From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v4 03/16] efi_loader: add signature verification functions
Date: Tue, 21 Jan 2020 15:00:09 +0900 [thread overview]
Message-ID: <20200121060008.GD8146@linaro.org> (raw)
In-Reply-To: <e83852eb-0951-d6d4-ca47-ad01cfcbd1be@gmx.de>
On Fri, Jan 17, 2020 at 06:37:39AM +0100, Heinrich Schuchardt wrote:
> On 1/17/20 3:20 AM, AKASHI Takahiro wrote:
> >On Wed, Jan 15, 2020 at 01:13:36AM +0100, Heinrich Schuchardt wrote:
> >>On 1/15/20 12:43 AM, Heinrich Schuchardt wrote:
> >>>On 12/18/19 1:44 AM, AKASHI Takahiro wrote:
> >(snip)
> >>>>diff --git a/lib/efi_loader/efi_signature.c
> >>>>b/lib/efi_loader/efi_signature.c
> >>>>new file mode 100644
> >>>>index 000000000000..823d3311e010
> >>>>--- /dev/null
> >>>>+++ b/lib/efi_loader/efi_signature.c
> >>>>@@ -0,0 +1,584 @@
> >>>>+// SPDX-License-Identifier: GPL-2.0+
> >>>>+/*
> >>>>+ * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
> >>>>+ * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
> >>>>+ */
> >>>>+
> >>>>+#include <common.h>
> >>>>+#include <charset.h>
> >>>>+#include <efi_loader.h>
> >>>>+#include <image.h>
> >>>>+#include <hexdump.h>
> >>>>+#include <malloc.h>
> >>>>+#include <pe.h>
> >>>>+#include <linux/compat.h>
> >>>>+#include <linux/oid_registry.h>
> >>>>+#include <u-boot/rsa.h>
> >>>>+#include <u-boot/sha256.h>
> >>>>+/*
> >>>>+ * avoid duplicated inclusion:
> >>>>+ * #include "../lib/crypto/x509_parser.h"
> >>>>+ */
> >>>>+#include "../lib/crypto/pkcs7_parser.h"
> >>>>+
> >>>>+const efi_guid_t efi_guid_image_security_database =
> >>>>+ EFI_IMAGE_SECURITY_DATABASE_GUID;
> >>>>+const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
> >>>>+const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
> >>>>+const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
> >>>>+const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
> >>>>+
> >>>>+#ifdef CONFIG_EFI_SECURE_BOOT
> >>
> >>This is the #ifdef to move to the Makefile. In the previous mail I got
> >>into the wrong line.
> >
> >No.
> >As you can see, those guids may also be referred to by other files
> >(see efi_variable.c and cmd/nvedit_efi.c)
> >even in !EFI_SECURE_BOOT case, and I think that this file is best fit
> >for them.
>
> I cannot find any of these guids in any other C file after applying all
> patches from
???
Did you look for efi_guid_image_security_database in efi_variable.c
and cmd/nvedit_efi.c?
-Takahiro Akashi
> https://patchwork.ozlabs.org/project/uboot/list/?series=&submitter=61166&state=&q=&archive=&delegate=
>
> git grep -n efi_guid_sha256
> include/efi_loader.h:185:extern const efi_guid_t efi_guid_sha256;
> lib/efi_loader/efi_signature.c:26:const efi_guid_t efi_guid_sha256 =
> EFI_CERT_SHA256_GUID;
> lib/efi_loader/efi_signature.c:252: if
> (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
>
> lib/efi_loader/efi_signature.c:27:const efi_guid_t efi_guid_cert_rsa2048
> = EFI_CERT_RSA2048_GUID;
>
> git grep -n efi_guid_cert_x509
> include/efi_loader.h:186:extern const efi_guid_t efi_guid_cert_x509;
> include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256;
> lib/efi_loader/efi_signature.c:28:const efi_guid_t efi_guid_cert_x509 =
> EFI_CERT_X509_GUID;
> lib/efi_loader/efi_signature.c:29:const efi_guid_t
> efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
> lib/efi_loader/efi_signature.c:283: if (guidcmp(&siglist->sig_type,
> &efi_guid_cert_x509)) {
> lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type,
> &efi_guid_cert_x509_sha256)) {
>
> include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256;
> lib/efi_loader/efi_signature.c:29:const efi_guid_t
> efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
> lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type,
> &efi_guid_cert_x509_sha256)) {
>
> Best regards
>
> Heinrich
next prev parent reply other threads:[~2020-01-21 6:00 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 0:44 [PATCH v4 00/16] efi_loader: add secure boot support AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 01/16] include: pe.h: add signature-related definitions AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 02/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 03/16] efi_loader: add signature verification functions AKASHI Takahiro
2020-01-14 23:43 ` Heinrich Schuchardt
2020-01-15 0:13 ` Heinrich Schuchardt
2020-01-17 2:20 ` AKASHI Takahiro
2020-01-17 5:37 ` Heinrich Schuchardt
2020-01-21 6:00 ` AKASHI Takahiro [this message]
2019-12-18 0:45 ` [PATCH v4 04/16] efi_loader: add signature database parser AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 05/16] efi_loader: variable: support variable authentication AKASHI Takahiro
2020-01-08 22:54 ` Heinrich Schuchardt
2020-01-17 5:35 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 06/16] efi_loader: variable: add secure boot state transition AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 07/16] efi_loader: variable: add VendorKeys variable AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 08/16] efi_loader: image_loader: support image authentication AKASHI Takahiro
2020-01-08 23:55 ` Heinrich Schuchardt
2020-01-17 5:11 ` AKASHI Takahiro
2020-01-17 5:51 ` Heinrich Schuchardt
2020-01-21 6:12 ` AKASHI Takahiro
2020-01-21 7:15 ` Heinrich Schuchardt
2020-01-22 1:13 ` AKASHI Takahiro
2020-01-22 7:42 ` AKASHI Takahiro
2020-01-23 17:41 ` Heinrich Schuchardt
2020-01-27 6:52 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 09/16] efi_loader: set up secure boot AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 10/16] cmd: env: use appropriate guid for authenticated UEFI variable AKASHI Takahiro
2020-01-21 7:13 ` Heinrich Schuchardt
2020-01-22 1:01 ` AKASHI Takahiro
2020-01-22 6:38 ` Heinrich Schuchardt
2020-01-22 7:15 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 11/16] cmd: env: add "-at" option to "env set -e" command AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 12/16] efi_loader, pytest: set up secure boot environment AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 13/16] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 14/16] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 15/16] sandbox: add extra configurations for UEFI and related tests AKASHI Takahiro
2019-12-28 2:26 ` Simon Glass
2019-12-18 0:45 ` [PATCH v4 16/16] travis: add packages for UEFI secure boot test AKASHI Takahiro
2020-01-08 23:11 ` [PATCH v4 00/16] efi_loader: add secure boot support Heinrich Schuchardt
2020-01-09 0:08 ` Heinrich Schuchardt
2020-01-09 8:02 ` Ilias Apalodimas
2020-01-09 19:09 ` Heinrich Schuchardt
2020-01-09 20:03 ` Ilias Apalodimas
2020-01-17 5:59 ` AKASHI Takahiro
2020-01-17 6:39 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200121060008.GD8146@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox