diff options
author | Tom Rini <trini@konsulko.com> | 2022-09-19 20:19:39 +0300 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-09-19 23:07:12 +0300 |
commit | e9a1ff9724348408144c7f1c5b5cc26130ba46e5 (patch) | |
tree | 68b56f117206d121b4a7e567b0209c02283c98e6 /lib | |
parent | b6c50e5831f6ce3800d4b3cf3c7aa35dde8c48d9 (diff) | |
parent | f76f3e3b44328fe6229650540109af93750fd5f0 (diff) | |
download | u-boot-e9a1ff9724348408144c7f1c5b5cc26130ba46e5.tar.xz |
Merge branch 'master' into next
Signed-off-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/efi_driver/efi_uclass.c | 9 | ||||
-rw-r--r-- | lib/efi_loader/Kconfig | 17 | ||||
-rw-r--r-- | lib/efi_loader/Makefile | 1 | ||||
-rw-r--r-- | lib/efi_loader/efi_boottime.c | 9 | ||||
-rw-r--r-- | lib/efi_loader/efi_conformance.c | 60 | ||||
-rw-r--r-- | lib/efi_loader/efi_console.c | 5 | ||||
-rw-r--r-- | lib/efi_loader/efi_device_path_to_text.c | 7 | ||||
-rw-r--r-- | lib/efi_loader/efi_disk.c | 17 | ||||
-rw-r--r-- | lib/efi_loader/efi_setup.c | 14 | ||||
-rw-r--r-- | lib/efi_loader/helloworld.c | 66 | ||||
-rw-r--r-- | lib/efi_selftest/Makefile | 1 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest.c | 38 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_ecpt.c | 76 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_fdt.c | 17 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_miniapp_exception.c | 9 | ||||
-rw-r--r-- | lib/efi_selftest/efi_selftest_util.c | 11 | ||||
-rw-r--r-- | lib/tpm-v1.c | 5 | ||||
-rw-r--r-- | lib/tpm-v2.c | 70 | ||||
-rw-r--r-- | lib/tpm_api.c | 10 | ||||
-rw-r--r-- | lib/uuid.c | 4 |
20 files changed, 379 insertions, 67 deletions
diff --git a/lib/efi_driver/efi_uclass.c b/lib/efi_driver/efi_uclass.c index b01ce89c84..74dd003243 100644 --- a/lib/efi_driver/efi_uclass.c +++ b/lib/efi_driver/efi_uclass.c @@ -71,6 +71,15 @@ static efi_status_t EFIAPI efi_uc_supported( EFI_ENTRY("%p, %p, %ls", this, controller_handle, efi_dp_str(remaining_device_path)); + /* + * U-Boot internal devices install protocols interfaces without calling + * ConnectController(). Hence we should not bind an extra driver. + */ + if (controller_handle->dev) { + ret = EFI_UNSUPPORTED; + goto out; + } + ret = EFI_CALL(systab.boottime->open_protocol( controller_handle, bp->ops->protocol, &interface, this->driver_binding_handle, diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 476a22d7ea..41756ea539 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -384,6 +384,23 @@ config EFI_ESRT help Enabling this option creates the ESRT UEFI system table. +config EFI_ECPT + bool "Enable the UEFI ECPT generation" + default y + help + Enabling this option created the ECPT UEFI table. + +config EFI_EBBR_2_0_CONFORMANCE + bool "Add the EBBRv2.0 conformance entry to the ECPT table" + depends on EFI_ECPT + depends on EFI_LOADER_HII + depends on EFI_RISCV_BOOT_PROTOCOL || !RISCV + depends on EFI_RNG_PROTOCOL || !DM_RNG + depends on EFI_UNICODE_COLLATION_PROTOCOL2 + default y + help + Enabling this option adds the EBBRv2.0 conformance entry to the ECPT UEFI table. + config EFI_RISCV_BOOT_PROTOCOL bool "RISCV_EFI_BOOT_PROTOCOL support" default y diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index f54c244c32..e187d2a914 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -76,6 +76,7 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_RISCV_BOOT_PROTOCOL) += efi_riscv.