Merge tag 'efi-2022-01-rc4-4' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-01-rc4-4

UEFI:

* allow for more than 16 KiB UEFI variable size when using StMM

Others:

* make watchdog sysreset compatible with separate poweroff driver
* avoid OpenSSL deprecation warnings

9 files changed, 29 insertions, 18 deletions

diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst
index a3e2656ab8..43fb10f797 100644
--- a/doc/develop/uefi/uefi.rst
+++ b/doc/develop/uefi/uefi.rst
@@ -248,9 +248,9 @@ OP-TEE Build instructions
     $ export ARCH=arm
     $ CROSS_COMPILE32=arm-linux-gnueabihf- make -j32 CFG_ARM64_core=y \
         PLATFORM=<myboard> CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=y \
-        CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=1 \
-        CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y \
-        CFG_REE_FS=n CFG_CORE_ARM64_PA_BITS=48  CFG_TEE_CORE_LOG_LEVEL=1 \
+        CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=y \
+        CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=y CFG_REE_FS=n \
+        CFG_CORE_ARM64_PA_BITS=48 CFG_TEE_CORE_LOG_LEVEL=1 \
         CFG_TEE_TA_LOG_LEVEL=1 CFG_SCTLR_ALIGNMENT_CHECK=n
 
 U-Boot Build instructions
diff --git a/drivers/sysreset/sysreset_watchdog.c b/drivers/sysreset/sysreset_watchdog.c
index 35efcac59d..8a659ee9b9 100644
--- a/drivers/sysreset/sysreset_watchdog.c
+++ b/drivers/sysreset/sysreset_watchdog.c
@@ -20,9 +20,16 @@ static int wdt_reboot_request(struct udevice *dev, enum sysreset_t type)
 	struct wdt_reboot_plat *plat = dev_get_plat(dev);
 	int ret;
 
-	ret = wdt_expire_now(plat->wdt, 0);
-	if (ret)
-		return ret;
+	switch (type) {
+	case SYSRESET_COLD:
+	case SYSRESET_WARM:
+		ret = wdt_expire_now(plat->wdt, 0);
+		if (ret)
+			return ret;
+		break;
+	default:
+		return -ENOSYS;
+	}
 
 	return -EINPROGRESS;
 }
diff --git a/include/efi.h b/include/efi.h
index 0ec5913ddd..1432038838 100644
--- a/include/efi.h
+++ b/include/efi.h
@@ -321,7 +321,7 @@ struct efi_info_hdr {
  * struct efi_entry_hdr - Header for a table entry
  *
  * @type:	enum eft_entry_t
- * @size	size of entry bytes excluding header and padding
+ * @size:	size of entry bytes excluding header and padding
  * @addr:	address of this entry (0 if it follows the header )
  * @link:	size of entry including header and padding
  * @spare1:	Spare space for expansion
diff --git a/include/tee.h b/include/tee.h
index 44e9cd4321..087810bd12 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -39,6 +39,7 @@
 #define TEE_SUCCESS			0x00000000
 #define TEE_ERROR_STORAGE_NOT_AVAILABLE	0xf0100003
 #define TEE_ERROR_GENERIC		0xffff0000
+#define TEE_ERROR_EXCESS_DATA		0xffff0004
 #define TEE_ERROR_BAD_PARAMETERS	0xffff0006
 #define TEE_ERROR_ITEM_NOT_FOUND	0xffff0008
 #define TEE_ERROR_NOT_IMPLEMENTED	0xffff0009
diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c
index a6d1720f30..e74e35eaa2 100644
--- a/lib/aes/aes-encrypt.c
+++ b/lib/aes/aes-encrypt.c
@@ -2,6 +2,9 @@
 /*
  * Copyright (c) 2019,Softathome
  */
+
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "mkimage.h"
 #include <stdio.h>
 #include <string.h>
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1757a14562..ae6dfa0ba9 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -18,6 +18,8 @@
  * Copyright (c) 2020,2021, Alexandru Gagniuc <mr.nuke.me@gmail.com>
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include <u-boot/ecdsa.h>
 #include <u-boot/fdt-libcrypto.h>
 #include <openssl/ssl.h>
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
index 281f886124..a2c65e3694 100644
--- a/lib/efi_loader/efi_variable_tee.c
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -15,7 +15,6 @@
 #include <malloc.h>
 #include <mm_communication.h>
 
-#define OPTEE_PAGE_SIZE BIT(12)
 extern struct efi_var_file __efi_runtime_data *efi_var_buf;
 static efi_uintn_t max_buffer_size;	/* comm + var + func + data */
 static efi_uintn_t max_payload_size;	/* func + data */
@@ -114,7 +113,11 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
 	rc = tee_invoke_func(conn.tee, &arg, 2, param);
 	tee_shm_free(shm);
 	tee_close_session(conn.tee, conn.session);
-	if (rc || arg.ret != TEE_SUCCESS)
+	if (rc)
+		return EFI_DEVICE_ERROR;
+	if (arg.ret == TEE_ERROR_EXCESS_DATA)
+		log_err("Variable payload too large\n");
+	if (arg.ret != TEE_SUCCESS)
 		return EFI_DEVICE_ERROR;
 
 	switch (param[1].u.value.a) {
@@ -256,15 +259,6 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
 	}
 	*size = var_payload->size;
 	/*
-	 * Although the max payload is configurable on StMM, we only share a
-	 * single page from OP-TEE for the non-secure buffer used to communicate
-	 * with StMM. Since OP-TEE will reject to map anything bigger than that,
-	 * make sure we are in bounds.
-	 */
-	if (*size > OPTEE_PAGE_SIZE)
-		*size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE  -
-			MM_VARIABLE_COMMUNICATE_SIZE;
-	/*
 	 * There seems to be a bug in EDK2 miscalculating the boundaries and
 	 * size checks, so deduct 2 more bytes to fulfill this requirement. Fix
 	 * it up here to ensure backwards compatibility with older versions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 0579e5294e..44f21416ce 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -3,6 +3,8 @@
  * Copyright (c) 2013, Google Inc.
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "mkimage.h"
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 875f636c7a..da8bfe0518 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -8,6 +8,8 @@
  * <thomas.petazzoni@free-electrons.com>
  */
 
+#define OPENSSL_API_COMPAT 0x10101000L
+
 #include "imagetool.h"
 #include <limits.h>
 #include <image.h>