[PATCH v4 03/11] efi_loader: capsule: add back efi_get_public_key_data()

Fri Oct 15 02:40:26 CEST 2021

Hi Takahiro,

On Thu, 7 Oct 2021 at 00:25, AKASHI Takahiro <takahiro.akashi at linaro.org> wrote:
>
> The commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
> .rodata"") failed to revert the removal of efi_get_public_key_data().
>
> Add back this function and move it under lib/efi_loader so that other
> platforms can utilize it. It is now declared as a weak function so that
> it can be replaced with a platform-specific implementation.
>
> Fixes: 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
>         .rodata"")
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> ---
>  lib/efi_loader/efi_capsule.c | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
>
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index b75e4bcba1a9..44f5da61a9be 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -11,15 +11,20 @@
>  #include <common.h>
>  #include <efi_loader.h>
>  #include <efi_variable.h>
> +#include <env.h>
> +#include <fdtdec.h>
>  #include <fs.h>
>  #include <malloc.h>
>  #include <mapmem.h>
>  #include <sort.h>
> +#include <asm/global_data.h>
>
>  #include <crypto/pkcs7.h>
>  #include <crypto/pkcs7_parser.h>
>  #include <linux/err.h>
>
> +DECLARE_GLOBAL_DATA_PTR;
> +
>  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
>  static const efi_guid_t efi_guid_firmware_management_capsule_id =
>                 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> @@ -251,6 +256,37 @@ out:
>  }
>
>  #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
> +int __weak efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

I don't think this should be weak. What other way is there of handling
this and why would it be platform-specific?

> +{
> +       const void *fdt_blob = gd->fdt_blob;
> +       const void *blob;
> +       const char *cnode_name = "capsule-key";
> +       const char *snode_name = "signature";
> +       int sig_node;
> +       int len;
> +
> +       sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
> +       if (sig_node < 0) {
> +               log_err("Unable to get signature node offset\n");
> +
> +               return -FDT_ERR_NOTFOUND;
> +       }
> +
> +       blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
> +
> +       if (!blob || len < 0) {
> +               log_err("Unable to get capsule-key value\n");
> +               *pkey = NULL;
> +               *pkey_len = 0;
> +
> +               return -FDT_ERR_NOTFOUND;
> +       }
> +
> +       *pkey = (void *)blob;
> +       *pkey_len = len;
> +
> +       return 0;
> +}
>
>  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
>                                       void **image, efi_uintn_t *image_size)
> --
> 2.33.0
>

Regards,
Simon