[RFC] MbedTLS integration (MbedTLS as a git submodule)

[raymo200915]

This is the initial PR to integrate MbedTLS into U-Boot.

What are changed with this patch set:

1. MbedTLS LTS v3.6 (v3.6.0RC1) is introduced into U-Boot as a git submodule. Init and update git submodule are done by makefile automatically when make.
2. A kbuild makefile and Kconfig are added (CONFIG_MBEDTLS_LIB as a main switch for enabling MbedTLS, CONFIG_MBEDTLS_LIB_CRYPTO, CONFIG_MBEDTLS_LIB_X509 and CONFIG_MBEDTLS_LIB_TLS for enabling the subset libraries Crypto, X509 and TLS respectively).
3. Allow MBedTLS patches to be applied by makfile automatically.
4. A hash shim layer is created on top of MbedTLS Crypto library to port the digest functions from common/hash, which is used by boot/image and efi_loader, etc, when CONFIG_MBEDTLS_LIB_CRYPTO is enabled.
5. Fixed the arm linker script to solve potential gaps in the section table that may result in different checksums that cause a failure when calling function efi_image_verify_digest() .
6. The traditional hash libraries (lib/md5, lib/shaX) are still in the build system when CONFIG_MBEDTLS_LIB_CRYPTO is enabled, since they are widely being used by arch/platform/driver codes at the moment, but idealy all of them should be replaced eventually when CONFIG_MBEDTLS_LIB_CRYPTO is enabled.
7. Patched MbedTLS to support parsing MicroSoft Authenticate Code and PKCS9 Authenticate Attributes if they exist in a PKCS7 message. These are required by EFI Secure Boot when verifying a signed PE image.
8. Patched MbedTLS to support multiple signer's certs in the signed data within a PKCS7 message.
9. Ported lib/crypto components (public_key, x509, PKCS7, mscode) on top of MbedTLS and removed the dependence on original ASN1 and RSA libraries when CONFIG_MBEDTLS_LIB_X509 is enabled (lib/crypto/rsa_helper, lib/rsa and lib/asn1_decoder are still being built for modules other than the EFI loader).
10. The initial build with MbedTLS increased size by 18%, after optimize the MbeTLS config by disabling the unused features, it drops to 6%. The duplicated original crypto libraries (lib/rsa, lib/asn1_decoder, lib/rsa_helper, lib/md5, lib/sha1, lib/sha256, lib/sha512) are totally about 3%. So ideally it will only takes 3% if the duplicated crypto libraries are all cut off and replaced by MbedTLS.

Below MbedTLS configs are added into qemu_arm64_defconfig

[...]
CONFIG_MBEDTLS_LIB=y
CONFIG_MBEDTLS_LIB_CRYPTO=y
CONFIG_MBEDTLS_LIB_X509=y
# CONFIG_MBEDTLS_LIB_TLS is not set
[...]
CONFIG_EFI_SECURE_BOOT=y

To build:

make CROSS_COMPILE=aarch64-none-linux-gnu- O=out qemu_arm64_defconfig
make CROSS_COMPILE=aarch64-none-linux-gnu- O=out all

Tested through below steps for EFI Secure Boot:

1. Generate UEFI certs (PK/KEK/db/dbx)

openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365
cert-to-efi-sig-list -g '11111111-2222-3333-4444-123456789abc' PK.crt PK.esl; sign-efi-sig-list -t "2020-04-01" -c PK.crt -k PK.key PK PK.esl PK.auth
touch noPK.esl; sign-efi-sig-list -t "2020-04-02" -c PK.crt -k PK.key PK noPK.esl noPK.auth
openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365
cert-to-efi-sig-list -g '11111111-2222-3333-4444-123456789abc' KEK.crt KEK.esl; sign-efi-sig-list -t "2020-04-03" -c PK.crt -k PK.key KEK KEK.esl KEK.auth
openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ -keyout db.key -out db.crt -nodes -days 365
cert-to-efi-sig-list -g '11111111-2222-3333-4444-123456789abc' db.crt db.esl; sign-efi-sig-list -t "2020-04-04" -c KEK.crt -k KEK.key db db.esl db.auth
openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_dbx/ -keyout dbx.key -out dbx.crt -nodes -days 365
cert-to-efi-sig-list -g '11111111-2222-3333-4444-123456789abc' dbx.crt dbx.esl; sign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx.esl dbx.auth

