From patchwork Sun Nov 20 00:21:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 627133 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp965147pvb; Sat, 19 Nov 2022 16:23:31 -0800 (PST) X-Google-Smtp-Source: AA0mqf79IL+wClULeueMnt31w5oHWaznh5+DkG7N+Dnkb9SeZyestf8+DSJLudgsT0M98a3Exyh2 X-Received: by 2002:ab0:1547:0:b0:414:40d1:f39d with SMTP id p7-20020ab01547000000b0041440d1f39dmr6916391uae.98.1668903811246; Sat, 19 Nov 2022 16:23:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668903811; cv=none; d=google.com; s=arc-20160816; b=Bkd7Mi2k4DA6AUuACE8ODPJqdCqKUxUvhhTum8olweifxpd4ph0QUS3LtsLXtxfCm+ DOz+Z7liMFT8lNDP0I59xIiGyedoHPJzA8/5KcsokG+cHPQfWKhqScUjCZ2wnxVVY66J OmP+sglNrV89hQTW18TxIuOAg4Nz2VLPV0BRfdm0vwYMePsspNlJOoiVeUfrBMmODun5 wYCBuMlPmbCegKQwgdTwo4Pi84+zkhGL8bAlHPqUYStg45hmkR8hqaEsPsp91oqyTqB8 VeLJ/s6wZXkStZ2CLZurJD57NFQlpkeANeQAjPiRpNsHLzso7b+BZGd76u/f79BHNYzA 3Fjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=d75uSlHisjPgecWpamMXm97iNxvYW1HLSot48w4Zduo=; b=kc2sTcxsyH2UOPHFXDM/J/fIX2fbvYuHz8T02+raDnyWz+zCDD5TZ6quZbudDtE2Ta jxyySF3Yz0g7RP7fkObc/rVmIFprtApvQjE9PZjd31cvigkFRStMV4f2A2n5ZsI4sur0 QtusHVJffhD5l6ocefsjnx9PmQR0TCjPpAVqk+nQPP0MW5LlI7UHpF+qwhybltkUX+vq D4aQQvwfZFmFUce2xE+JYjMd9yGWYzZInaSi9R8s02XneKjdEC5zbavwRUqnO9bJ7RDH zg0bUIDGw02b+nLu+dHUw2GVpQ2iNDRG/OSYGrcluyN6LxD4L/5y9/wsPi5ENGxwBMUD kybQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Awae6N4S; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id d188-20020a671dc5000000b003acfaf8d2f3si1263644vsd.89.2022.11.19.16.23.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 16:23:31 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Awae6N4S; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A4CA38524F; Sun, 20 Nov 2022 01:22:33 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Awae6N4S"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 509E9830E2; Sun, 20 Nov 2022 01:22:17 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5BE978504C for ; Sun, 20 Nov 2022 01:22:12 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x633.google.com with SMTP id 4so7664343pli.0 for ; Sat, 19 Nov 2022 16:22:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=d75uSlHisjPgecWpamMXm97iNxvYW1HLSot48w4Zduo=; b=Awae6N4S07/1XfZkNche9ruxvYVfKdRJgbsCWU8NrEoZV1OD2raUSoIeJkXJ36cF4A M1ehb8/dZaI68MG78eyITaL5BdUikZQ9qmQEF3zYYyM+G/r/9lDoQYE5WPNNuUedAA/I JsGwGS5SJLcl620E68mnI2qeWSZM0b76RQb5EEHk1pFfoc9sds/5kUlridbjg5xM5Lo0 +veVSmvWYAicPO9pvpSK9Av9Z8vkWk023QvRyVC9qo0tGulsLxMZjJtE9v6HT1gz8Cy7 mLJujMJO9k0bD/Ao72F7DY6UR5sq5HMvIUtN7mWyqqE3xaeHkQ+71ueKZnxiQvPldW3d SZKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=d75uSlHisjPgecWpamMXm97iNxvYW1HLSot48w4Zduo=; b=e2Ot+srMsVIzSB+xmuBrqlbdfNO0awNc4MIiEQmlNCwsBrm9Cy6+MJR5RRflspYj3h remDc9/RWGWCfUYSqUmE7v9qZd0VSroryIwWFlV5lt3Hu2r9/xWgJjU7vgkoaYlrNb8N umnHIIcP+dZFuT3VdQ5ixz/T0MYWe/hEIT2qRBZivmF1OsKQDCj3GySoISyEyHCIjI+s 5DEJ08XMLcJkUzViCSTwveRADJgAmOdr/gbLreupAFH/cw5JxkjnQrLtSj5YXY8eGKxU B4CB0xsIn2Aqp03u5/BySNhkXPCyzLOYrZtz6+Z8E6m4O/haOmYwNUnVt4gBJSy5VjKp g2bg== X-Gm-Message-State: ANoB5plo3IEjHc/uY1vbslR5Py0jkeG9qEh3Sg2F5aBoGGN3vMFCOcKq ep47NGIjc036XUoM4zVwtRVwkPQ9x6pwEA== X-Received: by 2002:a17:902:f313:b0:186:8518:6c97 with SMTP id c19-20020a170902f31300b0018685186c97mr5793949ple.94.1668903731578; Sat, 19 Nov 2022 16:22:11 -0800 (PST) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d12-20020a170902654c00b00168dadc7354sm1859431pln.78.2022.11.19.16.22.