mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
EFI updates for v6.13
- Align handling of the compiled-in command line with the core kernel - Measure the initrd into the TPM also when it was loaded via the EFI file I/O protocols - Clean up TPM event log handling - Sanity check the EFI memory attributes table, and apply it after kexec too - Assorted other fixes -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQQQm/3uucuRGn1Dmh0wbglWLn0tXAUCZzxU/QAKCRAwbglWLn0t XIBoAQDAHoTX2/CxsCKHXaJE8C19kN451lgLRtZea5kFCVhq+QD/YDVxfif4OvUM q2Wo5BwmqyUk56qHAW14DWZb2Pl1sgU= =YFm/ -----END PGP SIGNATURE----- Merge tag 'efi-next-for-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi Pull EFI updates from Ard Biesheuvel: "Just some cleanups and bug fixes this time around: - Align handling of the compiled-in command line with the core kernel - Measure the initrd into the TPM also when it was loaded via the EFI file I/O protocols - Clean up TPM event log handling - Sanity check the EFI memory attributes table, and apply it after kexec too - Assorted other fixes" * tag 'efi-next-for-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: efi: Fix memory leak in efivar_ssdt_load efi/libstub: Take command line overrides into account for loaded files efi/libstub: Fix command line fallback handling when loading files efi/libstub: Parse builtin command line after bootloader provided one x86/efi: Apply EFI Memory Attributes after kexec x86/efi: Drop support for the EFI_PROPERTIES_TABLE efi/memattr: Ignore table if the size is clearly bogus efi/zboot: Fix outdated comment about using LoadImage/StartImage efi/libstub: Free correct pointer on failure libstub,tpm: do not ignore failure case when reading final event log tpm: fix unsigned/signed mismatch errors related to __calc_tpm2_event_size tpm: do not ignore memblock_reserve return value tpm: fix signed/unsigned bug when checking event logs efi/libstub: measure initrd to PCR9 independent of source efi/libstub: remove unnecessary cmd_line_len from efi_convert_cmdline() efi/libstub: fix efi_parse_options() ignoring the default command line
This commit is contained in:
commit
18a411cc5d
@ -54,14 +54,12 @@
|
||||
#include <asm/uv/uv.h>
|
||||
|
||||
static unsigned long efi_systab_phys __initdata;
|
||||
static unsigned long prop_phys = EFI_INVALID_TABLE_ADDR;
|
||||
static unsigned long uga_phys = EFI_INVALID_TABLE_ADDR;
|
||||
static unsigned long efi_runtime, efi_nr_tables;
|
||||
|
||||
unsigned long efi_fw_vendor, efi_config_table;
|
||||
|
||||
static const efi_config_table_type_t arch_tables[] __initconst = {
|
||||
{EFI_PROPERTIES_TABLE_GUID, &prop_phys, "PROP" },
|
||||
{UGA_IO_PROTOCOL_GUID, &uga_phys, "UGA" },
|
||||
#ifdef CONFIG_X86_UV
|
||||
{UV_SYSTEM_TABLE_GUID, &uv_systab_phys, "UVsystab" },
|
||||
@ -82,7 +80,6 @@ static const unsigned long * const efi_tables[] = {
|
||||
&efi_runtime,
|
||||
&efi_config_table,
|
||||
&efi.esrt,
|
||||
&prop_phys,
|
||||
&efi_mem_attr_table,
|
||||
#ifdef CONFIG_EFI_RCI2_TABLE
|
||||
&rci2_table_phys,
|
||||
@ -502,22 +499,6 @@ void __init efi_init(void)
|
||||
return;
|
||||
}
|
||||
|
||||
/* Parse the EFI Properties table if it exists */
|
||||
if (prop_phys != EFI_INVALID_TABLE_ADDR) {
|
||||
efi_properties_table_t *tbl;
|
||||
|
||||
tbl = early_memremap_ro(prop_phys, sizeof(*tbl));
|
||||
if (tbl == NULL) {
|
||||
pr_err("Could not map Properties table!\n");
|
||||
} else {
|
||||
if (tbl->memory_protection_attribute &
|
||||
EFI_PROPERTIES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA)
|
||||
set_bit(EFI_NX_PE_DATA, &efi.flags);
|
||||
|
||||
early_memunmap(tbl, sizeof(*tbl));
|
||||
}
|
||||
}
|
||||
|
||||
set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
|
||||
efi_clean_memmap();
|
||||
|
||||
@ -784,6 +765,7 @@ static void __init kexec_enter_virtual_mode(void)
|
||||
|
||||
efi_sync_low_kernel_mappings();
|
||||
efi_native_runtime_setup();
|
||||
efi_runtime_update_mappings();
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -412,51 +412,9 @@ static int __init efi_update_mem_attr(struct mm_struct *mm, efi_memory_desc_t *m
|
||||
|
||||
void __init efi_runtime_update_mappings(void)
|
||||
{
|
||||
efi_memory_desc_t *md;
|
||||
|
||||
/*
|
||||
* Use the EFI Memory Attribute Table for mapping permissions if it
|
||||
* exists, since it is intended to supersede EFI_PROPERTIES_TABLE.
