(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.7 2022-08-16T21:45:30+00:00 2022-08-16T21:45:30+00:00 Lu Ken ken.lu@intel.com 2022-05-22T08:02:20+00:00 urn:sha1:4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD runs in a CPU mode that is designed to protect the confidentiality of its memory contents and its CPU state from any other software, including the hosting Virtual Machine Monitor (VMM). Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625. To support CC measurement/attestation with Intel TDX technology, these 4 RTMR registers will be extended by TDX service like TPM/TPM2 PCR: - RTMR[0] for TDVF configuration - RTMR[1] for the TD OS loader and kernel - RTMR[2] for the OS application - RTMR[3] reserved for special usage only Add a TDX Implementation for CC Measurement protocol along with TPM/TPM2 protocol. References: [1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf [2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf [3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf Signed-off-by: Lu Ken <ken.lu@intel.com> [rharwood: style pass on code and commit message] Signed-off-by: Robbie Harwood <rharwood@redhat.com> 2022-05-17T23:01:03+00:00 Peter Jones pjones@redhat.com 2021-12-02T23:29:50+00:00 urn:sha1:226fee25ffcbd29988399ba080c7706eb1d52251 This adds support in our PE loader for NX support utilizing the EFI_MEMORY_ATTRIBUTE protocol. Specifically, it changes the loader such that: - binaries without the EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag set in the Optional Header are rejected as EFI_UNSUPPORTED - binaries with non-discardable sections that have both the EFI_SCN_MEM_WRITE and EFI_SCN_MEM_EXECUTE flags set are rejected as EFI_UNSUPPORTED - if the EFI_MEMORY_ATTRIBUTE protocol is installed, then: - sections without the EFI_SCN_MEM_READ flag set will be marked with EFI_MEMORY_RP - sections without the EFI_SCN_MEM_WRITE flag set will be marked with EFI_MEMORY_RO - sections without the EFI_SCN_MEM_EXECUTE flag set will be marked with EFI_MEMORY_XP Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T22:16:07+00:00 Peter Jones pjones@redhat.com 2022-04-27T21:09:01+00:00 urn:sha1:803dc5c16e276c26f8400b469370f2a2ca39d7f3 This makes SHIM_VERBOSE / SHIM_DEVEL_VERBOSE work the same way as SHIM_DEBUG / SHIM_DEVEL_DEBUG when shim is built with ENABLE_SHIM_DEVEL set. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T21:47:21+00:00 Tony Persson tony@tonypersson.se 2021-02-22T21:15:28+00:00 urn:sha1:9af50c136aa2815e1ea2035a494a74cc1613a0da Many ASRock boards will not render MokManager correctly if the Unicode Box Drawing characters are used. Signed-off-by: Tony Persson <tony@tonypersson.se> 2022-03-30T17:22:42+00:00 Lee, Chun-Yi jlee@suse.com 2021-12-15T11:44:58+00:00 urn:sha1:448f096e5c3a139535f162dfbfe8c08c434ac742 On some platform, like GCP or OVMF which does NOT provide EFI_GRAPHICS_OUTPUT_PROTOCOL when no display device (or the display device be disabled). It causes that the "Error: Locate graphic output protocol fail: (0xE) Not Found." always be showed on console when we enroll MOK through MokManager. The message box blocked the process of enrolling MOK and scared user. The error message is introduced by 55163bc82c517 since 15.2. This patch removed the error message. Signed-off-by: Lee, Chun-Yi <jlee@suse.com> 2021-12-10T22:08:21+00:00 Peter Jones pjones@redhat.com 2021-12-09T22:21:45+00:00 urn:sha1:d0df9304c7a777557e1925dc9f75406ec00e6179 - one missing free - one minor deadcode issue - two unchecked allocations - one debug hexdump of a variable we just freed Signed-off-by: Peter Jones <pjones@redhat.com> 2021-10-12T14:40:13+00:00 Peter Jones pjones@redhat.com 2021-09-16T20:46:55+00:00 urn:sha1:35ca373d20fbeeb80aff2202077d614bc89575c0 Several places in e.g. MokManager and our console library use ST->ConOut->ClearScreen directly, without checking for the existence of a console output device. This patch adds function to our console library to do that correctly, instead of using the bug-prone ad hoc implementation everywhere. Signed-off-by: Peter Jones <pjones@redhat.com> 2021-10-12T14:40:13+00:00 Peter Jones pjones@redhat.com 2021-09-16T20:43:24+00:00 urn:sha1:1872c929cc3a466c75336307901e67917bcc46bc There's been some discussion on how to handle machines without console devices. The consensus so far has been that they should have dummy ConOut implementations, but that means the first vendor to build a machine without asking around is in for some surprises. This patch makes the places where our console library uses ST->ConIn or ST->ConOut check that they're present before doing so. Signed-off-by: Peter Jones <pjones@redhat.com> 2021-09-07T21:05:04+00:00 Peter Jones pjones@redhat.com 2021-07-23T18:18:06+00:00 urn:sha1:cae5e2f7c100bc9e8f07de62353021d6737a50ee This moves the globals from shim.c (and lib/console.c) into their own file, to make it so that unit tests can more easily link against code that uses that state. Signed-off-by: Peter Jones <pjones@redhat.com> 2021-09-07T21:05:04+00:00 Peter Jones pjones@redhat.com 2021-07-23T18:28:59+00:00 urn:sha1:6ea93a28759d754778e483f86f95587a01c5fee8 This just makes one less thing we have to make sure is the same between the test harnesses and the runtime code. Signed-off-by: Peter Jones <pjones@redhat.com>