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Nov 2022 16:22:10 -0800 (PST) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Etienne Carriere , Masahisa Kojima Subject: [PATCH v10 7/7] eficonfig: add "Show Signature Database" menu entry Date: Sun, 20 Nov 2022 09:21:19 +0900 Message-Id: <20221120002119.23683-8-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221120002119.23683-1-masahisa.kojima@linaro.org> References: <20221120002119.23683-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit adds the menu-driven interface to show the signature list content. Signed-off-by: Masahisa Kojima Acked-by: Ilias Apalodimas --- Changes in v10: - change buffer size to appropriate value(37) - use strdup() No update since v7 Changes in v7: - remove delete signature list feature user can clear the signature database with signed null key - rename function name to avoid confusion - update commit message Changes in v6: - update comment Changes in v2: - integrate show and delete signature database menu - add confirmation message before delete - add function comment cmd/eficonfig_sbkey.c | 235 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 235 insertions(+) diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c index 5130848dd9..6e0bebf1d4 100644 --- a/cmd/eficonfig_sbkey.c +++ b/cmd/eficonfig_sbkey.c @@ -17,6 +17,13 @@ #include #include +struct eficonfig_sig_data { + struct efi_signature_list *esl; + struct efi_signature_data *esd; + struct list_head list; + u16 *varname; +}; + enum efi_sbkey_signature_type { SIG_TYPE_X509 = 0, SIG_TYPE_HASH, @@ -176,8 +183,236 @@ out: return ret; } +/** + * eficonfig_process_show_siglist() - show signature list content + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_siglist(void *data) +{ + u32 i; + struct eficonfig_sig_data *sg = data; + + puts(ANSI_CURSOR_HIDE); + puts(ANSI_CLEAR_CONSOLE); + printf(ANSI_CURSOR_POSITION, 1, 1); + + printf("\n ** Show Signature Database (%ls) **\n\n" + " Owner GUID:\n" + " %pUL\n", + sg->varname, sg->esd->signature_owner.b); + + for (i = 0; i < ARRAY_SIZE(sigtype_to_str); i++) { + if (!guidcmp(&sg->esl->signature_type, &sigtype_to_str[i].sig_type)) { + printf(" Signature Type:\n" + " %s\n", sigtype_to_str[i].str); + + switch (sigtype_to_str[i].type) { + case SIG_TYPE_X509: + { + struct x509_certificate *cert_tmp; + + cert_tmp = x509_cert_parse(sg->esd->signature_data, + sg->esl->signature_size); + printf(" Subject:\n" + " %s\n" + " Issuer:\n" + " %s\n", + cert_tmp->subject, cert_tmp->issuer); + break; + } + case SIG_TYPE_CRL: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t) - + sizeof(struct efi_time); + struct efi_time *time = + (struct efi_time *)((u8 *)sg->esd->signature_data + + hash_size); + + printf(" ToBeSignedHash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + printf(" TimeOfRevocation:\n" + " %d-%d-%d %02d:%02d:%02d\n", + time->year, time->month, time->day, + time->hour, time->minute, time->second); + break; + } + case SIG_TYPE_HASH: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t); + + printf(" Hash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + break; + } + default: + eficonfig_print_msg("ERROR! Unsupported format."); + return EFI_INVALID_PARAMETER; + } + } + } + + while (tstc()) + getchar(); + + printf("\n\n Press any key to continue"); + getchar(); + + return EFI_SUCCESS; +} + +/** + * prepare_signature_list_menu() - create the signature list menu entry + * + * @efimenu: pointer to the efimenu structure + * @varname: pointer to the variable