|
||||
*/
|
||||
if (efi_enabled(EFI_MEM_ATTR)) {
|
||||
efi_disable_ibt_for_runtime = false;
|
||||
efi_memattr_apply_permissions(NULL, efi_update_mem_attr);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* EFI_MEMORY_ATTRIBUTES_TABLE is intended to replace
|
||||
* EFI_PROPERTIES_TABLE. So, use EFI_PROPERTIES_TABLE to update
|
||||
* permissions only if EFI_MEMORY_ATTRIBUTES_TABLE is not
|
||||
* published by the firmware. Even if we find a buggy implementation of
|
||||
* EFI_MEMORY_ATTRIBUTES_TABLE, don't fall back to
|
||||
* EFI_PROPERTIES_TABLE, because of the same reason.
|
||||
*/
|
||||
|
||||
if (!efi_enabled(EFI_NX_PE_DATA))
|
||||
return;
|
||||
|
||||
for_each_efi_memory_desc(md) {
|
||||
unsigned long pf = 0;
|
||||
|
||||
if (!(md->attribute & EFI_MEMORY_RUNTIME))
|
||||
continue;
|
||||
|
||||
if (!(md->attribute & EFI_MEMORY_WB))
|
||||
pf |= _PAGE_PCD;
|
||||
|
||||
if ((md->attribute & EFI_MEMORY_XP) ||
|
||||
(md->type == EFI_RUNTIME_SERVICES_DATA))
|
||||
pf |= _PAGE_NX;
|
||||
|
||||
if (!(md->attribute & EFI_MEMORY_RO) &&
|
||||
(md->type != EFI_RUNTIME_SERVICES_CODE))
|
||||
pf |= _PAGE_RW;
|
||||
|
||||
if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
|
||||
pf |= _PAGE_ENC;
|
||||
|
||||
efi_update_mappings(md, pf);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -84,12 +84,10 @@ config EFI_ZBOOT
|
||||
help
|
||||
Create the bootable image as an EFI application that carries the
|
||||
actual kernel image in compressed form, and decompresses it into
|
||||
memory before executing it via LoadImage/StartImage EFI boot service
|
||||
calls. For compatibility with non-EFI loaders, the payload can be
|
||||
decompressed and executed by the loader as well, provided that the
|
||||
loader implements the decompression algorithm and that non-EFI boot
|
||||
is supported by the encapsulated image. (The compression algorithm
|
||||
used is described in the zboot image header)
|
||||
memory before executing it. For compatibility with non-EFI loaders,
|
||||
the payload can be decompressed and executed by the loader as well,
|
||||
provided that the loader implements the decompression algorithm.
