[PATCH 4/5] efi_capsule: Add a weak function to get the public key needed for capsule authentication
Sughosh Ganu
sughosh.ganu at linaro.org
Fri Apr 9 08:25:57 CEST 2021
On Fri, 9 Apr 2021 at 01:23, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> On 4/7/21 1:53 PM, Sughosh Ganu wrote:
> > Define a weak function which would be used in the scenario where the
> > public key is stored on the platform's dtb. This dtb is concatenated
> > with the u-boot binary during the build process. Platforms which have
> > a different mechanism for getting the public key would define their
> > own platform specific function.
>
> Storing the public key in U-Boot's dtb is reasonable. But what is the
> use case for a weak function?
>
This point was discussed in another mail thread[1].
-sughosh
[1] - https://lists.denx.de/pipermail/u-boot/2021-April/446694.html
> Best regards
>
> Heinrich
>
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++----
> > 1 file changed, 34 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> > index 1423b675c8..fc5e1c0856 100644
> > --- a/lib/efi_loader/efi_capsule.c
> > +++ b/lib/efi_loader/efi_capsule.c
> > @@ -14,10 +14,13 @@
> > #include <mapmem.h>
> > #include <sort.h>
> >
> > +#include <asm/global_data.h>
> > #include <crypto/pkcs7.h>
> > #include <crypto/pkcs7_parser.h>
> > #include <linux/err.h>
> >
> > +DECLARE_GLOBAL_DATA_PTR;
> > +
> > const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
> > static const efi_guid_t efi_guid_firmware_management_capsule_id =
> > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid =
> >
> > __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
> > {
> > - /* The platform is supposed to provide
> > - * a method for getting the public key
> > - * stored in the form of efi signature
> > - * list
> > + /*
> > + * This is a function for retrieving the public key from the
> > + * platform's device tree. The platform's device tree has been
> > + * concatenated with the u-boot binary.
> > + * If a platform has a different mechanism to get the public
> > + * key, it can define it's own function.
> > */
> > + const void *fdt_blob = gd->fdt_blob;
> > + const void *blob;
> > + const char *cnode_name = "capsule-key";
> > + const char *snode_name = "signature";
> > + int sig_node;
> > + int len;
> > +
> > + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
> > + if (sig_node < 0) {
> > + EFI_PRINT("Unable to get signature node offset\n");
> > + return -FDT_ERR_NOTFOUND;
> > + }
> > +
> > + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
> > +
> > + if (!blob || len < 0) {
> > + EFI_PRINT("Unable to get capsule-key value\n");
> > + *pkey = NULL;
> > + *pkey_len = 0;
> > + return -FDT_ERR_NOTFOUND;
> > + }
> > +
> > + *pkey = (void *)blob;
> > + *pkey_len = len;
> > +
> > return 0;
> > }
> >
> >
>
>
More information about the U-Boot
mailing list