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o +obj-$(CONFIG_EFI_ECPT) += efi_conformance.o EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE)) $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 8da3bb29aa..1bfd094e89 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -619,9 +619,14 @@ efi_status_t efi_remove_all_protocols(const efi_handle_t handle) */ void efi_delete_handle(efi_handle_t handle) { - if (!handle) + efi_status_t ret; + + ret = efi_remove_all_protocols(handle); + if (ret == EFI_INVALID_PARAMETER) { + log_err("Can't remove invalid handle %p\n", handle); return; - efi_remove_all_protocols(handle); + } + list_del(&handle->link); free(handle); } diff --git a/lib/efi_loader/efi_conformance.c b/lib/efi_loader/efi_conformance.c new file mode 100644 index 0000000000..a49aae9249 --- /dev/null +++ b/lib/efi_loader/efi_conformance.c @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * EFI conformance profile table + * + * Copyright (C) 2022 Arm Ltd. + */ + +#include <common.h> +#include <efi_loader.h> +#include <log.h> +#include <efi_api.h> +#include <malloc.h> + +static const efi_guid_t efi_ecpt_guid = EFI_CONFORMANCE_PROFILES_TABLE_GUID; +static const efi_guid_t efi_ebbr_2_0_guid = + EFI_CONFORMANCE_PROFILE_EBBR_2_0_GUID; + +/** + * efi_ecpt_register() - Install the ECPT system table. + * + * Return: status code + */ +efi_status_t efi_ecpt_register(void) +{ + int num_entries = 0; + struct efi_conformance_profiles_table *ecpt; + efi_status_t ret; + size_t ecpt_size; + + ecpt_size = num_entries * sizeof(efi_guid_t) + + sizeof(struct efi_conformance_profiles_table); + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, ecpt_size, + (void **)&ecpt); + + if (ret != EFI_SUCCESS) { + log_err("Out of memory\n"); + + return ret; + } + + if (CONFIG_IS_ENABLED(EFI_EBBR_2_0_CONFORMANCE)) + guidcpy(&ecpt->conformance_profiles[num_entries++], + &efi_ebbr_2_0_guid); + + ecpt->version = EFI_CONFORMANCE_PROFILES_TABLE_VERSION; + ecpt->number_of_profiles = num_entries; + + /* Install the ECPT in the system configuration table. */ + ret = efi_install_configuration_table(&efi_ecpt_guid, (void *)ecpt); + if (ret != EFI_SUCCESS) { + log_err("Failed to install ECPT\n"); + efi_free_pool(ecpt); + + return ret; + } + + log_debug("ECPT created\n"); + + return EFI_SUCCESS; +} diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c index 5be509f0d6..cf9fbd9cb5 100644 --- a/lib/efi_loader/efi_console.c +++ b/lib/efi_loader/efi_console.c @@ -988,12 +988,14 @@ static efi_status_t EFIAPI efi_cin_read_key_stroke_ex( efi_cin_check(); if (!key_available) { + memset(key_data, 0, sizeof(struct efi_key_data)); ret = EFI_NOT_READY; goto out; } /* * CTRL+A - CTRL+Z have to be signaled as a - z. * SHIFT+CTRL+A - SHIFT+CTRL+Z have to be signaled as A - Z. + * CTRL+\ - CTRL+_ have to be signaled as \ - _. */ switch (next_key.key.unicode_char) { case 0x01 ... 0x07: @@ -1006,6 +1008,9 @@ static efi_status_t EFIAPI efi_cin_read_key_stroke_ex( next_key.key.unicode_char += 0x40; else next_key.key.unicode_char += 0x60; + break; + case 0x1c ... 0x1f: + next_key.key.unicode_char += 0x40; } *key_data = next_key; key_available = false; diff --git a/lib/efi_loader/efi_device_path_to_text.c b/lib/efi_loader/efi_device_path_to_text.c index 6c428ee061..9062058ac2 100644 --- a/lib/efi_loader/efi_device_path_to_text.c +++ b/lib/efi_loader/efi_device_path_to_text.c @@ -190,13 +190,14 @@ static char *dp_msging(char *s, struct efi_device_path *dp) struct efi_device_path_nvme *ndp = (struct efi_device_path_nvme *)dp; u32 ns_id; - int i; memcpy(&ns_id, &ndp->ns_id, sizeof(ns_id)); s += sprintf(s, "NVMe(0x%x,", ns_id); - for (i = 0; i < sizeof(ndp->eui64); ++i) + + /* Display