On Fri, 9 Apr 2021 at 01:23, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 4/7/21 1:53 PM, Sughosh Ganu wrote:
Define a weak function which would be used in the scenario where the public key is stored on the platform's dtb. This dtb is concatenated with the u-boot binary during the build process. Platforms which have a different mechanism for getting the public key would define their own platform specific function.
Storing the public key in U-Boot's dtb is reasonable. But what is the use case for a weak function?
This point was discussed in another mail thread[1].
-sughosh
[1] - https://lists.denx.de/pipermail/u-boot/2021-April/446694.html
Best regards
Heinrich
Signed-off-by: Sughosh Ganu sughosh.ganu@linaro.org
lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-)
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 1423b675c8..fc5e1c0856 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -14,10 +14,13 @@ #include <mapmem.h> #include <sort.h>
+#include <asm/global_data.h> #include <crypto/pkcs7.h> #include <crypto/pkcs7_parser.h> #include <linux/err.h>
+DECLARE_GLOBAL_DATA_PTR;
- const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; static const efi_guid_t efi_guid_firmware_management_capsule_id = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
@@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid =
__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) {
/* The platform is supposed to provide* a method for getting the public key* stored in the form of efi signature* list
/** This is a function for retrieving the public key from the* platform's device tree. The platform's device tree has been* concatenated with the u-boot binary.* If a platform has a different mechanism to get the public* key, it can define it's own function. */const void *fdt_blob = gd->fdt_blob;const void *blob;const char *cnode_name = "capsule-key";const char *snode_name = "signature";int sig_node;int len;sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);if (sig_node < 0) {EFI_PRINT("Unable to get signature node offset\n");return -FDT_ERR_NOTFOUND;}blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);if (!blob || len < 0) {EFI_PRINT("Unable to get capsule-key value\n");*pkey = NULL;*pkey_len = 0;return -FDT_ERR_NOTFOUND;}*pkey = (void *)blob;*pkey_len = len;return 0;