From patchwork Thu Nov 26 18:41:06 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 333047
Delivered-To: patch@linaro.org
Received: by 2002:a92:5e16:0:0:0:0:0 with SMTP id s22csp1543441ilb;
 Thu, 26 Nov 2020 10:44:06 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzr1WlxZa8IatE4JA8d7Ulkhv76277PNHjud8bmulqao+GGTw4RsVygw7zlsapNQedjJKq8
X-Received: by 2002:a17:906:d931:: with SMTP id
 rn17mr3834022ejb.308.1606416246632; 
 Thu, 26 Nov 2020 10:44:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606416246; cv=none;
 d=google.com; s=arc-20160816;
 b=kfRbWomrj9p/8r9Yrhxmo6PADJiF6NLN5TGs3sUj5XyQCJoIpv7iZXUfSpnn+uPp7d
 wD5VZkJFAd4P+IJfoxnT499LkT0lOLhlYekMrr+g7gUe6PHGIGOgy7GGHlJb4VudOukw
 9W6wUZZe1bHrc2PjI2vtYoAlDvB/Z2nPQqTfnigkPhRQpIJV6tmqZQdy7tDrbAz/oVwc
 9ykCn8gwhdyOqZkKQjoVaoi+DNCJW9CvXeXC6esM0J+/V076pLjyvkhWDKUoVBKhHPny
 FCdsAVzgE3E3XdByl6Fq+VDexe0BUKpAyRZLA4qdl/jvzqUIqjDFJJvGf0WMKtS9DXmF
 k6Bw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:cc:to:from;
 bh=iaFJ7GjLEuJqNcg6+IDpChkWzT8ojxyTr34ZTsZ90qU=;
 b=TgOypBjawHdQeJgBJqXWqtMV4DCE0VFO/6K1SBMWIkCdPPgIRHDWvV2llqsrHZRADb
 3UiEIweAK3hWdci2W6nqZAfFAJ1ymvrnpnpX1u3pbiA70wSv3KfcYkyVcSQlZpaTNjyK
 ggtKh8nA4FbvNMbra8k4b4sPf2IlMcOHIqDB8DGPfC8RG63ndpH0gP1PC/Q4gdB6fNDm
 PDe9NLWvYsGpycK3a1oCQfDa0uqGWwb35agUKG9clFwbOuyUF/lNVuVMPQ2pyfIQrbVy
 qBD0rBQEm73Mjblydta5tjfgyvkTpmVRMRplSWcm6rlFZoSyp2eiM57rNL7nzw7I/eHL
 NjYw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 z14si3613932ejp.202.2020.11.26.10.44.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 26 Nov 2020 10:44:06 -0800 (PST)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 client-ip=85.214.62.61; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id B3F66826D9;
 Thu, 26 Nov 2020 19:42:47 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id CA967826E3; Thu, 26 Nov 2020 19:42:22 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
 URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id C07B0826EA
 for <u-boot@lists.denx.de>; Thu, 26 Nov 2020 19:42:18 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 253BE1682;
 Thu, 26 Nov 2020 10:42:18 -0800 (PST)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 B0E0B3F23F; Thu, 26 Nov 2020 10:42:15 -0800 (PST)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Alexander Graf <agraf@csgraf.de>, Lukasz Majewski <lukma@denx.de>,
 Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>,
 Tom Rini <trini@konsulko.com>, Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH 10/14] efi_loader: Re-factor code to build the signature
 store from efi signature list
Date: Fri, 27 Nov 2020 00:11:06 +0530
Message-Id: <20201126184110.30521-11-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201126184110.30521-1-sughosh.ganu@linaro.org>
References: <20201126184110.30521-1-sughosh.ganu@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
 include/efi_loader.h           |   2 +
 lib/efi_loader/efi_signature.c | 103 +++++++++++++++++++--------------
 2 files changed, 63 insertions(+), 42 deletions(-)

