Pull request for UEFI sub-system for efi-2020-10-rc1 (3)
The following changes since commit 4a9146c29573dbfa661918280d9522a01f6ca919:
Merge tag 'dm-pull-10jul20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm (2020-07-10 16:22:57 -0400)
are available in the Git repository at:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2020-10-rc1-3
for you to fetch changes up to 4a3155de3dbadfcb933287dbb84c8eff0fd951eb:
efi_selftest: adjust runtime test for variables (2020-07-11 23:14:17 +0200)
Testing in Travis CI and Gitlab CI showed not problems:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/4006 https://travis-ci.org/github/xypron2/u-boot/builds/707245196
---------------------------------------------------------------- Pull request for UEFI sub-system for efi-2020-10-rc1 (3)
Up to now UEFI variables where stored in U-Boot environment variables. Saving UEFI variables was not possible without saving the U-Boot environment variables. With this patch series file ubootefi.var in the EFI system partition is used for saving UEFI variables. Furthermore the UEFI variables are exposed for reading at runtime.
Code corrections for UEFI secure boot are provided.
A buffer overrun in the RSA library is fixed.
---------------------------------------------------------------- AKASHI Takahiro (13): efi_loader: image_loader: add a check against certificate type of authenticode efi_loader: image_loader: retrieve authenticode only if it exists efi_loader: signature: fix a size check against revocation list efi_loader: signature: make efi_hash_regions more generic efi_loader: image_loader: verification for all signatures should pass efi_loader: image_loader: add digest-based verification for signed image test/py: efi_secboot: apply autopep8 test/py: efi_secboot: more fixes against pylint test/py: efi_secboot: split "signed image" test case-1 into two cases test/py: efi_secboot: add a test against certificate revocation test/py: efi_secboot: add a test for multiple signatures test/py: efi_secboot: add a test for verifying with digest of signed image lib: rsa: export rsa_verify_with_pkey()
Heinrich Schuchardt (23): lib/crypto: use qualified path for x509_parser.h test: use virt-make-fs to build image efi_loader: wrong printf format in efi_image_parse efi_loader: fix efi_get_child_controllers() efi_loader: NULL dereference in efi_convert_pointer fs/fat: reduce data size for FAT_WRITE efi_loader: prepare for read only OP-TEE variables efi_loader: display RO attribute in printenv -e efi_loader: separate UEFI variable API from implemementation efi_loader: OsIndicationsSupported, PlatformLangCodes efi_loader: simplify boot manager efi_loader: keep attributes in efi_set_variable_int efi_loader: value of VendorKeys efi_loader: read-only AuditMode and DeployedMode efi_loader: secure boot flag efi_loader: UEFI variable persistence efi_loader: export efi_convert_pointer() efi_loader: optional pointer for ConvertPointer efi_loader: new function efi_memcpy_runtime() efi_loader: memory buffer for variables efi_loader: use memory based variable storage efi_loader: enable UEFI variables at runtime efi_selftest: adjust runtime test for variables
Ilias Apalodimas (1): efi_loader: cleanup for tee backed variables
cmd/nvedit_efi.c | 24 +- doc/api/efi.rst | 2 + fs/fat/fat_write.c | 9 +- include/crypto/pkcs7_parser.h | 2 +- include/efi_api.h | 2 + include/efi_loader.h | 21 +- include/efi_variable.h | 198 +++++ include/u-boot/rsa.h | 3 + lib/efi_loader/Kconfig | 8 + lib/efi_loader/Makefile | 3 + lib/efi_loader/efi_bootmgr.c | 28 +- lib/efi_loader/efi_boottime.c | 12 +- lib/efi_loader/efi_image_loader.c | 164 +++-- lib/efi_loader/efi_runtime.c | 38 +- lib/efi_loader/efi_setup.c | 59 +- lib/efi_loader/efi_signature.c | 435 +++++------ lib/efi_loader/efi_var_common.c | 140 ++++ lib/efi_loader/efi_var_file.c | 239 +++++++ lib/efi_loader/efi_var_mem.c | 266 +++++++ lib/efi_loader/efi_variable.c | 836 +++++----------------- lib/efi_loader/efi_variable_tee.c | 138 +--- lib/efi_selftest/efi_selftest_variables_runtime.c | 13 +- lib/rsa/rsa-verify.c | 8 +- test/py/tests/test_efi_secboot/conftest.py | 121 ++-- test/py/tests/test_efi_secboot/defs.py | 15 +- test/py/tests/test_efi_secboot/test_authvar.py | 92 +-- test/py/tests/test_efi_secboot/test_signed.py | 206 +++++- test/py/tests/test_efi_secboot/test_unsigned.py | 66 +- 28 files changed, 1864 insertions(+), 1284 deletions(-) create mode 100644 include/efi_variable.h create mode 100644 lib/efi_loader/efi_var_common.c create mode 100644 lib/efi_loader/efi_var_file.c create mode 100644 lib/efi_loader/efi_var_mem.c
On Mon, Jul 13, 2020 at 12:42:55PM +0200, Heinrich Schuchardt wrote:
The following changes since commit 4a9146c29573dbfa661918280d9522a01f6ca919:
Merge tag 'dm-pull-10jul20' of https://gitlab.denx.de/u-boot/custodians/u-boot-dm (2020-07-10 16:22:57 -0400)
are available in the Git repository at:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2020-10-rc1-3
for you to fetch changes up to 4a3155de3dbadfcb933287dbb84c8eff0fd951eb:
efi_selftest: adjust runtime test for variables (2020-07-11 23:14:17 +0200)
Testing in Travis CI and Gitlab CI showed not problems:
https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/4006 https://travis-ci.org/github/xypron2/u-boot/builds/707245196
Applied to u-boot/master, thanks!
participants (2)
-
Heinrich Schuchardt -
Tom Rini