From patchwork Wed Nov 9 03:37:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 622922 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp19567pvb; Tue, 8 Nov 2022 19:37:25 -0800 (PST) X-Google-Smtp-Source: AMsMyM6HYSVyt40X8I/ZDc/RQ9tQXiYSdB46V5QTi+pjl9GA1aVRUM+Qn1zNvnD+kQs7gBwdMABx X-Received: by 2002:a05:6402:2681:b0:461:cbda:fe4b with SMTP id w1-20020a056402268100b00461cbdafe4bmr59022084edd.124.1667965045158; Tue, 08 Nov 2022 19:37:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667965045; cv=none; d=google.com; s=arc-20160816; b=qgpgTlYSGPhXaE4M0t2UcTV3LD1s9B3E/CaAY4MEeICav1I2P2SSfE6rXvfbcicU1N C95hEnzmN3QXJc5XgIjfjJzB0XBwFs44Y5sD3Sm0YCcigpauRYrLH5O5SBfnyRNSQeAA 6Z4+1r4XpLR4Lq5JKsknMTTl9C6NyRbcZwF/OTVirQFW5kPBtVRYuceHYjN+/2uB150m 4wxahAsFpCIfpa1il51bdGets2thZeceZ9SS/u2rkVMeWZc/RyDThoKNxVUMm4MHK46I IXkhfEE1YdwKb5nq4FoJ9gVwbVidVZA0Iwc5L7HxOYHdFMq26AmDoea8//Brx+4BGCjl KSvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=veMMcW1Py5ijeRz3UPrw2Zlue+2Apr2+wmKRGb/Stjw=; b=wibqLv6jCUIouYz/lX7A3d6XxlZL2PQwJQNHGWaVZuIa3OmVehLVqAwetEugUtdYFX B+WyNl5KkvYMrldPFpyChCWGkpOo6NTHImi8EFNU7N9yple8xi3NKfsQHmp/VRwl4/2X jXmgBS/PIVDkXOs5CUVe9/lN/uVuFX8UxRV+0I1eUGFKId2u2zY+PJ3OFu+tyP9QXkwv VxvYF02axdO4JuwIka8fza8zGrZzc2ZXIXhGTYXV/0/VZRvyvwyW8vUO9bAmbWn8iBWc hg5Qzs41V3LxOCeFGrmpACvpjG3s03Hts7T4TZFk4HGvYDLgx4QxvEN314Fxfd+J0Hmo oACg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=A38VMuie; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id o7-20020a17090608c700b00791a67e4c00si11671940eje.835.2022.11.08.19.37.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Nov 2022 19:37:25 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=A38VMuie; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4C4C58505B; Wed, 9 Nov 2022 04:36:45 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="A38VMuie"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8044180431; Wed, 9 Nov 2022 04:36:29 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3C2C08503E for ; Wed, 9 Nov 2022 04:36:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102e.google.com with SMTP id q1-20020a17090a750100b002139ec1e999so724175pjk.1 for ; Tue, 08 Nov 2022 19:36:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=veMMcW1Py5ijeRz3UPrw2Zlue+2Apr2+wmKRGb/Stjw=; b=A38VMuieFEG8OGg52Qgce966C5peiyaESMl8wVlcQiIZZ+BvCn3jwojmlAvxKTc1kD duOklkh9Wdho6usvRxDR11mgOp2FRmvUl/vJ1ZN6mAbJp0BiFTXorQpHuocSCjfITGK9 klmazc1Zy5q4S+gq9TxBXnl+YpQPmso9dS1NR4OS0QwFA/Ukp8JmmF0F+kjZ7dUQ1mnL 8DPxeA8r785dSCJUMaaqC4zuLUI3QkhO8DgaEctgM0ty0Phjlb6fetS1BICmYmihD7+B ZsCwgcxvNa+sCgNLWYlmBtdPoIsJbwvEWxxD8nl/KOcRohLvMKOtxo33migxcpWS32S9 u1ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=veMMcW1Py5ijeRz3UPrw2Zlue+2Apr2+wmKRGb/Stjw=; b=18VSITwHhZ4GvYtw2NlgmN0c9E0Sj3riZGP/QEDGd5Jnq5+mcVFmuv6mzyKip6Amng qH4cQczSMWMCtA5SExI7rPelLH12/B0Zmps5y38JWXVnzwdQwJ2tkdHJ+l5r/gQsX0RO Vx905cV4sIrMw7Rg+ReFhTNGq4FfMXitk0oQONS4UdDL3rcqrz6vJXCr7vmsLaZwRHTW Pj+wpOj+y07DaM23p//XbJQ2moATaY++T777bo4/LBIrAoeLrYJ25jJYm4evsag+BJXH lScYzeIveLcmlIM0euflRc6Zx56lFbF2Wz6KL0W+RdXVzgGgJ8U4+qhD+KIOniFRT+Jx Agww== X-Gm-Message-State: ACrzQf0pyOblst39E0ufMOVnLi6iLOPaKS57uIMlcdsqattnbvoex5Wu CPUFDPypVEnPIi9U5+19ZgAzug== X-Received: by 2002:a17:902:f552:b0:186:cdb2:b864 with SMTP id h18-20020a170902f55200b00186cdb2b864mr58533052plf.24.1667964966181; Tue, 08 Nov 2022 19:36:06 -0800 (PST) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id e17-20020a17090301d100b00177f25f8ab3sm7838370plh.89.2022.11.08.19.36.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Nov 2022 19:36:05 -0800 (PST) From: Masahisa Kojima To: kojima.masahisa@socionext.com, u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Etienne Carriere , Masahisa Kojima Subject: [PATCH v7 5/5] eficonfig: add "Show Signature Database" menu entry Date: Wed, 9 Nov 2022 12:37:28 +0900 Message-Id: <20221109033728.5623-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221109033728.5623-1-masahisa.kojima@linaro.org> References: <20221109033728.5623-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit adds the menu-driven interface to show the signature list content. Signed-off-by: Masahisa Kojima --- Changes in v7: - remove delete signature list feature user can clear the signature database with signed null key - rename function name to avoid confusion - update commit message Changes in v6: - update comment Changes in v2: - integrate show and delete signature database menu - add confirmation message before delete - add function comment cmd/eficonfig_sbkey.c | 236 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c index 1e9eb3f51e..9fd1dc3fcc 100644 --- a/cmd/eficonfig_sbkey.c +++ b/cmd/eficonfig_sbkey.c @@ -17,6 +17,13 @@ #include #include +struct eficonfig_sig_data { + struct efi_signature_list *esl; + struct efi_signature_data *esd; + struct list_head list; + u16 *varname; +}; + enum efi_sbkey_signature_type { SIG_TYPE_X509 = 0, SIG_TYPE_HASH, @@ -155,8 +162,237 @@ out: return ret; } +/** + * eficonfig_process_show_siglist() - show signature list content + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_siglist(void *data) +{ + u32 i; + struct eficonfig_sig_data *sg = data; + + puts(ANSI_CURSOR_HIDE); + puts(ANSI_CLEAR_CONSOLE); + printf(ANSI_CURSOR_POSITION, 1, 1); + + printf("\n ** Show Signature Database (%ls) **\n\n" + " Owner GUID:\n" + " %pUL\n", + sg->varname, sg->esd->signature_owner.b); + + for (i = 0; i < ARRAY_SIZE(sigtype_to_str); i++) { + if (!guidcmp(&sg->esl->signature_type, &sigtype_to_str[i].sig_type)) { + printf(" Signature Type:\n" + " %s\n", sigtype_to_str[i].str); + + switch (sigtype_to_str[i].type) { + case SIG_TYPE_X509: + { + struct x509_certificate *cert_tmp; + + cert_tmp = x509_cert_parse(sg->esd->signature_data, + sg->esl->signature_size); + printf(" Subject:\n" + " %s\n" + " Issuer:\n" + " %s\n", + cert_tmp->subject, cert_tmp->issuer); + break; + } + case SIG_TYPE_CRL: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t) - + sizeof(struct efi_time); + struct efi_time *time = + (struct efi_time *)((u8 *)sg->esd->signature_data + + hash_size); + + printf(" ToBeSignedHash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + printf(" TimeOfRevocation:\n" + " %d-%d-%d %02d:%02d:%02d\n", + time->year, time->month, time->day, + time->hour, time->minute, time->second); + break; + } + case SIG_TYPE_HASH: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t); + + printf(" Hash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + break; + } + default: + eficonfig_print_msg("ERROR! Unsupported format."); + return EFI_INVALID_PARAMETER; + } + } + } + + while (tstc()) + getchar(); + + printf("\n\n Press any key to continue"); + getchar(); + + return EFI_SUCCESS; +} + +/** + * prepare_signature_list_menu() - create the signature list menu entry + * + * @efimenu: pointer to the efimenu structure + * @varname: pointer to the variable name + * @db: pointer to the variable raw data + * @db_size: variable data size + * @func: callback of each entry + * Return: status code + */ +static efi_status_t prepare_signature_list_menu(struct efimenu *efi_menu, void *varname, + void *db, efi_uintn_t db_size, + eficonfig_entry_func func) +{ + u32 num = 0; + efi_uintn_t size; + struct eficonfig_sig_data *sg; + struct efi_signature_list *esl; + struct efi_signature_data *esd; + efi_status_t ret = EFI_SUCCESS; + + INIT_LIST_HEAD(&efi_menu->list); + + esl = db; + size = db_size; + while (size > 0) { + u32 remain; + + esd = (struct efi_signature_data *)((u8 *)esl + + (sizeof(struct efi_signature_list) + + esl->signature_header_size)); + remain = esl->signature_list_size - sizeof(struct efi_signature_list) - + esl->signature_header_size; + for (; remain > 0; remain -= esl->signature_size) { + char buf[40]; + char *title; + + if (num >= EFICONFIG_ENTRY_NUM_MAX - 1) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + sg = calloc(1, sizeof(struct eficonfig_sig_data)); + if (!sg) { + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + snprintf(buf, sizeof(buf), "%pUL", &esd->signature_owner); + title = calloc(1, (strlen(buf) + 1)); + if (!title) { + free(sg); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + strlcpy(title, buf, strlen(buf) + 1); + + sg->esl = esl; + sg->esd = esd; + sg->varname = varname; + ret = eficonfig_append_menu_entry(efi_menu, title, func, sg); + if (ret != EFI_SUCCESS) { + free(sg); + free(title); + goto err; + } + esd = (struct efi_signature_data *)((u8 *)esd + esl->signature_size); + num++; + } + + size -= esl->signature_list_size; + esl = (struct efi_signature_list *)((u8 *)esl + esl->signature_list_size); + } +out: + ret = eficonfig_append_quit_entry(efi_menu); +err: + return ret; +} + +/** + * enumerate_and_show_signature_database() - enumerate and show the signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t enumerate_and_show_signature_database(void *varname) +{ + void *db; + char buf[50]; + efi_status_t ret; + efi_uintn_t db_size; + struct efimenu *efi_menu; + struct list_head *pos, *n; + struct eficonfig_entry *entry; + + db = efi_get_var(varname, efi_auth_var_get_guid(varname), &db_size); + if (!db) { + eficonfig_print_msg("There is no entry in the signature database."); + return EFI_NOT_FOUND; + } + + efi_menu = calloc(1, sizeof(struct efimenu)); + if (!efi_menu) { + free(db); + return EFI_OUT_OF_RESOURCES; + } + + ret = prepare_signature_list_menu(efi_menu, varname, db, db_size, + eficonfig_process_show_siglist); + if (ret != EFI_SUCCESS) + goto out; + + snprintf(buf, sizeof(buf), " ** Show Signature Database (%ls) **", (u16 *)varname); + ret = eficonfig_process_common(efi_menu, buf); +out: + list_for_each_safe(pos, n, &efi_menu->list) { + entry = list_entry(pos, struct eficonfig_entry, list); + free(entry->data); + } + eficonfig_destroy(efi_menu); + free(db); + + return ret; +} + +/** + * eficonfig_process_show_signature_database() - process show signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_signature_database(void *data) +{ + efi_status_t ret; + + while (1) { + ret = enumerate_and_show_signature_database(data); + if (ret != EFI_SUCCESS && ret != EFI_NOT_READY) + break; + } + + /* return to the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + static struct eficonfig_item key_config_menu_items[] = { {"Enroll New Key", eficonfig_process_enroll_key}, + {"Show Signature Database", eficonfig_process_show_signature_database}, {"Quit", eficonfig_process_quit}, };