From patchwork Sun Oct 3 09:23:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1535796 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=EI5Ei8NR; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HMdhp20YPz9sX3 for ; Sun, 3 Oct 2021 20:24:26 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1839883424; Sun, 3 Oct 2021 11:23:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.b="EI5Ei8NR"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id EB792829FC; Sun, 3 Oct 2021 11:23:35 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4A57C832AD for ; Sun, 3 Oct 2021 11:23:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=heinrich.schuchardt@canonical.com Received: from LT2ubnt.fritz.box (ip-88-152-144-157.hsi03.unitymediagroup.de [88.152.144.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 895BF41A6A; Sun, 3 Oct 2021 09:23:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1633253004; bh=cErjrgNNZhTiygFEmLT5gOtyIm5aSY9UdB1TRQoM/J0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=EI5Ei8NRND3X9d08Ei7USmx5uhLBcYQ1vjDfBTxgSmYVS0ap29+a2gjjFaa86aHmO DiwYpNrJzlFdSarE7wKPhXFtIOBOge5D6nJjyLobFwNFLkEJuMh2kZA0nBBmTna5dF 66xueM15/17IR7YEVN8wzR062UIUALLppSDqKHnGzMkwTFfcouTShN2gXh2UxEMQi/ mOa+r0g/FCHx9z8Ued92XqXWkMUObEXwolyxSHu6aZo79uQf2aSwyedMYMy3bXlbvN R2jaAJBOS5shVu6rRKe9Hjw0pDb9FrQ5tLhHl44skBY0tIaCaO4V+1FuPuX6DWGfx7 iwn3DGfpYc8TA== From: Heinrich Schuchardt To: u-boot@lists.denx.de Cc: Alexander Graf , Ilias Apalodimas , Masahisa Kojima , AKASHI Takahiro , Sughosh Ganu , Heinrich Schuchardt Subject: [PATCH v3 1/4] efi_loader: treat UEFI variable name as const Date: Sun, 3 Oct 2021 11:23:17 +0200 Message-Id: <20211003092320.4671-2-heinrich.schuchardt@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> References: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean UEFI variable names are typically constants and hence should be defined as const. Unfortunately some of our API functions do not define the parameters for UEFI variable names as const. This requires unnecessary conversions. Adjust parameters of several internal functions to tre UEFI variable names as const. Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- v3: no change v2: adjust commit message --- include/efi_loader.h | 2 +- include/efi_variable.h | 16 ++++++++++------ lib/efi_loader/efi_tcg2.c | 2 +- lib/efi_loader/efi_var_common.c | 5 +++-- lib/efi_loader/efi_var_mem.c | 7 ++++--- lib/efi_loader/efi_variable.c | 9 +++++---- lib/efi_loader/efi_variable_tee.c | 16 ++++++++++------ 7 files changed, 34 insertions(+), 23 deletions(-) diff --git a/include/efi_loader.h b/include/efi_loader.h index c440962fe5..125052d002 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -816,7 +816,7 @@ efi_status_t EFIAPI efi_query_variable_info( u64 *remaining_variable_storage_size, u64 *maximum_variable_size); -void *efi_get_var(u16 *name, const efi_guid_t *vendor, efi_uintn_t *size); +void *efi_get_var(const u16 *name, const efi_guid_t *vendor, efi_uintn_t *size); /* * See section 3.1.3 in the v2.7 UEFI spec for more details on diff --git a/include/efi_variable.h b/include/efi_variable.h index 0440d356bc..8f666b2309 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -32,7 +32,8 @@ enum efi_auth_var_type { * @timep: authentication time (seconds since start of epoch) * Return: status code */ -efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, +efi_status_t efi_get_variable_int(const u16 *variable_name, + const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data, u64 *timep); @@ -47,7 +48,8 @@ efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, * @ro_check: check the read only read only bit in attributes * Return: status code */ -efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, +efi_status_t efi_set_variable_int(const u16 *variable_name, + const efi_guid_t *vendor, u32 attributes, efi_uintn_t data_size, const void *data, bool ro_check); @@ -224,7 +226,7 @@ void efi_var_mem_del(struct efi_var_entry *var); * @time: time of authentication (as seconds