|
||||
(The compression algorithm used is described in the zboot header)
|
||||
|
||||
config EFI_ARMSTUB_DTB_LOADER
|
||||
bool "Enable the DTB loader"
|
||||
|
@ -273,6 +273,7 @@ static __init int efivar_ssdt_load(void)
|
||||
efi_char16_t *name = NULL;
|
||||
efi_status_t status;
|
||||
efi_guid_t guid;
|
||||
int ret = 0;
|
||||
|
||||
if (!efivar_ssdt[0])
|
||||
return 0;
|
||||
@ -294,8 +295,8 @@ static __init int efivar_ssdt_load(void)
|
||||
efi_char16_t *name_tmp =
|
||||
krealloc(name, name_size, GFP_KERNEL);
|
||||
if (!name_tmp) {
|
||||
kfree(name);
|
||||
return -ENOMEM;
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
name = name_tmp;
|
||||
continue;
|
||||
@ -309,26 +310,38 @@ static __init int efivar_ssdt_load(void)
|
||||
pr_info("loading SSDT from variable %s-%pUl\n", efivar_ssdt, &guid);
|
||||
|
||||
status = efi.get_variable(name, &guid, NULL, &data_size, NULL);
|
||||
if (status != EFI_BUFFER_TOO_SMALL || !data_size)
|
||||
return -EIO;
|
||||
if (status != EFI_BUFFER_TOO_SMALL || !data_size) {
|
||||
ret = -EIO;
|
||||
goto out;
|
||||
}
|
||||
|
||||
data = kmalloc(data_size, GFP_KERNEL);
|
||||
if (!data)
|
||||
return -ENOMEM;
|
||||
if (!data) {
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
status = efi.get_variable(name, &guid, NULL, &data_size, data);
|
||||
if (status == EFI_SUCCESS) {
|
||||
acpi_status ret = acpi_load_table(data, NULL);
|
||||
if (ret)
|
||||
pr_err("failed to load table: %u\n", ret);
|
||||
else
|
||||
continue;
|
||||
acpi_status acpi_ret = acpi_load_table(data, NULL);
|
||||
if (ACPI_FAILURE(acpi_ret)) {
|
||||
pr_err("efivar_ssdt: failed to load table: %u\n",
|
||||
acpi_ret);
|
||||
} else {
|
||||
pr_err("failed to get var data: 0x%lx\n", status);
|
||||
/*
|
||||
* The @data will be in use by ACPI engine,
|
||||
* do not free it!
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
pr_err("efivar_ssdt: failed to get var data: 0x%lx\n", status);
|
||||
}
|
||||
kfree(data);
|
||||
}
|
||||
return 0;
|
||||
out:
|
||||
kfree(name);
|
||||
return ret;
|
||||
}
|
||||
#else
|
||||
static inline int efivar_ssdt_load(void) { return 0; }
|
||||
@ -433,7 +446,9 @@ static int __init efisubsys_init(void)
|
||||
error = generic_ops_register();
|
||||
if (error)
|
||||
goto err_put;
|
||||
efivar_ssdt_load();
|
||||
error = efivar_ssdt_load();
|
||||
if (error)
|
||||
pr_err("efi: failed to load SSDT, error %d.\n", error);
|
||||
platform_device_register_simple("efivars", 0, NULL, 0);
|
||||
}
|
||||
|
||||
|
@ -327,7 +327,7 @@ static efi_status_t efi_measure_tagged_event(unsigned long load_addr,
|
||||
* Size of memory allocated return in *cmd_line_len.
|
||||
* Returns NULL on error.
