[PATCH v4 03/16] efi_loader: add signature verification functions

AKASHI Takahiro takahiro.akashi at linaro.org
Fri Jan 17 03:20:00 CET 2020


On Wed, Jan 15, 2020 at 01:13:36AM +0100, Heinrich Schuchardt wrote:
> On 1/15/20 12:43 AM, Heinrich Schuchardt wrote:
> >On 12/18/19 1:44 AM, AKASHI Takahiro wrote:
(snip)
> >>diff --git a/lib/efi_loader/efi_signature.c
> >>b/lib/efi_loader/efi_signature.c
> >>new file mode 100644
> >>index 000000000000..823d3311e010
> >>--- /dev/null
> >>+++ b/lib/efi_loader/efi_signature.c
> >>@@ -0,0 +1,584 @@
> >>+// SPDX-License-Identifier: GPL-2.0+
> >>+/*
> >>+ * Copyright (c) 2018 Patrick Wildt <patrick at blueri.se>
> >>+ * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
> >>+ */
> >>+
> >>+#include <common.h>
> >>+#include <charset.h>
> >>+#include <efi_loader.h>
> >>+#include <image.h>
> >>+#include <hexdump.h>
> >>+#include <malloc.h>
> >>+#include <pe.h>
> >>+#include <linux/compat.h>
> >>+#include <linux/oid_registry.h>
> >>+#include <u-boot/rsa.h>
> >>+#include <u-boot/sha256.h>
> >>+/*
> >>+ * avoid duplicated inclusion:
> >>+ * #include "../lib/crypto/x509_parser.h"
> >>+ */
> >>+#include "../lib/crypto/pkcs7_parser.h"
> >>+
> >>+const efi_guid_t efi_guid_image_security_database =
> >>+        EFI_IMAGE_SECURITY_DATABASE_GUID;
> >>+const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
> >>+const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
> >>+const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
> >>+const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
> >>+
> >>+#ifdef CONFIG_EFI_SECURE_BOOT
> 
> This is the #ifdef to move to the Makefile. In the previous mail I got
> into the wrong line.

No.
As you can see, those guids may also be referred to by other files
(see efi_variable.c and cmd/nvedit_efi.c)
even in !EFI_SECURE_BOOT case, and I think that this file is best fit
for them.

-Takahiro Akashi


> Best regards
> 
> Heinrich


More information about the U-Boot mailing list