- 12 7月, 2020 25 次提交
-
-
由 Heinrich Schuchardt 提交于
Simplify the implementation of the UEFI boot manager: * avoid EFI_CALL for SetVariable() and GetVariable() * remove unnecessary type conversions Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
UEFI variables OsIndicationsSupported, PlatformLangCodes should be read only. Avoid EFI_CALL() for SetVariable(). Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Separate the remaining UEFI variable API functions GetNextVariableName and QueryVariableInfo() from internal functions implementing them. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Let the 'printenv -e' command display the read only flag. If the variable is time authenticated write the time stamp. Avoid EFI_CALL() when calling SetVariable() and GetVariable(). Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
We currently have two implementations of UEFI variables: * variables provided via an OP-TEE module * variables stored in the U-Boot environment Read only variables are up to now only implemented in the U-Boot environment implementation. Provide a common interface for both implementations that allows handling read-only variables. As variable access is limited to very few source files put variable related definitions into new include efi_variable.h instead of efi_loader. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Allocated tmpbuf_cluster dynamically to reduce the data size added by compiling with CONFIG_FAT_WRITE. Reported-by: NTom Rini <trini@konsulko.com> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Avoid a possible NULL pointer dereference in efi_convert_pointer(). Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Don't call calloc(0, ..). Consider return value of efi_get_child_controllers(). Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Commit 1b6c0854 ("efi_loader: image_loader: replace debug to EFI_PRINT") leads to a build warning on 32bit systems: lib/efi_loader/efi_image_loader.c: In function ‘efi_image_parse’: include/efi_loader.h:123:8: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 8 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=] Use %zu for printing size_t. Fixes: 1b6c0854 ("efi_loader: image_loader: replace debug to EFI_PRINT") Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Ilias Apalodimas 提交于
There's 2 variables in efi_get_next_variable_name() checking the size of the variable name. Let's get rid of the reduntant definition and simplitfy the code a bit. Signed-off-by: NIlias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
This function will be used to implement public_key_verify_signature() in a later patch. rsa_verify() is not suitable here because calculation of message digest is not necessary. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 Heinrich Schuchardt 提交于
Avoid sudo for test/py/tests/test_efi_secboot by using virt-make-fs. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
Signature database (db or dbx) may have not only certificates that contain a public key for RSA decryption, but also digests of signed images. In this test case, if database has an image's digest (EFI_CERT_SHA256_GUID) and if the value matches to a hash value calculated from image's binary, authentication should pass in case of db, and fail in case of dbx. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Use defined time stamps for sign-efi-sig-list. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
In this test case, an image is signed multiple times with different keys. If any of signatures contained is not verified, the whole authentication check should fail. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Provide a defined time stamp for dbx_hash1.auth. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
Revocation database (dbx) may have not only certificates, but also message digests of certificates with revocation time (EFI_CERT_X509_SHA256_GUILD). In this test case, if the database has such a digest and if the value matches to a certificate that created a given image's signature, authentication should fail. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org> Set defined time stamp for dbx_hash.auth. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
由 AKASHI Takahiro 提交于
Split the existing test case-1 into case1 and a new case-2: case-1 for non-SecureBoot mode; case-2 for SecureBoot mode. In addition, one corner case is added to case-2; a image is signed but a corresponding certificate is not yet installed in "db." Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
More fixes against pylint warnings that autopep8 didn't handle in the previous commit. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
Python's autopep8 can automatically correct some of warnings from pylint and rewrite the code in a pretty print format. So just do it. Suggested-by: NHeinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
In case that a type of certificate in "db" or "dbx" is EFI_CERT_X509_SHA256_GUID, it is actually not a certificate which contains a public key for RSA decryption, but a digest of image to be loaded. If the value matches to a value calculated from a given binary image, it is granted for loading. With this patch, common digest check code, which used to be used for unsigned image verification, will be extracted from efi_signature_verify_with_sigdb() into efi_signature_lookup_digest(), and extra step for digest check will be added to efi_image_authenticate(). Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
A signed image may have multiple signatures in - each WIN_CERTIFICATE in authenticode, and/or - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE) In the initial implementation of efi_image_authenticate(), the criteria of verification check for multiple signatures case is a bit ambiguous and it may cause inconsistent result. With this patch, we will make sure that verification check in efi_image_authenticate() should pass against all the signatures. The only exception would be - the case where a digest algorithm used in signature is not supported by U-Boot, or - the case where parsing some portion of authenticode has failed In those cases, we don't know how the signature be handled and should just ignore them. Please note that, due to this change, efi_signature_verify_with_sigdb()'s function prototype will be modified, taking "dbx" as well as "db" instead of outputing a "certificate." If "dbx" is null, the behavior would be the exact same as before. The function's name will be changed to efi_signature_verify() once current efi_signature_verify() has gone due to further improvement in intermediate certificates support. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