byte 7 first, byte 0 last */ + for (int i = 0; i < 8; ++i) s += sprintf(s, "%s%02x", i ? "-" : "", - ndp->eui64[i]); + ndp->eui64[i ^ 7]); s += sprintf(s, ")"); break; diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c index 819dcb4f13..e39968a3f3 100644 --- a/lib/efi_loader/efi_disk.c +++ b/lib/efi_loader/efi_disk.c @@ -810,3 +810,20 @@ efi_status_t efi_disk_get_device_name(const efi_handle_t handle, char *buf, int return EFI_SUCCESS; } + +/** + * efi_disks_register() - ensure all block devices are available in UEFI + * + * The function probes all block devices. As we store UEFI variables on the + * EFI system partition this function has to be called before enabling + * variable services. + */ +efi_status_t efi_disks_register(void) +{ + struct udevice *dev; + + uclass_foreach_dev_probe(UCLASS_BLK, dev) { + } + + return EFI_SUCCESS; +} diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c index 751beda590..c633fcd91e 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -246,6 +246,14 @@ efi_status_t efi_init_obj_list(void) /* Set up console modes */ efi_setup_console_size(); + /* + * Probe block devices to find the ESP. + * efi_disks_register() must be called before efi_init_variables(). + */ + ret = efi_disks_register(); + if (ret != EFI_SUCCESS) + goto out; + /* Initialize variable services */ ret = efi_init_variables(); if (ret != EFI_SUCCESS) @@ -266,6 +274,12 @@ efi_status_t efi_init_obj_list(void) if (ret != EFI_SUCCESS) goto out; + if (IS_ENABLED(CONFIG_EFI_ECPT)) { + ret = efi_ecpt_register(); + if (ret != EFI_SUCCESS) + goto out; + } + if (IS_ENABLED(CONFIG_EFI_ESRT)) { ret = efi_esrt_register(); if (ret != EFI_SUCCESS) diff --git a/lib/efi_loader/helloworld.c b/lib/efi_loader/helloworld.c index 10666dc0f2..d565f32745 100644 --- a/lib/efi_loader/helloworld.c +++ b/lib/efi_loader/helloworld.c @@ -29,24 +29,66 @@ static struct efi_system_table *systable; static struct efi_boot_services *boottime; static struct efi_simple_text_output_protocol *con_out; +/* + * Print an unsigned 32bit value as decimal number to an u16 string + * + * @value: value to be printed + * @buf: pointer to buffer address + * on return position of terminating zero word + */ +static void uint2dec(u32 value, u16 **buf) +{ + u16 *pos = *buf; + int i; + u16 c; + u64 f; + + /* + * Increment by .5 and multiply with + * (2 << 60) / 1,000,000,000 = 0x44B82FA0.9B5A52CC + * to move the first digit to bit 60-63. + */ + f = 0x225C17D0; + f += (0x9B5A52DULL * value) >> 28; + f += 0x44B82FA0ULL * value; + + for (i = 0; i < 10; ++i) { + /* Write current digit */ + c = f >> 60; + if (c || pos != *buf) + *pos++ = c + '0'; + /* Eliminate current digit */ + f &= 0xfffffffffffffff; + /* Get next digit */ + f *= 0xaULL; + } + if (pos == *buf) + *pos++ = '0'; + *pos = 0; + *buf = pos; +} + /** * print_uefi_revision() - print UEFI revision number */ static void print_uefi_revision(void) { - u16 rev[] = u"0.0.0"; - - rev[0] = (systable->hdr.revision >> 16) + '0'; - rev[4] = systable->hdr.revision & 0xffff; - for (; rev[4] >= 10;) { - rev[4] -= 10; - ++rev[2]; + u16 rev[13] = {0}; + u16 *buf = rev; + u16 digit; + + uint2dec(systable->hdr.revision >> 16, &buf); + *buf++ = '.'; + uint2dec(systable->hdr.revision & 0xffff, &buf); + + /* Minor revision is only to be shown if non-zero */ + digit = *--buf; + if (digit == '0') { + *buf = 0; + } else { + *buf++ = '.'; + *buf = digit; } - /* Third digit is only to be shown if non-zero */ - if (rev[4]) - rev[4] += '0'; - else - rev[3] = 0; con_out->output_string(con_out, u"Running