From patchwork Thu Nov 26 18:41:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 333047 Delivered-To: patch@linaro.org Received: by 2002:a92:5e16:0:0:0:0:0 with SMTP id s22csp1543441ilb; Thu, 26 Nov 2020 10:44:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJzr1WlxZa8IatE4JA8d7Ulkhv76277PNHjud8bmulqao+GGTw4RsVygw7zlsapNQedjJKq8 X-Received: by 2002:a17:906:d931:: with SMTP id rn17mr3834022ejb.308.1606416246632; Thu, 26 Nov 2020 10:44:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606416246; cv=none; d=google.com; s=arc-20160816; b=kfRbWomrj9p/8r9Yrhxmo6PADJiF6NLN5TGs3sUj5XyQCJoIpv7iZXUfSpnn+uPp7d wD5VZkJFAd4P+IJfoxnT499LkT0lOLhlYekMrr+g7gUe6PHGIGOgy7GGHlJb4VudOukw 9W6wUZZe1bHrc2PjI2vtYoAlDvB/Z2nPQqTfnigkPhRQpIJV6tmqZQdy7tDrbAz/oVwc 9ykCn8gwhdyOqZkKQjoVaoi+DNCJW9CvXeXC6esM0J+/V076pLjyvkhWDKUoVBKhHPny FCdsAVzgE3E3XdByl6Fq+VDexe0BUKpAyRZLA4qdl/jvzqUIqjDFJJvGf0WMKtS9DXmF k6Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from; bh=iaFJ7GjLEuJqNcg6+IDpChkWzT8ojxyTr34ZTsZ90qU=; b=TgOypBjawHdQeJgBJqXWqtMV4DCE0VFO/6K1SBMWIkCdPPgIRHDWvV2llqsrHZRADb 3UiEIweAK3hWdci2W6nqZAfFAJ1ymvrnpnpX1u3pbiA70wSv3KfcYkyVcSQlZpaTNjyK ggtKh8nA4FbvNMbra8k4b4sPf2IlMcOHIqDB8DGPfC8RG63ndpH0gP1PC/Q4gdB6fNDm PDe9NLWvYsGpycK3a1oCQfDa0uqGWwb35agUKG9clFwbOuyUF/lNVuVMPQ2pyfIQrbVy qBD0rBQEm73Mjblydta5tjfgyvkTpmVRMRplSWcm6rlFZoSyp2eiM57rNL7nzw7I/eHL NjYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id z14si3613932ejp.202.2020.11.26.10.44.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Nov 2020 10:44:06 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B3F66826D9; Thu, 26 Nov 2020 19:42:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id CA967826E3; Thu, 26 Nov 2020 19:42:22 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id C07B0826EA for ; Thu, 26 Nov 2020 19:42:18 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 253BE1682; Thu, 26 Nov 2020 10:42:18 -0800 (PST) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B0E0B3F23F; Thu, 26 Nov 2020 10:42:15 -0800 (PST) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Takahiro Akashi , Heinrich Schuchardt , Alexander Graf , Lukasz Majewski , Tuomas Tynkkynen , Tom Rini , Sughosh Ganu Subject: [PATCH 10/14] efi_loader: Re-factor code to build the signature store from efi signature list Date: Fri, 27 Nov 2020 00:11:06 +0530 Message-Id: <20201126184110.30521-11-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201126184110.30521-1-sughosh.ganu@linaro.org> References: <20201126184110.30521-1-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean The efi_sigstore_parse_sigdb function reads the uefi authenticated variable, stored in the signature database format and builds the signature store structure. Factor out the code for building the signature store. This can then be used by the capsule authentication routine to build the signature store even when the signature database is not stored as an uefi authenticated variable Signed-off-by: Sughosh Ganu --- include/efi_loader.h | 2 + lib/efi_loader/efi_signature.c | 103 +++++++++++++++++++-------------- 2 files changed, 63 insertions(+), 42 deletions(-) -- 2.17.1 diff --git a/include/efi_loader.h b/include/efi_loader.h index b9226208f5..8d8a6649b5 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -803,6 +803,8 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs, int nocheck); void efi_sigstore_free(struct efi_signature_store *sigstore); +struct efi_signature_store *efi_build_signature_store(void *sig_list, + efi_uintn_t size); struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name); bool efi_secure_boot_enabled(void); diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index 9ab071b611..87525bdc80 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -736,6 +736,63 @@ err: return NULL; } +/** + * efi_sigstore_parse_sigdb - parse the signature list and populate + * the signature store + * + * @sig_list: Pointer to the signature list + * @size: Size of the signature list + * + * Parse the efi signature list and instantiate a signature store + * structure. + * + * Return: Pointer to signature store on success, NULL on error + */ +struct efi_signature_store *efi_build_signature_store(void *sig_list, + efi_uintn_t size) +{ + struct efi_signature_list *esl; + struct efi_signature_store *sigstore = NULL, *siglist; + + esl = sig_list; + while (size > 0) { + /* List must exist if there is remaining data. */ + if (size < sizeof(*esl)) { + EFI_PRINT("Signature list in wrong format\n"); + goto err; + } + + if (size < esl->signature_list_size) { + EFI_PRINT("Signature list in wrong format\n"); + goto err; + } + + /* Parse a single siglist. */ + siglist = efi_sigstore_parse_siglist(esl); + if (!siglist) { + EFI_PRINT("Parsing of signature list of failed\n"); + goto err; + } + + /* Append siglist */ + siglist->next = sigstore; + sigstore = siglist; + + /* Next */ + size -= esl->signature_list_size; + esl = (void *)esl + esl->signature_list_size; + } + free(sig_list); + + return sigstore; + +err: + efi_sigstore_free(sigstore); + free(sig_list); + + return NULL; +} + /** * efi_sigstore_parse_sigdb - parse a signature database variable * @name: Variable's name @@ -747,8 +804,7 @@ err: */ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name) { - struct efi_signature_store *sigstore = NULL, *siglist; - struct efi_signature_list *esl; + struct efi_signature_store *sigstore = NULL; const efi_guid_t *vendor; void *db; efi_uintn_t db_size; @@ -784,47 +840,10 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name) ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db)); if (ret != EFI_SUCCESS) { EFI_PRINT("Getting variable, %ls, failed\n", name); - goto err; - } - - /* Parse siglist list */ - esl = db; - while (db_size > 0) { - /* List must exist if there is remaining data. */ - if (db_size < sizeof(*esl)) { - EFI_PRINT("variable, %ls, in wrong format\n", name); - goto err; - } - - if (db_size < esl->signature_list_size) { - EFI_PRINT("variable, %ls, in wrong format\n", name); - goto err; - } - - /* Parse a single siglist. */ - siglist = efi_sigstore_parse_siglist(esl); - if (!siglist) { - EFI_PRINT("Parsing signature list of %ls failed\n", - name); - goto err; - } - - /* Append siglist */ - siglist->next = sigstore; - sigstore = siglist; - - /* Next */ - db_size -= esl->signature_list_size; - esl = (void *)esl + esl->signature_list_size; + free(db); + return NULL; } - free(db); - - return sigstore; -err: - efi_sigstore_free(sigstore); - free(db); - - return NULL; + return efi_build_signature_store(db, db_size); } #endif /* CONFIG_EFI_SECURE_BOOT */