Pull request for UEFI sub-system for efi-2020-10-rc1 (2)

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Jul 9 18:12:02 CEST 2020


The following changes since commit 61608f395e7dcb2be6060407a72a1149b046430a:

  Merge branch '2020-07-08-misc-features-and-fixes' (2020-07-08 20:20:24
-0400)

are available in the Git repository at:

  https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git efi-2020-10-rc1-2

for you to fetch changes up to f4cef8e7585c268f05a8c39e368ca115c25e40d5:

  efi_selftest: adjust runtime test for variables (2020-07-09 12:08:41
+0200)

----------------------------------------------------------------
Pull request for UEFI sub-system for efi-2020-10-rc1 (2)

Up to now UEFI variables where stored in U-Boot environment variables.
Saving UEFI variables was not possible without saving the U-Boot
environment variables. With this patch series file ubootefi.var in the
EFI system partition is used for saving UEFI variables. Furthermore the
UEFI variables are exposed for reading at runtime.

Code corrections for UEFI secure boot are provided.

A buffer overrun in the RSA library is fixed.

----------------------------------------------------------------
AKASHI Takahiro (13):
      efi_loader: image_loader: add a check against certificate type of
authenticode
      efi_loader: image_loader: retrieve authenticode only if it exists
      efi_loader: signature: fix a size check against revocation list
      efi_loader: signature: make efi_hash_regions more generic
      efi_loader: image_loader: verification for all signatures should pass
      efi_loader: image_loader: add digest-based verification for signed
image
      test/py: efi_secboot: apply autopep8
      test/py: efi_secboot: more fixes against pylint
      test/py: efi_secboot: split "signed image" test case-1 into two cases
      test/py: efi_secboot: add a test against certificate revocation
      test/py: efi_secboot: add a test for multiple signatures
      test/py: efi_secboot: add a test for verifying with digest of
signed image
      lib: rsa: export rsa_verify_with_pkey()

Heinrich Schuchardt (22):
      lib/crypto: use qualified path for x509_parser.h
      efi_loader: wrong printf format in efi_image_parse
      efi_loader: fix efi_get_child_controllers()
      efi_loader: NULL dereference in efi_convert_pointer
      fs/fat: reduce data size for FAT_WRITE
      efi_loader: prepare for read only OP-TEE variables
      efi_loader: display RO attribute in printenv -e
      efi_loader: separate UEFI variable API from implemementation
      efi_loader: OsIndicationsSupported, PlatformLangCodes
      efi_loader: simplify boot manager
      efi_loader: keep attributes in efi_set_variable_int
      efi_loader: value of VendorKeys
      efi_loader: read-only AuditMode and DeployedMode
      efi_loader: secure boot flag
      efi_loader: UEFI variable persistence
      efi_loader: export efi_convert_pointer()
      efi_loader: optional pointer for ConvertPointer
      efi_loader: new function efi_memcpy_runtime()
      efi_loader: memory buffer for variables
      efi_loader: use memory based variable storage
      efi_loader: enable UEFI variables at runtime
      efi_selftest: adjust runtime test for variables

Ilias Apalodimas (1):
      efi_loader: cleanup for tee backed variables

 cmd/nvedit_efi.c                                  |  24 +-
 doc/api/efi.rst                                   |   2 +
 fs/fat/fat_write.c                                |   9 +-
 include/crypto/pkcs7_parser.h                     |   2 +-
 include/efi_api.h                                 |   2 +
 include/efi_loader.h                              |  21 +-
 include/efi_variable.h                            | 198 ++++++
 include/u-boot/rsa.h                              |   3 +
 lib/efi_loader/Kconfig                            |   8 +
 lib/efi_loader/Makefile                           |   3 +
 lib/efi_loader/efi_bootmgr.c                      |  28 +-
 lib/efi_loader/efi_boottime.c                     |  12 +-
 lib/efi_loader/efi_image_loader.c                 | 164 +++--
 lib/efi_loader/efi_runtime.c                      |  38 +-
 lib/efi_loader/efi_setup.c                        |  59 +-
 lib/efi_loader/efi_signature.c                    | 435 ++++++------
 lib/efi_loader/efi_var_common.c                   | 140 ++++
 lib/efi_loader/efi_var_file.c                     | 239 +++++++
 lib/efi_loader/efi_var_mem.c                      | 266 +++++++
 lib/efi_loader/efi_variable.c                     | 830
+++++-----------------
 lib/efi_loader/efi_variable_tee.c                 | 138 +---
 lib/efi_selftest/efi_selftest_variables_runtime.c |  13 +-
 lib/rsa/rsa-verify.c                              |   8 +-
 test/py/tests/test_efi_secboot/conftest.py        | 104 +--
 test/py/tests/test_efi_secboot/defs.py            |  14 +-
 test/py/tests/test_efi_secboot/test_authvar.py    |  92 +--
 test/py/tests/test_efi_secboot/test_signed.py     | 206 +++++-
 test/py/tests/test_efi_secboot/test_unsigned.py   |  66 +-
 28 files changed, 1867 insertions(+), 1257 deletions(-)
 create mode 100644 include/efi_variable.h
 create mode 100644 lib/efi_loader/efi_var_common.c
 create mode 100644 lib/efi_loader/efi_var_file.c
 create mode 100644 lib/efi_loader/efi_var_mem.c


More information about the U-Boot mailing list