2. Sign a test EFI image (helloworld.efi)
   sbsign --key db.key --cert db.crt --output helloworld-signed.efi helloworld.efi
   Verify the signature:
   sbverify --cert db.crt helloworld-signed.efi

3. Create a GPT image (test_efi_secboot.img) that contains the signed test EFI image (helloworld-signed.efi) and the UEFI certs
   sudo virt-make-fs --partition=gpt --size=+1M --type=vfat <DIR_OF_CERTS_AND_EFI_IMAGE> test_efi_secboot.img

4. Launch QEMU with the GPT image (test_efi_secboot.img) mounted as a virtio device
   qemu-system-aarch64 -bios u-boot.bin -machine virt -cpu cortex-a57 -smp 1 -m 4G -d unimp -nographic -serial mon:stdio -semihosting -drive if=none,file=test_efi_secboot.img,format=raw,id=hd0 -device virtio-blk-device,drive=hd0

5. Load PK from virtio device
   load virtio 0:1 90000000 PK.auth && setenv -e -nv -bs -rt -at -i 90000000:$filesize PK

6. Load KEK/db/dbx from virtio device respectively and each of them should be verified successfully.

load virtio 0:1 90000000 KEK.auth && setenv -e -nv -bs -rt -at -i 90000000:$filesize KEK
load virtio 0:1 90000000 db.auth && setenv -e -nv -bs -rt -at -i 90000000:$filesize db
load virtio 0:1 90000000 dbx.auth && setenv -e -nv -bs -rt -at -i 90000000:$filesize dbx

8. Load the signed test EFI image (helloworld-signed.efi) into memory and boot it.

load virtio 0:1 ${loadaddr} helloworld-signed.efi
bootefi ${loadaddr} ${fdt_addr}

The signed EFI image should be verified and boot successfully.

9. Negative testing with tempered KEK and tempered signed test EFI image (tempered by manually altering the last few bytes). Both tempered files failed in verification and were rejected as expectation.

Also tested through EFI Secure Boot sandbox test by:

`./test/py/test.py --bd sandbox --build -k efi_secboot`

[raymo200915]

Milestone 1:
MbedTLS is introduced into U-Boot as a git submodule.
Build MbedTLS objects when CONFIG_MBEDTLS_LIB is enabled.
Hash functions in below modules are replaced with MbedTLS crypto library when CONFIG_MBEDTLS_LIB_CRYPTO is enabled.
common/hash
boot/image
lib/crypto
lib/efi_loade
tools/image-sig-host

[raymo200915]

EFI Secure Boot requires the MicroSoft Authenticate Code and Authenticate Attributes for verifying a signed PE image, while MbedTLS does not support these attributes naturally.
Adding a patch to MbedTLS to enable the populating of MicroSoft Authenticate Code and Authenticate Attributes from a PKCS7 message if they exist, and store them into the decoding context.

[raymo200915]

Milestone 2:
Ported public_key, x509. pkcs7 and mscode on top of MbedTLS and removed the original ASN1 decoder.
Teseted via EFI Secure boot when CONFIG_MBEDTLS_LIB_X509 is enabled.

[raymo200915]

Optimized target size by disabling unused features in MbedTLS config.

[raymo200915]

Fixed Makefile minor issue.
Added MbedTLS patch to support multiple signer's cert in the signed data within a PKCS7 message.
Fixed auth_id (AuthorityKeyIdentifier) decoding issue which causes failure during verifying the signature chain in pkcs7_verify_sig_chain().
Sandbox UT efi_secboot test intca1/2/3 are all passed with these changes.

[raymo200915]

Fixed MbedTLS PKCS7 test suites failures: We are only supporting the Context Data format that is expected by EFI Loader. Other than that (e.g. "Inlined Content Info" that represented by OCTETSTRING) are treated as MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE.

Updated MbedTLS test suites to support PKCS7 with multiple certs.

[raymo200915]

Rebased all patches on top of MbedTLS v3.6.0 LTS.