From mboxrd@z Thu Jan  1 00:00:00 1970
From: Takahiro Akashi <takahiro.akashi@linaro.org>
Date: Mon, 10 May 2021 11:07:08 +0900
Subject: [PATCH v3 1/2] efi_loader: expose efi_image_parse() even if UEFI
 Secure Boot is disabled
In-Reply-To: <CADQ0-X9mZEEgPScrfTcp2HYmbZSpCxWrh8iGx9ojfDmSH7hUgA@mail.gmail.com>
References: <20210428121945.12586-1-masahisa.kojima@linaro.org>
 <20210428121945.12586-2-masahisa.kojima@linaro.org>
 <03caac60-b5ef-dd30-f025-cd5264d1d7a0@gmx.de>
 <f4e50ab4-1a1b-5580-2a9d-fd1e88dda40d@gmx.de>
 <CADQ0-X9mZEEgPScrfTcp2HYmbZSpCxWrh8iGx9ojfDmSH7hUgA@mail.gmail.com>
Message-ID: <20210510020708.GA15710@laputa>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Mon, May 10, 2021 at 09:49:03AM +0900, Masahisa Kojima wrote:
> Hi Heinrich,
> 
> Sorry for the late reply.
> 
> On Sat, 8 May 2021 at 23:08, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> >
> > On 4/28/21 3:16 PM, Heinrich Schuchardt wrote:
> > > On 28.04.21 14:19, Masahisa Kojima wrote:
> > <snip />
> > >>   /**
> > >>    * cmp_pe_section() - compare virtual addresses of two PE image sections
> > >>    * @arg1:  pointer to pointer to first section header
> > >> @@ -504,6 +565,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
> > >>
> > >>      EFI_PRINT("%s: Enter, %d\n", __func__, ret);
> > >>
> > >> +    if (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
> > >> +            return true;
> > >> +
> > >
> > > Why is this needed? Doesn't efi_secure_boot_enabled() return false in
> > > this case?
> 
> The original code is as follows.

Heinrich's concern was, I guess, that

> > >> +    if (!IS_ENABLED(CONFIG_EFI_SECURE_BOOT))
> > >> +            return true;

and the succeeding check,

        if (!efi_secure_boot_enabled())
                        return true;

are somehow redundant.
But in the latter case, I'm afraid that a compiler cannot optimize out
the rest of the logic in efi_image_authenticate().

-Takahiro Akashi


> #ifdef CONFIG_EFI_SECURE_BOOT
> static bool efi_image_authenticate(void *efi, size_t efi_size) {
> 
>   < snip >
> 
>  }
> #else
> static bool efi_image_authenticate(void *efi, size_t efi_size)
> {
>        return true;
> }
> #endif /* CONFIG_EFI_SECURE_BOOT */
> 
> The purpose of this commit is removing #if compilation switch,
> so I keep the original implementation, always return true
> if CONFIG_EFI_SECURE_BOOT is disabled.
> 
> Thanks,
> Masahisa
> 
> >
> > Hello Masahisa,
> >
> > I did not see any reply yet. Was a mail lost?
> >
> > Best regards
> >
> > Heinrich