diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-11-26 14:52:11 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-11-26 14:52:11 -0800 |
commit | df28204bb0f29cc475c0a8893c99b46a11a4903f (patch) | |
tree | da198abbba5e9b7a824f531e0ed5c8bba36dbb08 | |
parent | 3f6128139092286cf10e32bef8ccf56a004812d2 (diff) | |
parent | 2278f452a12d5b5b01f96441a7a4336710365022 (diff) | |
download | lwn-df28204bb0f29cc475c0a8893c99b46a11a4903f.tar.gz lwn-df28204bb0f29cc475c0a8893c99b46a11a4903f.zip |
Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull EFI updates from Ingo Molnar:
"The main changes in this cycle were:
- Wire up the EFI RNG code for x86. This enables an additional source
of entropy during early boot.
- Enable the TPM event log code on ARM platforms.
- Update Ard's email address"
* 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi: libstub/tpm: enable tpm eventlog function for ARM platforms
x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table
efi/random: use arch-independent efi_call_proto()
MAINTAINERS: update Ard's email address to @kernel.org
-rw-r--r-- | .mailmap | 1 | ||||
-rw-r--r-- | MAINTAINERS | 8 | ||||
-rw-r--r-- | arch/x86/boot/compressed/eboot.c | 3 | ||||
-rw-r--r-- | drivers/firmware/efi/libstub/Makefile | 5 | ||||
-rw-r--r-- | drivers/firmware/efi/libstub/arm-stub.c | 2 | ||||
-rw-r--r-- | drivers/firmware/efi/libstub/efistub.h | 2 | ||||
-rw-r--r-- | drivers/firmware/efi/libstub/random.c | 23 | ||||
-rw-r--r-- | include/linux/efi.h | 2 |
8 files changed, 33 insertions, 13 deletions
@@ -32,6 +32,7 @@ Andy Adamson <andros@citi.umich.edu> Antoine Tenart <antoine.tenart@free-electrons.com> Antonio Ospite <ao2@ao2.it> <ao2@amarulasolutions.com> Archit Taneja <archit@ti.com> +Ard Biesheuvel <ardb@kernel.org> <ard.biesheuvel@linaro.org> Arnaud Patard <arnaud.patard@rtp-net.org> Arnd Bergmann <arnd@arndb.de> Axel Dyks <xl@xlsigned.net> diff --git a/MAINTAINERS b/MAINTAINERS index 66cc549ac327..cd7dba87d2ef 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -6019,14 +6019,14 @@ F: sound/usb/misc/ua101.c EFI TEST DRIVER L: linux-efi@vger.kernel.org M: Ivan Hu <ivan.hu@canonical.com> -M: Ard Biesheuvel <ard.biesheuvel@linaro.org> +M: Ard Biesheuvel <ardb@kernel.org> S: Maintained F: drivers/firmware/efi/test/ EFI VARIABLE FILESYSTEM M: Matthew Garrett <matthew.garrett@nebula.com> M: Jeremy Kerr <jk@ozlabs.org> -M: Ard Biesheuvel <ard.biesheuvel@linaro.org> +M: Ard Biesheuvel <ardb@kernel.org> T: git git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git L: linux-efi@vger.kernel.org S: Maintained @@ -6207,7 +6207,7 @@ S: Supported F: security/integrity/evm/ EXTENSIBLE FIRMWARE INTERFACE (EFI) -M: Ard Biesheuvel <ard.biesheuvel@linaro.org> +M: Ard Biesheuvel <ardb@kernel.org> L: linux-efi@vger.kernel.org T: git git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git S: Maintained @@ -15083,7 +15083,7 @@ F: include/media/soc_camera.h F: drivers/staging/media/soc_camera/ SOCIONEXT SYNQUACER I2C DRIVER -M: Ard Biesheuvel <ard.biesheuvel@linaro.org> +M: Ard Biesheuvel <ardb@kernel.org> L: linux-i2c@vger.kernel.org S: Maintained F: drivers/i2c/busses/i2c-synquacer.c diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index 82bc60c8acb2..68945c5700bf 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -782,6 +782,9 @@ efi_main(struct efi_config *c, struct boot_params *boot_params) /* Ask the firmware to clear memory on unclean shutdown */ efi_enable_reset_attack_mitigation(sys_table); + + efi_random_get_seed(sys_table); + efi_retrieve_tpm2_eventlog(sys_table); setup_graphics(boot_params); diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index ee0661ddb25b..c35f893897e1 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -38,7 +38,8 @@ OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. KCOV_INSTRUMENT := n -lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o +lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \ + random.o # include the stub's generic dependencies from lib/ when building for ARM/arm64 arm-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c @@ -47,7 +48,7 @@ arm-deps-$(CONFIG_ARM64) += sort.c $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE $(call if_changed_rule,cc_o_c) -lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o random.o \ +lib-$(CONFIG_EFI_ARMSTUB) += arm-stub.o fdt.o string.o \ $(patsubst %.c,lib-%.o,$(arm-deps-y)) lib-$(CONFIG_ARM) += arm32-stub.o diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index c382a48c6678..817237ce2420 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -189,6 +189,8 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table, goto fail_free_cmdline; } + efi_retrieve_tpm2_eventlog(sys_table); + /* Ask the firmware to clear memory on unclean shutdown */ efi_enable_reset_attack_mitigation(sys_table); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 7f1556fd867d..05739ae013c8 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -63,8 +63,6 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg, efi_status_t check_platform_features(efi_system_table_t *sys_table_arg); -efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg); - void *get_efi_config_table(efi_system_table_t *sys_table, efi_guid_t guid); /* Helper macros for the usual case of using simple C variables: */ diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c index b4b1d1dcb5fd..53f1466f7de6 100644 --- a/drivers/firmware/efi/libstub/random.c +++ b/drivers/firmware/efi/libstub/random.c @@ -9,6 +9,18 @@ #include "efistub.h" +typedef struct efi_rng_protocol efi_rng_protocol_t; + +typedef struct { + u32 get_info; + u32 get_rng; +} efi_rng_protocol_32_t; + +typedef struct { + u64 get_info; + u64 get_rng; +} efi_rng_protocol_64_t; + struct efi_rng_protocol { efi_status_t (*get_info)(struct efi_rng_protocol *, unsigned long *, efi_guid_t *); @@ -28,7 +40,7 @@ efi_status_t efi_get_random_bytes(efi_system_table_t *sys_table_arg, if (status != EFI_SUCCESS) return status; - return rng->get_rng(rng, NULL, size, out); + return efi_call_proto(efi_rng_protocol, get_rng, rng, NULL, size, out); } /* @@ -161,15 +173,16 @@ efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg) if (status != EFI_SUCCESS) return status; - status = rng->get_rng(rng, &rng_algo_raw, EFI_RANDOM_SEED_SIZE, - seed->bits); + status = efi_call_proto(efi_rng_protocol, get_rng, rng, &rng_algo_raw, + EFI_RANDOM_SEED_SIZE, seed->bits); + if (status == EFI_UNSUPPORTED) /* * Use whatever algorithm we have available if the raw algorithm * is not implemented. */ - status = rng->get_rng(rng, NULL, EFI_RANDOM_SEED_SIZE, - seed->bits); + status = efi_call_proto(efi_rng_protocol, get_rng, rng, NULL, + EFI_RANDOM_SEED_SIZE, seed->bits); if (status != EFI_SUCCESS) goto err_freepool; diff --git a/include/linux/efi.h b/include/linux/efi.h index d87acf62958e..028efa7a9f3b 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1645,6 +1645,8 @@ static inline void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) { } #endif +efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg); + void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table); /* |