From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 1D2DEC4332F
	for <u-boot@archiver.kernel.org>; Mon,  7 Nov 2022 13:27:44 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 7507E84BDB;
	Mon,  7 Nov 2022 14:27:42 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="J5CAoCXX";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id DF59384BDB; Mon,  7 Nov 2022 14:27:39 +0100 (CET)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com
 [IPv6:2a00:1450:4864:20::42b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 3F66D84E49
 for <u-boot@lists.denx.de>; Mon,  7 Nov 2022 14:27:36 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-wr1-x42b.google.com with SMTP id v1so16171561wrt.11
 for <u-boot@lists.denx.de>; Mon, 07 Nov 2022 05:27:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
 bh=oohgFZscTmxAw+1oD8QQa8LaS/jsBa7HuMTF/jZu1LM=;
 b=J5CAoCXXynYCI/6/SvkV3py5eLfHX5gZPHxSX8h+5SLB/KMu7ut4krLdSelb13HSlQ
 oHkuZtqoynJlaRziHnLfmia/wLgBN/4tJo5rSOVvnr6w0wQdoZVCdz6Y8+vCGiVGEvzr
 Gw8l5VpcLGXYqpeETEnu00TAffdkLR/YxFBhgvvdhbbAtDvWWmhB1a/JX1X5IOGEmV+K
 SlFRbe3A+MafuOv1KrKe0U/UOnZZEVO17A+1N2gb80l6a9ODvlEBho6/3rfKjl0YFUvv
 bvvTGbhLzAjAIGkFInWYSwJ4DRtlpuB9eUlnS4ANfvEyOt6CHYQW5P8pf5hE3B/Q2WOg
 6dUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=oohgFZscTmxAw+1oD8QQa8LaS/jsBa7HuMTF/jZu1LM=;
 b=tlhPA0KTIeLWjV7D6UyWCee+LB7eQ4NdZiCi8HYPA3atZ27VSd9y7JMV1m/bfyaHav
 +wv2eLmWPKpJbEE05Fv9ckj1Hx9N/WpFs3FOurR8cz8eFGY5bnm3epnhNwf4ZWYr1N/l
 opiiLklqpI3q6gomv4+6JoOOrLsBosyc4l0zB860Hv8IwoJyK4kV4xRXUWaj768620Pd
 lh5/SNHq54w3psqhLbUNZRTMhW0uqhevKVG5Mci5KewXk6bgfQFKjjsU299tixjughY2
 Y79r/rbTvY7BPm0xyBW4lNEzBYbqKS0iABZrEV18mFLTI80QD8Zke3geLd3xDtxx5IXW
 gVkQ==
X-Gm-Message-State: ANoB5pmuVcJPGmp1lfoBc8qPS3+W1tdPuvFh0vsE3ooNuPwjryjnLJMc
 dmPiMhMLlCOzaGpCrRnv4NapMw==
X-Google-Smtp-Source: AA0mqf6maaRadxaYS/+TmgJ2tDWoOwuBBru6r5t5K9s1HZ3iFe3kVptNEhWS48gWcpOOwbuoyCZf4w==
X-Received: by 2002:a05:6000:3cf:b0:23a:cdf5:3655 with SMTP id
 b15-20020a05600003cf00b0023acdf53655mr10635203wrg.444.1667827655776; 
 Mon, 07 Nov 2022 05:27:35 -0800 (PST)
Received: from hera (ppp046103046165.access.hol.gr. [46.103.46.165])
 by smtp.gmail.com with ESMTPSA id
 k25-20020a5d5259000000b0022cc3e67fc5sm7480511wrc.65.2022.11.07.05.27.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 07 Nov 2022 05:27:34 -0800 (PST)
Date: Mon, 7 Nov 2022 15:27:31 +0200
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Etienne Carriere <etienne.carriere@linaro.org>,
 Roger Knecht <rknecht@pm.me>,
 Chris Morgan <macromorgan@hotmail.com>, Stefan Roese <sr@denx.de>,
 Ovidiu Panait <ovidiu.panait@windriver.com>,
 Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Subject: Re: [PATCH v6 4/5] eficonfig: add UEFI Secure Boot Key enrollment
 interface
Message-ID: <Y2kHw1JHMTlBp5hm@hera>
References: <20221026104345.28714-1-masahisa.kojima@linaro.org>
 <20221026104345.28714-5-masahisa.kojima@linaro.org>
 <Y2WIPQNoNCu83NrE@hera>
 <CADQ0-X-mnuLBw33Ho+mKOOP-yMeHxzOzBjFwjseknXg8_uF-nQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CADQ0-X-mnuLBw33Ho+mKOOP-yMeHxzOzBjFwjseknXg8_uF-nQ@mail.gmail.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Hi Kojima-san

[...]

> > > +     }
> > > +
> > > +     if (!file_have_auth_header(buf, size)) {
> >
> > Can you explain why we need this?  I would expect the user to prepare an
> > .esl file with ./tools/efivar.py
> 
> This is for the case that the user selects the .auth file
> signed by 'sign-efi-sig-list' tool.

Right that's what I imagined.  So we are trying to make sure the '-t'
option from sign-efi-sig-list is the user didn't since it's now mandatory
on the spec, right?

I get what you are trying to do here.  You basically want to make sure the
user will be allowed to enroll the keys in random order. IOW if the user
first enrolls a PK, the KEK, DB and DBX must be authenticated variables.
But if he started by enrolling DB(x) he can use with the .esl file
right ?(at least until PK is registered)

I don't think this is a bad idea, but I'd prefer being more pedantic here. 
I think we are better off *always* expecting .auth files and leave the decision
of accepting a timestamped authenticated variable or not to the core UEFI
subsystem, instead of shoehorning a timestamp.

Heirich, thoughts?

Thanks
/Ilias
> 
> Thanks,
> Masahisa Kojima
> 
> >
> > > +             struct efi_signature_store *sigstore;
> > > +             char *tmp_buf;
> > > +
> > > +             /* Check if the file is valid EFI Signature List(s) */
> > > +             tmp_buf = calloc(1, size);
> > > +             if (!tmp_buf) {
> > > +                     ret = EFI_OUT_OF_RESOURCES;
> > > +                     goto out;
> > > +             }
> > > +             memcpy(tmp_buf, buf, size);
> > > +             /* tmp_buf is freed in efi_build_signature_store() */
> > > +             sigstore = efi_build_signature_store(tmp_buf, size);
> > > +             if (!sigstore) {
> > > +                     eficonfig_print_msg("ERROR! Invalid file format.");
> > > +                     ret = EFI_INVALID_PARAMETER;
> > > +                     goto out;
> > > +             }
> > > +             efi_sigstore_free(sigstore);
> > > +
> > > +             ret = create_time_based_payload(buf, &new_db, &size);
> > > +             if (ret != EFI_SUCCESS) {
> > > +                     eficonfig_print_msg("ERROR! Failed to create payload with timestamp.");
> > > +                     goto out;
> > > +             }
> > > +
> > > +             free(buf);
> > > +             buf = new_db;
> > > +     }
> > > +
> > > +     attr = EFI_VARIABLE_NON_VOLATILE |
> > > +            EFI_VARIABLE_BOOTSERVICE_ACCESS |
> > > +            EFI_VARIABLE_RUNTIME_ACCESS |
> > > +            EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> > > +
> > [...]
> >
> > Thanks
> > /Ilias