xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Kiper <daniel.kiper@oracle.com>
To: xen-devel@lists.xenproject.org
Cc: sstabellini@kernel.org, wei.liu2@citrix.com,
	george.dunlap@eu.citrix.com, andrew.cooper3@citrix.com,
	ian.jackson@eu.citrix.com, tim@xen.org, julien.grall@arm.com,
	jbeulich@suse.com, tamas.k.lengyel@gmail.com
Subject: [PATCH v2 6/8] efi: split out efi_shim_lock()
Date: Tue, 19 Jun 2018 16:35:44 +0200	[thread overview]
Message-ID: <1529418946-30114-7-git-send-email-daniel.kiper@oracle.com> (raw)
In-Reply-To: <1529418946-30114-1-git-send-email-daniel.kiper@oracle.com>

..which verifies PE signatures with SHIM_LOCK protocol. We want
to re-use this code in subsequent patch in efi_multiboot2().

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 xen/common/efi/boot.c |   19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 64d1268..06bfadc 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -124,6 +124,7 @@ static void efi_console_set_mode(void);
 static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(void);
 static UINTN efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
                                UINTN cols, UINTN rows, UINTN depth);
+static void efi_shim_lock(VOID *Buffer, UINT32 Size);
 static void efi_tables(void);
 static void setup_efi_pci(void);
 static void efi_variables(void);
@@ -797,6 +798,17 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
     return gop_mode;
 }
 
+static void __init efi_shim_lock(VOID *Buffer, UINT32 Size)
+{
+    static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID;
+    EFI_SHIM_LOCK_PROTOCOL *shim_lock;
+    EFI_STATUS status;
+
+    if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL, (void **)&shim_lock)) &&
+         (status = shim_lock->Verify(Buffer, Size)) != EFI_SUCCESS )
+        PrintErrMesg(L"Dom0 kernel image could not be verified", status);
+}
+
 static void __init efi_tables(void)
 {
     unsigned int i;
@@ -1062,13 +1074,11 @@ void EFIAPI __init noreturn
 efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
 {
     static EFI_GUID __initdata loaded_image_guid = LOADED_IMAGE_PROTOCOL;
-    static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID;
     EFI_LOADED_IMAGE *loaded_image;
     EFI_STATUS status;
     unsigned int i, argc;
     CHAR16 **argv, *file_name, *cfg_file_name = NULL, *options = NULL;
     UINTN gop_mode = ~0;
-    EFI_SHIM_LOCK_PROTOCOL *shim_lock;
     EFI_GRAPHICS_OUTPUT_PROTOCOL *gop = NULL;
     union string section = { NULL }, name;
     bool base_video = false;
@@ -1225,10 +1235,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
         read_file(dir_handle, s2w(&name), &kernel, option_str);
         efi_bs->FreePool(name.w);
 
-        if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
-                        (void **)&shim_lock)) &&
-             (status = shim_lock->Verify(kernel.ptr, kernel.size)) != EFI_SUCCESS )
-            PrintErrMesg(L"Dom0 kernel image could not be verified", status);
+        efi_shim_lock(kernel.ptr, kernel.size);
 
         name.s = get_value(&cfg, section.s, "ramdisk");
         if ( name.s )
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

  parent reply	other threads:[~2018-06-19 14:36 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-19 14:35 [PATCH v2 0/8] Change xen.efi build and add SHIM_LOCK verification into efi_multiboot2() Daniel Kiper
2018-06-19 14:35 ` [PATCH v2 1/8] xen: calculate XEN_BUILD_TIME using XEN_BUILD_DATE value Daniel Kiper
2018-06-25 13:48   ` Jan Beulich
2018-07-04 12:06     ` Daniel Kiper
2018-07-04 13:58       ` Ian Jackson
2018-07-04 14:39         ` Daniel Kiper
2018-07-04 15:41           ` Ian Jackson
2018-07-04 15:51             ` Roger Pau Monné
2018-07-04 16:07             ` Daniel Kiper
2018-07-04 16:30               ` Ian Jackson
2018-07-04 16:55                 ` Daniel Kiper
2018-06-19 14:35 ` [PATCH v2 2/8] xen: introduce XEN_COMPILE_POSIX_TIME Daniel Kiper
2018-06-25 13:54   ` Jan Beulich
2018-06-25 14:00     ` Andrew Cooper
2018-07-04 12:19       ` Daniel Kiper
2018-06-19 14:35 ` [PATCH v2 3/8] xen/x86: manually build xen.mb.efi binary Daniel Kiper
2018-06-25 15:36   ` Jan Beulich
2018-07-04 14:01     ` Daniel Kiper
2018-07-04 15:27       ` Jan Beulich
2018-07-04 16:35         ` Daniel Kiper
2018-07-05  8:18           ` Jan Beulich
2018-07-06 14:02             ` Daniel Kiper
2018-07-06 15:08               ` Jan Beulich
2018-07-10 10:48                 ` Daniel Kiper
2018-07-10 13:54                   ` Jan Beulich
2018-07-11 11:41                     ` Daniel Kiper
     [not found]                       ` <5B45ECF8020000FA04BD1FEB@prv1-mh.provo.novell.com>
2018-07-11 12:26                         ` Jan Beulich
2018-07-12 10:52                           ` Daniel Kiper
     [not found]                             ` <5B4733110200007F03CC3F14@prv1-mh.provo.novell.com>
2018-07-12 11:50                               ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 4/8] xen/x86: add some addresses to the Multiboot header Daniel Kiper
2018-06-28 13:41   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 5/8] xen/x86: add some addresses to the Multiboot2 header Daniel Kiper
2018-06-28 13:42   ` Jan Beulich
2018-06-19 14:35 ` Daniel Kiper [this message]
2018-06-28 13:43   ` [PATCH v2 6/8] efi: split out efi_shim_lock() Jan Beulich
2018-06-19 14:35 ` [PATCH v2 7/8] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2() Daniel Kiper
2018-06-28 13:48   ` Jan Beulich
2018-06-19 14:35 ` [PATCH v2 8/8] efi: drop original xen.efi code and build mechanism Daniel Kiper
2018-06-28 13:51   ` Jan Beulich
2018-07-04 14:25     ` Daniel Kiper
2018-07-04 15:34       ` Jan Beulich
2018-07-04 16:48         ` Daniel Kiper
2018-07-05  8:35           ` Jan Beulich
2018-07-06 14:46             ` Daniel Kiper
2018-07-06 15:16               ` Jan Beulich
2018-07-10 11:35                 ` Daniel Kiper
2018-07-10 14:05                   ` Jan Beulich
2018-07-11 11:57                     ` Daniel Kiper
     [not found]                       ` <5B45F0CD0200007F03CB4495@prv1-mh.provo.novell.com>
2018-07-11 12:33                         ` Jan Beulich
2018-07-12 10:57                           ` Daniel Kiper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1529418946-30114-7-git-send-email-daniel.kiper@oracle.com \
    --to=daniel.kiper@oracle.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=julien.grall@arm.com \
    --cc=sstabellini@kernel.org \
    --cc=tamas.k.lengyel@gmail.com \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).