Re: [PATCH v8 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Simon Glass <sjg@chromium.org>,
	Takahiro Akashi <takahiro.akashi@linaro.org>,
	Etienne Carriere <etienne.carriere@linaro.org>,
	Roger Knecht <rknecht@pm.me>,
	Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>,
	Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: Re: [PATCH v8 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface
Date: Fri, 11 Nov 2022 14:33:29 +0200	[thread overview]
Message-ID: <Y25BGdIFkiCfQxm8@hera> (raw)
In-Reply-To: <20221110083054.11950-5-masahisa.kojima@linaro.org>

Hello Kojima-san!

[...]

> +	file_info.current_path = calloc(1, EFICONFIG_FILE_PATH_BUF_SIZE);
> +	if (!file_info.current_path) {
> +		ret = EFI_OUT_OF_RESOURCES;
> +		goto out;
> +	}
> +
> +	ret = eficonfig_process_select_file(&file_info);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	ret = efi_open_volume_int(file_info.current_volume, &root);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	ret = efi_file_open_int(root, &f, file_info.current_path, EFI_FILE_MODE_READ, 0);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	ret = efi_file_size(f, &size);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	buf = calloc(1, size);
> +	if (!buf) {
> +		ret = EFI_OUT_OF_RESOURCES;
> +		goto out;
> +	}
> +	if (size == 0) {
> +		eficonfig_print_msg("ERROR! File is empty.");
> +		goto out;
> +	}

This needs to move before the allocation and if (!size)

> +
> +	ret = efi_file_read_int(f, &size, buf);
> +	if (ret != EFI_SUCCESS) {
> +		eficonfig_print_msg("ERROR! Failed to read file.");
> +		goto out;
> +	}
> +	if (!file_have_auth_header(buf, size)) {
> +		eficonfig_print_msg("ERROR! Invalid file format. Only .auth variables is allowed.");
> +		ret = EFI_INVALID_PARAMETER;
> +		goto out;
> +	}
> +
> +	attr = EFI_VARIABLE_NON_VOLATILE |
> +	       EFI_VARIABLE_BOOTSERVICE_ACCESS |
> +	       EFI_VARIABLE_RUNTIME_ACCESS |
> +	       EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> +
> +	/* PK can enroll only one certificate */
> +	if (u16_strcmp(data, u"PK")) {
> +		efi_uintn_t db_size = 0;
> +
> +		/* check the variable exists. If exists, add APPEND_WRITE attribute */
> +		ret = efi_get_variable_int(data, efi_auth_var_get_guid(data), NULL,
> +					   &db_size, NULL,  NULL);
> +		if (ret == EFI_BUFFER_TOO_SMALL)
> +			attr |= EFI_VARIABLE_APPEND_WRITE;
> +	}
> +
> +	ret = efi_set_variable_int((u16 *)data, efi_auth_var_get_guid((u16 *)data),
> +				   attr, size, buf, false);
> +	if (ret != EFI_SUCCESS)
> +		eficonfig_print_msg("ERROR! Failed to update signature database");
> +
> +out:
> +	free(file_info.current_path);
> +	free(buf);
> +	if (f)
> +		efi_file_close_int(f);
> +
> +	/* return to the parent menu */
> +	ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret;

I assume we are changing the return message here because the upper layers
can't handle EFI_ABORTED?

> +
> +	return ret;
> +}
> +
> +static struct eficonfig_item key_config_menu_items[] = {
> +	{"Enroll New Key", eficonfig_process_enroll_key},
> +	{"Quit", eficonfig_process_quit},
> +};
> +
 
with the size changes 
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

next prev parent reply	other threads:[~2022-11-11 12:33 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-10  8:30 [PATCH v8 0/5] eficonfig: add UEFI Secure Boot key maintenance interface Masahisa Kojima
2022-11-10  8:30 ` [PATCH v8 1/5] eficonfig: refactor file selection handling Masahisa Kojima
2022-11-10  8:30 ` [PATCH v8 2/5] eficonfig: expose append entry function Masahisa Kojima
2022-11-10  8:30 ` [PATCH v8 3/5] eficonfig: refactor change boot order implementation Masahisa Kojima
2022-11-10  8:30 ` [PATCH v8 4/5] eficonfig: add UEFI Secure Boot Key enrollment interface Masahisa Kojima
2022-11-11 12:33   ` Ilias Apalodimas [this message]
2022-11-14  0:49     ` Masahisa Kojima
2022-11-10  8:30 ` [PATCH v8 5/5] eficonfig: add "Show Signature Database" menu entry Masahisa Kojima
2022-11-11 12:53   ` Ilias Apalodimas
2022-11-14  1:33     ` Masahisa Kojima

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y25BGdIFkiCfQxm8@hera \
    --to=ilias.apalodimas@linaro.org \
    --cc=ashok.reddy.soma@xilinx.com \
    --cc=etienne.carriere@linaro.org \
    --cc=masahisa.kojima@linaro.org \
    --cc=ovidiu.panait@windriver.com \
    --cc=rknecht@pm.me \
    --cc=sjg@chromium.org \
    --cc=takahiro.akashi@linaro.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.