| Message ID | 20201126184110.30521-1-sughosh.ganu@linaro.org |
|---|---|
| Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Chmnw0V1cz9s1l for <incoming@patchwork.ozlabs.org>; Fri, 27 Nov 2020 05:42:03 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1A864826C9; Thu, 26 Nov 2020 19:41:55 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id D41B0826CB; Thu, 26 Nov 2020 19:41:53 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 7D1C3826BA for <u-boot@lists.denx.de>; Thu, 26 Nov 2020 19:41:50 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DAF5F31B; Thu, 26 Nov 2020 10:41:48 -0800 (PST) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AC5CE3F23F; Thu, 26 Nov 2020 10:41:46 -0800 (PST) From: Sughosh Ganu <sughosh.ganu@linaro.org> To: u-boot@lists.denx.de Cc: Takahiro Akashi <takahiro.akashi@linaro.org>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Alexander Graf <agraf@csgraf.de>, Lukasz Majewski <lukma@denx.de>, Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>, Tom Rini <trini@konsulko.com> Subject: [PATCH 00/14] qemu: arm64: Add support for uefi capsule update on qemu arm64 platform Date: Fri, 27 Nov 2020 00:10:56 +0530 Message-Id: <20201126184110.30521-1-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean |
| Series |
qemu: arm64: Add support for uefi capsule update on qemu arm64 platform
|
expand
|
The following series adds support for the uefi capsule update feature on the qemu arm64 platform, along with adding support for the capsule authentication feature. The capsule update feature is supported on a platform configuration booting in a non-secure mode, i.e with -machine virt,secure=off option set. This results in the platform booting u-boot directly without the presence of trusted firmware(tf-a). Steps that need to be followed for using this feature have been provided as part of the documentation. Support has also been added for enabling the capsule authentication feature. Capsule authentication, as defined by the uefi specification is very much on similar lines to the logic used for variable authentication. As a result, most of the signature verification code already in use for variable authentication has been used for capsule authentication. Storage of the public key certificate, needed for the signature verification process is in form of the efi signature list(esl) structure. This public key is stored on the platform's device tree blob. The public key esl file can be embedded into the dtb using the mkeficapsule utility that has been added as part of the capsule update support series[1]. Steps needed for enabling capsule authentication have been provided as part of the documentation. This patch series needs to be applied on top of the capsule update support patch series from Takahiro Akashi[1] [1] - https://patchwork.ozlabs.org/project/uboot/cover/20201117002805.13902-1-takahiro.akashi@linaro.org/ Sughosh Ganu (14): qemu: arm: Use the generated DTB only when CONGIG_OF_BOARD is defined mkeficapsule: Add support for embedding public key in a dtb qemu: arm: Scan the pci bus in board_init crypto: Fix the logic to calculate hash with authattributes set qemu: arm64: Add support for dynamic mtdparts for the platform qemu: arm64: Set dfu_alt_info variable for the platform efi_loader: Add config option to indicate fmp header presence dfu_mtd: Add provision to unlock mtd device efi_loader: Make the pkcs7 header parsing function an extern efi_loader: Re-factor code to build the signature store from efi signature list efi: capsule: Add support for uefi capsule authentication efi_loader: Enable uefi capsule authentication efidebug: capsule: Add a command to update capsule on disk qemu: arm64: Add documentation for capsule update board/emulation/qemu-arm/qemu-arm.c | 170 ++++++++++++++++++++++++ cmd/efidebug.c | 14 ++ doc/board/emulation/qemu-arm.rst | 157 ++++++++++++++++++++++ drivers/dfu/dfu_mtd.c | 20 ++- include/configs/qemu-arm.h | 8 ++ include/efi_api.h | 18 +++ include/efi_loader.h | 12 ++ lib/crypto/pkcs7_verify.c | 37 ++++-- lib/efi_loader/Kconfig | 24 ++++ lib/efi_loader/efi_capsule.c | 122 +++++++++++++++++ lib/efi_loader/efi_firmware.c | 49 ++++++- lib/efi_loader/efi_signature.c | 192 ++++++++++++++++++++------- lib/efi_loader/efi_variable.c | 93 +------------ tools/Makefile | 1 + tools/mkeficapsule.c | 198 ++++++++++++++++++++++++++-- 15 files changed, 954 insertions(+), 161 deletions(-)