|
||||
*/
|
||||
char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len)
|
||||
char *efi_convert_cmdline(efi_loaded_image_t *image)
|
||||
{
|
||||
const efi_char16_t *options = efi_table_attr(image, load_options);
|
||||
u32 options_size = efi_table_attr(image, load_options_size);
|
||||
@ -405,7 +405,6 @@ char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len)
|
||||
snprintf((char *)cmdline_addr, options_bytes, "%.*ls",
|
||||
options_bytes - 1, options);
|
||||
|
||||
*cmd_line_len = options_bytes;
|
||||
return (char *)cmdline_addr;
|
||||
}
|
||||
|
||||
@ -621,10 +620,6 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
|
||||
status = efi_load_initrd_dev_path(&initrd, hard_limit);
|
||||
if (status == EFI_SUCCESS) {
|
||||
efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n");
|
||||
if (initrd.size > 0 &&
|
||||
efi_measure_tagged_event(initrd.base, initrd.size,
|
||||
EFISTUB_EVT_INITRD) == EFI_SUCCESS)
|
||||
efi_info("Measured initrd data into PCR 9\n");
|
||||
} else if (status == EFI_NOT_FOUND) {
|
||||
status = efi_load_initrd_cmdline(image, &initrd, soft_limit,
|
||||
hard_limit);
|
||||
@ -637,6 +632,11 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
|
||||
if (status != EFI_SUCCESS)
|
||||
goto failed;
|
||||
|
||||
if (initrd.size > 0 &&
|
||||
efi_measure_tagged_event(initrd.base, initrd.size,
|
||||
EFISTUB_EVT_INITRD) == EFI_SUCCESS)
|
||||
efi_info("Measured initrd data into PCR 9\n");
|
||||
|
||||
status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, sizeof(initrd),
|
||||
(void **)&tbl);
|
||||
if (status != EFI_SUCCESS)
|
||||
|
@ -112,7 +112,6 @@ static u32 get_supported_rt_services(void)
|
||||
|
||||
efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr)
|
||||
{
|
||||
int cmdline_size = 0;
|
||||
efi_status_t status;
|
||||
char *cmdline;
|
||||
|
||||
@ -121,35 +120,32 @@ efi_status_t efi_handle_cmdline(efi_loaded_image_t *image, char **cmdline_ptr)
|
||||
* protocol. We are going to copy the command line into the
|
||||
* device tree, so this can be allocated anywhere.
|
||||
*/
|
||||
cmdline = efi_convert_cmdline(image, &cmdline_size);
|
||||
cmdline = efi_convert_cmdline(image);
|
||||
if (!cmdline) {
|
||||
efi_err("getting command line via LOADED_IMAGE_PROTOCOL\n");
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
|
||||
IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
|
||||
cmdline_size == 0) {
|
||||
status = efi_parse_options(CONFIG_CMDLINE);
|
||||
if (status != EFI_SUCCESS) {
|
||||
efi_err("Failed to parse options\n");
|
||||
if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
|
||||
status = efi_parse_options(cmdline);
|
||||
if (status != EFI_SUCCESS)
|
||||
goto fail_free_cmdline;
|
||||
}
|
||||
}
|
||||
|
||||
if (!IS_ENABLED(CONFIG_CMDLINE_FORCE) && cmdline_size > 0) {
|
||||
status = efi_parse_options(cmdline);
|
||||
if (status != EFI_SUCCESS) {
|
||||
efi_err("Failed to parse options\n");
|
||||
if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
|
||||
IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
|
||||
cmdline[0] == 0) {
|
||||
status = efi_parse_options(CONFIG_CMDLINE);
|
||||
if (status != EFI_SUCCESS)
|
||||
goto fail_free_cmdline;
|
||||
}
|
||||
}
|
||||
|
||||
*cmdline_ptr = cmdline;
|
||||
return EFI_SUCCESS;
|
||||
|
||||
fail_free_cmdline:
|
||||
efi_bs_call(free_pool, cmdline_ptr);
|
||||
efi_err("Failed to parse options\n");
|
||||
efi_bs_call(free_pool, cmdline);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -1056,7 +1056,7 @@ void efi_free(unsigned long size, unsigned long addr);
|
||||
|
||||
void efi_apply_loadoptions_quirk(const void **load_options, u32 *load_options_size);
|
||||
|
||||
char *efi_convert_cmdline(efi_loaded_image_t *image, int *cmd_line_len);
|
||||
char *efi_convert_cmdline(efi_loaded_image_t *image);
|
||||
|
||||
efi_status_t efi_get_memory_map(struct efi_boot_memmap **map,
|
||||
bool install_cfg_tbl);
|
||||
|
@ -175,6 +175,12 @@ static efi_status_t efi_open_device_path(efi_file_protocol_t **volume,
|
||||
return status;
|
||||
}
|
||||
|
||||
#ifndef CONFIG_CMDLINE
|
||||
#define CONFIG_CMDLINE
|
||||
#endif
|
||||
|
||||
static const efi_char16_t builtin_cmdline[] = L"" CONFIG_CMDLINE;
|
||||
|
||||
/*
|
||||
* Check the cmdline for a LILO-style file= arguments.
