[PATCH v2 1/4] efi_loader: capsule: Remove the check for capsule_authentication_enabled environment variable

[Heinrich Schuchardt]

On 4/12/21 5:05 PM, Sughosh Ganu wrote:
> The current capsule authentication code checks if the environment
> variable capsule_authentication_enabled is set, for authenticating the
> capsule. This is in addition to the check for the config symbol
> CONFIG_EFI_CAPSULE_AUTHENTICATE. Remove the check for the environment
> variable. The capsule will now be authenticated if the config symbol
> is set.
>
> Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>

doc/board/emulation/qemu_capsule_update.rst mentions the environment
variable. So this file needs to be updated too.

Will you provide an extra patch or update this one?

Best regards

Heinrich

> ---
>
> Changes since V1:
> * As pointed out by Heinrich in the review, remove the extra check of
>    the env variable 'capsule_authentication_enabled'for authenticating
>    the capsule. The capsule authentication will now be done based on
>    whether the corresponding config symbol is enabled.
>
>   board/emulation/common/qemu_capsule.c | 6 ------
>   lib/efi_loader/efi_firmware.c         | 5 ++---
>   2 files changed, 2 insertions(+), 9 deletions(-)
>
> diff --git a/board/emulation/common/qemu_capsule.c b/board/emulation/common/qemu_capsule.c
> index 5cb461d52b..6b8a87022a 100644
> --- a/board/emulation/common/qemu_capsule.c
> +++ b/board/emulation/common/qemu_capsule.c
> @@ -41,9 +41,3 @@ int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
>
>   	return 0;
>   }
> -
> -bool efi_capsule_auth_enabled(void)
> -{
> -	return env_get("capsule_authentication_enabled") != NULL ?
> -		true : false;
> -}
> diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
> index 7a3cca2793..a1b88dbfc2 100644
> --- a/lib/efi_loader/efi_firmware.c
> +++ b/lib/efi_loader/efi_firmware.c
> @@ -190,7 +190,7 @@ static efi_status_t efi_get_dfu_info(
>   				IMAGE_ATTRIBUTE_IMAGE_UPDATABLE;
>
>   		/* Check if the capsule authentication is enabled */
> -		if (env_get("capsule_authentication_enabled"))
> +		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE))
>   			image_info[0].attributes_setting |=
>   				IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED;
>
> @@ -421,8 +421,7 @@ efi_status_t EFIAPI efi_firmware_raw_set_image(
>   		return EFI_EXIT(EFI_INVALID_PARAMETER);
>
>   	/* Authenticate the capsule if authentication enabled */
> -	if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
> -	    env_get("capsule_authentication_enabled")) {
> +	if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) {
>   		capsule_payload = NULL;
>   		capsule_payload_size = 0;
>   		status = efi_capsule_authenticate(image, image_size,
>