From patchwork Fri Oct 14 06:56:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615060 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp112835pvb; Thu, 13 Oct 2022 23:57:40 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4feGmWNLMeca4YB2SVpD7XTnmjgcceT/YwZb79Sjlv/oINWlC2BkIaG+xvfVp5SjoXZIC9 X-Received: by 2002:a05:6402:847:b0:453:944a:ba8e with SMTP id b7-20020a056402084700b00453944aba8emr3019869edz.326.1665730659816; Thu, 13 Oct 2022 23:57:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730659; cv=none; d=google.com; s=arc-20160816; b=jMYA2epooG74MDzIcJMqf3+zWGVYBtd/RuA52d4DF6yI9mb7tlY5TGAIgWLIZ0nuz/ OHIIdmPxctdtarvr66QldcGnkXPv1Lsb7ICQkf2468iajMLFsATS7uevSPIcDam1xys2 6QdGcLjvAQfaP78dFBiUNMUoc/Jw0XdSMLaxLkr7mCVBRpoev18w7en2e6Q0T4CgFilZ dGagOp9VP1MMDJ1NE3Ik1dtfcrJBiTwuiAeEnTc+On+38qZRMQ7VRnPYaRlVXl2bzgj8 0KQTzM7w8ODMttAHtKDzQztu+Ac0qJQrjMXM3/Tii6LtLFKjYs11eetumgVzXhnzwgrn COjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Nc0Nv7HUBnTNid2FRKN6ahbG6U5vKFhetxIRWUXbksE=; b=lhVjkEG5JElTNpj6c76K5tKBQoS8IRp/IPnFM1GoZfRsKRyVBeOG1bHLWigHJZJ40y oLzJnoK9vmt/ld8dwRWa8oPJNwfFiziaqZ4t1mJLesMWjqj1jzHJ85q2fkXe3SfEAcxv 8OkqOYunYZiTeTdbvZ170iIXDLe/h+/Ch2WysYD0P92Bzs7bxPMZFI4TyB1yqhGuCwEE JzQPs5I9XzrpWId68ayZNAGVvplpXo+lf6MEk6EbXoUz11Mao/6cghvbvBEx3TTi+a0O DCLJ9RHF4M/zHHOqqdlG+Yb35p1+oF9HxUn8k1Pm0jP8E8VXD6uJc4wqPlC9MjNwdm9T adIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NNkiDrwC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id r23-20020a170906365700b0077951929341si1490812ejb.312.2022.10.13.23.57.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:39 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NNkiDrwC; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7015D84F1C; Fri, 14 Oct 2022 08:57:38 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NNkiDrwC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B164084F26; Fri, 14 Oct 2022 08:57:36 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E1D1784EF9 for ; Fri, 14 Oct 2022 08:57:28 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1035.google.com with SMTP id n18-20020a17090ade9200b0020b0012097cso7388385pjv.0 for ; Thu, 13 Oct 2022 23:57:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Nc0Nv7HUBnTNid2FRKN6ahbG6U5vKFhetxIRWUXbksE=; b=NNkiDrwC8f05TyQa49DDGioNcjXwaNxpLUaj8z50sl64i4RZRa/z1qDWV9zcRDQJJ1 WJEZDqOdxek4NiqhI3WFXimGTS2qomGacHZW58hG0AVbSUaOuUNkB4TudDmaMm3zlmBM hw/MAk9Z0TbrmmnWILCJ395nl0WycSWXWQOSmOmv20V2S/ydMH5eH3LtVV4kG/+SA7AY P6ypOPWtmwdBptKhjT1UFK641WKPkbLwtOyNAAALg2Y+PL7gdukZIWS5B9xeiOkeTICI OvtMH9d1eRQL2riKYX5VXWEWjCup0UbFuidMRAXNLXt6RCX6VLNFtWsL4rdv+e7ukGQM oKEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Nc0Nv7HUBnTNid2FRKN6ahbG6U5vKFhetxIRWUXbksE=; b=h7qRw2One0fjbvMyl4mxR122ow+mxM3NwyQl+R03dnGNwL/38oYd5e1K5cLrgEh5JN L2tY2zjkIz1XMRkAOJeAmiSARnaPb8d8tC/11Xta9eBDFszeujqigcgPIMC/YDkrtc85 9AEKssdQG+iiDMaYiBJ0Yih27ogHswfzCzPsJjiIHkaIFcSjJM7EOD/e0MfObmWkNOV4 F9nyhgR1RA5b0Z5dGPgONIkjCAMIFAuRwhztNUBlMi4Spd8gkCrfXZ3SSmCUV2WseQSI bkD7MPOmk3QpzMYqARK5Q5zlVNecZh9860yaagnrVK3XMqNHDvVigH3lmxGTXmQpWrt+ yXdw== X-Gm-Message-State: ACrzQf3UMAmQkQ8zW7KXu+OYh4FWTAT8JocrhhYli0ArMkUAAzb1gHGi UARvU+SZth+edy3FpggN0RNWqbov8/6RpA== X-Received: by 2002:a17:90b:4ac8:b0:20d:56c4:a892 with SMTP id mh8-20020a17090b4ac800b0020d56c4a892mr15335938pjb.19.1665730646836; Thu, 13 Oct 2022 23:57:26 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:26 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 1/6] eficonfig: refactor eficonfig_select_file_handler() Date: Fri, 14 Oct 2022 15:56:55 +0900 Message-Id: <20221014065705.5249-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean eficonfig_select_file_handler() is commonly used to select the file. eficonfig_display_select_file_option() intends to add the additional menu mainly to clear the selected file information. eficonfig_display_select_file_option() is not necessary for the file selection process, so it should be outside of eficonfig_select_file_handler(). Signed-off-by: Masahisa Kojima --- No change since v2 newly created in v2 cmd/eficonfig.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index 2595dd9563..f6a99bd01a 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -968,7 +968,7 @@ efi_status_t eficonfig_process_clear_file_selection(void *data) } static struct eficonfig_item select_file_menu_items[] = { - {"Select File", eficonfig_process_select_file}, + {"Select File", eficonfig_select_file_handler}, {"Clear", eficonfig_process_clear_file_selection}, {"Quit", eficonfig_process_quit}, }; @@ -980,12 +980,13 @@ static struct eficonfig_item select_file_menu_items[] = { * @file_info: pointer to the file information structure * Return: status code */ -efi_status_t eficonfig_display_select_file_option(struct eficonfig_select_file_info *file_info) +efi_status_t eficonfig_display_select_file_option(void *data) { efi_status_t ret; struct efimenu *efi_menu; - select_file_menu_items[1].data = file_info; + select_file_menu_items[0].data = data; + select_file_menu_items[1].data = data; efi_menu = eficonfig_create_fixed_menu(select_file_menu_items, ARRAY_SIZE(select_file_menu_items)); if (!efi_menu) @@ -1016,10 +1017,6 @@ efi_status_t eficonfig_select_file_handler(void *data) struct eficonfig_select_file_info *tmp = NULL; struct eficonfig_select_file_info *file_info = data; - ret = eficonfig_display_select_file_option(file_info); - if (ret != EFI_SUCCESS) - return ret; - tmp = calloc(1, sizeof(struct eficonfig_select_file_info)); if (!tmp) return EFI_OUT_OF_RESOURCES; @@ -1284,7 +1281,7 @@ static efi_status_t prepare_file_selection_entry(struct efimenu *efi_menu, char utf8_utf16_strcpy(&p, devname); u16_strlcat(file_name, file_info->current_path, len); ret = create_boot_option_entry(efi_menu, title, file_name, - eficonfig_select_file_handler, file_info); + eficonfig_display_select_file_option, file_info); out: free(devname); free(file_name); From patchwork Fri Oct 14 06:56:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615061 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp112896pvb; Thu, 13 Oct 2022 23:57:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7KZUmyHiNP5Q2YcUHOTanTlD8XbGU+7n2Fp6I4d6FM79joNB2IXNzq2aGCQoBvOVaD/i/+ X-Received: by 2002:a05:6402:114a:b0:454:85e4:2295 with SMTP id g10-20020a056402114a00b0045485e42295mr3119181edw.348.1665730670093; Thu, 13 Oct 2022 23:57:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730670; cv=none; d=google.com; s=arc-20160816; b=uGnYigOpoB8NTZZSQVgXG/k4xbIRGGvrRIP3XS+roUgBw6lvSUPT1xHeVUsYB3OHtq A1akGJQE8uzoUJUki/gKfAXphDh/x0rGjTzp8IAyrWIdGNjtHM/8sWjHuZ/3F8qneSNC 63ZJGMnAwiUOVX5rTBwjaYHs5Ed9HIa+h47KWmPl2NglnaJJeYec6+aiDS9jHDavnKhh oCVYJf7MXZEZvGrMDAGmJ46bCodpUEImtWLN7FyKH4dbiuMN4q+UyO2v8PQwn5CPlnQt y6WJgo2EAyRkBMbIg24eAnrafm2mV8qJO0EnQwoM1uXw/xewhpno9nrk2GMY5Sc+pmuz CUZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=0ERyheRvFp8/wHvmYCSbRcxDgU68ioohlTrwboamaxo=; b=ZOE8xPdZPH/M/ARIQy6iENPrXmuNc0WFN3YKicJKZLF3xI5RHp6Jn46VvjQIPcL9Cx 510XtAzFoWLAwlTUZzfPKIqWpE3OdLUVpKiHc6Cxhq5ZuYCfjL4j1aPBA0GQtMshIuU2 KJRePVqfh7iJw4IFDltHoRhUQFJHR6/7l++tXAbBbAu384eho54NB6roGYmATvVAjW3w fpjwOjbo0KyPwqpfvBzxfa1oUAMU+aVKKz6PKLwdCEBmmqMkEk/QZVX0qxsqJawXTR4q zumHrX08a9+/l4kgmsygSxNv6rsFTdwfyUV5mj2O/rmAGYvZdP3z9CfobGAUmNcUAIXC QnyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VKpnrHgE; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id t22-20020a17090616d600b0078d8cc2006csi1360526ejd.697.2022.10.13.23.57.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:50 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VKpnrHgE; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2544884F26; Fri, 14 Oct 2022 08:57:48 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="VKpnrHgE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 35C9984F00; Fri, 14 Oct 2022 08:57:37 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E6BBF84F1A for ; Fri, 14 Oct 2022 08:57:31 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x531.google.com with SMTP id r18so3537859pgr.12 for ; Thu, 13 Oct 2022 23:57:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=0ERyheRvFp8/wHvmYCSbRcxDgU68ioohlTrwboamaxo=; b=VKpnrHgEUCynuJT0lm5nG93LUS1wL60vqJdQ0jjxkrKfTqeAWXSRKbPYBHv9tCMSpL QrHeH1HowJ7N69WBN12FJOBYO1wRe4VL8fKBWpsBc56+9a5jCoRVafDycJBv0mtQ24dG F9ZUpP5eZoe03j2iXJzBypYWBtAs9S3Jx41DBCOmjeUzb07j8XrmEk7QGds1Yx5gRagA Fe1dmTPCogc6xjxKwTzi/UU/Bo3coCiVMlY3OpYylpL+p9TFo4FQ6hAaaAudyB+qAnU0 1rT30s98jOtnmIxc41KUFGFNKB0io2wUaAKuPwsAZ02Na+XebCEIOZGEQJcB8ZWVapMb Uk2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0ERyheRvFp8/wHvmYCSbRcxDgU68ioohlTrwboamaxo=; b=ug5RvPjOl4V7OXaLD4ypy3vjxELxxhhHOB3AwdoRPry+bYaaY8q0Zk3DDUeR1fEsyp jTuiIFMycvfIxHIPyTqjq3NVNcJi3OQbjDJS1DbfL54iewNpzV7JoWqTiBbm4fS8Zz0L veIoefDPn25jt/GDymKroic7QmsVhiop/Q3MlQqTLlncCPYHVjKq2W1l8DQyhAl+OYdv GLmsFyuPNLWIPJ8iv/0OxdUtR/RnqrZbDb5SOamgjXdarGWoZUgoaqFllYodgf8rzl9Z Sp4CcH8+j8+mABOtUrVtzUGw1Fn24AKvvPMdOdl279+IvX0lOHqlSYaMEJ6C/gRhQr7l DjiQ== X-Gm-Message-State: ACrzQf2CvPCwoZW+kHbjuaS+7+2He1W14RyOvoMGsqIade3geJR7wTUg JEa2Flnt+mG3Mn5xZGOZACoGq9EC620ntQ== X-Received: by 2002:a63:1a07:0:b0:46b:2825:f9cf with SMTP id a7-20020a631a07000000b0046b2825f9cfmr2167230pga.370.1665730649835; Thu, 13 Oct 2022 23:57:29 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:29 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 2/6] eficonfig: expose append entry function Date: Fri, 14 Oct 2022 15:56:56 +0900 Message-Id: <20221014065705.5249-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit exposes the eficonfig menu entry append function. Signed-off-by: Masahisa Kojima --- No change since v2 newly created in v2 cmd/eficonfig.c | 32 +++++++++++++++++--------------- include/efi_config.h | 5 +++++ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index f6a99bd01a..0cb0770ac3 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -263,7 +263,7 @@ efi_status_t eficonfig_process_quit(void *data) } /** - * append_entry() - append menu item + * eficonfig_append_menu_entry() - append menu item * * @efi_menu: pointer to the efimenu structure * @title: pointer to the entry title @@ -271,8 +271,9 @@ efi_status_t eficonfig_process_quit(void *data) * @data: pointer to the data to be passed to each entry callback * Return: status code */ -static efi_status_t append_entry(struct efimenu *efi_menu, - char *title, eficonfig_entry_func func, void *data) +efi_status_t eficonfig_append_menu_entry(struct efimenu *efi_menu, + char *title, eficonfig_entry_func func, + void *data) { struct eficonfig_entry *entry; @@ -295,12 +296,12 @@ static efi_status_t append_entry(struct efimenu *efi_menu, } /** - * append_quit_entry() - append quit entry + * eficonfig_append_quit_entry() - append quit entry * * @efi_menu: pointer to the efimenu structure * Return: status code */ -static efi_status_t append_quit_entry(struct efimenu *efi_menu) +efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu) { char *title; efi_status_t ret; @@ -309,7 +310,7 @@ static efi_status_t append_quit_entry(struct efimenu *efi_menu) if (!title) return EFI_OUT_OF_RESOURCES; - ret = append_entry(efi_menu, title, eficonfig_process_quit, NULL); + ret = eficonfig_append_menu_entry(efi_menu, title, eficonfig_process_quit, NULL); if (ret != EFI_SUCCESS) free(title); @@ -341,7 +342,7 @@ void *eficonfig_create_fixed_menu(const struct eficonfig_item *items, int count) if (!title) goto out; - ret = append_entry(efi_menu, title, iter->func, iter->data); + ret = eficonfig_append_menu_entry(efi_menu, title, iter->func, iter->data); if (ret != EFI_SUCCESS) { free(title); goto out; @@ -634,14 +635,15 @@ static efi_status_t eficonfig_select_volume(struct eficonfig_select_file_info *f info->v = v; info->dp = device_path; info->file_info = file_info; - ret = append_entry(efi_menu, devname, eficonfig_volume_selected, info); + ret = eficonfig_append_menu_entry(efi_menu, devname, eficonfig_volume_selected, + info); if (ret != EFI_SUCCESS) { free(info); goto out; } } - ret = append_quit_entry(efi_menu); + ret = eficonfig_append_quit_entry(efi_menu); if (ret != EFI_SUCCESS) goto out; @@ -745,8 +747,8 @@ eficonfig_create_file_entry(struct efimenu *efi_menu, u32 count, (int (*)(const void *, const void *))sort_file); for (i = 0; i < entry_num; i++) { - ret = append_entry(efi_menu, tmp_infos[i]->file_name, - eficonfig_file_selected, tmp_infos[i]); + ret = eficonfig_append_menu_entry(efi_menu, tmp_infos[i]->file_name, + eficonfig_file_selected, tmp_infos[i]); if (ret != EFI_SUCCESS) goto out; } @@ -815,7 +817,7 @@ static efi_status_t eficonfig_select_file(struct eficonfig_select_file_info *fil if (ret != EFI_SUCCESS) goto err; - ret = append_quit_entry(efi_menu); + ret = eficonfig_append_quit_entry(efi_menu); if (ret != EFI_SUCCESS) goto err; @@ -1218,7 +1220,7 @@ static efi_status_t create_boot_option_entry(struct efimenu *efi_menu, char *tit utf16_utf8_strcpy(&p, val); } - return append_entry(efi_menu, buf, func, data); + return eficonfig_append_menu_entry(efi_menu, buf, func, data); } /** @@ -1677,7 +1679,7 @@ static efi_status_t eficonfig_add_boot_selection_entry(struct efimenu *efi_menu, utf16_utf8_strcpy(&p, lo.label); info->boot_index = boot_index; info->selected = selected; - ret = append_entry(efi_menu, buf, eficonfig_process_boot_selected, info); + ret = eficonfig_append_menu_entry(efi_menu, buf, eficonfig_process_boot_selected, info); if (ret != EFI_SUCCESS) { free(load_option); free(info); @@ -1736,7 +1738,7 @@ static efi_status_t eficonfig_show_boot_selection(unsigned int *selected) break; } - ret = append_quit_entry(efi_menu); + ret = eficonfig_append_quit_entry(efi_menu); if (ret != EFI_SUCCESS) goto out; diff --git a/include/efi_config.h b/include/efi_config.h index 098cac2115..86bc801211 100644 --- a/include/efi_config.h +++ b/include/efi_config.h @@ -95,4 +95,9 @@ efi_status_t eficonfig_get_unused_bootoption(u16 *buf, efi_status_t eficonfig_append_bootorder(u16 index); efi_status_t eficonfig_generate_media_device_boot_option(void); +efi_status_t eficonfig_append_menu_entry(struct efimenu *efi_menu, + char *title, eficonfig_entry_func func, + void *data); +efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu); + #endif From patchwork Fri Oct 14 06:56:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615062 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp112956pvb; Thu, 13 Oct 2022 23:58:02 -0700 (PDT) X-Google-Smtp-Source: AMsMyM444BYjqvtA1KPh9/uOjYYOxVRMvQi30PlDk940bF6ZzeRUpSH6m3mYlxkd4/QHAIxJqCZp X-Received: by 2002:a17:907:3d8f:b0:78d:b46e:eadd with SMTP id he15-20020a1709073d8f00b0078db46eeaddmr2522561ejc.277.1665730682433; Thu, 13 Oct 2022 23:58:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730682; cv=none; d=google.com; s=arc-20160816; b=wju8VjzHWmq1WsWJClJV/RQnHc3hKT1L34/Vuy0+2uIGaOStk1iSNy6+reSxn4IKTy rY4eA3f0ppmaRxNDS37G4yEu81fZag0m3NBt+vO45UhhNs1yn7hNJc9E59fC/MMlzW/o 1QUju8EAIdJ52G8SWbtagzZpkrsDA+ELglAEpsS9m62dub6+V1EP0bS3lKaYvEb+LYLb ZDU39Mh248m0+y0oTtb/PwoEtpqwG/oicZTIiluVDA6FITZvR78/4MSH5BhuI87gMG6Y 6r7qjN5qRxcnd3xY0/F5prk92ZlkNaje4nKR1c/aV7A384vbL3vS4qb4m7359pLCHdJn v4kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=elFqwc54t5s+bWz5RyNzaBqwdS96HIZHHGBMCEQ+iL4=; b=LzHHscPWla69+PJ+qR4U3MbizhzYQWIPf03XNXzsAW4F5Fc96qnsBqz1QvTQO14qfc 7FtICimBWCJxwEnE4m7p0c8Jy3IXNOZPpnDggTKjiTpH/uEFC71QD3KSZLpv017+aM+x SaWxGWySizJRRXGKL7BORxBq7cL79KosHCP6fHj6EpEmtUAT36hrmGB4Vu2ok333cuRs 8yKPDIVQXJi47LOvxGUypdAxe/kRTBq48iWcEfvg+qOWbXsiTG0hK1x3OpAUDerfDTJu RR7y24Ma1WeWeXxrGZkLUXC6jTlWy5YjGZx+TGslbxCW5doLshRa6R7yZIp8wYfZ7m5C zqIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JseGyQ8X; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id l8-20020a056402254800b0045d1a74b76fsi1330640edb.443.2022.10.13.23.58.