|
||||
*
|
||||
@ -189,6 +195,8 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
|
||||
unsigned long *load_addr,
|
||||
unsigned long *load_size)
|
||||
{
|
||||
const bool ignore_load_options = IS_ENABLED(CONFIG_CMDLINE_OVERRIDE) ||
|
||||
IS_ENABLED(CONFIG_CMDLINE_FORCE);
|
||||
const efi_char16_t *cmdline = efi_table_attr(image, load_options);
|
||||
u32 cmdline_len = efi_table_attr(image, load_options_size);
|
||||
unsigned long efi_chunk_size = ULONG_MAX;
|
||||
@ -197,6 +205,7 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
|
||||
unsigned long alloc_addr;
|
||||
unsigned long alloc_size;
|
||||
efi_status_t status;
|
||||
bool twopass;
|
||||
int offset;
|
||||
|
||||
if (!load_addr || !load_size)
|
||||
@ -209,6 +218,16 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
|
||||
efi_chunk_size = EFI_READ_CHUNK_SIZE;
|
||||
|
||||
alloc_addr = alloc_size = 0;
|
||||
|
||||
if (!ignore_load_options && cmdline_len > 0) {
|
||||
twopass = IS_ENABLED(CONFIG_CMDLINE_BOOL) ||
|
||||
IS_ENABLED(CONFIG_CMDLINE_EXTEND);
|
||||
} else {
|
||||
do_builtin: cmdline = builtin_cmdline;
|
||||
cmdline_len = ARRAY_SIZE(builtin_cmdline) - 1;
|
||||
twopass = false;
|
||||
}
|
||||
|
||||
do {
|
||||
struct finfo fi;
|
||||
unsigned long size;
|
||||
@ -290,6 +309,9 @@ efi_status_t handle_cmdline_files(efi_loaded_image_t *image,
|
||||
efi_call_proto(volume, close);
|
||||
} while (offset > 0);
|
||||
|
||||
if (twopass)
|
||||
goto do_builtin;
|
||||
|
||||
*load_addr = alloc_addr;
|
||||
*load_size = alloc_size;
|
||||
|
||||
|
@ -57,7 +57,7 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca
|
||||
struct linux_efi_tpm_eventlog *log_tbl = NULL;
|
||||
unsigned long first_entry_addr, last_entry_addr;
|
||||
size_t log_size, last_entry_size;
|
||||
int final_events_size = 0;
|
||||
u32 final_events_size = 0;
|
||||
|
||||
first_entry_addr = (unsigned long) log_location;
|
||||
|
||||
@ -110,9 +110,9 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca
|
||||
*/
|
||||
if (final_events_table && final_events_table->nr_events) {
|
||||
struct tcg_pcr_event2_head *header;
|
||||
int offset;
|
||||
u32 offset;
|
||||
void *data;
|
||||
int event_size;
|
||||
u32 event_size;
|
||||
int i = final_events_table->nr_events;
|
||||
|
||||
data = (void *)final_events_table;
|
||||
@ -124,6 +124,9 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca
|
||||
event_size = __calc_tpm2_event_size(header,
|
||||
(void *)(long)log_location,
|
||||
false);
|
||||
/* If calc fails this is a malformed log */
|
||||
if (!event_size)
|
||||
break;
|
||||
final_events_size += event_size;
|
||||
i--;
|
||||
}
|
||||
|
@ -537,7 +537,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
|
||||
efi_guid_t proto = LOADED_IMAGE_PROTOCOL_GUID;
|
||||
struct boot_params *boot_params;
|
||||
struct setup_header *hdr;
|
||||
int options_size = 0;
|
||||
efi_status_t status;
|
||||
unsigned long alloc;
|
||||
char *cmdline_ptr;
|
||||
@ -569,7 +568,7 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
|
||||
hdr->initrd_addr_max = INT_MAX;
|
||||
|
||||
/* Convert unicode cmdline to ascii */
|
||||
