mbox series

Pull request for UEFI sub-system for efi-2020-10-rc1

Message ID fcf6e3d9-8fb0-53f0-5eca-e2b85c0cf5a1@gmx.de
State Accepted
Delegated to: Tom Rini
Headers show
Series Pull request for UEFI sub-system for efi-2020-10-rc1 | expand

Pull-request

https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2020-10-rc1

Message

Heinrich Schuchardt July 4, 2020, 9:50 a.m. UTC 
The following changes since commit bcfe764ee925d0820e82c69ccf75b71d142644c7:

  Merge tag 'efi-2020-07-rc6-2' of
https://gitlab.denx.de/u-boot/custodians/u-boot-efi (2020-06-30 17:15:39
-0400)

are available in the Git repository at:

  https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
tags/efi-2020-10-rc1

for you to fetch changes up to 93f6201af71d9a0a521c99212e6066778270a357:

  efi_loader: imply FAT, FAT_WRITE (2020-07-03 18:03:56 +0200)

----------------------------------------------------------------
Pull request for UEFI sub-system for efi-2020-10-rc1

This series comprises error corrections for the UEFI subsystem:

* correct consideration of timestamps for variable authentication
* correct collection of data regions for code authentication
* correct unit tests to test loading dbx
* enable FAT_WRITE as required by the UEFI spec

The boot manager uses log functions instead of printf() and debug().

The UEFI intialization state is exported.

----------------------------------------------------------------
AKASHI Takahiro (7):
      efi_loader: change efi objects initialization order
      Revert "test: stabilize test_efi_secboot"
      efi_loader: signature: replace debug to EFI_PRINT
      efi_loader: variable: replace debug to EFI_PRINT
      efi_loader: image_loader: replace debug to EFI_PRINT
      test/py: efi_secboot: remove all "re.search"
      test/py: efi_secboot: fix test case 1g of test_authvar

Heinrich Schuchardt (9):
      test: correct time stamps for UEFI authentication
      efi_loader: fix efi_image_region_add()
      test: provide tests for efi_image_region_add()
      efi_loader: add missing validation of timestamp
      efi_loader: time based authentication
      efi_loader: use log function in boot manager
      efi_loader: rtc_mktime() called twice
      efi_loader: export initialization state
      efi_loader: imply FAT, FAT_WRITE

 MAINTAINERS                                     |   1 +
 include/efi_loader.h                            |   3 +
 lib/efi_loader/Kconfig                          |   2 +
 lib/efi_loader/efi_bootmgr.c                    |  26 ++--
 lib/efi_loader/efi_image_loader.c               |  64 +++++-----
 lib/efi_loader/efi_setup.c                      |   9 +-
 lib/efi_loader/efi_signature.c                  | 152
+++++++++++-----------
 lib/efi_loader/efi_variable.c                   |  52 +++++---
 test/lib/Makefile                               |   1 +
 test/lib/efi_image_region.c                     | 163
++++++++++++++++++++++++
 test/py/tests/test_efi_secboot/conftest.py      |  16 +--
 test/py/tests/test_efi_secboot/test_authvar.py  |  91 +++++++------
 test/py/tests/test_efi_secboot/test_signed.py   |  38 +++---
 test/py/tests/test_efi_secboot/test_unsigned.py |  38 +++---
 14 files changed, 420 insertions(+), 236 deletions(-)
 create mode 100644 test/lib/efi_image_region.c

Comments

Tom Rini July 5, 2020, 11:40 p.m. UTC | #1 
On Sat, Jul 04, 2020 at 11:50:01AM +0200, Heinrich Schuchardt wrote:
> The following changes since commit bcfe764ee925d0820e82c69ccf75b71d142644c7:
> 
>   Merge tag 'efi-2020-07-rc6-2' of
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi (2020-06-30 17:15:39
> -0400)
> 
> are available in the Git repository at:
> 
>   https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
> tags/efi-2020-10-rc1
> 
> for you to fetch changes up to 93f6201af71d9a0a521c99212e6066778270a357:
> 
>   efi_loader: imply FAT, FAT_WRITE (2020-07-03 18:03:56 +0200)
> 
> ----------------------------------------------------------------
> Pull request for UEFI sub-system for efi-2020-10-rc1
> 
> This series comprises error corrections for the UEFI subsystem:
> 
> * correct consideration of timestamps for variable authentication
> * correct collection of data regions for code authentication
> * correct unit tests to test loading dbx
> * enable FAT_WRITE as required by the UEFI spec