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:58:02 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JseGyQ8X; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3145B84F2E; Fri, 14 Oct 2022 08:57:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JseGyQ8X"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 62AF484F37; Fri, 14 Oct 2022 08:57:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AA3C984F28 for ; Fri, 14 Oct 2022 08:57:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x429.google.com with SMTP id m6so4135346pfb.0 for ; Thu, 13 Oct 2022 23:57:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=elFqwc54t5s+bWz5RyNzaBqwdS96HIZHHGBMCEQ+iL4=; b=JseGyQ8X3drsfKwFlgdIaRIpPYlN+ERCdyeDOLndLb3wRm+G184kw6aYTVE+vkz5YB IZtnWyDTiXQA73a2gUL1NVbOcxyUMsGJBaN33PWX/6gC2EFALonXwIPdA7gu9fAvCzQP kMqq3zJvJPkQPxx6u7KHi7jsY3vnFsu32+eubpGQoEwWAu4XblHQuRVXS/mEmLoUjJuf C4u84W6NEL/4Z1uwZAzO3gymdzl60j37daQSPBOaTzzDwURkO/cu3Fa9er3VKCyr3j2Y wqK9oCdjqWaMNEQpjY3miBUL5gaQngWOvxKevA+vWO+RK3QgGwUOsV8wF1ORtC1uFKAN QOFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=elFqwc54t5s+bWz5RyNzaBqwdS96HIZHHGBMCEQ+iL4=; b=pZMUmbF7EI6jmL7o3cZrbaDBkjqrahLq/9S9Md7U46jrwWbwaIYiZu1QFzEzulgL/H hftdNJA/CigXfQMg97/RZecTZ9gz9uDgiYimTB+EUVOdSJKnmJl2ohf4RrG+cT4bShXN MAtYihUL14lAMuZshESXjVH2jepl2VYmw1JWo8W9NDCOctaeCKqNtygFTpYgG5Gs2FWp PyWPvY5zoR1/3d3YWx3aPylo4d8XGa0zCt3jV6OiMcAbH728PUBsPvqYiaghIfnR3GvN 33V9CiCn+Lz0jhgucdcYIhKFMQEGqMQ+dzophwOTfy6kRzQFyCPGBsGecurj5iCXiWdr XceA== X-Gm-Message-State: ACrzQf2woDvRBzWEMPxMLopAiZyMxFyrGZD+8st9V3Xm+xwDRXKi/+ZB /oIZfbCo19IZwtiCJXDO0W1uPz8W8Fl1gw== X-Received: by 2002:a63:2345:0:b0:463:7c74:73b with SMTP id u5-20020a632345000000b004637c74073bmr3392951pgm.39.1665730654514; Thu, 13 Oct 2022 23:57:34 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:33 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima , Simon Glass , Roger Knecht , Ovidiu Panait , Ashok Reddy Soma Subject: [PATCH v3 3/6] eficonfig: add UEFI Secure Boot Key enrollment interface Date: Fri, 14 Oct 2022 15:56:57 +0900 Message-Id: <20221014065705.5249-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit adds the menu-driven UEFI Secure Boot Key enrollment interface. User can enroll the PK, KEK, db and dbx by selecting EFI Signature Lists file. After the PK is enrolled, UEFI Secure Boot is enabled and EFI Signature Lists file must be signed by KEK or PK. Signed-off-by: Masahisa Kojima --- Changes in v3: - fix error handling Changes in v2: - allow to enroll .esl file - fix typos - add function comments cmd/Makefile | 3 + cmd/eficonfig.c | 3 + cmd/eficonfig_sbkey.c | 357 ++++++++++++++++++++++++++++++++++++++++++ include/efi_config.h | 5 + 4 files changed, 368 insertions(+) create mode 100644 cmd/eficonfig_sbkey.c diff --git a/cmd/Makefile b/cmd/Makefile index c95e09d058..f2f2857146 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -66,6 +66,9 @@ obj-$(CONFIG_CMD_EEPROM) += eeprom.o obj-$(CONFIG_EFI) += efi.o obj-$(CONFIG_CMD_EFIDEBUG) += efidebug.o obj-$(CONFIG_CMD_EFICONFIG) += eficonfig.o +ifdef CONFIG_CMD_EFICONFIG +obj-$(CONFIG_EFI_SECURE_BOOT) += eficonfig_sbkey.o +endif obj-$(CONFIG_CMD_ELF) += elf.o obj-$(CONFIG_CMD_EROFS) += erofs.o obj-$(CONFIG_HUSH_PARSER) += exit.o diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c index 0cb0770ac3..a72f07e671 100644 --- a/cmd/eficonfig.c +++ b/cmd/eficonfig.c @@ -2442,6 +2442,9 @@ static const struct eficonfig_item maintenance_menu_items[] = { {"Edit Boot Option", eficonfig_process_edit_boot_option}, {"Change Boot Order", eficonfig_process_change_boot_order}, {"Delete Boot Option", eficonfig_process_delete_boot_option}, +#if (CONFIG_IS_ENABLED(EFI_SECURE_BOOT)) + {"Secure Boot Configuration", eficonfig_process_secure_boot_config}, +#endif {"Quit", eficonfig_process_quit}, }; diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c new file mode 100644 index 0000000000..cc27f78e66 --- /dev/null +++ b/cmd/eficonfig_sbkey.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Menu-driven UEFI Secure Boot Key Maintenance + * + * Copyright (c) 2022 Masahisa Kojima, Linaro Limited + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +enum efi_sbkey_signature_type { + SIG_TYPE_X509 = 0, + SIG_TYPE_HASH, + SIG_TYPE_CRL, + SIG_TYPE_RSA2048, +}; + +struct eficonfig_sigtype_to_str { + efi_guid_t sig_type; + char *str; + enum efi_sbkey_signature_type type; +}; + +static const struct eficonfig_sigtype_to_str sigtype_to_str[] = { + {EFI_CERT_X509_GUID, "X509", SIG_TYPE_X509}, + {EFI_CERT_SHA256_GUID, "SHA256", SIG_TYPE_HASH}, + {EFI_CERT_X509_SHA256_GUID, "X509_SHA256 CRL", SIG_TYPE_CRL}, + {EFI_CERT_X509_SHA384_GUID, "X509_SHA384 CRL", SIG_TYPE_CRL}, + {EFI_CERT_X509_SHA512_GUID, "X509_SHA512 CRL", SIG_TYPE_CRL}, + /* U-Boot does not support the following signature types */ +/* {EFI_CERT_RSA2048_GUID, "RSA2048", SIG_TYPE_RSA2048}, */ +/* {EFI_CERT_RSA2048_SHA256_GUID, "RSA2048_SHA256", SIG_TYPE_RSA2048}, */ +/* {EFI_CERT_SHA1_GUID, "SHA1", SIG_TYPE_HASH}, */ +/* {EFI_CERT_RSA2048_SHA_GUID, "RSA2048_SHA", SIG_TYPE_RSA2048 }, */ +/* {EFI_CERT_SHA224_GUID, "SHA224", SIG_TYPE_HASH}, */ +/* {EFI_CERT_SHA384_GUID, "SHA384", SIG_TYPE_HASH}, */ +/* {EFI_CERT_SHA512_GUID, "SHA512", SIG_TYPE_HASH}, */ +}; + +/** + * is_secureboot_enabled() - check UEFI Secure Boot is enabled + * + * Return: true when UEFI Secure Boot is enabled, false otherwise + */ +static bool is_secureboot_enabled(void) +{ + efi_status_t ret; + u8 secure_boot; + efi_uintn_t size; + + size = sizeof(secure_boot); + ret = efi_get_variable_int(u"SecureBoot", &efi_global_variable_guid, + NULL, &size, &secure_boot, NULL); + + return secure_boot == 1; +} + +/** + * create_time_based_payload() - create payload for time based authenticate variable + * + * @db: pointer to the original signature database + * @new_db: pointer to the authenticated variable payload + * @size: pointer to payload size + * Return: status code + */ +static efi_status_t create_time_based_payload(void *db, void **new_db, efi_uintn_t *size) +{ + efi_status_t ret; + struct efi_time time; + efi_uintn_t total_size; + struct efi_variable_authentication_2 *auth; + + *new_db = NULL; + + /* + * SetVariable() call with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + * attribute requires EFI_VARIABLE_AUTHENTICATED_2 descriptor, prepare it + * without certificate data in it. + */ + total_size = sizeof(struct efi_variable_authentication_2) + *size; + + auth = calloc(1, total_size); + if (!auth) + return EFI_OUT_OF_RESOURCES; + + ret = EFI_CALL((*efi_runtime_services.get_time)(&time, NULL)); + if (ret != EFI_SUCCESS) { + free(auth); + return EFI_OUT_OF_RESOURCES; + } + time.pad1 = 0; + time.nanosecond = 0; + time.timezone = 0; + time.daylight = 0; + time.pad2 = 0; + memcpy(&auth->time_stamp, &time, sizeof(time)); + auth->auth_info.hdr.dwLength = sizeof(struct win_certificate_uefi_guid); + auth->auth_info.hdr.wRevision = 0x0200; + auth->auth_info.hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; + guidcpy(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7); + if (db) + memcpy((u8 *)auth + sizeof(struct efi_variable_authentication_2), db, *size); + + *new_db = auth; + *size = total_size; + + return EFI_SUCCESS; +} + +/** + * file_have_auth_header() - check file has EFI_VARIABLE_AUTHENTICATION_2 header + * @buf: pointer to file + * @size: file size + * Return: true if file has auth header, false otherwise + */ +static bool file_have_auth_header(void *buf, efi_uintn_t size) +{ + struct efi_variable_authentication_2 *auth = buf; + + if (auth->auth_info.hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) + return false; + + if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7)) + return false; + + return true; +} + +/** + * file_is_efi_signature_list() - check the file is efi signature list + * @buf: pointer to file + * Return: true if file is efi signature list, false otherwise + */ +static bool file_is_efi_signature_list(void *buf) +{ + u32 i; + struct efi_signature_list *sig_list = buf; + + for (i = 0; i < ARRAY_SIZE(sigtype_to_str); i++) { + if (!guidcmp(&sig_list->signature_type, &sigtype_to_str[i].sig_type)) + return true; + } + + return false; +} + +/** + * eficonfig_process_enroll_key() - enroll key into signature database + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_enroll_key(void *data) +{ + u32 attr; + char *buf = NULL; + efi_uintn_t size; + efi_status_t ret; + void *new_db = NULL; + struct efi_file_handle *f; + struct efi_file_handle *root; + struct eficonfig_select_file_info file_info; + + file_info.current_path = calloc(1, EFICONFIG_FILE_PATH_BUF_SIZE); + if (!file_info.current_path) + goto out; + + ret = eficonfig_select_file_handler(&file_info); + if (ret != EFI_SUCCESS) + goto out; + + ret = efi_open_volume_int(file_info.current_volume, &root); + if (ret != EFI_SUCCESS) + goto out; + + ret = efi_file_open_int(root, &f, file_info.current_path, EFI_FILE_MODE_READ, 0); + if (ret != EFI_SUCCESS) + goto out; + + size = 0; + ret = EFI_CALL(f->getinfo(f, &efi_file_info_guid, &size, NULL)); + if (ret != EFI_BUFFER_TOO_SMALL) + goto out; + + buf = calloc(1, size); + if (!buf) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + ret = EFI_CALL(f->getinfo(f, &efi_file_info_guid, &size, buf)); + if (ret != EFI_SUCCESS) + goto out; + + size = ((struct efi_file_info *)buf)->file_size; + free(buf); + + buf = calloc(1, size); + if (!buf) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + ret = efi_file_read_int(f, &size, buf); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Failed to read file."); + goto out; + } + if (size == 0) { + eficonfig_print_msg("ERROR! File is empty."); + goto out; + } + + /* We expect that file is EFI Signature Lists or signed EFI Signature Lists */ + if (!file_have_auth_header(buf, size)) { + if (!file_is_efi_signature_list(buf)) { + eficonfig_print_msg("ERROR! Invalid file format."); + ret = EFI_INVALID_PARAMETER; + goto out; + } + + ret = create_time_based_payload(buf, &new_db, &size); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Failed to create payload with timestamp."); + goto out; + } + + free(buf); + buf = new_db; + } + + attr = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + + /* PK can enroll only one certificate */ + if (u16_strcmp(data, u"PK")) { + efi_uintn_t db_size = 0; + + /* check the variable exists. If exists, add APPEND_WRITE attribute */ + ret = efi_get_variable_int(data, efi_auth_var_get_guid(data), NULL, + &db_size, NULL, NULL); + if (ret == EFI_BUFFER_TOO_SMALL) + attr |= EFI_VARIABLE_APPEND_WRITE; + } + + ret = efi_set_variable_int((u16 *)data, efi_auth_var_get_guid((u16 *)data), + attr, size, buf, false); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Failed to update signature database"); + goto out; + } + +out: + free(file_info.current_path); + free(buf); + + /* to stay the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + +static struct eficonfig_item key_config_menu_items[] = { + {"Enroll New Key", eficonfig_process_enroll_key}, + {"Quit", eficonfig_process_quit}, +}; + +/** + * eficonfig_process_set_secure_boot_key() - display the key configuration menu + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_set_secure_boot_key(void *data) +{ + u32 i; + efi_status_t ret; + char header_str[32]; + struct efimenu *efi_menu; + + for (i = 0; i < ARRAY_SIZE(key_config_menu_items); i++) + key_config_menu_items[i].data = data; + + snprintf(header_str, sizeof(header_str), " ** Configure %ls **", (u16 *)data); + + while (1) { + efi_menu = eficonfig_create_fixed_menu(key_config_menu_items, + ARRAY_SIZE(key_config_menu_items)); + + ret = eficonfig_process_common(efi_menu, header_str); + eficonfig_destroy(efi_menu); + + if (ret == EFI_ABORTED) + break; + } + + /* to stay the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + +static const struct eficonfig_item secure_boot_menu_items[] = { + {"PK", eficonfig_process_set_secure_boot_key, u"PK"}, + {"KEK", eficonfig_process_set_secure_boot_key, u"KEK"}, + {"db", eficonfig_process_set_secure_boot_key, u"db"}, + {"dbx", eficonfig_process_set_secure_boot_key, u"dbx"}, + {"Quit", eficonfig_process_quit}, +}; + +/** + * eficonfig_process_secure_boot_config() - display the key list menu + * + * @data: pointer to the data for each entry + * Return: status code + */ +efi_status_t eficonfig_process_secure_boot_config(void *data) +{ + efi_status_t ret; + struct efimenu *efi_menu; + + while (1) { + char header_str[64]; + + snprintf(header_str, sizeof(header_str), + " ** UEFI Secure Boot Key Configuration (SecureBoot : %s) **", + (is_secureboot_enabled() ? "ON" : "OFF")); + + efi_menu = eficonfig_create_fixed_menu(secure_boot_menu_items, + ARRAY_SIZE(secure_boot_menu_items)); + if (!efi_menu) { + ret = EFI_OUT_OF_RESOURCES; + break; + } + + ret = eficonfig_process_common(efi_menu, header_str); + eficonfig_destroy(efi_menu); + + if (ret == EFI_ABORTED) + break; + } + + /* to stay the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} diff --git a/include/efi_config.h b/include/efi_config.h index 86bc801211..6db8e123f0 100644 --- a/include/efi_config.h +++ b/include/efi_config.h @@ -99,5 +99,10 @@ efi_status_t eficonfig_append_menu_entry(struct efimenu *efi_menu, char *title, eficonfig_entry_func func, void *data); efi_status_t eficonfig_append_quit_entry(struct efimenu *efi_menu); +void *eficonfig_create_fixed_menu(const struct eficonfig_item *items, int count); + +#ifdef CONFIG_EFI_SECURE_BOOT +efi_status_t eficonfig_process_secure_boot_config(void *data); +#endif #endif From patchwork Fri Oct 14 06:56:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615064 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp113101pvb; Thu, 13 Oct 2022 23:58:25 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7iCAiKfSFQStcYjSWDTht9A4OIqzFQluCG7fy6RgsUOMPGxYA/2BuClPgbJnWKZrjVXEC9 X-Received: by 2002:a17:907:6088:b0:78d:8e24:40d0 with SMTP id ht8-20020a170907608800b0078d8e2440d0mr2532498ejc.590.1665730705644; Thu, 13 Oct 2022 23:58:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730705; cv=none; d=google.com; s=arc-20160816; b=xfktOtS8nt0NSgLrl56/LFtU0Ez3OjV7rdavz4gSUwkG5bap9+PVj/7FpyzhFfv8ik KbqGKLO2dWadku0Lt/+r9Qttm/MtiXxjb9f9jsDMQF523W/guDrf86lFPL7MMQGSv1n4 hVT0M2YIFM6o4gcNBiNjYVLY7IXIszCaIdxfJe6FWle7e9Fr84hlasaJhEV0kDVHB9Z+ bEuGKsGtsoQKHboX7lE+NxMz5h8Rq80LutVMaNzP7OSk4deBxf5bFZjB7/q7AGsg2amc Mm1VFhHRzdXDMzA9UMCStRUvl1kX6kLR1GHwUPWnunkrVANvHxcVnaAqoxAsQ3UsMp2X cyyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=s/PcSYSQQ9UTesLdc2CqwfUMSiEKqt/VoedMPQCkZfw=; b=m+WDtPovZ9BFr/e18MbmEEh+EuhyQavFAks8u18n032EIH85p9BJOVTFA6hh1nirD7 2RD8eRZR4O7LiR2nROr5ql9ipIlKwAgyc+Rb9mtQ5//xskOuJlmOqLpKmnIrYSvJpXmP p1YppzClUBB5oZjST3IaGzjSNZ4Bjx728sdLmoQHff8qeJeQpxRmpDg1A/yE/cuqYSsB eFL7JUDCIP4F6LfJ6RMg2T3GTSIcaV+a2ObpmJCZW+a5oLCGEQYnwBXgW8dGAV949o4e gkZq3G4LMU31Q0xCvfh6vYpjH/ap2qeHSRLmo1DDtQIPP6aV4d3z2vogawsIdE5Yn2b5 /0lQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=h8A9Dny2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id d38-20020a056402402600b0045cd5902d51si1680062eda.507.2022.10.13.23.58.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:58:25 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=h8A9Dny2; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7921A84F37; Fri, 14 Oct 2022 08:57:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="h8A9Dny2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CB27384EAE; Fri, 14 Oct 2022 08:57:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id EDFF284F26 for ; Fri, 14 Oct 2022 08:57:39 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x531.google.com with SMTP id 128so3576814pga.1 for ; Thu, 13 Oct 2022 23:57:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=s/PcSYSQQ9UTesLdc2CqwfUMSiEKqt/VoedMPQCkZfw=; b=h8A9Dny2e2KVV9J/g5xbDVDNj2r9SkiAIvSBVLgf3/opQp13smCKaGRYuUHO4vwHYc aZtcQaCBiHw/EjNHxYhgB6pAZ5idZvuZf9OGc0alYvP5SEj0clHJfbwH0gJkxh+f3oIH +csBXkEMLQgn6D8XW3bq8yb1b2FOk7bzIpqX08c0wXEVKAEeSGKnCLP59KiThbouTD16 Fssrq+5kGh5WwNpJEHGG7owvqIZ83bjGMzuDu5j4uOaMZ9akX8nQ/1jPyTK5llheqYZR abVuAx4dqw4xKFaPAZLBmsPqkFOgu5eCs3c1kPviLWXllBcZTQxcgyc0OYTKdYnrJ79w RF6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s/PcSYSQQ9UTesLdc2CqwfUMSiEKqt/VoedMPQCkZfw=; b=qjtfT4muahHbhH6LwviIXzkfDGgqs5EMpHYZscBbKX7Zoj5P6W1ttaFpiRLGt1PHZN QObW+S28RD3v10CsT4J+LPyB7sYmXaeoGE/PYTtDCe/wNeK73KqhfRg9cQUDbRDDpMYP 1E7NyZFfAKvJWBt8q1K6NNJp6qiUwcy0D3FeufYVcZCRbqnlK2OE4v9h5udgA9b4QwWZ 5JRVuQFFMT6cB3y1tXH9tfFs8niN9djFcf7ndHcP6ZJzybGXQD1NixaZSkBHojdYFVwL c7a4Bk67JuBI6wFfNS7zGf4u4adFcG5XP1Co4hr+WCaNjpu++mzbm2YQDCDGlc6WVLji v52g== X-Gm-Message-State: ACrzQf2zMY57tAUGkbx1rhr4GiXqOi5fJ0cC1udXy4aO8d6ZJAtn4xNu 340seILLu07C0AWbbgAtjvUfaQxqWe+76A== X-Received: by 2002:a05:6a00:1a92:b0:565:d5c0:f627 with SMTP id e18-20020a056a001a9200b00565d5c0f627mr3849737pfv.10.1665730657574; Thu, 13 Oct 2022 23:57:37 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:37 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 4/6] eficonfig: add "Show/Delete Signature Database" menu entry Date: Fri, 14 Oct 2022 15:56:58 +0900 Message-Id: <20221014065705.5249-5-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This commit adds the menu-driven interface to show and delete the signature database. EFI Signature Lists can contain the multiple signature entries, this menu can delete the indivisual entry. If the PK is enrolled and UEFI Secure Boot is in User Mode or Deployed Mode, user can not delete the existing signature lists since the signature lists must be signed by KEK or PK but signing information is not stored in the signature database. To delete PK, user needs to enroll the new key with an empty value and this new key must be signed with the old PK. Signed-off-by: Masahisa Kojima --- No change since v2 Changes in v2: - integrate show and delete signature database menu - add confirmation message before delete - add function comment cmd/eficonfig_sbkey.c | 394 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 394 insertions(+) diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c index cc27f78e66..e8ba15726d 100644 --- a/cmd/eficonfig_sbkey.c +++ b/cmd/eficonfig_sbkey.c @@ -17,6 +17,14 @@ #include #include +struct eficonfig_sig_data { + struct efi_signature_list *esl; + struct efi_signature_data *esd; + struct list_head list; + struct eficonfig_sig_data **selected; + u16 *varname; +}; + enum efi_sbkey_signature_type { SIG_TYPE_X509 = 0, SIG_TYPE_HASH, @@ -46,6 +54,32 @@ static const struct eficonfig_sigtype_to_str sigtype_to_str[] = { /* {EFI_CERT_SHA512_GUID, "SHA512", SIG_TYPE_HASH}, */ }; +/** + * eficonfig_console_wait_enter() - wait ENTER key press + * + * Return: 1 if ENTER key is pressed, 0 if user selects to quit + */ +static int eficonfig_console_wait_enter(void) +{ + int esc = 0; + enum bootmenu_key key = KEY_NONE; + + puts(ANSI_CURSOR_HIDE); + + while (1) { + bootmenu_loop(NULL, &key, &esc); + + switch (key) { + case KEY_SELECT: + return 1; + case KEY_QUIT: + return 0; + default: + break; + } + } +} + /** * is_secureboot_enabled() - check UEFI Secure Boot is enabled * @@ -270,8 +304,368 @@ out: return ret; } +/** + * delete_selected_signature_data() - delete the signature data from signature list + * + * @db: pointer to the signature database + * @db_size: pointer to the signature database size + * @target: pointer to the signature data to be deleted + * Return: status code + */ +static void delete_selected_signature_data(void *db, efi_uintn_t *db_size, + struct eficonfig_sig_data *target) +{ + u32 remain; + u8 *dest, *start, *end; + efi_uintn_t total_size, esd_size, size; + struct efi_signature_list *esl; + struct efi_signature_data *esd; + + esl = db; + total_size = *db_size; + size = *db_size; + end = (u8 *)db + *db_size; + while (total_size > 0) { + esd = (struct efi_signature_data *)((u8 *)esl + + sizeof(struct efi_signature_list) + esl->signature_header_size); + esd_size = esl->signature_list_size - sizeof(struct efi_signature_list) - + esl->signature_header_size; + for (; esd_size > 0; esd_size -= esl->signature_size) { + if (esl == target->esl && esd == target->esd) { + remain = esl->signature_list_size - + (sizeof(struct efi_signature_list) - + esl->signature_header_size) - + esl->signature_size; + if (remain > 0) { + /* only delete the single signature data */ + esl->signature_list_size -= esl->signature_size; + size -= esl->signature_size; + dest = (u8 *)esd; + start = (u8 *)esd + esl->signature_size; + } else { + /* delete entire signature list */ + dest = (u8 *)esl; + start = (u8 *)esl + esl->signature_list_size; + size -= esl->signature_list_size; + } + memmove(dest, start, (end - start)); + goto out; + } + esd = (struct efi_signature_data *)((u8 *)esd + esl->signature_size); + } + total_size -= esl->signature_list_size; + esl = (struct efi_signature_list *)((u8 *)esl + esl->signature_list_size); + } +out: + *db_size = size; +} + +/** + * display_sigdata_info() - display signature data information + * + * @sg: pointer to the internal signature data structure + * Return: status code + */ +static void display_sigdata_info(struct eficonfig_sig_data *sg) +{ + u32 i; + + puts(ANSI_CURSOR_HIDE); + puts(ANSI_CLEAR_CONSOLE); + printf(ANSI_CURSOR_POSITION, 1, 1); + + *sg->selected = sg; + printf("\n ** Show/Delete Signature Database (%ls) **\n\n" + " Owner GUID:\n" + " %pUL\n", + sg->varname, sg->esd->signature_owner.b); + + for (i = 0; i < ARRAY_SIZE(sigtype_to_str); i++) { + if (!guidcmp(&sg->esl->signature_type, &sigtype_to_str[i].sig_type)) { + printf(" Signature Type:\n" + " %s\n", sigtype_to_str[i].str); + + switch (sigtype_to_str[i].type) { + case SIG_TYPE_X509: + { + struct x509_certificate *cert_tmp; + + cert_tmp = x509_cert_parse(sg->esd->signature_data, + sg->esl->signature_size); + printf(" Subject:\n" + " %s\n" + " Issuer:\n" + " %s\n", + cert_tmp->subject, cert_tmp->issuer); + break; + } + case SIG_TYPE_CRL: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t) - + sizeof(struct efi_time); + struct efi_time *time = + (struct efi_time *)((u8 *)sg->esd->signature_data + + hash_size); + + printf(" ToBeSignedHash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + printf(" TimeOfRevocation:\n" + " %d-%d-%d %02d:%02d:%02d\n", + time->year, time->month, time->day, + time->hour, time->minute, time->second); + break; + } + case SIG_TYPE_HASH: + { + u32 hash_size = sg->esl->signature_size - sizeof(efi_guid_t); + + printf(" Hash:\n"); + print_hex_dump(" ", DUMP_PREFIX_NONE, 16, 1, + sg->esd->signature_data, hash_size, false); + break; + } + default: + eficonfig_print_msg("ERROR! Unsupported format."); + break; + } + } + } +} + +/** + * eficonfig_process_sigdata_delete() - delete signature data + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_sigdata_delete(void *data) +{ + int delete; + efi_status_t ret; + efi_uintn_t size; + u8 setup_mode = 0; + u8 audit_mode = 0; + + struct eficonfig_sig_data *sg = data; + + display_sigdata_info(sg); + + if (!u16_strcmp(sg->varname, u"PK")) { + while (tstc()) + getchar(); + + printf("\n\n Can not delete PK, Press any key to continue"); + getchar(); + return EFI_NOT_READY; + } + + printf("\n\n Press ENTER to delete, ESC/CTRL+C to quit"); + delete = eficonfig_console_wait_enter(); + if (!delete) + return EFI_NOT_READY; + + size = sizeof(setup_mode); + ret = efi_get_variable_int(u"SetupMode", &efi_global_variable_guid, + NULL, &size, &setup_mode, NULL); + size = sizeof(audit_mode); + ret = efi_get_variable_int(u"AuditMode", &efi_global_variable_guid, + NULL, &size, &audit_mode, NULL); + + if (!setup_mode && !audit_mode) { + eficonfig_print_msg("Not in the SetupMode or AuditMode, can not delete."); + return EFI_NOT_READY; + } + + return EFI_SUCCESS; +} + +/** + * prepare_signature_db_list() - create the signature data menu entry + * + * @efimenu: pointer to the efimenu structure + * @varname: pointer to the variable name + * @db: pointer to the variable raw data + * @db_size: variable data size + * @func: callback of each entry + * @selected: pointer to selected signature data + * Return: status code + */ +static efi_status_t prepare_signature_db_list(struct efimenu *efi_menu, void *varname, + void *db, efi_uintn_t db_size, + eficonfig_entry_func func, + struct eficonfig_sig_data **selected) +{ + u32 