From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heinrich Schuchardt Date: Thu, 16 Apr 2020 19:01:54 +0200 Subject: Pull request for UEFI sub-system for efi-2020-07-rc1 Message-ID: <0e315538-1bdc-d6d6-a7a0-abb79ce5ffcc@gmx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de The following changes since commit 9cb3ce2558ba1fc058dfb26a07fc02603773a211: Merge branch 'master' of git://git.denx.de/u-boot-marvell (2020-04-15 08:30:16 -0400) are available in the Git repository at: https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2020-07-rc1 for you to fetch changes up to b2ace8753d0048487ab6e8955ae9067a6af91559: efi_loader: add some description about UEFI secure boot (2020-04-16 08:12:47 +0200) ---------------------------------------------------------------- Pull request for UEFI sub-system for efi-2020-07-rc1 This pull request * provides an implementation of UEFI secure booting * fixes a problem with the rsa_mod_exp driver which stops some boards from booting when CONFIG_RSA is enabled which is needed for UEFI secure booting * enables the EFI_RNG_PROTOCOL if DM_RNG is enabled * fixes some function comments No problems where reported by Gitlab and Travis: https://gitlab.denx.de/u-boot/custodians/u-boot-efi/pipelines/2782 https://travis-ci.org/github/xypron2/u-boot/builds/675602621 ---------------------------------------------------------------- AKASHI Takahiro (17): efi_loader: add CONFIG_EFI_SECURE_BOOT config option efi_loader: add signature verification functions efi_loader: add signature database parser efi_loader: variable: support variable authentication efi_loader: variable: add secure boot state transition efi_loader: variable: add VendorKeys variable efi_loader: image_loader: support image authentication efi_loader: set up secure boot cmd: env: use appropriate guid for authenticated UEFI variable cmd: env: add "-at" option to "env set -e" command cmd: efidebug: add "test bootmgr" sub-command efi_loader, pytest: set up secure boot environment efi_loader, pytest: add UEFI secure boot tests (authenticated variables) efi_loader, pytest: add UEFI secure boot tests (image) sandbox: add extra configurations for UEFI and related tests travis: add packages for UEFI secure boot test efi_loader: add some description about UEFI secure boot Heinrich Schuchardt (4): efi_loader: function descriptions efi_unicode_collation.c efi_loader: add missing doc comments in efi_disk.c efi_loader: function descriptions efi_watchdog.c drivers: crypto: rsa_mod_exp: avoid DM_FLAG_PRE_RELOC Peter Robinson (1): efi_loader: enable RNG if DM_RNG is enabled .travis.yml | 11 +- cmd/efidebug.c | 78 +- cmd/nvedit.c | 5 +- cmd/nvedit_efi.c | 23 +- configs/sandbox64_defconfig | 3 + configs/sandbox_defconfig | 3 + doc/api/efi.rst | 12 + doc/uefi/uefi.rst | 77 ++ drivers/crypto/fsl/fsl_rsa.c | 1 - drivers/crypto/rsa_mod_exp/mod_exp_sw.c | 1 - include/efi_api.h | 87 +++ include/efi_loader.h | 91 ++- lib/efi_loader/Kconfig | 19 + lib/efi_loader/Makefile | 1 + lib/efi_loader/efi_boottime.c | 10 +- lib/efi_loader/efi_disk.c | 52 +- lib/efi_loader/efi_image_loader.c | 462 +++++++++++- lib/efi_loader/efi_setup.c | 38 + lib/efi_loader/efi_signature.c | 804 ++++++++++++++++++++ lib/efi_loader/efi_unicode_collation.c | 6 +- lib/efi_loader/efi_variable.c | 952 +++++++++++++++++++++--- lib/efi_loader/efi_watchdog.c | 18 +- test/py/README.md | 8 + test/py/tests/test_efi_secboot/conftest.py | 151 ++++ test/py/tests/test_efi_secboot/defs.py | 21 + test/py/tests/test_efi_secboot/test_authvar.py | 282 +++++++ test/py/tests/test_efi_secboot/test_signed.py | 117 +++ test/py/tests/test_efi_secboot/test_unsigned.py | 121 +++ 28 files changed, 3307 insertions(+), 147 deletions(-) create mode 100644 lib/efi_loader/efi_signature.c create mode 100644 test/py/tests/test_efi_secboot/conftest.py create mode 100644 test/py/tests/test_efi_secboot/defs.py create mode 100644 test/py/tests/test_efi_secboot/test_authvar.py create mode 100644 test/py/tests/test_efi_secboot/test_signed.py create mode 100644 test/py/tests/test_efi_secboot/test_unsigned.py