From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CAD9C433EF for ; Mon, 25 Oct 2021 05:14:49 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8A35661002 for ; Mon, 25 Oct 2021 05:14:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8A35661002 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4580982DC3; Mon, 25 Oct 2021 07:14:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="aHdcEWTl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E359482DD7; Mon, 25 Oct 2021 07:14:43 +0200 (CEST) Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2DB1282BA5 for ; Mon, 25 Oct 2021 07:14:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pj1-x1033.google.com with SMTP id o4-20020a17090a3d4400b001a1c8344c3fso8345139pjf.3 for ; Sun, 24 Oct 2021 22:14:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=3B95lf+spTIGuT+M8+k0NJYXK/3g73q9CLC81DcCnxw=; b=aHdcEWTlKoa8jwDYqjgNQX++J72oCyPJnkectABoORVhMVV46a180D2K+CWca+p6E5 SwWPEuNIH87JAmJlTxZRHz7ntZBgZs5jswu3AK5Ndh1eA0rnd+ETQ5kWbl53osQG2KME GuWdtSRNTupgSmMbZOOcs0Vj7qjMD3AFXrMgBfK+xcHu77fzU6FfDa+PWSb+LMY5k1vx DdyaJkJrFKrqY0baNmVZj3iHl3zjUy+VziHrptk5sUAVO/FtXmE3fjDcbx6VARENjwRy lXmfX4ALerXtAtoI9n+bBGYNjW6ts/iCJHTUYy6orv7uwTRGw3oTjLCyTTfDpAfAEq30 7tLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :content-transfer-encoding:in-reply-to; bh=3B95lf+spTIGuT+M8+k0NJYXK/3g73q9CLC81DcCnxw=; b=Oke7SPS+Q+x0KRWRRvsJM9vH5QrneTe+Gjsn7AcH5fNBjO+8qTBFZIiN00kDCtZRa8 yj9Y5FclWMzNueMAKk3ZC2MkbKKSbVI9vW5jwgYRvVHEZoLxpM2MOdFFI9ki8FB/2W9O UzReVHUpcE+KeVOgR1BUHOBB+uEpiRiwcH3r6EN0PaXs4eArVWTW0YEulkT9pcKkaG4s LP+ParnevZfquTHPFBXPu+BnX657/bWksIuiv9sagnx7uIxTYeTMwytO1y3jHw9OlR/d fLjKgaLVn+WYyjgxF0oghX7SVqNKUgs0EB1Qzj+EGRGzny8o/WGYPyTA6IV5bHY9Vlbt KmcQ== X-Gm-Message-State: AOAM5325P1L6vXmKeGWopztHQpTX96/0qFAvS53yvIgwFBz2c8D3/r1c avGjxMxC32Lau718YbJHMrIPgw== X-Google-Smtp-Source: ABdhPJwRBTdbOEdmzYoR/6txzHZBN8jd1Ll/lzWDas46niBjUHiTrDoiD7Uiwfaih9KAmANDw8LdbA== X-Received: by 2002:a17:90b:4b4c:: with SMTP id mi12mr18470329pjb.57.1635138878424; Sun, 24 Oct 2021 22:14:38 -0700 (PDT) Received: from laputa ([2400:4050:c3e1:100:fd04:2165:af57:a7ad]) by smtp.gmail.com with ESMTPSA id y6sm13759657pfi.154.2021.10.24.22.14.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Oct 2021 22:14:38 -0700 (PDT) Date: Mon, 25 Oct 2021 14:14:34 +0900 From: AKASHI Takahiro To: Simon Glass Cc: Masami Hiramatsu , Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , U-Boot Mailing List Subject: Re: [PATCH v4 03/11] efi_loader: capsule: add back efi_get_public_key_data() Message-ID: <20211025051434.GC44989@laputa> Mail-Followup-To: AKASHI Takahiro , Simon Glass , Masami Hiramatsu , Heinrich Schuchardt , Alex Graf , Ilias Apalodimas , Sughosh Ganu , U-Boot Mailing List References: <20211007062340.72207-1-takahiro.akashi@linaro.org> <20211007062340.72207-4-takahiro.akashi@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Wed, Oct 20, 2021 at 07:39:37AM -0600, Simon Glass wrote: > Hi Masami, > > On Wed, 20 Oct 2021 at 02:18, Masami Hiramatsu > wrote: > > > > Hi Simon, > > > > 2021年10月15日(金) 9:40 Simon Glass : > > > > > > Hi Takahiro, > > > > > > On Thu, 7 Oct 2021 at 00:25, AKASHI Takahiro wrote: > > > > > > > > The commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to > > > > .rodata"") failed to revert the removal of efi_get_public_key_data(). > > > > > > > > Add back this function and move it under lib/efi_loader so that other > > > > platforms can utilize it. It is now declared as a weak function so that > > > > it can be replaced with a platform-specific implementation. > > > > > > > > Fixes: 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to > > > > .rodata"") > > > > Signed-off-by: AKASHI Takahiro > > > > --- > > > > lib/efi_loader/efi_capsule.c | 36 ++++++++++++++++++++++++++++++++++++ > > > > 1 file changed, 36 insertions(+) > > > > > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > > > index b75e4bcba1a9..44f5da61a9be 100644 > > > > --- a/lib/efi_loader/efi_capsule.c > > > > +++ b/lib/efi_loader/efi_capsule.c > > > > @@ -11,15 +11,20 @@ > > > > #include > > > > #include > > > > #include > > > > +#include > > > > +#include > > > > #include > > > > #include > > > > #include > > > > #include > > > > +#include > > > > > > > > #include > > > > #include > > > > #include > > > > > > > > +DECLARE_GLOBAL_DATA_PTR; > > > > + > > > > const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; > > > > static const efi_guid_t efi_guid_firmware_management_capsule_id = > > > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > > > @@ -251,6 +256,37 @@ out: > > > > } > > > > > > > > #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) > > > > +int __weak efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > > > > > > I don't think this should be weak. What other way is there of handling > > > this and why would it be platform-specific? > > > > I have a question about the current design of the capsule auth key. > > If the platform has its own key-storage, how can the platform use the > > platform specific storage? Does such platform load the key from the storage > > and generate the dtb node in the platform initialization code? (or > > device driver?) > > Are we talking about a public key (which I assume from the function > naming) or some secret key. What is an auth key? Surely, a public key (more strictly, x509 certificate under the current implementation) > As I understand it, the public key should be provided by the platform > in devicetree that U-Boot uses, by whatever prior stage has access to > the key. I still believe that some platform provider may want to save the key in a *safer* storage, which should be at least read-only for non-authorized writers. But if this issue (__weak or not) is the only blocking factor for my entire patch series, I'm willing to drop __weak for now since someone with production system may change it in the future when he has a good reason for that :) -Takahiro Akashi > Regards, > Simon