num = 0; + efi_uintn_t size; + struct eficonfig_sig_data *sg; + struct efi_signature_list *esl; + struct efi_signature_data *esd; + efi_status_t ret = EFI_SUCCESS; + + INIT_LIST_HEAD(&efi_menu->list); + + esl = db; + size = db_size; + while (size > 0) { + u32 remain; + + esd = (struct efi_signature_data *)((u8 *)esl + + (sizeof(struct efi_signature_list) + + esl->signature_header_size)); + remain = esl->signature_list_size - sizeof(struct efi_signature_list) - + esl->signature_header_size; + for (; remain > 0; remain -= esl->signature_size) { + char buf[40]; + char *title; + + if (num >= EFICONFIG_ENTRY_NUM_MAX - 1) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + sg = calloc(1, sizeof(struct eficonfig_sig_data)); + if (!sg) { + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + + snprintf(buf, sizeof(buf), "%pUL", &esd->signature_owner); + title = calloc(1, (strlen(buf) + 1)); + if (!title) { + free(sg); + ret = EFI_OUT_OF_RESOURCES; + goto err; + } + strlcpy(title, buf, strlen(buf) + 1); + + sg->esl = esl; + sg->esd = esd; + sg->selected = selected; + sg->varname = varname; + ret = eficonfig_append_menu_entry(efi_menu, title, func, sg); + if (ret != EFI_SUCCESS) { + free(sg); + free(title); + goto err; + } + esd = (struct efi_signature_data *)((u8 *)esd + esl->signature_size); + num++; + } + + size -= esl->signature_list_size; + esl = (struct efi_signature_list *)((u8 *)esl + esl->signature_list_size); + } +out: + ret = eficonfig_append_quit_entry(efi_menu); +err: + return ret; +} + +/** + * process_show_signature_db() - display the signature data list + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t process_show_signature_db(void *varname) +{ + char buf[50]; + efi_status_t ret; + efi_uintn_t db_size; + void *db, *new_db = NULL; + struct efimenu *efi_menu; + struct list_head *pos, *n; + struct eficonfig_entry *entry; + struct eficonfig_sig_data *selected; + + db = efi_get_var(varname, efi_auth_var_get_guid(varname), &db_size); + if (!db) { + eficonfig_print_msg("There is no entry in the signature database."); + return EFI_NOT_FOUND; + } + + efi_menu = calloc(1, sizeof(struct efimenu)); + if (!efi_menu) { + free(db); + return EFI_OUT_OF_RESOURCES; + } + + ret = prepare_signature_db_list(efi_menu, varname, db, db_size, + eficonfig_process_sigdata_delete, &selected); + if (ret != EFI_SUCCESS) + goto out; + + snprintf(buf, sizeof(buf), " ** Show/Delete Signature Database (%ls) **", + (u16 *)varname); + ret = eficonfig_process_common(efi_menu, buf); + if (ret == EFI_SUCCESS) { + u32 attr; + int delete; + + printf(ANSI_CURSOR_HIDE + "\n\n Are you sure you want to delete this item?\n\n" + " Press ENTER to delete, ESC/CTRL+C to quit"); + delete = eficonfig_console_wait_enter(); + if (!delete) + goto out; + + delete_selected_signature_data(db, &db_size, selected); + + ret = create_time_based_payload(db, &new_db, &db_size); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Failed to create payload with timestamp."); + goto out; + } + + attr = EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS | + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + ret = efi_set_variable_int((u16 *)varname, efi_auth_var_get_guid((u16 *)varname), + attr, db_size, new_db, false); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Failed to delete signature database"); + goto out; + } + } +out: + list_for_each_safe(pos, n, &efi_menu->list) { + entry = list_entry(pos, struct eficonfig_entry, list); + free(entry->data); + } + eficonfig_destroy(efi_menu); + free(new_db); + free(db); + + return ret; +} + +/** + * eficonfig_process_set_secure_boot_key() - display the key configuration menu + * + * @data: pointer to the data for each entry + * Return: status code + */ +static efi_status_t eficonfig_process_show_signature_db(void *data) +{ + efi_status_t ret; + + while (1) { + ret = process_show_signature_db(data); + if (ret != EFI_SUCCESS && ret != EFI_NOT_READY) + break; + } + + /* to stay the parent menu */ + ret = (ret == EFI_ABORTED) ? EFI_NOT_READY : ret; + + return ret; +} + static struct eficonfig_item key_config_menu_items[] = { {"Enroll New Key", eficonfig_process_enroll_key}, + {"Show/Delete Signature Database", eficonfig_process_show_signature_db}, {"Quit", eficonfig_process_quit}, }; From patchwork Fri Oct 14 06:56:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615063 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp113036pvb; Thu, 13 Oct 2022 23:58:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4MMlunNACkEsUg7IskQ+pkkPmKD+MXaxO5uf5JV3vH2213Z8F+My7CfHn09SOnpuCl2gHr X-Received: by 2002:a17:907:7203:b0:78d:b8ba:c1a4 with SMTP id dr3-20020a170907720300b0078db8bac1a4mr2497951ejc.60.1665730693899; Thu, 13 Oct 2022 23:58:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730693; cv=none; d=google.com; s=arc-20160816; b=mUrL4UmvvSVBL155LX1Z287jAosMoCRgTP5dsjVVuSQ9ozSWWpyGAagGFPO6HrSBJR lG7Zld3NI8/0iVUPT+fqz/zvcuDPdbsiPdWYbjhE3XdD3nAZWZpiRxthQhDnV1sxztzr NUjmiLz+zgKl3HW0j839JpoaMm9JTn0ZfQdbnhExlqn+X0fqY8VX79ignr9c3NhRgWJa YlRUa6rg88L+qhB1KGWilaU8cnMCujSo2hG51DR7DFrK0YwdQ0lfYr3Y0yaeQOsS/ogH wL7mHKgSTs6NwcyeYyMWa9eWQtx7kqoD9LKr+NdqHfkVfPAUv3vUAAwHLeTvkE7/RyGU JFRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=VF6XpKFj4J+fI3q133rqSX0NV0wX+JSQdeoSkJOU2uo=; b=m/Uawnn2blFLKj3yEHnQoxv87CVSf6jXT7W/28HpyH/YjFR6EMI1utkzAs0C3LCbhQ WFnhtEz+ECcyFFDPBGv8V10CMc8XYrKL0fqlXBW8EMCNWjYsLnI1gDoPlH2VIakzZVwg e9LsMTJLASfOI6R84gMo2/ALZvVMwiOCPYHur9bdq+JRaa1yiZm5U20DHtC8eG0r7ntK n76xVzzhGAmIz7eI2G9yftk7ndPKxU3DWQRvVG5VdW8u4ZRCh05l6lAAXsQ5rDLVar3O p95N5BhwmrDoidWjv3IcPi1fV0oUsP+O+WfJwH8tPn06pf2hpTPbimrER+AgjF+eGdeb Hs3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gXf38GQZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id t22-20020a1709067c1600b0078a76811e33si1460113ejo.408.2022.10.13.23.58.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:58:13 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=gXf38GQZ; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0D35084F3B; Fri, 14 Oct 2022 08:57:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="gXf38GQZ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 250A784F28; Fri, 14 Oct 2022 08:57:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4293C84EAE for ; Fri, 14 Oct 2022 08:57:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x629.google.com with SMTP id d24so3935280pls.4 for ; Thu, 13 Oct 2022 23:57:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=VF6XpKFj4J+fI3q133rqSX0NV0wX+JSQdeoSkJOU2uo=; b=gXf38GQZzo3UqQmEyvuElcWdq3D5Mw/WmjL6DG11cPBMuMeH64BrrYgclN6cUhDevL AhSsWIy+RbKy5hMNLqG8TwGzmGo6ba1I43RVg21D1iqF/fxH0jL0JaL4h4121QyUmXHF srr4bqgI559MJ9SQ5Jz0V68Ws2/VU7ZPh05zQ6zXXyKvIKkOox1wyHqhbq8uE1AOvJIr WQQ/gl/cckaHplP+NuoGYB90CjKP1E4wvRPhe6YZCvzqxKmLHipVnRwkCQp57mxtVJB0 h4mwffHIxbmoUygyFtojoWfwy6Kj4A5rMlKGEddzqmVYU7emntSzdk54bHjfHYxr+njK OnZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VF6XpKFj4J+fI3q133rqSX0NV0wX+JSQdeoSkJOU2uo=; b=qLNnBUY+8dnL0YQFxNbskC9QGQ/f1P1nz56QodswYU+qDPN6pF/RxYdeggZRxGhNiV kolczC01U4qMHFXdtJQjcXjdVFutgCZvDbFx+VxBQc/qxkh9HhLK9rgCr9b53H5/NeDC pbt62hOhBeVDzXl9Hl3vWkcot/SDusqadNreJp3F05RznRZZXZv2B0JZyGroapFx72Er 42sHjHUecxdXc58YC02oU6qbpkeDwe2LgJKR9fJbnaVC8TpPpC9y4hdBNlKfkG2INO6h Cr4q6FgYeiAlihhtZbZrdUu1OOfs/Do2qPHJCqVeDhIB21CGqtjFK1i0yayrCnuPHTNz q0aA== X-Gm-Message-State: ACrzQf1YrOgKVyofhFGREU3LIv21JGyB0WMOsuAEf/KtmZGKiiFI8IhN kOKsYNkQrWS/xt+ZYNAS9tnxitSvUQ403w== X-Received: by 2002:a17:902:d349:b0:183:7fa5:36a6 with SMTP id l9-20020a170902d34900b001837fa536a6mr3824419plk.63.1665730659932; Thu, 13 Oct 2022 23:57:39 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:39 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 5/6] test/eficonfig: support secure boot key maintenance menu Date: Fri, 14 Oct 2022 15:56:59 +0900 Message-Id: <20221014065705.5249-6-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean eficonfig test is get aligned with the addition of secure boot key management menu. Signed-off-by: Masahisa Kojima --- No change since v2 newly created in v2 test/py/tests/test_eficonfig/test_eficonfig.