cmdline_ptr = efi_convert_cmdline(image, &options_size);
|
||||
cmdline_ptr = efi_convert_cmdline(image);
|
||||
if (!cmdline_ptr) {
|
||||
efi_free(PARAM_SIZE, alloc);
|
||||
efi_exit(handle, EFI_OUT_OF_RESOURCES);
|
||||
|
@ -22,6 +22,7 @@ unsigned long __ro_after_init efi_mem_attr_table = EFI_INVALID_TABLE_ADDR;
|
||||
int __init efi_memattr_init(void)
|
||||
{
|
||||
efi_memory_attributes_table_t *tbl;
|
||||
unsigned long size;
|
||||
|
||||
if (efi_mem_attr_table == EFI_INVALID_TABLE_ADDR)
|
||||
return 0;
|
||||
@ -39,7 +40,22 @@ int __init efi_memattr_init(void)
|
||||
goto unmap;
|
||||
}
|
||||
|
||||
tbl_size = sizeof(*tbl) + tbl->num_entries * tbl->desc_size;
|
||||
|
||||
/*
|
||||
* Sanity check: the Memory Attributes Table contains up to 3 entries
|
||||
* for each entry of type EfiRuntimeServicesCode in the EFI memory map.
|
||||
* So if the size of the table exceeds 3x the size of the entire EFI
|
||||
* memory map, there is clearly something wrong, and the table should
|
||||
* just be ignored altogether.
|
||||
*/
|
||||
size = tbl->num_entries * tbl->desc_size;
|
||||
if (size > 3 * efi.memmap.nr_map * efi.memmap.desc_size) {
|
||||
pr_warn(FW_BUG "Corrupted EFI Memory Attributes Table detected! (version == %u, desc_size == %u, num_entries == %u)\n",
|
||||
tbl->version, tbl->desc_size, tbl->num_entries);
|
||||
goto unmap;
|
||||
}
|
||||
|
||||
tbl_size = sizeof(*tbl) + size;
|
||||
memblock_reserve(efi_mem_attr_table, tbl_size);
|
||||
set_bit(EFI_MEM_ATTR, &efi.flags);
|
||||
|
||||
|
@ -19,7 +19,7 @@ EXPORT_SYMBOL(efi_tpm_final_log_size);
|
||||
static int __init tpm2_calc_event_log_size(void *data, int count, void *size_info)
|
||||
{
|
||||
struct tcg_pcr_event2_head *header;
|
||||
int event_size, size = 0;
|
||||
u32 event_size, size = 0;
|
||||
|
||||
while (count > 0) {
|
||||
header = data + size;
|
||||
@ -40,7 +40,8 @@ int __init efi_tpm_eventlog_init(void)
|
||||
{
|
||||
struct linux_efi_tpm_eventlog *log_tbl;
|
||||
struct efi_tcg2_final_events_table *final_tbl;
|
||||
int tbl_size;
|
||||
unsigned int tbl_size;
|
||||
int final_tbl_size;
|
||||
int ret = 0;
|
||||
|
||||
if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) {
|
||||
@ -60,7 +61,12 @@ int __init efi_tpm_eventlog_init(void)
|
||||
}
|
||||
|
||||
tbl_size = sizeof(*log_tbl) + log_tbl->size;
|
||||
memblock_reserve(efi.tpm_log, tbl_size);
|
||||
if (memblock_reserve(efi.tpm_log, tbl_size)) {
|
||||
pr_err("TPM Event Log memblock reserve fails (0x%lx, 0x%x)\n",
|
||||
efi.tpm_log, tbl_size);
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) {
|
||||
pr_info("TPM Final Events table not present\n");
|
||||
@ -80,26 +86,26 @@ int __init efi_tpm_eventlog_init(void)
|
||||
goto out;
|
||||
}
|
||||
|
||||
tbl_size = 0;
|
||||
final_tbl_size = 0;
|
||||
if (final_tbl->nr_events != 0) {
|
||||
void *events = (void *)efi.tpm_final_log
|
||||
+ sizeof(final_tbl->version)
|
||||
+ sizeof(final_tbl->nr_events);
|
||||
|
||||
tbl_size = tpm2_calc_event_log_size(events,
|
||||
final_tbl_size = tpm2_calc_event_log_size(events,
|
||||
final_tbl->nr_events,
|
||||
log_tbl->log);
|
||||
}
|
||||