So, FAT_WRITE is required by the UEFI spec, ok.  Are we exposing the
ability to write files via the UEFI API?  What happens if we return
failure to write here?  I'm asking because the first thing I see
reviewing this is thee large number of platforms with:
               u-boot: add: 30/0, grow: 5/-4 bytes: 139792/-10412 (129380)
                 function                                   old     new   delta
                 tmpbuf_cluster                               -  131072 +131072

For FAT write support.  Perhaps another way of looking at it is, can we
rework the FAT write support to get that buffer dynamically?  Thanks!
Heinrich Schuchardt July 6, 2020, 9:37 a.m. UTC | #2 
On 06.07.20 01:40, Tom Rini wrote:
> On Sat, Jul 04, 2020 at 11:50:01AM +0200, Heinrich Schuchardt wrote:
>> The following changes since commit bcfe764ee925d0820e82c69ccf75b71d142644c7:
>>
>>   Merge tag 'efi-2020-07-rc6-2' of
>> https://gitlab.denx.de/u-boot/custodians/u-boot-efi (2020-06-30 17:15:39
>> -0400)
>>
>> are available in the Git repository at:
>>
>>   https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
>> tags/efi-2020-10-rc1
>>
>> for you to fetch changes up to 93f6201af71d9a0a521c99212e6066778270a357:
>>
>>   efi_loader: imply FAT, FAT_WRITE (2020-07-03 18:03:56 +0200)
>>
>> ----------------------------------------------------------------
>> Pull request for UEFI sub-system for efi-2020-10-rc1
>>
>> This series comprises error corrections for the UEFI subsystem:
>>
>> * correct consideration of timestamps for variable authentication
>> * correct collection of data regions for code authentication
>> * correct unit tests to test loading dbx
>> * enable FAT_WRITE as required by the UEFI spec
>
> So, FAT_WRITE is required by the UEFI spec, ok.  Are we exposing the
> ability to write files via the UEFI API?  What happens if we return

Yes the UEFI API allows to write files. If the write fails we return an
error code conforming to the UEFI specification.

But especially I want to save non-volatile UEFI variables on the EFI
system partition in v2020.10. Cf.
https://patchwork.ozlabs.org/project/uboot/list/?series=167069
Currently I am reworking that patch series.

> failure to write here?  I'm asking because the first thing I see
> reviewing this is thee large number of platforms with:
>                u-boot: add: 30/0, grow: 5/-4 bytes: 139792/-10412 (129380)
>                  function                                   old     new   delta
>                  tmpbuf_cluster                               -  131072 +131072
>
> For FAT write support.  Perhaps another way of looking at it is, can we
> rework the FAT write support to get that buffer dynamically?  Thanks!
>

I will send a patch to allocate tmpbuf_cluster dynamically.

Best regards

Heinrich
Tom Rini July 6, 2020, 6:17 p.m. UTC | #3 
On Sat, Jul 04, 2020 at 11:50:01AM +0200, Heinrich Schuchardt wrote:

> The following changes since commit bcfe764ee925d0820e82c69ccf75b71d142644c7:
> 
>   Merge tag 'efi-2020-07-rc6-2' of
> https://gitlab.denx.de/u-boot/custodians/u-boot-efi (2020-06-30 17:15:39
> -0400)
> 
> are available in the Git repository at:
> 
>   https://gitlab.denx.de/u-boot/custodians/u-boot-efi.git
> tags/efi-2020-10-rc1
> 
> for you to fetch changes up to 93f6201af71d9a0a521c99212e6066778270a357:
> 
>   efi_loader: imply FAT, FAT_WRITE (2020-07-03 18:03:56 +0200)
> 

Given that I see you've addressed the size growth from FAT_WRITE,
applied to u-boot/next, thanks!