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/py/tests/test_eficonfig/test_eficonfig.py b/test/py/tests/test_eficonfig/test_eficonfig.py index 99606d9c4b..f7cb031af2 100644 --- a/test/py/tests/test_eficonfig/test_eficonfig.py +++ b/test/py/tests/test_eficonfig/test_eficonfig.py @@ -8,6 +8,7 @@ import time @pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('cmd_eficonfig') @pytest.mark.buildconfigspec('cmd_bootefi_bootmgr') +@pytest.mark.buildconfigspec('efi_secure_boot') def test_efi_eficonfig(u_boot_console, efi_eficonfig_data): def send_user_input_and_wait(user_str, expect_str): @@ -47,7 +48,7 @@ def test_efi_eficonfig(u_boot_console, efi_eficonfig_data): def check_current_is_maintenance_menu(): for i in ('UEFI Maintenance Menu', 'Add Boot Option', 'Edit Boot Option', - 'Change Boot Order', 'Delete Boot Option', 'Quit'): + 'Change Boot Order', 'Delete Boot Option', 'Secure Boot Configuration', 'Quit'): u_boot_console.p.expect([i]) """ Unit test for "eficonfig" command @@ -349,6 +350,7 @@ def test_efi_eficonfig(u_boot_console, efi_eficonfig_data): press_up_down_enter_and_wait(0, 1, True, 'Quit') press_up_down_enter_and_wait(0, 0, True, 'No block device found!') press_escape_key(False) + press_escape_key(False) check_current_is_maintenance_menu() # Return to U-Boot console press_escape_key(True) From patchwork Fri Oct 14 06:57:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 615065 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp113146pvb; Thu, 13 Oct 2022 23:58:36 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4mE5n2ko+5xKuQgmQl9MS2xzbpQP3Nip8T6TvkV+oISBKjuDo/VuDHWLRnWq/2gyZVSSSd X-Received: by 2002:a17:907:a4e:b0:77d:94d:8148 with SMTP id be14-20020a1709070a4e00b0077d094d8148mr2367073ejc.607.1665730716578; Thu, 13 Oct 2022 23:58:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665730716; cv=none; d=google.com; s=arc-20160816; b=Bia/3boYs31SO6rKBDdOBKkAzYVOhwf37ASyHv4XVGNfCYzCwUwFAwZBtzLVNv/I6P 9obtdLdVErQY5JNQRfPl7M6wmlpA63SmhvPtHLidBNSjmWKLdz8BzW2RhT4nMdS9DhGK G/ras+lZfuSH43PiZ6TrBMvW0ULfRZ/goYst3xm6MEidHo2enADqTaQVQGOqeRyghwVg nT31+CvR8dxsK9SVh+r/3CL+YlUFd3RBJXxgcX4L/Om5O2tYS96OEZajAY7zhyW9Xn5r DzDYa6+NCpERmzkpfEA4Wv9O97zbTMG2erDrSvzz6tbU4bKuaTw3xClFVblc2iAZgZiA 7lEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=4cYSkTlmCU6yU3jGWL+Zd9RpEOo9TT3cY5WIiDF3PJA=; b=B+YZSiKmVybnVq3LppocbVgo25xuNSkiBwDcsRC/nq8oYPVFheyO27hf7N+sjPJK8p H4AOQo4KoB7v7/B8L5/Yjs0tWYzpAH1GIlkb7mJiZ3YXmTXfcutEbOJhJwvhyq25KZoI Z9P+/YDbDiq9O71c72A1g1LYDiCvdowIiORhSk4cuDd+VhgEPzx1u0z20Oc9nyxwrUEW pcZKs8crYOPBeJqHtzbELF+/YHCPYqXIgz9HJEzkkVODKvr2A2FnoSida0DC8ecCT5ee o69NfzsOfYLyZpsPvzpxSlKC5VQLaTgLe+MGahzElnHZ/V8POOzI+rNVXwQdep4FoZeY lSzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JBK9aKdi; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id v10-20020a056402348a00b0045901aa2468si2047581edc.333.2022.10.13.23.58.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:58:36 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JBK9aKdi; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9097584F39; Fri, 14 Oct 2022 08:58:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="JBK9aKdi"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id CAA9784F3F; Fri, 14 Oct 2022 08:57:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 8770D84F22 for ; Fri, 14 Oct 2022 08:57:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1029.google.com with SMTP id a6-20020a17090abe0600b0020d7c0c6650so7114397pjs.0 for ; Thu, 13 Oct 2022 23:57:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=4cYSkTlmCU6yU3jGWL+Zd9RpEOo9TT3cY5WIiDF3PJA=; b=JBK9aKdil8ctsQnOVRrhgj8w2CW+7iNIkVmIGmMzdnQJzf6tYluOkZpHmx1UqI2jDY jC1gGPYnRR/p4eIOBl5NpUldFl1UYnR6UUstPEDl++pJIszknu0cZTYRnuCAXVz+kl+H 0vhw3sJOBjuUxKyH9xUhbKHAApedX7xVSMwFqYwnM492eJeqL1/cvvmQtk4etoQAwK1O ucq4EjMjOk/Mf+yEDx07ycP9VB1Uzj6b7iIl0LSOY0nniTWiKs+xwQLEkMSi7XN3/bEu xIC02+o2IbXTTwJWXDUz4thhECtthytjeJqWilIs36Cgjg5vCoLrLWE3LhI69lBniCma AO5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4cYSkTlmCU6yU3jGWL+Zd9RpEOo9TT3cY5WIiDF3PJA=; b=APnDirAkdEE72T5L9KJleXpVLKfjobBu+jHJLDyVVSUoUqlKmSJs+GV4GrTwnqCGeU appEH9yEO4EhON0C3taboulDwHegduQGFUFYwzjNZYleL2qjtONWvNRCgqF1GqvnD/xx ZB2948C7Kkm1lrS6HVI43j11EIPrutyUMg99VPoBvowEThtukhwsoQBCQcbrPi+OOyDp /hHb5TqOZu7mcItKtxJWoblMQpjfs+6cP6gaWsjc8kT/fqwdDI/bmL52yL4mag/TR8il fQL2avirVfUB77lvBfViml/0uIV7P9CRL7EZEQbXYc9Pc+QO8XZ5Xw6V9U/NQpJTiEn3 hLHg== X-Gm-Message-State: ACrzQf0hoqbMEUfoSE4zdn9iLE2LgncvylHiVXFrUYTzkLLAqMe25szM BXOoQ5pq/MA7qfiHY1yrG2QphuNyQvSBeA== X-Received: by 2002:a17:902:f60b:b0:178:6a49:d4e3 with SMTP id n11-20020a170902f60b00b001786a49d4e3mr4007181plg.75.1665730662512; Thu, 13 Oct 2022 23:57:42 -0700 (PDT) Received: from localhost.localdomain ([240d:1a:cf7:5800:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id d67-20020a621d46000000b00550724f8ea0sm850581pfd.128.2022.10.13.23.57.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Oct 2022 23:57:41 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Takahiro Akashi , Masahisa Kojima Subject: [PATCH v3 6/6] test: add test for eficonfig secure boot key management Date: Fri, 14 Oct 2022 15:57:00 +0900 Message-Id: <20221014065705.5249-7-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221014065705.5249-1-masahisa.kojima@linaro.org> References: <20221014065705.5249-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Provide a unit test for the eficonfig secure boot key management menu. Signed-off-by: Masahisa Kojima --- No change since v2 newly created in v2 test/py/tests/test_eficonfig/conftest.py | 84 +++- test/py/tests/test_eficonfig/defs.py | 14 + .../test_eficonfig/test_eficonfig_sbkey.py | 472 ++++++++++++++++++ 3 files changed, 568 insertions(+), 2 deletions(-) create mode 100644 test/py/tests/test_eficonfig/defs.py create mode 100644 test/py/tests/test_eficonfig/test_eficonfig_sbkey.py diff --git a/test/py/tests/test_eficonfig/conftest.py b/test/py/tests/test_eficonfig/conftest.py index f289df0362..6750d33989 100644 --- a/test/py/tests/test_eficonfig/conftest.py +++ b/test/py/tests/test_eficonfig/conftest.py @@ -2,11 +2,12 @@ """Fixture for UEFI eficonfig test """ - import os +import os.path import shutil -from subprocess import check_call +from subprocess import call, check_call, check_output, CalledProcessError import pytest +from defs import * @pytest.fixture(scope='session') def efi_eficonfig_data(u_boot_config): @@ -38,3 +39,82 @@ def efi_eficonfig_data(u_boot_config): shell=True) return image_path + +@pytest.fixture(scope='session') +def efi_boot_env(request, u_boot_config): + """Set up a file system to be used in UEFI secure boot test. + + Args: + request: Pytest request object. + u_boot_config: U-boot configuration. + + Return: + A path to disk image to be used for testing + """ + image_path = u_boot_config.persistent_data_dir + image_path = image_path + '/test_eficonfig_sb.img' + + try: + mnt_point = u_boot_config.build_dir + '/mnt_eficonfig_sb' + check_call('rm -rf {}'.format(mnt_point), shell=True) + check_call('mkdir -p {}'.format(mnt_point), shell=True) + + # suffix + # *.key: RSA private key in PEM + # *.crt: X509 certificate (self-signed) in PEM + # *.esl: signature list + # *.hash: message digest of image as signature list + # *.auth: signed signature list in signature database format + # *.efi: UEFI image + # *.efi.signed: signed UEFI image + + # Create signature database + # PK + check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_PK/ -keyout PK.key -out PK.crt -nodes -days 365' + % mnt_point, shell=True) + check_call('cd %s; %scert-to-efi-sig-list -g %s PK.crt PK.esl; %ssign-efi-sig-list -t "2020-04-01" -c PK.crt -k PK.key PK PK.esl PK.auth' + % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), + shell=True) + # PK_null for deletion + check_call('cd %s; touch PK_null.esl; %ssign-efi-sig-list -t "2020-04-02" -c PK.crt -k PK.key PK PK_null.esl