[PATCH 1/2] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

Masahisa Kojima masahisa.kojima at linaro.org
Thu Apr 15 15:30:19 CEST 2021


This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. This commit exposes the hash calculation
functions even if UEFI Secure Boot is not enabled.

Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
---
 lib/efi_loader/efi_image_loader.c | 2 +-
 lib/efi_loader/efi_signature.c    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index f53ef367ec..2c35cb5651 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -213,7 +213,6 @@ static void efi_set_code_and_data_type(
 	}
 }
 
-#ifdef CONFIG_EFI_SECURE_BOOT
 /**
  * cmp_pe_section() - compare virtual addresses of two PE image sections
  * @arg1:	pointer to pointer to first section header
@@ -422,6 +421,7 @@ err:
 	return false;
 }
 
+#ifdef CONFIG_EFI_SECURE_BOOT
 /**
  * efi_image_unsigned_authenticate() - authenticate unsigned image with
  * SHA256 hash
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index c7ec275414..1dd9d0e130 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -538,6 +538,7 @@ out:
 	EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked);
 	return !revoked;
 }
+#endif
 
 /**
  * efi_image_region_add() - add an entry of region
@@ -601,6 +602,7 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 	return EFI_SUCCESS;
 }
 
+#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
 /**
  * efi_sigstore_free - free signature store
  * @sigstore:	Pointer to signature store structure
-- 
2.17.1



More information about the U-Boot mailing list