expect_val == val: Expected 0x44b (1099), got 0x1099ab (1087915) test/str_ut.c:46, str_simple_strtoul(): 0 == run_strtoul(uts, str2, 0, 1099, 4): Expected 0x0 (0), got 0x1 (1) Signed-off-by: Sean Anderson <seanga2@gmail.com> CC: Michal Simek <michal.simek@xilinx.com> CC: Shiril Tichkule <shirilt@xilinx.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-15optee: fix copy of optee reserved-memory nodeEtienne Carriere
Fix the loop that parses FDT for a reserved memory node named "optee". Before this change, if at least one subnode was found in the reserved-memory node, the function endlessly looped since instruction continue returned back in the loop without updating variable subnode. This change fixes the issue by using a for loop. Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree") Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
2020-06-14efi_loader: printf code in efi_image_parse()Heinrich Schuchardt
For size_t we have to use %zu for printing not %lu. Fixes: 4540dabdcaca ("efi_loader: image_loader: support image authentication") Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-13Merge tag 'dm-pull-12jun20' of git://git.denx.de/u-boot-dm into nextTom Rini
patman improvements to allow it to work with Zephyr change to how sequence numbers are assigned to devices minor fixes and improvements
2020-06-12Add support for SHA384 and SHA512Reuben Dowle
The current recommendation for best security practice from the US government is to use SHA384 for TOP SECRET [1]. This patch adds support for SHA384 and SHA512 in the hash command, and also allows FIT images to be hashed with these algorithms, and signed with sha384,rsaXXXX and sha512,rsaXXXX The SHA implementation is adapted from the linux kernel implementation. [1] Commercial National Security Algorithm Suite http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-06-11fdtdec: Honor #address-cells and #size-cells in fdtdec_add_reserved_memory()Bin Meng
At present fdtdec_add_reserved_memory() calls fdtdec_get_addr_size() to get address and size for the subnodes of /reserved-memory node. We should honor #address-cells and #size-cells properties in the parent node. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-11fdtdec: Fix the types of addr and size in fdtdec_add_reserved_memory()Bin Meng
fdtdec_get_addr_size() expects size is of type 'fdt_size_t', and return value is of type 'fdt_addr_t'. Adjust their types accordingly. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2020-06-08cmd: Correct the 'md.q' commandSimon Glass
This displays incorrect data at present due to a missing header file in display_options. Fix it. Fixes: 09140113108 ("command: Remove the cmd_tbl_t typedef") Signed-off-by: Simon Glass <sjg@chromium.org>
2020-06-05efi_loader: comments EFI_SIMPLE_TEXT_OUTPUT_PROTOCOLHeinrich Schuchardt
Provide missing comments for the functions implementing the EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-05smbios: empty strings in smbios_add_string()Heinrich Schuchardt
smbios_add_string() cannot deal with empty strings. This leads to incorrect property values and invalid tables. E.g. for the pine64-lts_defconfig CONFIG_SMBIOS_MANUFACTURER="". Linux command dmidecode shows: Table 1: Manufacturer: sunxi Product Name: sunxi Table 3: Invalid entry length (2). DMI table is broken! Stop. Replace empty strings by "Unknown". Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-04Merge https://gitlab.denx.de/u-boot/custodians/u-boot-riscvTom Rini
- Fixes 7e249bc13aaf: ("riscv: Move all SMP related SBI calls to SBI_v01") Move sbi_probe_extension() out of CONFIG_SBI_V01. - SiFive FU540 support SPL.
2020-06-04lib: Makefile: build crc7.c when CONFIG_MMC_SPIPragnesh Patel
When build U-Boot SPL, meet an issue of undefined reference to 'crc7' for drivers/mmc/mmc_spi.c, so let's compile crc7.c when CONFIG_MMC_SPI selected. Signed-off-by: Pragnesh Patel <pragnesh.patel@sifive.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Acked-by: Jagan Teki <jagan@amarulasolutions.com>
2020-06-03Merge tag 'efi-2020-07-rc4' of ↵Tom Rini
https://gitlab.denx.de/u-boot/custodians/u-boot-efi Pull request for UEFI sub-system for efi-2020-07-rc4 This patch series addresses the following issues: * allow compiling with clang * add missing function descriptions to the HTML documentation * simplify the validation of UEFI images * validate load options in the UEFI boot manager In a preparatory patch a structure definition is moved.
2020-06-03efi_loader: signature: move efi_guid_cert_type_pkcs7 to efi_signature.cAKASHI Takahiro
The global variable, efi_guid_cert_type_pkcs7, will also be used in efi_image_loader.c in a succeeding patch so as to correctly handle a signature type of authenticode in signed image. Meanwhile, it is currently defined in efi_variable.c. Once some secure storage solution for UEFI variables is introduced, efi_variable.c may not always be compiled in. So move the definition to efi_signature.c as a common place. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03efi_loader: simplify PE consistency checkHeinrich Schuchardt
Knowing that at least one section header follows the optional header we only need to check for the length of the 64bit header which is longer than the 32bit header. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03efi_loader: function description cmp_pe_section()Heinrich Schuchardt
Rework the description of function cmp_pe_section(). Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03efi_loader: function descriptions efi_image_loader.cHeinrich Schuchardt
We want to follow the Linux kernel style for function descriptions. Add missing parentheses after function names. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-06-03efi_loader: allow compiling with clangHeinrich Schuchardt
On ARM systems gd is stored in register r9 or x18. When compiling with clang gd is defined as a macro calling function gd_ptr(). So we can not make assignments to gd. In the UEFI sub-system we need to save gd when leaving to UEFI binaries and have to restore gd when reentering U-Boot. Define a new function set_gd() for setting gd and use it in the UEFI sub-system. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Tested-by: Tom Rini <trini@konsulko.com>