From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7274C4338F for ; Mon, 2 Aug 2021 07:15:24 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2B8CA60EFD for ; Mon, 2 Aug 2021 07:15:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 2B8CA60EFD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2CB6882E3F; Mon, 2 Aug 2021 09:15:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Gvgh9fbb"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 57C3682916; Mon, 2 Aug 2021 09:15:19 +0200 (CEST) Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 67E2482916 for ; Mon, 2 Aug 2021 09:15:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x1033.google.com with SMTP id mt6so24009979pjb.1 for ; Mon, 02 Aug 2021 00:15:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=N1Z7zvP7lzQmHLk0d1uyiwxxTUuzTWW8vnYX9jzayAU=; b=Gvgh9fbbqWCs0JZLtfVH9UmvTRggmc71ZBmF5t27tf4PZtvbColGuf/p8JkXLbat5O u7KqmQ3+vhdRdEHsv5kFpsrDw4F2gh1ymODHovrfxsIc82HOvqjaU8GhW9uFjA27DC33 mBY22h23WI8hTVwThM6h/ov5OX6mG7OZU2IPB/5WB3gBMUMsaYwzoWEUuSF2UJOph9N7 oDEEt91zyU2V6T+KGeojh+axdxVCSD5c3bvE/RxnhL2aMFoJb/sWT/DXOds1fhC8vuHZ IIPpqIjH5aM+7FR52ZWDQsSGGLxr/ubuyHBFc/EJnUp20Ygb8KRMWsMEsBrSQ+O/OVIT Ec8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=N1Z7zvP7lzQmHLk0d1uyiwxxTUuzTWW8vnYX9jzayAU=; b=VGT/B/UJRIghscOkx5BE57OC5fGcAswNiw6NVSacI1P43Vv+MrGXMGEtnTyn7MKZq9 XrYVh/oiGGIMFkoU3kG9gf8SRR/Gq+EjSdicpFJstIDqaePSXlKr1jPX5KwLJYyE/Rkw qMRIKGRPSY79YV5Soxt1TrVsmADoVWO8STYxsHK94flRe6WE5lpp8EmCrhdp3aQwThcV RIHVGNHqHOn4nNVnBKW/js4s7L/mvmo/T6n8aWYTkJhcMERUYph1FRyuCOV52pwEkDe2 dKw5LBCUA/I25dQFNXs2Uk7ZCL8feRjn3fSRW38ApOeDoo1Qti2oUpbkhr511Sjoo21Z 4y3w== X-Gm-Message-State: AOAM532D4nT2rxeXi3akB4r6Ms55iZDRgDtav8tAelPphrmX6L7ETKE4 2obRMiscLY7LwmENhZbzukmrKw== X-Google-Smtp-Source: ABdhPJxbzbN0a+rmqypLdVHDJ1+Ch8aEt+gkMo5G5BRGuvNhdpPzIV9+yJSM9tVovK3nf2wr6g67qw== X-Received: by 2002:a17:90a:ab07:: with SMTP id m7mr15538221pjq.27.1627888507414; Mon, 02 Aug 2021 00:15:07 -0700 (PDT) Received: from laputa (pdb6272b1.tkyea130.ap.so-net.ne.jp. [219.98.114.177]) by smtp.gmail.com with ESMTPSA id n4sm5891986pfj.62.2021.08.02.00.15.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Aug 2021 00:15:06 -0700 (PDT) Date: Mon, 2 Aug 2021 16:15:00 +0900 From: KASHI Takahiro To: Simon Glass Cc: Ilias Apalodimas , U-Boot Mailing List , Heinrich Schuchardt , Alexander Graf , Masami Hiramatsu , Sughosh Ganu Subject: Re: [PATCH] Revert "efi_capsule: Move signature from DTB to .rodata" Message-ID: <20210802071500.GG7965@laputa> Mail-Followup-To: KASHI Takahiro , Simon Glass , Ilias Apalodimas , U-Boot Mailing List , Heinrich Schuchardt , Alexander Graf , Masami Hiramatsu , Sughosh Ganu References: <20210802014621.2280899-1-sjg@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Sun, Aug 01, 2021 at 08:47:15PM -0600, Simon Glass wrote: > Hi Ilias, > > On Sun, 1 Aug 2021 at 20:28, Ilias Apalodimas > wrote: > > > > Hi Simon, > > > > On Sun, Aug 01, 2021 at 07:46:21PM -0600, Simon Glass wrote: > > > This was unfortunately applied despite much discussion about it being > > > the wrong way to implement this feature. > > > > No this was applied *before* the discussion, not despite. > > Oh sorry...I didn't notice either way. Normally there is an email on > the patch saying it was applied. Perhaps I missed it. > > > > > > > > > Revert it before too many other things are built on top of it. > > > > I don't really mind if this gets reverted but there's things that haven't > > been answered on that discussion [1] and my concern is what happens if > > CONFIG_OF_EMBED is not selected. > > Can we start a new discussion perhaps? Or use one of the contributor > calls to talk about it? > > We should not be using OF_EMBED except for testing. > > > > > Also you need to revert the entire series, not just one of the patches, > > as it changes the QEMU documentation for enabling authenticated capsule > > updates, as well as the mkeficapsule app. > > Heinrich, do you have any