aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorIlias Apalodimas <apalos@gmail.com>2021-12-24 10:08:41 +0200
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>2021-12-31 06:44:29 +0100
commit2707610eb7d3068dbd131401dcde65a57ddc0018 (patch)
tree3e7ae84ab05db35831364720cbc15c5111f6277e /lib
parent40e5b53ea0dc67cdff3e6e7d8cac7b258a9d885b (diff)
downloadu-boot-2707610eb7d3068dbd131401dcde65a57ddc0018.zip
u-boot-2707610eb7d3068dbd131401dcde65a57ddc0018.tar.gz
u-boot-2707610eb7d3068dbd131401dcde65a57ddc0018.tar.bz2
efi_loader: Don't limit the StMM buffer size explicitly
Currently we allow and explicitly check a single shared page with StandAloneMM. This is dictated by OP-TEE which runs the application. However there's no way for us dynamically discover the number of pages we are allowed to use. Since writing big EFI signature list variable requires more than a page, OP-TEE has bumped the number of shared pages to four. Let's remove our explicit check and allow the request to reach OP-TEE even if it's bigger than what it supports. There's no need to sanitize the number of pages internally. OP-TEE will fail if we try to write more than it's allowed. The error will just trigger later on, during the StMM access. While at it add an error message to help users figure out what failed. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> Signed-off-by: Ilias Apalodimas <apalos@gmail.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/efi_loader/efi_variable_tee.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
index 281f886..a2c65e3 100644
--- a/lib/efi_loader/efi_variable_tee.c
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -15,7 +15,6 @@
#include <malloc.h>
#include <mm_communication.h>
-#define OPTEE_PAGE_SIZE BIT(12)
extern struct efi_var_file __efi_runtime_data *efi_var_buf;
static efi_uintn_t max_buffer_size; /* comm + var + func + data */
static efi_uintn_t max_payload_size; /* func + data */
@@ -114,7 +113,11 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
rc = tee_invoke_func(conn.tee, &arg, 2, param);
tee_shm_free(shm);
tee_close_session(conn.tee, conn.session);
- if (rc || arg.ret != TEE_SUCCESS)
+ if (rc)
+ return EFI_DEVICE_ERROR;
+ if (arg.ret == TEE_ERROR_EXCESS_DATA)
+ log_err("Variable payload too large\n");
+ if (arg.ret != TEE_SUCCESS)
return EFI_DEVICE_ERROR;
switch (param[1].u.value.a) {
@@ -256,15 +259,6 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
}
*size = var_payload->size;
/*
- * Although the max payload is configurable on StMM, we only share a
- * single page from OP-TEE for the non-secure buffer used to communicate
- * with StMM. Since OP-TEE will reject to map anything bigger than that,
- * make sure we are in bounds.
- */
- if (*size > OPTEE_PAGE_SIZE)
- *size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE -
- MM_VARIABLE_COMMUNICATE_SIZE;
- /*
* There seems to be a bug in EDK2 miscalculating the boundaries and
* size checks, so deduct 2 more bytes to fulfill this requirement. Fix
* it up here to ensure backwards compatibility with older versions