on UEFI "); con_out->output_string(con_out, rev); diff --git a/lib/efi_selftest/Makefile b/lib/efi_selftest/Makefile index 33536c9ec0..daac6c3968 100644 --- a/lib/efi_selftest/Makefile +++ b/lib/efi_selftest/Makefile @@ -49,6 +49,7 @@ efi_selftest_variables.o \ efi_selftest_variables_runtime.o \ efi_selftest_watchdog.o +obj-$(CONFIG_EFI_ECPT) += efi_selftest_ecpt.o obj-$(CONFIG_NET) += efi_selftest_snp.o obj-$(CONFIG_EFI_DEVICE_PATH_TO_TEXT) += efi_selftest_devicepath.o diff --git a/lib/efi_selftest/efi_selftest.c b/lib/efi_selftest/efi_selftest.c index 8e427b9e51..191da7fc45 100644 --- a/lib/efi_selftest/efi_selftest.c +++ b/lib/efi_selftest/efi_selftest.c @@ -14,8 +14,8 @@ #define EFI_ST_EXECUTE 2 #define EFI_ST_TEARDOWN 4 -static const struct efi_system_table *systable; -static const struct efi_boot_services *boottime; +const struct efi_system_table *st_systable; +const struct efi_boot_services *st_boottime; static const struct efi_runtime_services *runtime; static efi_handle_t handle; static u16 reset_message[] = u"Selftest completed"; @@ -41,7 +41,7 @@ void efi_st_exit_boot_services(void) /* Do not detach devices in ExitBootServices. We need the console. */ efi_st_keep_devices = true; - ret = boottime->get_memory_map(&map_size, NULL, &map_key, &desc_size, + ret = st_boottime->get_memory_map(&map_size, NULL, &map_key, &desc_size, &desc_version); if (ret != EFI_BUFFER_TOO_SMALL) { efi_st_error( @@ -50,19 +50,19 @@ void efi_st_exit_boot_services(void) } /* Allocate extra space for newly allocated memory */ map_size += sizeof(struct efi_mem_desc); - ret = boottime->allocate_pool(EFI_BOOT_SERVICES_DATA, map_size, + ret = st_boottime->allocate_pool(EFI_BOOT_SERVICES_DATA, map_size, (void **)&memory_map); if (ret != EFI_SUCCESS) { efi_st_error("AllocatePool did not return EFI_SUCCESS\n"); return; } - ret = boottime->get_memory_map(&map_size, memory_map, &map_key, + ret = st_boottime->get_memory_map(&map_size, memory_map, &map_key, &desc_size, &desc_version); if (ret != EFI_SUCCESS) { efi_st_error("GetMemoryMap did not return EFI_SUCCESS\n"); return; } - ret = boottime->exit_boot_services(handle, map_key); + ret = st_boottime->exit_boot_services(handle, map_key); if (ret != EFI_SUCCESS) { efi_st_error("ExitBootServices did not return EFI_SUCCESS\n"); return; @@ -84,7 +84,7 @@ static int setup(struct efi_unit_test *test, unsigned int *failures) if (!test->setup) return EFI_ST_SUCCESS; efi_st_printc(EFI_LIGHTBLUE, "\nSetting up '%s'\n", test->name); - ret = test->setup(handle, systable); + ret = test->setup(handle, st_systable); if (ret != EFI_ST_SUCCESS) { efi_st_error("Setting up '%s' failed\n", test->name); ++*failures; @@ -240,8 +240,8 @@ void efi_st_do_tests(const u16 *testname, unsigned int phase, * All tests use a driver model and are run in three phases: * setup, execute, teardown. * - * A test may be setup and executed at boottime, - * it may be setup at boottime and executed at runtime, + * A test may be setup and executed at st_boottime, + * it may be setup at st_boottime and executed at runtime, * or it may be setup and executed at runtime. * * After executing all tests the system is reset. @@ -257,14 +257,14 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle, struct efi_loaded_image *loaded_image; efi_status_t ret; - systable = systab; - boottime = systable->boottime; - runtime = systable->runtime; + st_systable = systab; + st_boottime = st_systable->boottime; + runtime = st_systable->runtime; handle = image_handle; - con_out = systable->con_out; - con_in = systable->con_in; + con_out = st_systable->con_out; + con_in = st_systable->con_in; - ret = boottime->handle_protocol(image_handle, &efi_guid_loaded_image, + ret = st_boottime->handle_protocol(image_handle, &efi_guid_loaded_image, (void **)&loaded_image); if (ret != EFI_SUCCESS) { efi_st_error("Cannot open loaded image protocol\n"); @@ -280,9 +280,9 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle, list_all_tests(); /* * TODO: - * Once the Exit boottime service is correctly + * Once the Exit st_boottime service is correctly * implemented we should call - * boottime->exit(image_handle, EFI_SUCCESS, 0, NULL); + * st_boottime->exit(image_handle, EFI_SUCCESS, 0, NULL); * here, cf. * https://lists.denx.de/pipermail/u-boot/2017-October/308720.html */ @@ -300,7 +300,7 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle, efi_unit_test)); /* Allocate buffer for setup results */ - ret = boottime->allocate_pool(EFI_RUNTIME_SERVICES_DATA, sizeof(int) * + ret = st_boottime->allocate_pool(EFI_RUNTIME_SERVICES_DATA, sizeof(int) * ll_entry_count(struct efi_unit_test, efi_unit_test), (void **)&setup_status); @@ -309,7 +309,7 @@ efi_status_t EFIAPI efi_selftest(efi_handle_t image_handle, return ret; } - /* Execute boottime tests */ + /* Execute st_boottime tests */ efi_st_do_tests(testname, EFI_EXECUTE_BEFORE_BOOTTIME_EXIT, EFI_ST_SETUP | EFI_ST_EXECUTE | EFI_ST_TEARDOWN, &failures); diff --git a/lib/efi_selftest/efi_selftest_ecpt.c b/lib/efi_selftest/efi_selftest_ecpt.c new file mode 100644 index 0000000000..e8cc13545d --- /dev/null +++ b/lib/efi_selftest/efi_selftest_ecpt.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * efi_selftest_fdt + * + * Copyright (c) 2022 Heinrich Schuchardt <xypron.glpk@gmx.de> + * + * Check the EFI_CONFORMANCE_PROFILE_TABLE + */ + +#include <efi_selftest.h> + +static const efi_guid_t guid_ecpt = EFI_CONFORMANCE_PROFILES_TABLE_GUID; +static const efi_guid_t guid_ebbr_2_0 = EFI_CONFORMANCE_PROFILE_EBBR_2_0_GUID; + +/* + * ecpt_find_guid() - find GUID in EFI Conformance Profile Table + * + * @ecpt: EFI Conformance Profile Table + * @guid: GUID to find + * Return: EFI_ST_SUCCESS for success + */ +static int ecpt_find_guid(struct efi_conformance_profiles_table *ecpt, + const efi_guid_t *guid) { + int i; + + for (i = 0; i < ecpt->number_of_profiles; ++i) { + if (!memcmp(&ecpt->conformance_profiles[i], guid, 16)) + return EFI_ST_SUCCESS; + } + efi_st_error("GUID %pU not found\n", guid); + return EFI_ST_FAILURE; +} + +/* + * Execute unit test. + * + * Return: EFI_ST_SUCCESS for success + */ +static int execute(void) +{ + struct efi_conformance_profiles_table *ecpt; + int expected_entries = 0; + + ecpt = efi_st_get_config_table(&guid_ecpt); + + if (!ecpt) { + efi_st_error("Missing EFI Conformance Profile Table\n"); + return EFI_ST_FAILURE; + } + + if (ecpt->version != EFI_CONFORMANCE_PROFILES_TABLE_VERSION) { + efi_st_error("Wrong table version\n"); + return EFI_ST_FAILURE; + } + + if (CONFIG_IS_ENABLED(EFI_EBBR_2_0_CONFORMANCE)) { + ++expected_entries; + if (ecpt_find_guid(ecpt, &guid_ebbr_2_0)) + return EFI_ST_FAILURE; + } + + if (ecpt->number_of_profiles != expected_entries) { + efi_st_error("Expected %d entries, found %d\n", + expected_entries, ecpt->number_of_profiles); + return EFI_ST_FAILURE; + } + + return EFI_ST_SUCCESS; +} + + +EFI_UNIT_TEST(ecpt) = { + .name = "conformance profile table", + .phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT, + .execute = execute, +}; diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index 114ac58bf5..aa3b13ae3a 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -144,23 +144,6 @@ static char *get_property(const u16 *property, const u16 *node) return NULL; } -/** - * efi_st_get_config_table() - get configuration table - * - * @guid: GUID of the configuration table - * Return: pointer to configuration table or NULL - */ -static void *efi_st_get_config_table(const efi_guid_t *guid) -{ - size_t i; - - for (i = 0; i < systab.nr_tables; i++) { - if (!guidcmp(guid, &systemtab->tables[i].guid)) - return systemtab->tables[i].table; - } - return NULL; -} - /* * Setup unit test. * diff --git a/lib/efi_selftest/efi_selftest_miniapp_exception.c b/lib/efi_selftest/efi_selftest_miniapp_exception.c index 79f9a67859..a9ad381001 100644 --- a/lib/efi_selftest/efi_selftest_miniapp_exception.c +++ b/lib/efi_selftest/efi_selftest_miniapp_exception.c @@ -9,6 +9,7 @@ #include <common.h> #include <efi_api.h> +#include <host_arch.h> /* * Entry point of the EFI application. @@ -33,11 +34,17 @@ efi_status_t EFIAPI efi_main(efi_handle_t handle, asm volatile (".word 0xe7f7defb\n"); #elif defined(CONFIG_RISCV) asm volatile (".word 0xffffffff\n"); +#elif defined(CONFIG_X86) + asm volatile (".word 0xffff\n"); #elif defined(CONFIG_SANDBOX) +#if (HOST_ARCH == HOST_ARCH_ARM || HOST_ARCH == HOST_ARCH_AARCH64) + asm volatile (".word 0xe7f7defb\n"); +#elif (HOST_ARCH == HOST_ARCH_RISCV32 || HOST_ARCH == HOST_ARCH_RISCV64) asm volatile (".word 0xffffffff\n"); -#elif defined(CONFIG_X86) +#elif (HOST_ARCH == HOST_ARCH_X86 || HOST_ARCH == HOST_ARCH_X86_64) asm volatile (".word 0xffff\n"); #endif +#endif con_out->output_string(con_out, u"Exception not triggered.\n"); return EFI_ABORTED; } diff --git a/lib/efi_selftest/efi_selftest_util.c b/lib/efi_selftest/efi_selftest_util.c index dba02d6b56..7e03e0c939 100644 --- a/lib/efi_selftest/efi_selftest_util.c +++ b/lib/efi_selftest/efi_selftest_util.c @@ -110,3 +110,14 @@ int efi_st_strcmp_16_8(const u16 *buf1, const char *buf2) } return 0; } + +void *efi_st_get_config_table(const efi_guid_t *guid) +{ + size_t i; + + for (i = 0; i < st_systable->nr_tables; i++) { + if (!guidcmp(guid, &st_systable->tables[i].guid)) + return st_systable->tables[i].table; + } + return NULL; +} diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 22a769c587..d0e3ab1b21 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -456,12 +456,13 @@ u32 tpm1_get_permissions(struct udevice *dev, u32 index, u32 *perm) 0x0, 0x0, 0x0, 0x4, }; const size_t index_offset = 18; - const size_t perm_offset = 60; + const size_t perm_offset = 74; u8 buf[COMMAND_BUFFER_SIZE], response[COMMAND_BUFFER_SIZE]; size_t response_length = sizeof(response); u32 err; - if (pack_byte_string(buf, sizeof(buf), "d", 0, command, sizeof(command), + if (pack_byte_string(buf, sizeof(buf), "sd", + 0, command, sizeof(command), index_offset, index)) return TPM_LIB_ERROR; err = tpm_sendrecv_command(dev, buf, response, &response_length); diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 1bf627853a..697b982e07 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -89,14 +89,18 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Calculate the offset of the nv_policy piece by adding each of the * chunks below. */ - uint offset = 10 + 8 + 13 + 14; + const int platform_len = sizeof(u32); + const int session_hdr_len = 13; + const int message_len = 14; + uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + + message_len; u8 command_v2[COMMAND_BUFFER_SIZE] = { /* header 10 bytes */ tpm_u16(TPM2_ST_SESSIONS), /* TAG */ - tpm_u32(offset + nv_policy_size),/* Length */ + tpm_u32(offset + nv_policy_size + 2),/* Length */ tpm_u32(TPM2_CC_NV_DEFINE_SPACE),/* Command code */ - /* handles 8 bytes */ + /* handles 4 bytes */ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ /* session header 13 bytes */ @@ -107,12 +111,15 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, tpm_u16(0), /* auth_size */ /* message 14 bytes + policy */ - tpm_u16(12 + nv_policy_size), /* size */ + tpm_u16(message_len + nv_policy_size), /* size */ tpm_u32(space_index), tpm_u16(TPM2_ALG_SHA256), tpm_u32(nv_attributes), tpm_u16(nv_policy_size), - /* nv_policy */ + /* + * nv_policy + * space_size + */ }; int ret; @@ -120,8 +127,9 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * Fill the command structure starting from the first buffer: * - the password (if any) */ - ret = pack_byte_string(command_v2, sizeof(command_v2), "s", - offset, nv_policy, nv_policy_size); + ret = pack_byte_string(command_v2, sizeof(command_v2), "sw", + offset, nv_policy, nv_policy_size, + offset + nv_policy_size, space_size); if (ret) return TPM_LIB_ERROR; @@ -157,6 +165,8 @@ u32 tpm2_pcr_extend(struct udevice *dev, u32 index, u32 algorithm, }; int ret; + if (!digest) + return -EINVAL; /* * Fill the command structure starting from the first buffer: * - the digest @@ -669,3 +679,49 @@ u32 tpm2_submit_command(struct udevice *dev, const u8 *sendbuf, { return tpm_sendrecv_command(dev, sendbuf, recvbuf, recv_size); } + +u32 tpm2_report_state(struct udevice *dev, uint vendor_cmd, uint vendor_subcmd, + u8 *recvbuf, size_t *recv_size) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(vendor_cmd), /* Command code */ + + tpm_u16(vendor_subcmd), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, recvbuf, recv_size); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + if (*recv_size < 12) + return -ENODATA; + *recv_size -= 12; + memcpy(recvbuf, recvbuf + 12, *recv_size); + + return 0; +} + +u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd, + uint vendor_subcmd) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + /* header 10 bytes */ + tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */ + tpm_u32(10 + 2), /* Length */ + tpm_u32(vendor_cmd), /* Command code */ + + tpm_u16(vendor_subcmd), + }; + int ret; + + ret = tpm_sendrecv_command(dev, command_v2, NULL, NULL); + log_debug("ret=%s, %x\n", dev->name, ret); + if (ret) + return ret; + + return 0; +} diff --git a/lib/tpm_api.c b/lib/tpm_api.c index 032f383ca0..7e8df8795e 100644 --- a/lib/tpm_api.c +++ b/lib/tpm_api.c @@ -140,15 +140,17 @@ u32 tpm_write_lock(struct udevice *dev, u32 index) } u32 tpm_pcr_extend(struct udevice *dev, u32 index, const void *in_digest, - void *out_digest) + uint size, void *out_digest, const char *name) { - if (tpm_is_v1(dev)) + if (tpm_is_v1(dev)) { return tpm1_extend(dev, index, in_digest, out_digest); - else if (tpm_is_v2(dev)) + } else if (tpm_is_v2(dev)) { return tpm2_pcr_extend(dev, index, TPM2_ALG_SHA256, in_digest, TPM2_DIGEST_LEN); - else + /* @name is ignored as we do not support the TPM log here */ + } else { return -ENOSYS; + } } u32 tpm_pcr_read(struct udevice *dev, u32 index, void *data, size_t count) diff --git a/lib/uuid.c b/lib/uuid.c index 284f8113ff..465e1ac38f 100644 --- a/lib/uuid.c +++ b/lib/uuid.c @@ -220,6 +220,10 @@ static const struct { "TCG2 Final Events Table", EFI_TCG2_FINAL_EVENTS_TABLE_GUID, }, + { + "EFI Conformance Profiles Table", + EFI_CONFORMANCE_PROFILES_TABLE_GUID, + }, #ifdef CONFIG_EFI_RISCV_BOOT_PROTOCOL { "RISC-V Boot", |