| Message ID | 20210407115335.8615-5-sughosh.ganu@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add support for embedding public key in platform's dtb | expand |
On 4/7/21 1:53 PM, Sughosh Ganu wrote: > Define a weak function which would be used in the scenario where the > public key is stored on the platform's dtb. This dtb is concatenated > with the u-boot binary during the build process. Platforms which have > a different mechanism for getting the public key would define their > own platform specific function. Storing the public key in U-Boot's dtb is reasonable. But what is the use case for a weak function? Best regards Heinrich > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > --- > lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++---- > 1 file changed, 34 insertions(+), 4 deletions(-) > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > index 1423b675c8..fc5e1c0856 100644 > --- a/lib/efi_loader/efi_capsule.c > +++ b/lib/efi_loader/efi_capsule.c > @@ -14,10 +14,13 @@ > #include <mapmem.h> > #include <sort.h> > > +#include <asm/global_data.h> > #include <crypto/pkcs7.h> > #include <crypto/pkcs7_parser.h> > #include <linux/err.h> > > +DECLARE_GLOBAL_DATA_PTR; > + > const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; > static const efi_guid_t efi_guid_firmware_management_capsule_id = > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid = > > __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > { > - /* The platform is supposed to provide > - * a method for getting the public key > - * stored in the form of efi signature > - * list > + /* > + * This is a function for retrieving the public key from the > + * platform's device tree. The platform's device tree has been > + * concatenated with the u-boot binary. > + * If a platform has a different mechanism to get the public > + * key, it can define it's own function. > */ > + const void *fdt_blob = gd->fdt_blob; > + const void *blob; > + const char *cnode_name = "capsule-key"; > + const char *snode_name = "signature"; > + int sig_node; > + int len; > + > + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); > + if (sig_node < 0) { > + EFI_PRINT("Unable to get signature node offset\n"); > + return -FDT_ERR_NOTFOUND; > + } > + > + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); > + > + if (!blob || len < 0) { > + EFI_PRINT("Unable to get capsule-key value\n"); > + *pkey = NULL; > + *pkey_len = 0; > + return -FDT_ERR_NOTFOUND; > + } > + > + *pkey = (void *)blob; > + *pkey_len = len; > + > return 0; > } > >
On Fri, 9 Apr 2021 at 01:23, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote: > On 4/7/21 1:53 PM, Sughosh Ganu wrote: > > Define a weak function which would be used in the scenario where the > > public key is stored on the platform's dtb. This dtb is concatenated > > with the u-boot binary during the build process. Platforms which have > > a different mechanism for getting the public key would define their > > own platform specific function. > > Storing the public key in U-Boot's dtb is reasonable. But what is the > use case for a weak function? > This point was discussed in another mail thread[1]. -sughosh [1] - https://lists.denx.de/pipermail/u-boot/2021-April/446694.html > Best regards > > Heinrich > > > > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> > > --- > > lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++---- > > 1 file changed, 34 insertions(+), 4 deletions(-) > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > index 1423b675c8..fc5e1c0856 100644 > > --- a/lib/efi_loader/efi_capsule.c > > +++ b/lib/efi_loader/efi_capsule.c > > @@ -14,10 +14,13 @@ > > #include <mapmem.h> > > #include <sort.h> > > > > +#include <asm/global_data.h> > > #include <crypto/pkcs7.h> > > #include <crypto/pkcs7_parser.h> > > #include <linux/err.h> > > > > +DECLARE_GLOBAL_DATA_PTR; > > + > > const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; > > static const efi_guid_t efi_guid_firmware_management_capsule_id = > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid = > > > > __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > > { > > - /* The platform is supposed to provide > > - * a method for getting the public key > > - * stored in the form of efi signature > > - * list > > + /* > > + * This is a function for retrieving the public key from the > > + * platform's device tree. The platform's device tree has been > > + * concatenated with the u-boot binary. > > + * If a platform has a different mechanism to get the public > > + * key, it can define it's own function. > > */ > > + const void *fdt_blob = gd->fdt_blob; > > + const void *blob; > > + const char *cnode_name = "capsule-key"; > > + const char *snode_name = "signature"; > > + int sig_node; > > + int len; > > + > > + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); > > + if (sig_node < 0) { > > + EFI_PRINT("Unable to get signature node offset\n"); > > + return -FDT_ERR_NOTFOUND; > > + } > > + > > + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); > > + > > + if (!blob || len < 0) { > > + EFI_PRINT("Unable to get capsule-key value\n"); > > + *pkey = NULL; > > + *pkey_len = 0; > > + return -FDT_ERR_NOTFOUND; > > + } > > + > > + *pkey = (void *)blob; > > + *pkey_len = len; > > + > > return 0; > > } > > > > > >
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 1423b675c8..fc5e1c0856 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -14,10 +14,13 @@ #include <mapmem.h> #include <sort.h> +#include <asm/global_data.h> #include <crypto/pkcs7.h> #include <crypto/pkcs7_parser.h> #include <linux/err.h> +DECLARE_GLOBAL_DATA_PTR; + const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; static const efi_guid_t efi_guid_firmware_management_capsule_id = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid = __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) { - /* The platform is supposed to provide - * a method for getting the public key - * stored in the form of efi signature - * list + /* + * This is a function for retrieving the public key from the + * platform's device tree. The platform's device tree has been + * concatenated with the u-boot binary. + * If a platform has a different mechanism to get the public + * key, it can define it's own function. */ + const void *fdt_blob = gd->fdt_blob; + const void *blob; + const char *cnode_name = "capsule-key"; + const char *snode_name = "signature"; + int sig_node; + int len; + + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); + if (sig_node < 0) { + EFI_PRINT("Unable to get signature node offset\n"); + return -FDT_ERR_NOTFOUND; + } + + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); + + if (!blob || len < 0) { + EFI_PRINT("Unable to get capsule-key value\n"); + *pkey = NULL; + *pkey_len = 0; + return -FDT_ERR_NOTFOUND; + } + + *pkey = (void *)blob; + *pkey_len = len; + return 0; }
Define a weak function which would be used in the scenario where the public key is stored on the platform's dtb. This dtb is concatenated with the u-boot binary during the build process. Platforms which have a different mechanism for getting the public key would define their own platform specific function. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> --- lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) -- 2.17.1