name + * @db: pointer to the variable raw data + * @db_size: variable data size + * @func: callback of each entry + * Return: status code + */ +static efi_status_t prepare_signature_list_menu(struct efimenu *efi_menu, void *varname, + void *db, efi_uintn_t db_size, + eficonfig_entry_func func) +{ + u32 num = 0; + efi_uintn_t size; + struct eficonfig_sig_data *sg; + struct efi_signature_list *esl; + struct efi_signature_data *esd; + efi_status_t ret = EFI_SUCCESS; + + INIT_LIST_HEAD(&efi_menu->list); + + esl = db; + size = db_size; + while (size > 0) { + u32 remain; + + esd = (struct efi_signature_data *)((u8 *)esl + + (sizeof(struct efi_signature_list) + + esl->signature_header_size)); + remain = esl->signature_list_size - sizeof(struct efi_signature_list) - + esl->signature_header_size; + for (; remain > 0; remain -= esl->signature_size) { + char buf[37]; + char *title; + + if (num >= EFICONFIG_ENTRY_NUM_MAX - 1) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + sg = calloc(1, sizeof(struct eficonfig_sig_data)); + if (!sg) { + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + snprintf(buf, sizeof(buf), "%pUL", &esd->signature_owner); + title = strdup(buf); + if (!title) { + free(sg); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + sg->esl = esl; + sg->esd = esd; + sg->varname = varname; + ret = eficonfig_append_menu_entry(efi_menu, title, func, sg); + if (ret != EFI_SUCCESS) { + free(sg); + free(title); + goto err; + } + esd = (struct efi_signature_data *)((u8 *)esd + esl->signature_size); + num++; + } + + size -= esl->signature_list_size; + esl = (struct efi_signature_list *)((u8 *)esl + esl->signature_list_size); + } +out: + ret = eficonfig_append_quit_entry(efi_menu); +err: + return ret; +} + +/** + * enumerate_and_show_signature_database() - enumerate and show the signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t enumerate_and_show_signature_database(void *varname) +{ + void *db; + char buf[50]; + efi_status_t ret; + efi_uintn_t db_size; + struct efimenu *efi_menu; + struct list_head *pos, *n; + struct eficonfig_entry *entry; + + db = efi_get_var(varname, efi_auth_var_get_guid(varname), &db_size); + if (!db) { + eficonfig_print_msg("There is no entry in the signature database."); + return EFI_NOT_FOUND; + } + + efi_menu = calloc(1, sizeof(struct efimenu)); + if (!efi_menu) { + free(db); + return EFI_OUT_OF_RESOURCES; + } + + ret = prepare_signature_list_menu(efi_menu, varname, db, db_size, + eficonfig_process_show_siglist); + if (ret != EFI_SUCCESS) + goto out; + + snprintf(buf, sizeof(buf), " ** Show Signature Database (%ls) **", (u16 *)varname); + ret = eficonfig_process_common(efi_menu, buf); +out: + list_for_each_safe(pos, n, &efi_menu->list) { + entry = list_entry(pos, struct eficonfig_entry, list); + free(entry->data); + } + eficonfig_destroy(efi_menu); + free(db); + + return ret; +} + +/** + * eficonfig_process_show_signature_database() - process show signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_signature_database(void *data) +{ + efi_status_t ret; + + while (1) { + ret = enumerate_and_show_signature_database(data); + if (ret != EFI_SUCCESS && ret != EFI_NOT_READY) + break; + } + + /* return to the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + static struct eficonfig_item key_config_menu_items[] = { {"Enroll New Key", eficonfig_process_enroll_key}, + {"Show Signature Database", eficonfig_process_show_signature_database}, {"Quit", eficonfig_process_quit}, };