From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCB6AC07E95 for ; Tue, 20 Jul 2021 07:18:21 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2FECE610CC for ; Tue, 20 Jul 2021 07:18:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2FECE610CC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1C23482C50; Tue, 20 Jul 2021 09:18:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="itfLNj0U"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5709982C50; Tue, 20 Jul 2021 09:18:17 +0200 (CEST) Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1A7C4829F9 for ; Tue, 20 Jul 2021 09:18:14 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wr1-x429.google.com with SMTP id l7so24841540wrv.7 for ; Tue, 20 Jul 2021 00:18:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TjHw7yaLixrZTsYrw8sO6K2uZ3iwgoybNz+EzqUuF1I=; b=itfLNj0Ue0b5RsCuXbz0AaiwLFDilXIpOMAIZpxI779d1CLhWzCtEM9Zn3twCqYA7A KMxptCMEdJoLFt8BnaP4YfgAAUToqVIeRZLlP2RkzzkOi3DIsw7ZyYRtSM/noqBDV3Gy zUwNmKO7+yHiutnG196PNnMCefPt57G/9jWw7VcPAp7Gjc8Jy8UqqSf2ntZNgpITC+g0 yXIdv9RPntMxKY7xf413guji5+8seQ3AAGcbHqac5YXHI9l8h9TCJEhkOFQNQzvItLhu Zj/dig3+5Fg+esDPSHLOYbvj+w4pXLoA+Jl1cvX8AHYmov7g760DodPImex5nv/kFLbq 0FOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TjHw7yaLixrZTsYrw8sO6K2uZ3iwgoybNz+EzqUuF1I=; b=FHaXWn9CaUju2vbBWVfl1Now6f12E9uepdbp3eYcGXcyUsh6IpJ+jublyHw1jMOgHT HR/0Lur5O1R2EUI3owOwRF29H3wLYSN8Zl2xi1IzgRsg3VX2jS8R51/IBZru5OmfVQcd ox2X9OjmM8RxMgrsG21+Qz3Z25Jnj7LEnG5YXCMYEbcRr68QHagxIIOnGcy0aphnqatw 1PhNF4ZUF6b25ZlK9S5SJfn6taK0DX2Q5hAgQYkM9rdoojASEwyqFk7qNbr3IkndArVa GtSmDTyLHaroVoI/81iv88QkFw7tec+xVhj2eZ46lsGxIhjJ/xyxI9nOXa5V6890ZJf0 TNDw== X-Gm-Message-State: AOAM532PtKZHIeeGTGBZQFyem4fOpQ2WaAf2szfh3eoh73/AEi4pdb16 eZE+/EoGunwnEfxMOcCIVCSbLA== X-Google-Smtp-Source: ABdhPJwfSwqpOyfd0tdRVeQFGcWdBboW1i0nXA+t4ZBW7caqVtNvBDEbCoLj60UqV3QtJFWK27Xqgg== X-Received: by 2002:adf:c409:: with SMTP id v9mr34574749wrf.102.1626765493630; Tue, 20 Jul 2021 00:18:13 -0700 (PDT) Received: from enceladus (ppp-94-66-243-35.home.otenet.gr. [94.66.243.35]) by smtp.gmail.com with ESMTPSA id q19sm1534912wmc.44.2021.07.20.00.18.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jul 2021 00:18:13 -0700 (PDT) Date: Tue, 20 Jul 2021 10:18:10 +0300 From: Ilias Apalodimas To: AKASHI Takahiro , Heinrich Schuchardt , sughosh.ganu@linaro.org, u-boot@lists.denx.de, agraf@csgraf.de Subject: Re: [PATCH] efi_loader: capsule: add a debug message in case of no key Message-ID: References: <20210510081931.43983-1-takahiro.akashi@linaro.org> <656e9aad-86cf-b988-8deb-b85f18237d9c@gmx.de> <20210720021340.GB77259@laputa> <20210720064816.GA107447@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210720064816.GA107447@laputa> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean > > > > > + debug("Public key/certificate not found\n"); [...] > > > > > > > > Currently the only implementation of efi_get_public_key_data() actually > > > > providing keys is the one in board/emulation/common/qemu_capsule.c where > > > > the user has to manually upload the esl file. > > > > > > > > For future implementation it is preferable to build the public key data > > > > into the U-Boot binary. If it is part of the build process then the only > > > > error that could come up is that the public key data has the wrong format. > > > > > > Now Ilias posted a patch to embed a public key in the U-Boot binary. > > > But it won't be the only solution in the future and the system owners > > > may want to provide a key in their own way; hence, it might not be "part > > > of build process." > > > > > > > Correct. My patch intentionally leaves out that part and I hope someone > > will need it and implement it. > > > > > So I think that adding a message is still valid, even it should be > > > treated as an error message instead of a debug message to warn "users". > > > > > > Keep in mind that the makefile currently checks for the .esl file. if the > > file is not found there's a compilation error, prompting the user to add a > > valid file > > If your efi_get_public_key_data() is the only implementation in > the system, checking a return value (if ret < 0) is also meaningless. Yea but what I expect here, is to make it a __weak function in the future and allow reading the key from hardware. So the check is there to ensure that when we add other ways of reading the key we are doing the right thing Thanks /Ilias > > -Takahiro Akashi > > > > > > Thanks > > /Ilias > > > > > > -Takahiro Akashi > > > > > > > > > > If we are using the weak implementation of efi_get_public_key_data() in > > > > lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the > > > > system is misconfigured. Do we need that weak implementation at all? I > > > > would prefer to remove to get a build error. > > > > > > > > I suggest that you add a log_err() message with above text into the > > > > board/emulation/common/qemu_capsule.c implementation of > > > > efi_get_public_key_data(). This way the user will see that he forgot a step. > > > > > > > > Best regards > > > > > > > > Heinrich > > > > > > > > > goto out; > > > > > + } > > > > > > > > > > pkey = malloc(pkey_len); > > > > > if (!pkey) > > > > > > > > >