since start of epoch) * Result: status code */ -efi_status_t efi_var_mem_ins(u16 *variable_name, +efi_status_t efi_var_mem_ins(const u16 *variable_name, const efi_guid_t *vendor, u32 attributes, const efi_uintn_t size1, const void *data1, const efi_uintn_t size2, const void *data2, @@ -251,7 +253,8 @@ efi_status_t efi_init_secure_state(void); * @guid: guid of UEFI variable * Return: identifier for authentication related variables */ -enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid); +enum efi_auth_var_type efi_auth_var_get_type(const u16 *name, + const efi_guid_t *guid); /** * efi_get_next_variable_name_mem() - Runtime common code across efi variable @@ -280,8 +283,9 @@ efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_na * Return: status code */ efi_status_t __efi_runtime -efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, - efi_uintn_t *data_size, void *data, u64 *timep); +efi_get_variable_mem(const u16 *variable_name, const efi_guid_t *vendor, + u32 *attributes, efi_uintn_t *data_size, void *data, + u64 *timep); /** * efi_get_variable_runtime() - runtime implementation of GetVariable() diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index d3b8f93f14..ed1506012b 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1365,7 +1365,7 @@ static efi_status_t efi_append_scrtm_version(struct udevice *dev) * Return: status code */ static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index, - u32 event_type, u16 *var_name, + u32 event_type, const u16 *var_name, const efi_guid_t *guid, efi_uintn_t data_size, u8 *data) { diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index a00bbf1620..e179932124 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -374,7 +374,8 @@ bool efi_secure_boot_enabled(void) return efi_secure_boot; } -enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid) +enum efi_auth_var_type efi_auth_var_get_type(const u16 *name, + const efi_guid_t *guid) { for (size_t i = 0; i < ARRAY_SIZE(name_type); ++i) { if (!u16_strcmp(name, name_type[i].name) && @@ -393,7 +394,7 @@ enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid) * * Return: buffer with variable data or NULL */ -void *efi_get_var(u16 *name, const efi_guid_t *vendor, efi_uintn_t *size) +void *efi_get_var(const u16 *name, const efi_guid_t *vendor, efi_uintn_t *size) { efi_status_t ret; void *buf = NULL; diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c index 3d335a8274..13909b1d26 100644 --- a/lib/efi_loader/efi_var_mem.c +++ b/lib/efi_loader/efi_var_mem.c @@ -134,7 +134,7 @@ void __efi_runtime efi_var_mem_del(struct efi_var_entry *var) } efi_status_t __efi_runtime efi_var_mem_ins( - u16 *variable_name, + const u16 *variable_name, const efi_guid_t *vendor, u32 attributes, const efi_uintn_t size1, const void *data1, const efi_uintn_t size2, const void *data2, @@ -274,8 +274,9 @@ efi_status_t efi_var_mem_init(void) } efi_status_t __efi_runtime -efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, - efi_uintn_t *data_size, void *data, u64 *timep) +efi_get_variable_mem(const u16 *variable_name, const efi_guid_t *vendor, + u32 *attributes, efi_uintn_t *data_size, void *data, + u64 *timep) { efi_uintn_t old_size; struct efi_var_entry *var; diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index fa2b6bc7a8..5adc7f821a 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -45,7 +45,7 @@ * * Return: status code */ -static efi_status_t efi_variable_authenticate(u16 *variable, +static efi_status_t efi_variable_authenticate(const u16 *variable, const efi_guid_t *vendor, efi_uintn_t *data_size, const void **data, u32 given_attr, @@ -194,7 +194,7 @@ err: return ret; } #else -static efi_status_t efi_variable_authenticate(u16 *variable, +static efi_status_t efi_variable_authenticate(const u16 *variable, const efi_guid_t *vendor, efi_uintn_t *data_size, const void **data, u32 given_attr, @@ -205,7 +205,7 @@ static efi_status_t efi_variable_authenticate(u16 *variable, #endif /* CONFIG_EFI_SECURE_BOOT */ efi_status_t __efi_runtime -efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, +efi_get_variable_int(const u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data, u64 *timep) { @@ -219,7 +219,8 @@ efi_get_next_variable_name_int(efi_uintn_t *variable_name_size, return efi_get_next_variable_name_mem(variable_name_size, variable_name, vendor); } -efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, +efi_status_t efi_set_variable_int(const u16 *variable_name, + const efi_guid_t *vendor, u32 attributes, efi_uintn_t data_size, const void *data, bool ro_check) { diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c index 51920bcb51..281f886124 100644 --- a/lib/efi_loader/efi_variable_tee.c +++ b/lib/efi_loader/efi_variable_tee.c @@ -284,7 +284,8 @@ out: * StMM can store internal attributes and properties for variables, i.e enabling * R/O variables */ -static efi_status_t set_property_int(u16 *variable_name, efi_uintn_t name_size, +static efi_status_t set_property_int(const u16 *variable_name, + efi_uintn_t name_size, const efi_guid_t *vendor, struct var_check_property *var_property) { @@ -317,7 +318,8 @@ out: return ret; } -static efi_status_t get_property_int(u16 *variable_name, efi_uintn_t name_size, +static efi_status_t get_property_int(const u16 *variable_name, + efi_uintn_t name_size, const efi_guid_t *vendor, struct var_check_property *var_property) { @@ -361,7 +363,8 @@ out: return ret; } -efi_status_t efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, +efi_status_t efi_get_variable_int(const u16 *variable_name, + const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data, u64 *timep) { @@ -502,9 +505,10 @@ out: return ret; } -efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, - u32 attributes, efi_uintn_t data_size, - const void *data, bool ro_check) +efi_status_t efi_set_variable_int(const u16 *variable_name, + const efi_guid_t *vendor, u32 attributes, + efi_uintn_t data_size, const void *data, + bool ro_check) { efi_status_t ret, alt_ret = EFI_SUCCESS; struct var_check_property var_property; From patchwork Sun Oct 3 09:23:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1535794 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=iY+a05Sh; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HMdhR5vRjz9sX3 for ; Sun, 3 Oct 2021 20:24:07 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4C35283310; Sun, 3 Oct 2021 11:23:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.b="iY+a05Sh"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1A2528311B; Sun, 3 Oct 2021 11:23:35 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3D79F829FC for ; Sun, 3 Oct 2021 11:23:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=heinrich.schuchardt@canonical.com Received: from LT2ubnt.fritz.box (ip-88-152-144-157.hsi03.unitymediagroup.de [88.152.144.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 05BEF41A6B; Sun, 3 Oct 2021 09:23:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1633253005; bh=TOJTOVubDt3w9ngU/zrbjVd1HdHM+BLyxkdfWunFU5U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iY+a05Sh1UI78UP4ytN3BYUo4jGgMhYi7m2BqPq8Lvo+1zowAEQmXzKL9UPPIGzmm AEQByvONjNsr+VW0VnTbC8zfYA1UoI9v8MqwsCgaQgMYNg8iT2uO8OiIR3sEyh3Md+ xQ4mv+Gp+m/qfR1kt71Cm23vX2PMcArRheMDGUJAPgwCt9iBa9q3Ri7KQe1M8uCeY5 qlrb5aYYBJx98XOR9D9B21TTbNuL7KMMjJZu3xlLAoT5iqKcZOnaqMhTq551T+1t8x FPtt/DEAHu/ySDKfgWjPwVw7AGm0Pf0MU7kXsxFHi1wqlXQixcnZfJ4cr04jRX7oKt xvaF4BmTb8PcQ== From: Heinrich Schuchardt To: u-boot@lists.denx.de Cc: Alexander Graf , Ilias Apalodimas , Masahisa Kojima , AKASHI Takahiro , Sughosh Ganu , Heinrich Schuchardt Subject: [PATCH v3 2/4] efi_loader: function to get GUID for variable name Date: Sun, 3 Oct 2021 11:23:18 +0200 Message-Id: <20211003092320.4671-3-heinrich.schuchardt@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> References: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean In multiple places we need the default GUID matching a variable name. The patch provides a library function. For secure boot related variables like 'PK', 'KEK', 'db' a lookup table is used. For all other variable names EFI_GLOBAL_VARIABLE is returned. Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- v3: no change v2: adjust function documentation --- include/efi_variable.h | 11 +++++++++++ lib/efi_loader/efi_var_common.c | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/include/efi_variable.h b/include/efi_variable.h index 8f666b2309..74909e8ec6 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -256,6 +256,17 @@ efi_status_t efi_init_secure_state(void); enum efi_auth_var_type efi_auth_var_get_type(const u16 *name, const efi_guid_t *guid); +/** + * efi_auth_var_get_guid() - get the predefined GUID for a variable name + * + * For secure boot related variables a lookup table is used to determine + * the GUID. For all other variables EFI_GLOBAL_VARIABLE is returned. + * + * @name: name of UEFI variable + * Return: guid of UEFI variable + */ +const efi_guid_t *efi_auth_var_get_guid(const u16 *name); + /** * efi_get_next_variable_name_mem() - Runtime common code across efi variable * implementations for GetNextVariable() diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index e179932124..3cbb7c96c2 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -385,6 +385,15 @@ enum efi_auth_var_type efi_auth_var_get_type(const u16 *name, return EFI_AUTH_VAR_NONE; } +const efi_guid_t *efi_auth_var_get_guid(const u16 *name) +{ + for (size_t i = 0; i < ARRAY_SIZE(name_type); ++i) { + if (!u16_strcmp(name, name_type[i].name)) + return name_type[i].guid; + } + return &efi_global_variable_guid; +} + /** * efi_get_var() - read value of an EFI variable * From patchwork Sun Oct 3 09:23:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1535792 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=R7GeLsf4; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HMdh93Nw1z9sX3 for ; Sun, 3 Oct 2021 20:23:51 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D24A4832CE; Sun, 3 Oct 2021 11:23:33 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.b="R7GeLsf4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1AA4183314; Sun, 3 Oct 2021 11:23:31 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4EB71832CE for ; Sun, 3 Oct 2021 11:23:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=heinrich.schuchardt@canonical.com Received: from LT2ubnt.fritz.box (ip-88-152-144-157.hsi03.unitymediagroup.de [88.152.144.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 6BB3F41A6C; Sun, 3 Oct 2021 09:23:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1633253005; bh=TCUoesan3/AwAcrT6y+4Th3vMqFMAzOndCYNwSL8QMU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=R7GeLsf4BhZvwhIjWjA60nVjoO/Nhq1HQ81x7+P8cbqKvPRfONg4FAay3lNzv5vqK larYEQvs1whVfIkdBNl+Hv0WIaQeDvcfmftSko0DSUV7/brpQaUM3iyAks4oBB5vFe SQmvtDchplMGiRAcSZWf090WqGrw24k0KZyL6j2gqVkbJ2c4cxSEIP9Nb+XZAa7G+Z EoVY9jUlJQAz6ZOQSs5ygbdFkRN4KB2jKAGU6A9+E0ZJGmhYMtOLZclxmQOn/NRol9 Ab8fSuTpVT9nZ0QVxzdefupQlVV+otLbOm6QaM05lNy2iUruZ/r/wKMKaHB6IjZskT +v9jYMxfUgF1Q== From: Heinrich Schuchardt To: u-boot@lists.denx.de Cc: Alexander Graf , Ilias Apalodimas , Masahisa Kojima , AKASHI Takahiro , Sughosh Ganu , Heinrich Schuchardt Subject: [PATCH v3 3/4] efi_loader: simplify efi_sigstore_parse_sigdb() Date: Sun, 3 Oct 2021 11:23:19 +0200 Message-Id: <20211003092320.4671-4-heinrich.schuchardt@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> References: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Simplify efi_sigstore_parse_sigdb() by using existing functions. Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- v3: Keep error handling in efi_sigstore_parse_sigdb() v2: remove a superfluous check --- lib/efi_loader/efi_signature.