On 1/17/20 3:20 AM, AKASHI Takahiro wrote:
On Wed, Jan 15, 2020 at 01:13:36AM +0100, Heinrich Schuchardt wrote:
On 1/15/20 12:43 AM, Heinrich Schuchardt wrote:
On 12/18/19 1:44 AM, AKASHI Takahiro wrote:
(snip)
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c new file mode 100644 index 000000000000..823d3311e010 --- /dev/null +++ b/lib/efi_loader/efi_signature.c @@ -0,0 +1,584 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*
- Copyright (c) 2018 Patrick Wildt patrick@blueri.se
- Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
- */
+#include <common.h> +#include <charset.h> +#include <efi_loader.h> +#include <image.h> +#include <hexdump.h> +#include <malloc.h> +#include <pe.h> +#include <linux/compat.h> +#include <linux/oid_registry.h> +#include <u-boot/rsa.h> +#include <u-boot/sha256.h> +/*
- avoid duplicated inclusion:
- #include "../lib/crypto/x509_parser.h"
- */
+#include "../lib/crypto/pkcs7_parser.h"
+const efi_guid_t efi_guid_image_security_database = + EFI_IMAGE_SECURITY_DATABASE_GUID; +const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; +const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; +const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; +const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
+#ifdef CONFIG_EFI_SECURE_BOOT
This is the #ifdef to move to the Makefile. In the previous mail I got into the wrong line.
No. As you can see, those guids may also be referred to by other files (see efi_variable.c and cmd/nvedit_efi.c) even in !EFI_SECURE_BOOT case, and I think that this file is best fit for them.
I cannot find any of these guids in any other C file after applying all patches from https://patchwork.ozlabs.org/project/uboot/list/?series=&submitter=61166...
git grep -n efi_guid_sha256 include/efi_loader.h:185:extern const efi_guid_t efi_guid_sha256; lib/efi_loader/efi_signature.c:26:const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; lib/efi_loader/efi_signature.c:252: if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
lib/efi_loader/efi_signature.c:27:const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
git grep -n efi_guid_cert_x509 include/efi_loader.h:186:extern const efi_guid_t efi_guid_cert_x509; include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256; lib/efi_loader/efi_signature.c:28:const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; lib/efi_loader/efi_signature.c:29:const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; lib/efi_loader/efi_signature.c:283: if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509)) { lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256)) {
include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256; lib/efi_loader/efi_signature.c:29:const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256)) {
Best regards
Heinrich