|
||||
if (tbl_size < 0) {
|
||||
if (final_tbl_size < 0) {
|
||||
pr_err(FW_BUG "Failed to parse event in TPM Final Events Log\n");
|
||||
ret = -EINVAL;
|
||||
goto out_calc;
|
||||
}
|
||||
|
||||
memblock_reserve(efi.tpm_final_log,
|
||||
tbl_size + sizeof(*final_tbl));
|
||||
efi_tpm_final_log_size = tbl_size;
|
||||
final_tbl_size + sizeof(*final_tbl));
|
||||
efi_tpm_final_log_size = final_tbl_size;
|
||||
|
||||
out_calc:
|
||||
early_memunmap(final_tbl, sizeof(*final_tbl));
|
||||
|
@ -379,7 +379,6 @@ void efi_native_runtime_setup(void);
|
||||
#define EFI_SYSTEM_RESOURCE_TABLE_GUID EFI_GUID(0xb122a263, 0x3661, 0x4f68, 0x99, 0x29, 0x78, 0xf8, 0xb0, 0xd6, 0x21, 0x80)
|
||||
#define EFI_FILE_SYSTEM_GUID EFI_GUID(0x964e5b22, 0x6459, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
|
||||
#define DEVICE_TREE_GUID EFI_GUID(0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0)
|
||||
#define EFI_PROPERTIES_TABLE_GUID EFI_GUID(0x880aaca3, 0x4adc, 0x4a04, 0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5)
|
||||
#define EFI_RNG_PROTOCOL_GUID EFI_GUID(0x3152bca5, 0xeade, 0x433d, 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44)
|
||||
#define EFI_RNG_ALGORITHM_RAW EFI_GUID(0xe43176d7, 0xb6e8, 0x4827, 0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61)
|
||||
#define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
|
||||
@ -580,15 +579,6 @@ struct efi_mem_range {
|
||||
u64 attribute;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
u32 version;
|
||||
u32 length;
|
||||
u64 memory_protection_attribute;
|
||||
} efi_properties_table_t;
|
||||
|
||||
#define EFI_PROPERTIES_TABLE_VERSION 0x00010000
|
||||
#define EFI_PROPERTIES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA 0x1
|
||||
|
||||
typedef struct {
|
||||
u16 version;
|
||||
u16 length;
|
||||
@ -871,10 +861,9 @@ static inline int efi_range_is_wc(unsigned long start, unsigned long len)
|
||||
#define EFI_PARAVIRT 6 /* Access is via a paravirt interface */
|
||||
#define EFI_ARCH_1 7 /* First arch-specific bit */
|
||||
#define EFI_DBG 8 /* Print additional debug info at runtime */
|
||||
#define EFI_NX_PE_DATA 9 /* Can runtime data regions be mapped non-executable? */
|
||||
#define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
|
||||
#define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */
|
||||
#define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */
|
||||
#define EFI_MEM_ATTR 9 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
|
||||
#define EFI_MEM_NO_SOFT_RESERVE 10 /* Is the kernel configured to ignore soft reservations? */
|
||||
#define EFI_PRESERVE_BS_REGIONS 11 /* Are EFI boot-services memory segments available? */
|
||||
|
||||
#ifdef CONFIG_EFI
|
||||
/*
|
||||
|
@ -157,7 +157,7 @@ struct tcg_algorithm_info {
|
||||
* Return: size of the event on success, 0 on failure
|
||||
*/
|
||||
|
||||
static __always_inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
|
||||
static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
|
||||
struct tcg_pcr_event *event_header,
|
||||
bool do_mapping)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user