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index bdd09881fc..97f6dfacd9 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -746,18 +746,11 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name) efi_uintn_t db_size; efi_status_t ret; - if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) { - vendor = &efi_global_variable_guid; - } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) { - vendor = &efi_guid_image_security_database; - } else { - EFI_PRINT("unknown signature database, %ls\n", name); - return NULL; - } + vendor = efi_auth_var_get_guid(name); /* retrieve variable data */ db_size = 0; - ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL)); + ret = efi_get_variable_int(name, vendor, NULL, &db_size, NULL); if (ret == EFI_NOT_FOUND) { EFI_PRINT("variable, %ls, not found\n", name); sigstore = calloc(sizeof(*sigstore), 1); From patchwork Sun Oct 3 09:23:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1535793 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=P9NXk+V5; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HMdhC3hKcz9ssP for ; Sun, 3 Oct 2021 20:23:55 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9BFAA832E9; Sun, 3 Oct 2021 11:23:37 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.b="P9NXk+V5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8271B832CE; Sun, 3 Oct 2021 11:23:32 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 436C182DC3 for ; Sun, 3 Oct 2021 11:23:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=canonical.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=heinrich.schuchardt@canonical.com Received: from LT2ubnt.fritz.box (ip-88-152-144-157.hsi03.unitymediagroup.de [88.152.144.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id DC34241A6D; Sun, 3 Oct 2021 09:23:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1633253006; bh=jLwAG2t3K6J6awS2r3GBxcbHA2fi3rkAa0qOSQ7EBi0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=P9NXk+V5Jhpsx7GVVdPK45rgzow/RZ0/c+lTaGjIEenoOfTWKzWmnDYqBO9K68QNr nRoRVAGWLM6FeK8P2OrNG1vwxdHakJPBLxeuMFJtY3p+22SHL00AOLPRzo1RMzBJM6 /w8YPzZLhUcLyk68xfZAiDlKgwKRMu3iOiSGSCLz7aZ5FGyRQhLcWB4oqyhDO7i9Zh yfnJOkAnr+/Se/gTb/8t59Vuqpp+z9zTt2+/hlHPpV+gEKdPtECON29o+to9r1JLbC wRRc3dbznwTyf7Us46rNKnbEKjGw5mUClST+qO1/kh0e/vKbg1liWNyIwHOfzC4lBt KP1ixP2KhgJnA== From: Heinrich Schuchardt To: u-boot@lists.denx.de Cc: Alexander Graf , Ilias Apalodimas , Masahisa Kojima , AKASHI Takahiro , Sughosh Ganu , Heinrich Schuchardt Subject: [PATCH v3 4/4] efi_loader: simplify tcg2_measure_secure_boot_variable() Date: Sun, 3 Oct 2021 11:23:20 +0200 Message-Id: <20211003092320.4671-5-heinrich.schuchardt@canonical.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> References: <20211003092320.4671-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Don't duplicate GUIDs. Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- v3: no change v2: no change --- lib/efi_loader/efi_tcg2.c | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index ed1506012b..52bf1b775f 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -79,17 +80,12 @@ static const struct digest_info hash_algo_list[] = { }, }; -struct variable_info { - u16 *name; - const efi_guid_t *guid; -}; - -static struct variable_info secure_variables[] = { - {L"SecureBoot", &efi_global_variable_guid}, - {L"PK", &efi_global_variable_guid}, - {L"KEK", &efi_global_variable_guid}, - {L"db", &efi_guid_image_security_database}, - {L"dbx", &efi_guid_image_security_database}, +static const u16 *secure_variables[] = { + u"SecureBoot", + u"PK", + u"KEK", + u"db", + u"dbx", }; #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list) @@ -1593,19 +1589,20 @@ static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev) count = ARRAY_SIZE(secure_variables); for (i = 0; i < count; i++) { + const efi_guid_t *guid; + + guid = efi_auth_var_get_guid(secure_variables[i]); + /* * According to the TCG2 PC Client PFP spec, "SecureBoot", * "PK", "KEK", "db" and "dbx" variables must be measured * even if they are empty. */ - data = efi_get_var(secure_variables[i].name, - secure_variables[i].guid, - &data_size); + data = efi_get_var(secure_variables[i], guid, &data_size); ret = tcg2_measure_variable(dev, 7, EV_EFI_VARIABLE_DRIVER_CONFIG, - secure_variables[i].name, - secure_variables[i].guid, + secure_variables[i], guid, data_size, data); free(data); if (ret != EFI_SUCCESS)