There are a couple of occurrences of hash calculations in which a new efi_hash_regions will be commonly used. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
Since the size check against an entry in efi_search_siglist() is incorrect, this function will never find out a to-be-matched certificate and its associated revocation time in the signature list. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
Since the certificate table, which is indexed by IMAGE_DIRECTORY_ENTRY_SECURITY and contains authenticode in PE image, doesn't always exist, we should make sure that we will retrieve its pointer only if it exists. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 AKASHI Takahiro 提交于
UEFI specification requires that we shall support three type of certificates of authenticode in PE image: WIN_CERT_TYPE_EFI_GUID with the guid, EFI_CERT_TYPE_PCKS7_GUID WIN_CERT_TYPE_PKCS_SIGNED_DATA WIN_CERT_TYPE_EFI_PKCS1_15 As EDK2 does, we will support the first two that are pkcs7 SignedData. Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
-
由 Heinrich Schuchardt 提交于
Use the path relative to /include for x509_parser.h in pkcs7_parser.h. Signed-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
- 11 7月, 2020 10 次提交
-
-
https://gitlab.denx.de/u-boot/custodians/u-boot-dm由 Tom Rini 提交于
of-platdata: better phandle and compatible-string support patman support for Python3 on Ubuntu 14.04 new checkpatch check to avoid #ifdefs
-
由 Heinrich Schuchardt 提交于
Call pytest3 with argument -ra to display the reason why Python tests are skipped. The -r flag displays a test summary info for each test. -ra eliminates this info for passed tests. Pros an cons were discussed in: https://lists.denx.de/pipermail/u-boot/2020-June/417090.htmlSigned-off-by: NHeinrich Schuchardt <xypron.glpk@gmx.de>
-
https://gitlab.denx.de/u-boot/custodians/u-boot-raspberrypi由 Tom Rini 提交于
- add support for PCI and XHCI for RPi4 (64 bit only) - optionally reset XHCI device on registration - enable USB_KEYBOARD for rpi_4_defconfig
-
由 Tom Rini 提交于
- Bring in Marek Szyprowski's series to allow for arbitrary virtual-physical address mappings.
-
由 Marek Szyprowski 提交于
This requires enabling BRCMSTB PCIe and XHCI_PCI drivers as well as PCI and USB commands. To get it working one has to call the following commands: "pci enum; usb start;", thus such commands have been added to the default "preboot" environment variable. One has to update their environment if it is already configured to get this feature working out of the box. Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com>
-
由 Marek Szyprowski 提交于
Create a non-cacheable mapping for the 0x600000000 physical memory region, where MMIO registers for the PCIe XHCI controller are instantiated by the PCIe bridge. Due to 32bit limit in the CPU virtual address space in ARM 32bit mode, this region is mapped at 0xff800000 CPU virtual address. Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com>
-
由 Seung-Woo Kim 提交于
On build with 32 bit, there is a warning for int-to-pointer-cast. Fix the int to pointer cast by using uintptr_t. Signed-off-by: NSeung-Woo Kim <sw0312.kim@samsung.com> Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com>
-
由 Marek Szyprowski 提交于
Provide function for setting arbitrary virtual-physical MMU mapping and cache settings for the given region. Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: NTom Rini <trini@konsulko.com>
-
由 Marek Szyprowski 提交于
Update the comments in include/asm/system.h to the common style. Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: NTom Rini <trini@konsulko.com>
-
由 Marek Szyprowski 提交于
Move ADDR_MAP related config options from include/configs/*.h to the proper place in lib/Kconfig. This has been done using ./tools/moveconfig.py and manual inspection of the generated changes. This is a preparation to use ADDR_MAP helper on ARM 32bit Raspberry Pi4 board for mapping the PCIe XHCI MMIO, which is above the 4GiB identity mapping limit. Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: NTom Rini <trini@konsulko.com>
-
- 10 7月, 2020 5 次提交
-
-
由 Nicolas Saenz Julienne 提交于
Supporting USB keyboards out of the box is both handy for development and production. Notably if u-boot is used to boot into GRUB. Signed-off-by: NNicolas Saenz Julienne <nsaenzjulienne@suse.de> Reviewed-by: NSylwester Nawrocki <s.nawrocki@samsung.com> Reviewed-by: NBin Meng <bmeng.cn@gmail.com> [mb: drop rpi_4_32b_defconfig hunk] Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
-
由 Nicolas Saenz Julienne 提交于
Some atypical users of xhci might need to manually reset their xHCI controller before starting the HCD setup. Check if a reset controller device is available to the PCI bus and trigger a reset. Signed-off-by: NNicolas Saenz Julienne <nsaenzjulienne@suse.de> [mb: squash fix to only build xhci_reset_hw() if CONFIG_DM_BUS] Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
-
由 Nicolas Saenz Julienne 提交于
This is required in order to access the reset controller used to initialize the board's xHCI chip. Signed-off-by: NNicolas Saenz Julienne <nsaenzjulienne@suse.de> Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
-
由 Nicolas Saenz Julienne 提交于
Raspberry Pi 4's co-processor controls some of the board's HW initialization process, but it's up to Linux to trigger it when relevant. Introduce a reset controller capable of interfacing with RPi4's co-processor that models these firmware initialization routines as reset lines. Signed-off-by: NNicolas Saenz Julienne <nsaenzjulienne@suse.de> Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
-
由 Nicolas Saenz Julienne 提交于
On the Raspberry Pi 4, after a PCI reset, VL805's (a xHCI chip) firmware may either be loaded directly from an EEPROM or, if not present, by the SoC's VideCore (the SoC's co-processor). Introduce the function that informs VideCore that VL805 may need its firmware loaded. Signed-off-by: NNicolas Saenz Julienne <nsaenzjulienne@suse.de> Signed-off-by: NMatthias Brugger <mbrugger@suse.com>
-