Pull request for UEFI sub-system for efi-2020-10-rc1 (5)

Wed Jul 22 17:44:58 CEST 2020

Dear Tom,

the following changes since commit e9f1f5f48650301bd9e4194c474d19081c54f05b:

  Merge https://gitlab.denx.de/u-boot/custodians/u-boot-spi (2020-07-21
16:13:43 -0400)

are available in the Git repository at:

  https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
tags/efi-2020-10-rc1-5

for you to fetch changes up to 5ee81c6e3f9f6f851c69b1e3d2661d96671d1dd1:

  lib: crypto: export and enhance pkcs7_verify_one() (2020-07-22
12:37:17 +0200)

No problems where reported in Gitlab and Travis:

https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/4148
https://travis-ci.org/github/xypron2/u-boot/builds/710701236

----------------------------------------------------------------
Pull request for UEFI sub-system for efi-2020-10-rc1 (5)

The series provides bug fixes for:

* crash in OS when accessing UEFI variables
* returning from UEFI fit images to U-Boot
* error handling for variable services provided by OP-TEE
* error handling in EFI_FILE_PROTOCOL.Read()
* missing function documentation

The first patches needed to use intermediate certificates for
secure boot are added. (The rest of the series requires
updating sbsigntool in our CI systems.)

Logging is enabled in the bootefi command.

----------------------------------------------------------------
AKASHI Takahiro (7):
      test/py: efi_secboot: remove unused function
      test/py: efi_secboot: fix additional pylint errors
      lib: crypto: add public_key_verify_signature()
      lib: crypto: enable x509_check_for_self_signed()
      lib: crypto: import pkcs7_verify.c from linux
      lib: crypto: add pkcs7_digest()
      lib: crypto: export and enhance pkcs7_verify_one()

Heinrich Schuchardt (6):
      efi_loader: efi_current_var after SetVirtualAddressMap
      efi_loader: don't use memmove() in efi_var_mem_del()
      efi_loader: document efi_save_gd(), efi_restore_gd()
      efi_loader: returning from UEFI FIT images
      efi_loader: use logging for bootefi command
      efi_loader: use logging for block device messages

Ilias Apalodimas (2):
      efi_loader: Rename and correct values for ARM_SMC_MM_*
      efi_loader: Check for the native OP-TEE result on mm_communicate calls

Stefan Sørensen (1):
      efi_loader: loosen buffer parameter check in efi_file_read

 cmd/bootefi.c                              |  42 +-
 common/bootm_os.c                          |   9 +-
 include/crypto/pkcs7.h                     |   9 +-
 include/crypto/public_key.h                |   2 +-
 include/mm_communication.h                 |  16 +-
 lib/crypto/Kconfig                         |   3 +
 lib/crypto/Makefile                        |   1 +
 lib/crypto/pkcs7_verify.c                  | 657
+++++++++++++++++++++++++++++
 lib/crypto/public_key.c                    |  70 ++-
 lib/crypto/x509_cert_parser.c              |   2 -
 lib/crypto/x509_public_key.c               |  33 +-
 lib/efi_loader/efi_boottime.c              |  20 +-
 lib/efi_loader/efi_disk.c                  |  23 +-
 lib/efi_loader/efi_file.c                  |   9 +-
 lib/efi_loader/efi_runtime.c               |   2 +
 lib/efi_loader/efi_var_mem.c               |   4 +-
 lib/efi_loader/efi_variable_tee.c          |  12 +-
 test/py/tests/test_efi_fit.py              |   9 +-
 test/py/tests/test_efi_loader.py           |   9 +-
 test/py/tests/test_efi_secboot/conftest.py |  24 +-
 20 files changed, 863 insertions(+), 93 deletions(-)
 create mode 100644 lib/crypto/pkcs7_verify.c