From patchwork Thu Nov 10 08:30:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 623326 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp761534pvb; Thu, 10 Nov 2022 00:30:18 -0800 (PST) X-Google-Smtp-Source: AMsMyM5HLS0OfIKa3x3fT/Y4T87Y47NJ/SmvAZ/m8KMEEtVC1dNm5oAnZVIhXUWJR1nWc30jzUB9 X-Received: by 2002:a17:907:1c88:b0:7ad:8f76:699e with SMTP id nb8-20020a1709071c8800b007ad8f76699emr58042084ejc.114.1668069018724; Thu, 10 Nov 2022 00:30:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668069018; cv=none; d=google.com; s=arc-20160816; b=piC3ilN7qxVjEJ5km/NbTUCGrW6o6VehGwtYT2U01lm6GLMfqP41nkLAeND48Clk2M GyALGQ+Pbx8m1PPVg1g5Q+VXMZ7dIZc4dAra/YIFwfcP9QYDQ5o7M+czCnfm61bXqeDU iluQ4Vv3X+3KcYx90WnqRpyIYLTBAwrr3iPzmrYPplF0LnvUxQKHuVbBMXHsvK9A+0g3 nG6XmNQKhS1wSx+xekFt1u3iwfD7JVNXEkQF3hB2qzIHvWSnv288+RaDTALWQZgM0WEO h+WMGUFjRnxkuXB3USgqoDlClcKqziZDUXSpdxPBTB5zXUC34gDETJdCZIfQyHoC/YxQ ce/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=r9MQH9DhFXVJ1Euv/isGFC0RixnvkcNuyeCvH7qshdw=; b=Mft3D1fR0twB4dSmVGJ1DEkyRbzgmSyQ2KuvwXkY4hpe1ujHZfjapMDZFAHAap2ILl B2o/C961Cc7ff3db9tXjqKaY27UMB2rqfulTRjHBhaclokcRt5c9eJFZsO0eSDhWI8JF 026K4SEujAuY96cCvEoOEk4ecdU+i4U8SrQk9dlfRxEaD0/eMiOQv/d8JMeRD4eraOEV X26OPTcDIaTKhuCCyoQnEgZ4f2jjafoxaTgbfk5JYUncZC3VaZ6BZN7XsoICVVp2D9a/ hPVgTUvy6YCHUIlKh1TyOqCD6VL/6iGoRPWNnkqXMWN6m2XZhD2ClX7ie8U2NCE6Eato F95w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hReYcPC0; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id ek16-20020a056402371000b0046453c385e4si15415277edb.365.2022.11.10.00.30.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Nov 2022 00:30:18 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hReYcPC0; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D5C5685143; Thu, 10 Nov 2022 09:29:39 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hReYcPC0"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DE94C85149; Thu, 10 Nov 2022 09:29:35 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 7750085131 for ; Thu, 10 Nov 2022 09:29:30 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62b.google.com with SMTP id p12so891791plq.4 for ; Thu, 10 Nov 2022 00:29:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=r9MQH9DhFXVJ1Euv/isGFC0RixnvkcNuyeCvH7qshdw=; b=hReYcPC0zcyUsMdkktWgIMcsZfcAvORoeHH+p3ttbu/I/9NVu/KKko59M6Z/MkwOYL SWwhqPI+u/vg+skApZJ0/E0lW7SvgGUGLmt4wG1X1n72GzbReYemdyBn+obUs8yyp8PO SSAUzkcQ0Tx1voPZRdf4TSxKTreh8MO8E2qKqHtfa4fj9JemjOND0SNoGW0PJsrQn37A nxeBWJ4hZ5tfhVYSpGVRZTJEir4VEl11pHD66/eyoO7ZpQxRVC+mZiGnZYD/RLtutzN9 iFfuLvLYisZM4oEjTxrBXrt3OcR8LRqfAKRM7BeeSxxipW7sxhZjCoioKcbe2H4TPKzi ggTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r9MQH9DhFXVJ1Euv/isGFC0RixnvkcNuyeCvH7qshdw=; b=RzHmxrhPemIyTqjhPmRpqtfEaGiS84bLdLRHP80z7PspGUtln0yOwgNGSqM3OyDH3A 294uPdt1PtZs+qvuYwsulmZkeUyiM/qW5H3pozf58+ZlTU4rwWRNv15cRuVPC3syuz9J QnEm90Y+qsTwasKyOg4gwzRhedSVkjE2XLmSfzbI/p/MWISCxGAhGuESMyaACSneApKE spUZ8HsmBaO72KgyaZhKtN8OwtX6D58ifzKFkqFy5wUioJdUGL8qwrBRXrWJLL7zp8zc Xmn8VhfxXXVhcfuDCPbH+nATYIUstCqYRPcU4Iyv4fDPvR32x2htkkLoAW76e3uvU4ha K/Rg== X-Gm-Message-State: ACrzQf1ixCV+Hp+24L1oMMkSngoQ5z1o6A7DEbXpmIsJ77YgjLVnYJTg +SrKotld/OODpDC/NosNBqpdtjNGjPp2CA== X-Received: by 2002:a17:90b:2246:b0:213:48f0:297f with SMTP id hk6-20020a17090b224600b0021348f0297fmr66331436pjb.236.1668068968065; Thu, 10 Nov 2022 00:29:28 -0800 (PST) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id b1-20020a170903228100b00176ba091cd3sm10638194plh.196.2022.11.10.00.29.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Nov 2022 00:29:27 -0800 (PST) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Takahiro Akashi , Etienne Carriere , Masahisa Kojima Subject: [PATCH v8 5/5] eficonfig: add "Show Signature Database" menu entry Date: Thu, 10 Nov 2022 17:30:54 +0900 Message-Id: <20221110083054.11950-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221110083054.11950-1-masahisa.kojima@linaro.org> References: <20221110083054.11950-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit adds the menu-driven interface to show the signature list content. Signed-off-by: Masahisa Kojima --- No update since v7 Changes in v7: - remove delete signature list feature user can clear the signature database with signed null key - rename function name to avoid confusion - update commit message Changes in v6: - update comment Changes in v2: - integrate show and delete signature database menu - add confirmation message before delete - add function comment cmd/eficonfig_sbkey.c | 236 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c index de1d1e8426..8a372b9960 100644 --- a/cmd/eficonfig_sbkey.c +++ b/cmd/eficonfig_sbkey.c @@ -17,6 +17,13 @@ #include #include +struct eficonfig_sig_data { + struct efi_signature_list *esl; + struct efi_signature_data *esd; + struct list_head list; + u16 *varname; +}; + enum efi_sbkey_signature_type { SIG_TYPE_X509 = 0, SIG_TYPE_HASH, @@ -157,8 +164,237 @@ out: return ret; } +/** + * eficonfig_process_show_siglist() - show signature list content + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_siglist(void *data) +{ + u32 i; + struct eficonfig_sig_data *sg = data; + + puts(ANSI_CURSOR_HIDE); + puts(ANSI_CLEAR_CONSOLE); + printf(ANSI_CURSOR_POSITION, 1, 1); + + printf("\n ** Show Signature Database (%ls) **\n\n" + " Owner GUID:\n" + " %pUL\n", + sg->varname, sg->esd->signature_owner.b); + + for (i = 0; i < ARRAY_SIZE(sigtype_to_str); i++) { + if (!guidcmp(&sg->esl->signature_type, &sigtype_to_str[i].sig_type)) { + printf(" Signature Type:\n" + " %s\n", sigtype_to_str[i].str); + + switch (sigtype_to_str[i].type) { + case SIG_TYPE_X509: + { + struct x509_certificate *cert_tmp; + + cert_tmp = x509_cert_parse(sg->esd->signature_data, + sg->esl->signature_size); + printf(" Subject:\n" + " %s\n" + " Issuer:\n" + " %s\n", + cert_tmp->subject, cert_tmp->issuer); + break; + } + case SIG_TYPE_CRL: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t) - + sizeof(struct efi_time); + struct efi_time *time = + (struct efi_time *)((u8 *)sg->esd->signature_data + + hash_size); + + printf(" ToBeSignedHash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + printf(" TimeOfRevocation:\n" + " %d-%d-%d %02d:%02d:%02d\n", + time->year, time->month, time->day, + time->hour, time->minute, time->second); + break; + } + case SIG_TYPE_HASH: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t); + + printf(" Hash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + break; + } + default: + eficonfig_print_msg("ERROR! Unsupported format."); + return EFI_INVALID_PARAMETER; + } + } + } + + while (tstc()) + getchar(); + + printf("\n\n Press any key to continue"); + getchar(); + + return EFI_SUCCESS; +} + +/** + * prepare_signature_list_menu() - create the signature list menu entry + * + * @efimenu: pointer to the efimenu structure + * @varname: pointer to the variable name + * @db: pointer to the variable raw data + * @db_size: variable data size + * @func: callback of each entry + * Return: status code + */ +static efi_status_t prepare_signature_list_menu(struct efimenu *efi_menu, void *varname, + void *db, efi_uintn_t db_size, + eficonfig_entry_func func) +{ + u32 num = 0; + efi_uintn_t size; + struct eficonfig_sig_data *sg; + struct efi_signature_list *esl; + struct efi_signature_data *esd; + efi_status_t ret = EFI_SUCCESS; + + INIT_LIST_HEAD(&efi_menu->list); + + esl = db; + size = db_size; + while (size > 0) { + u32 remain; + + esd = (struct efi_signature_data *)((u8 *)esl + + (sizeof(struct efi_signature_list) + + esl->signature_header_size)); + remain = esl->signature_list_size - sizeof(struct efi_signature_list) - + esl->signature_header_size; + for (; remain > 0; remain -= esl->signature_size) { + char buf[40]; + char *title; + + if (num >= EFICONFIG_ENTRY_NUM_MAX - 1) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + sg = calloc(1, sizeof(struct eficonfig_sig_data)); + if (!sg) { + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + snprintf(buf, sizeof(buf), "%pUL", &esd->signature_owner); + title = calloc(1, (strlen(buf) + 1)); + if (!title) { + free(sg); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + strlcpy(title, buf, strlen(buf) + 1); + + sg->esl = esl; + sg->esd = esd; + sg->varname = varname; + ret = eficonfig_append_menu_entry(efi_menu, title, func, sg); + if (ret != EFI_SUCCESS) { + free(sg); + free(title); + goto err; + } + esd = (struct efi_signature_data *)((u8 *)esd + esl->signature_size); + num++; + } + + size -= esl->signature_list_size; + esl = (struct efi_signature_list *)((u8 *)esl + esl->signature_list_size); + } +out: + ret = eficonfig_append_quit_entry(efi_menu); +err: + return ret; +} + +/** + * enumerate_and_show_signature_database() - enumerate and show the signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t enumerate_and_show_signature_database(void *varname) +{ + void *db; + char buf[50]; + efi_status_t ret; + efi_uintn_t db_size; + struct efimenu *efi_menu; + struct list_head *pos, *n; + struct eficonfig_entry *entry; + + db = efi_get_var(varname, efi_auth_var_get_guid(varname), &db_size); + if (!db) { + eficonfig_print_msg("There is no entry in the signature database."); + return EFI_NOT_FOUND; + } + + efi_menu = calloc(1, sizeof(struct efimenu)); + if (!efi_menu) { + free(db); + return EFI_OUT_OF_RESOURCES; + } + + ret = prepare_signature_list_menu(efi_menu, varname, db, db_size, + eficonfig_process_show_siglist); + if (ret != EFI_SUCCESS) + goto out; + + snprintf(buf, sizeof(buf), " ** Show Signature Database (%ls) **", (u16 *)varname); + ret = eficonfig_process_common(efi_menu, buf); +out: + list_for_each_safe(pos, n, &efi_menu->list) { + entry = list_entry(pos, struct eficonfig_entry, list); + free(entry->data); + } + eficonfig_destroy(efi_menu); + free(db); + + return ret; +} + +/** + * eficonfig_process_show_signature_database() - process show signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_signature_database(void *data) +{ + efi_status_t ret; + + while (1) { + ret = enumerate_and_show_signature_database(data); + if (ret != EFI_SUCCESS && ret != EFI_NOT_READY) + break; + } + + /* return to the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + static struct eficonfig_item key_config_menu_items[] = { {"Enroll New Key", eficonfig_process_enroll_key}, + {"Show Signature Database", eficonfig_process_show_signature_database}, {"Quit", eficonfig_process_quit}, };