thoughts on this? # I'm not Heinrich :) As far as the authentication logic itself is concerned, it is utterly generic except how and from where a public key is retrieved. (It can potentially be platform-specific.) Moreover, mkeficapsule really doesn't care where the key is. So I don't think we need revert all those changes. For testing, we can run a test on sandbox by having sandbox-specific efi_get_public_key_data() function, i.e. we may want to contain the key in a file on ESP or just in a specific flash partition. Obviously, it's not safe, but it's just a test to verify that the logic is sane. If the discussion goes on for an unexpected spell of time, I would like to take this workaround for now. -Takahiro Akashi > Regards, > Simon > > > > > [1] https://lore.kernel.org/u-boot/YPna8Aiaoov6h50K@enceladus/ > > > > Regards > > /Ilias > > > > > > This reverts commit ddf67daac39de76d2697d587148f4c2cb768f492. > > > > > > Signed-off-by: Simon Glass > > > --- > > > > > > board/emulation/common/Makefile | 1 + > > > board/emulation/common/qemu_capsule.c | 43 +++++++++++++++++++++++++++ > > > include/asm-generic/sections.h | 2 -- > > > lib/efi_loader/Kconfig | 7 ----- > > > lib/efi_loader/Makefile | 8 ----- > > > lib/efi_loader/efi_capsule.c | 18 ++--------- > > > lib/efi_loader/efi_capsule_key.S | 17 ----------- > > > 7 files changed, 47 insertions(+), 49 deletions(-) > > > create mode 100644 board/emulation/common/qemu_capsule.c > > > delete mode 100644 lib/efi_loader/efi_capsule_key.S > > > > > > diff --git a/board/emulation/common/Makefile b/board/emulation/common/Makefile > > > index c5b452e7e34..7ed447a69dc 100644 > > > --- a/board/emulation/common/Makefile > > > +++ b/board/emulation/common/Makefile > > > @@ -2,3 +2,4 @@ > > > > > > obj-$(CONFIG_SYS_MTDPARTS_RUNTIME) += qemu_mtdparts.o > > > obj-$(CONFIG_SET_DFU_ALT_INFO) += qemu_dfu.o > > > +obj-$(CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT) += qemu_capsule.o > > > diff --git a/board/emulation/common/qemu_capsule.c b/board/emulation/common/qemu_capsule.c > > > new file mode 100644 > > > index 00000000000..6b8a87022a4 > > > --- /dev/null > > > +++ b/board/emulation/common/qemu_capsule.c > > > @@ -0,0 +1,43 @@ > > > +// SPDX-License-Identifier: GPL-2.0+ > > > +/* > > > + * Copyright (c) 2020 Linaro Limited > > > + */ > > > + > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > +#include > > > + > > > +DECLARE_GLOBAL_DATA_PTR; > > > + > > > +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > > > +{ > > > + const void *fdt_blob = gd->fdt_blob; > > > + const void *blob; > > > + const char *cnode_name = "capsule-key"; > > > + const char *snode_name = "signature"; > > > + int sig_node; > > > + int len; > > > + > > > + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); > > > + if (sig_node < 0) { > > > + EFI_PRINT("Unable to get signature node offset\n"); > > > + return -FDT_ERR_NOTFOUND; > > > + } > > > + > > > + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); > > > + > > > + if (!blob || len < 0) { > > > + EFI_PRINT("Unable to get capsule-key value\n"); > > > + *pkey = NULL; > > > + *pkey_len = 0; > > > + return -FDT_ERR_NOTFOUND; > > > + } > > > + > > > + *pkey = (void *)blob; > > > + *pkey_len = len; > > > + > > > + return 0; > > > +} > > > diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h > > > index ec992b0c2e3..267f1db73f2 100644 > > > --- a/include/asm-generic/sections.h > > > +++ b/include/asm-generic/sections.h > > > @@ -27,8 +27,6 @@ extern char __efi_helloworld_begin[]; > > > extern char __efi_helloworld_end[]; > > > extern char __efi_var_file_begin[]; > > > extern char __efi_var_file_end[]; > > > -extern char __efi_capsule_sig_begin[]; > > > -extern char __efi_capsule_sig_end[]; > > > > > > /* Private data used by of-platdata devices/uclasses */ > > > extern char __priv_data_start[], __priv_data_end[]; > > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > > > index dacc3b58810..7a469f22721 