From: Takahiro Akashi <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v3 1/2] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled
Date: Mon, 10 May 2021 11:07:08 +0900 [thread overview]
Message-ID: <20210510020708.GA15710@laputa> (raw)
In-Reply-To: <CADQ0-X9mZEEgPScrfTcp2HYmbZSpCxWrh8iGx9ojfDmSH7hUgA@mail.gmail.com>
On Mon, May 10, 2021 at 09:49:03AM +0900, Masahisa Kojima wrote:
> Hi Heinrich,
>
> Sorry for the late reply.
>
> On Sat, 8 May 2021 at 23:08, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> >
> > On 4/28/21 3:16 PM, Heinrich Schuchardt wrote:
> > > On 28.04.21 14:19, Masahisa Kojima wrote:
> > <snip />
> > >> /**
> > >> * cmp_pe_section() - compare virtual addresses of two PE image sections
> > >> * @arg1: pointer to pointer to first section header
> > >> @@ -504,6 +565,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> > >>
> > >> EFI_PRINT("%s: Enter, %d\n", __func__, ret);
> > >>
> > >> + if (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
> > >> + return true;
> > >> +
> > >
> > > Why is this needed? Doesn't efi_secure_boot_enabled() return false in
> > > this case?
>
> The original code is as follows.
Heinrich's concern was, I guess, that
> > >> + if (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
> > >> + return true;
and the succeeding check,
if (!efi_secure_boot_enabled())
return true;
are somehow redundant.
But in the latter case, I'm afraid that a compiler cannot optimize out
the rest of the logic in efi_image_authenticate().
-Takahiro Akashi
> #ifdef CONFIG_EFI_SECURE_BOOT
> static bool efi_image_authenticate(void *efi, size_t efi_size) {
>
> < snip >
>
> }
> #else
> static bool efi_image_authenticate(void *efi, size_t efi_size)
> {
> return true;
> }
> #endif /* CONFIG_EFI_SECURE_BOOT */
>
> The purpose of this commit is removing #if compilation switch,
> so I keep the original implementation, always return true
> if CONFIG_EFI_SECURE_BOOT is disabled.
>
> Thanks,
> Masahisa
>
> >
> > Hello Masahisa,
> >
> > I did not see any reply yet. Was a mail lost?
> >
> > Best regards
> >
> > Heinrich
next prev parent reply other threads:[~2021-05-10 2:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-28 12:19 [PATCH v3 0/2] PE/COFF measurement support Masahisa Kojima
2021-04-28 12:19 ` [PATCH v3 1/2] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled Masahisa Kojima
2021-04-28 13:16 ` Heinrich Schuchardt
2021-05-08 14:08 ` Heinrich Schuchardt
2021-05-10 0:49 ` Masahisa Kojima
2021-05-10 2:07 ` Takahiro Akashi [this message]
2021-05-10 22:06 ` Masahisa Kojima
2021-05-12 6:57 ` Masahisa Kojima
2021-04-28 12:19 ` [PATCH v3 2/2] efi_loader: add PE/COFF image measurement Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210510020708.GA15710@laputa \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox