Message ID | 1378369679-6122-1-git-send-email-ivan.hu@canonical.com |
---|---|
State | Rejected |
Headers | show |
On 05/09/13 09:27, Ivan Hu wrote: > The VendorKeys variable is an 8-bit unsigned integer that defines whether the PK, KEK, db and dbx databases have been modified by anyone other than the platform vendor or a holder of the vendor-provided keys. This variable is new added to the UEFI spec version 2.4. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/uefidump/uefidump.c | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c > index fd5e378..f732bef 100644 > --- a/src/uefi/uefidump/uefidump.c > +++ b/src/uefi/uefidump/uefidump.c > @@ -722,6 +722,30 @@ static void uefidump_info_osindications_supported(fwts_framework *fw, fwts_uefi_ > } > } > > +static void uefidump_info_vendor_keys(fwts_framework *fw, fwts_uefi_var *var) > +{ > + if (var->datalen != 1) { > + /* Should be 1 byte, of not, dump it out as a hex dump */ > + uefidump_var_hexdump(fw, var); > + } else { > + char *modified; > + uint8_t value = (uint8_t)var->data[0]; > + > + switch (value) { > + case 0: > + modified = " (databases have been modified)"; > + break; > + case 1: > + modified = " (databases haven't been modified)"; > + break; Not sure if it is worth adding that a value of zero means that somebody other than the original platform vendor transitioned the system into setup mode or updated the PK, KEK, db, dbx using a mechanism not defined in the UEFI specification. So is the message "databases have been modified" sufficient? > + default: > + modified = ""; > + break; > + } > + fwts_log_info_verbatum(fw, " Value: 0x%2.2" PRIx8 "%s.", value, modified); > + } > +} > + > static uefidump_info uefidump_info_table[] = { > { "PlatformLangCodes", uefidump_info_platform_langcodes }, > { "PlatformLang", uefidump_info_platform_lang }, > @@ -748,6 +772,7 @@ static uefidump_info uefidump_info_table[] = { > { "SignatureSupport", uefidump_info_signature_support }, > { "HwErrRecSupport", uefidump_info_hwerrrec_support }, > { "OsIndicationsSupported", uefidump_info_osindications_supported }, > + { "VendorKeys", uefidump_info_vendor_keys }, > { NULL, NULL } > }; > >
diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c index fd5e378..f732bef 100644 --- a/src/uefi/uefidump/uefidump.c +++ b/src/uefi/uefidump/uefidump.c @@ -722,6 +722,30 @@ static void uefidump_info_osindications_supported(fwts_framework *fw, fwts_uefi_ } } +static void uefidump_info_vendor_keys(fwts_framework *fw, fwts_uefi_var *var) +{ + if (var->datalen != 1) { + /* Should be 1 byte, of not, dump it out as a hex dump */ + uefidump_var_hexdump(fw, var); + } else { + char *modified; + uint8_t value = (uint8_t)var->data[0]; + + switch (value) { + case 0: + modified = " (databases have been modified)"; + break; + case 1: + modified = " (databases haven't been modified)"; + break; + default: + modified = ""; + break; + } + fwts_log_info_verbatum(fw, " Value: 0x%2.2" PRIx8 "%s.", value, modified); + } +} + static uefidump_info uefidump_info_table[] = { { "PlatformLangCodes", uefidump_info_platform_langcodes }, { "PlatformLang", uefidump_info_platform_lang }, @@ -748,6 +772,7 @@ static uefidump_info uefidump_info_table[] = { { "SignatureSupport", uefidump_info_signature_support }, { "HwErrRecSupport", uefidump_info_hwerrrec_support }, { "OsIndicationsSupported", uefidump_info_osindications_supported }, + { "VendorKeys", uefidump_info_vendor_keys }, { NULL, NULL } };
The VendorKeys variable is an 8-bit unsigned integer that defines whether the PK, KEK, db and dbx databases have been modified by anyone other than the platform vendor or a holder of the vendor-provided keys. This variable is new added to the UEFI spec version 2.4. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/uefidump/uefidump.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)