100644 > > > --- a/lib/efi_loader/Kconfig > > > +++ b/lib/efi_loader/Kconfig > > > @@ -214,13 +214,6 @@ config EFI_CAPSULE_AUTHENTICATE > > > Select this option if you want to enable capsule > > > authentication > > > > > > -config EFI_CAPSULE_KEY_PATH > > > - string "Path to .esl cert for capsule authentication" > > > - depends on EFI_CAPSULE_AUTHENTICATE > > > - help > > > - Provide the EFI signature list (esl) certificate used for capsule > > > - authentication > > > - > > > config EFI_DEVICE_PATH_TO_TEXT > > > bool "Device path to text protocol" > > > default y > > > diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile > > > index 9b369430e25..fd344cea29b 100644 > > > --- a/lib/efi_loader/Makefile > > > +++ b/lib/efi_loader/Makefile > > > @@ -20,19 +20,11 @@ always += helloworld.efi > > > targets += helloworld.o > > > endif > > > > > > -ifeq ($(CONFIG_EFI_CAPSULE_AUTHENTICATE),y) > > > -EFI_CAPSULE_KEY_PATH := $(subst $\",,$(CONFIG_EFI_CAPSULE_KEY_PATH)) > > > -ifeq ("$(wildcard $(EFI_CAPSULE_KEY_PATH))","") > > > -$(error .esl cerificate not found. Configure your CONFIG_EFI_CAPSULE_KEY_PATH) > > > -endif > > > -endif > > > - > > > obj-$(CONFIG_CMD_BOOTEFI_HELLO) += helloworld_efi.o > > > obj-$(CONFIG_CMD_BOOTEFI_BOOTMGR) += efi_bootmgr.o > > > obj-y += efi_boottime.o > > > obj-y += efi_helper.o > > > obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o > > > -obj-$(CONFIG_EFI_CAPSULE_AUTHENTICATE) += efi_capsule_key.o > > > obj-$(CONFIG_EFI_CAPSULE_FIRMWARE) += efi_firmware.o > > > obj-y += efi_console.o > > > obj-y += efi_device_path.o > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > > index 26990bc2df4..b75e4bcba1a 100644 > > > --- a/lib/efi_loader/efi_capsule.c > > > +++ b/lib/efi_loader/efi_capsule.c > > > @@ -16,7 +16,6 @@ > > > #include > > > #include > > > > > > -#include > > > #include > > > #include > > > #include > > > @@ -253,23 +252,12 @@ out: > > > > > > #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) > > > > > > -static int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > > > -{ > > > - const void *blob = __efi_capsule_sig_begin; > > > - const int len = __efi_capsule_sig_end - __efi_capsule_sig_begin; > > > - > > > - *pkey = (void *)blob; > > > - *pkey_len = len; > > > - > > > - return 0; > > > -} > > > - > > > efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size, > > > void **image, efi_uintn_t *image_size) > > > { > > > u8 *buf; > > > int ret; > > > - void *stored_pkey, *pkey; > > > + void *fdt_pkey, *pkey; > > > efi_uintn_t pkey_len; > > > uint64_t monotonic_count; > > > struct efi_signature_store *truststore; > > > @@ -322,7 +310,7 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > > > goto out; > > > } > > > > > > - ret = efi_get_public_key_data(&stored_pkey, &pkey_len); > > > + ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); > > > if (ret < 0) > > > goto out; > > > > > > @@ -330,7 +318,7 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > > > if (!pkey) > > > goto out; > > > > > > - memcpy(pkey, stored_pkey, pkey_len); > > > + memcpy(pkey, fdt_pkey, pkey_len); > > > truststore = efi_build_signature_store(pkey, pkey_len); > > > if (!truststore) > > > goto out; > > > diff --git a/lib/efi_loader/efi_capsule_key.S b/lib/efi_loader/efi_capsule_key.S > > > deleted file mode 100644 > > > index 58f00b8e4bc..00000000000 > > > --- a/lib/efi_loader/efi_capsule_key.S > > > +++ /dev/null > > > @@ -1,17 +0,0 @@ > > > -/* SPDX-License-Identifier: GPL-2.0+ */ > > > -/* > > > - * .esl cert for capsule authentication > > > - * > > > - * Copyright (c) 2021, Ilias Apalodimas > > > - */ > > > - > > > -#include > > > - > > > -.section .rodata.capsule_key.init,"a" > > > -.balign 16 > > > -.global __efi_capsule_sig_begin > > > -__efi_capsule_sig_begin: > > > -.incbin CONFIG_EFI_CAPSULE_KEY_PATH > > > -__efi_capsule_sig_end: > > > -.global __efi_capsule_sig_end > > > -.balign 16 > > > -- > > > 2.32.0.554.ge1b32706d8-goog > > >