-- 
2.17.1

diff --git a/include/efi_loader.h b/include/efi_loader.h
index b9226208f5..8d8a6649b5 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -803,6 +803,8 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 				  int nocheck);
 
 void efi_sigstore_free(struct efi_signature_store *sigstore);
+struct efi_signature_store *efi_build_signature_store(void *sig_list,
+						      efi_uintn_t size);
 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name);
 
 bool efi_secure_boot_enabled(void);
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 9ab071b611..87525bdc80 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -736,6 +736,63 @@ err:
 	return NULL;
 }
 
+/**
+ * efi_sigstore_parse_sigdb - parse the signature list and populate
+ * the signature store
+ *
+ * @sig_list:	Pointer to the signature list
+ * @size:	Size of the signature list
+ *
+ * Parse the efi signature list and instantiate a signature store
+ * structure.
+ *
+ * Return:	Pointer to signature store on success, NULL on error
+ */
+struct efi_signature_store *efi_build_signature_store(void *sig_list,
+						      efi_uintn_t size)
+{
+	struct efi_signature_list *esl;
+	struct efi_signature_store *sigstore = NULL, *siglist;
+
+	esl = sig_list;
+	while (size > 0) {
+		/* List must exist if there is remaining data. */
+		if (size < sizeof(*esl)) {
+			EFI_PRINT("Signature list in wrong format\n");
+			goto err;
+		}
+
+		if (size < esl->signature_list_size) {
+			EFI_PRINT("Signature list in wrong format\n");
+			goto err;
+		}
+
+		/* Parse a single siglist. */
+		siglist = efi_sigstore_parse_siglist(esl);
+		if (!siglist) {
+			EFI_PRINT("Parsing of signature list of failed\n");
+			goto err;
+		}
+
+		/* Append siglist */
+		siglist->next = sigstore;
+		sigstore = siglist;
+
+		/* Next */
+		size -= esl->signature_list_size;
+		esl = (void *)esl + esl->signature_list_size;
+	}
+	free(sig_list);
+
+	return sigstore;
+
+err:
+	efi_sigstore_free(sigstore);
+	free(sig_list);
+
+	return NULL;
+}
+
 /**
  * efi_sigstore_parse_sigdb - parse a signature database variable
  * @name:	Variable's name
@@ -747,8 +804,7 @@ err:
  */
 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 {
-	struct efi_signature_store *sigstore = NULL, *siglist;
-	struct efi_signature_list *esl;
+	struct efi_signature_store *sigstore = NULL;
 	const efi_guid_t *vendor;
 	void *db;
 	efi_uintn_t db_size;
@@ -784,47 +840,10 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 	ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
 	if (ret != EFI_SUCCESS) {
 		EFI_PRINT("Getting variable, %ls, failed\n", name);
-		goto err;
-	}
-
-	/* Parse siglist list */
-	esl = db;
-	while (db_size > 0) {
-		/* List must exist if there is remaining data. */
-		if (db_size < sizeof(*esl)) {
-			EFI_PRINT("variable, %ls, in wrong format\n", name);
-			goto err;
-		}
-
-		if (db_size < esl->signature_list_size) {
-			EFI_PRINT("variable, %ls, in wrong format\n", name);
-			goto err;
-		}
-
-		/* Parse a single siglist. */
-		siglist = efi_sigstore_parse_siglist(esl);
-		if (!siglist) {
-			EFI_PRINT("Parsing signature list of %ls failed\n",
-				  name);
-			goto err;
-		}
-
-		/* Append siglist */
-		siglist->next = sigstore;
-		sigstore = siglist;
-
-		/* Next */
-		db_size -= esl->signature_list_size;
-		esl = (void *)esl + esl->signature_list_size;
+		free(db);
+		return NULL;
 	}
-	free(db);
-
-	return sigstore;
 
-err:
-	efi_sigstore_free(sigstore);
-	free(db);
-
-	return NULL;
+	return efi_build_signature_store(db, db_size);
 }
 #endif /* CONFIG_EFI_SECURE_BOOT */