PK_null.auth' + % (mnt_point, EFITOOLS_PATH), shell=True) + # KEK + check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_KEK/ -keyout KEK.key -out KEK.crt -nodes -days 365' + % mnt_point, shell=True) + check_call('cd %s; %scert-to-efi-sig-list -g %s KEK.crt KEK.esl; %ssign-efi-sig-list -t "2020-04-03" -c PK.crt -k PK.key KEK KEK.esl KEK.auth' + % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), + shell=True) + # db + check_call('cd %s; openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_db/ -keyout db.key -out db.crt -nodes -days 365' + % mnt_point, shell=True) + check_call('cd %s; %scert-to-efi-sig-list -g %s db.crt db.esl; %ssign-efi-sig-list -t "2020-04-04" -c KEK.crt -k KEK.key db db.esl db.auth' + % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), + shell=True) + + # dbx_hash (digest of TEST_db certificate) + check_call('cd %s; %scert-to-efi-hash-list -g %s -t "2013-05-27 01:02:03" -s 256 db.crt dbx_hash.crl; %ssign-efi-sig-list -t "2020-04-05" -c KEK.crt -k KEK.key dbx dbx_hash.crl dbx_hash.auth' + % (mnt_point, EFITOOLS_PATH, GUID, EFITOOLS_PATH), + shell=True) + + # Copy image + check_call('cp %s/lib/efi_loader/helloworld.efi %s' % + (u_boot_config.build_dir, mnt_point), shell=True) + + # Sign image + check_call('cd %s; sbsign --key db.key --cert db.crt helloworld.efi' + % mnt_point, shell=True) + + check_call('cd %s; rm -f *.key' % mnt_point, shell=True) + check_call('cd %s; rm -f *.crt' % mnt_point, shell=True) + check_call('cd %s; rm -f *.hash' % mnt_point, shell=True) + check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat {} {}'.format( + mnt_point, image_path), shell=True) + check_call('rm -rf {}'.format(mnt_point), shell=True) + + except CalledProcessError as exception: + pytest.skip('Setup failed: %s' % exception.cmd) + return + else: + yield image_path + finally: + call('rm -f %s' % image_path, shell=True) diff --git a/test/py/tests/test_eficonfig/defs.py b/test/py/tests/test_eficonfig/defs.py new file mode 100644 index 0000000000..b7a2a11851 --- /dev/null +++ b/test/py/tests/test_eficonfig/defs.py @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0+ + +# Owner guid +GUID = '11111111-2222-3333-4444-123456789abc' + +# v1.5.1 or earlier of efitools has a bug in sha256 calculation, and +# you need build a newer version on your own. +# The path must terminate with '/'. +EFITOOLS_PATH = '' + +# "--addcert" option of sbsign must be available, otherwise +# you need build a newer version on your own. +# The path must terminate with '/'. +SBSIGN_PATH = '' diff --git a/test/py/tests/test_eficonfig/test_eficonfig_sbkey.py b/test/py/tests/test_eficonfig/test_eficonfig_sbkey.py new file mode 100644 index 0000000000..727288964d --- /dev/null +++ b/test/py/tests/test_eficonfig/test_eficonfig_sbkey.py @@ -0,0 +1,472 @@ +# SPDX-License-Identifier: GPL-2.0+ +""" Unit test for UEFI menu-driven configuration +""" + +import pytest +import time +from defs import * + +@pytest.mark.boardspec('sandbox') +@pytest.mark.buildconfigspec('cmd_eficonfig') +@pytest.mark.buildconfigspec('cmd_bootefi_bootmgr') +@pytest.mark.buildconfigspec('efi_secure_boot') +def test_efi_eficonfig_sbkey(u_boot_config, u_boot_console, efi_boot_env): + def send_user_input_and_wait(user_str, expect_str): + time.sleep(0.1) # TODO: does not work correctly without sleep + u_boot_console.run_command(cmd=user_str, wait_for_prompt=False, + wait_for_echo=True, send_nl=False) + u_boot_console.run_command(cmd='\x0d', wait_for_prompt=False, + wait_for_echo=False, send_nl=False) + if expect_str is not None: + for i in expect_str: + u_boot_console.p.expect([i]) + + def press_up_down_enter_and_wait(up_count, down_count, enter, expect_str): + # press UP key + for i in range(up_count): + u_boot_console.run_command(cmd='\x1b\x5b\x41', wait_for_prompt=False, + wait_for_echo=False, send_nl=False) + # press DOWN key + for i in range(down_count): + u_boot_console.run_command(cmd='\x1b\x5b\x42', wait_for_prompt=False, + wait_for_echo=False, send_nl=False) + # press ENTER if requested + if enter: + u_boot_console.run_command(cmd='\x0d', wait_for_prompt=False, + wait_for_echo=False, send_nl=False) + # wait expected output + if expect_str is not None: + for i in expect_str: + u_boot_console.p.expect([i]) + + def press_escape_key(wait_prompt): + u_boot_console.run_command(cmd='\x1b', wait_for_prompt=wait_prompt, wait_for_echo=False, send_nl=False) + + def press_enter_key(wait_prompt): + u_boot_console.run_command(cmd='\x0d', wait_for_prompt=wait_prompt, + wait_for_echo=False, send_nl=False) + + def check_current_is_maintenance_menu(): + for i in ('UEFI Maintenance Menu', 'Add Boot Option', 'Edit Boot Option', + 'Change Boot Order', 'Delete Boot Option', 'Secure Boot Configuration', 'Quit'): + u_boot_console.p.expect([i]) + + # Restart the system to clean the previous state + u_boot_console.restart_uboot() + # bind the test disk image for succeeding tests + u_boot_console.run_command(cmd = f'host bind 0 {efi_boot_env}') + + # + # Test Case 1: Enroll non-signed ESL(.esl or .crl) in order of KEK, DB, DBX and PK + # + with u_boot_console.temporary_timeout(500): + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + press_up_down_enter_and_wait(0, 4, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'OFF'): + u_boot_console.p.expect([i]) + + # set KEK.esl to KEK + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 7, True, 'Quit') + # check KEK is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'KEK', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509', 'Subject:', 'TEST_KEK', 'Issuer:', 'TEST_KEK'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set db.esl to db + press_up_down_enter_and_wait(0, 2, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 1, True, 'Quit') + # check db is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'db', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509', 'Subject:', 'TEST_db', 'Issuer:', 'TEST_db'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set dbx_hash.crl to dbx + press_up_down_enter_and_wait(0, 3, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 3, True, 'Quit') + # check dbx is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + # verify CRL, skip hash comparison because it varies in every test + for i in ('Show/Delete Signature Database', 'dbx', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509_SHA256 CRL', + 'TimeOfRevocation:', '2013-5-27 01:02:03'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set PK.esl to PK + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 9, True, 'Quit') + # check PK is expected value + press_up_down_enter_and_wait(0, 1, True, None) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'PK', + 'Owner GUID', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type', 'X509', 'Subject', 'TEST_PK', 'Issuer', 'TEST_PK', + 'Can not delete PK, Press any key to continue'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'ON'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 4, True, 'Quit') + check_current_is_maintenance_menu() + + # + # Test Case 2: Enroll PK first, then non-signed esl fails to enroll + # + + # Restart the system to clean the previous state + u_boot_console.restart_uboot() + # bind the test disk image for succeeding tests + u_boot_console.run_command(cmd = f'host bind 0 {efi_boot_env}') + + with u_boot_console.temporary_timeout(500): + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + press_up_down_enter_and_wait(0, 4, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'OFF'): + u_boot_console.p.expect([i]) + + # set PK.auth to PK + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 8, True, 'Quit') + # check PK is expected value + press_up_down_enter_and_wait(0, 1, True, None) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'PK', + 'Owner GUID', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type', 'X509', 'Subject', 'TEST_PK', 'Issuer', 'TEST_PK', + 'Can not delete PK, Press any key to continue'): + u_boot_console.p.expect([i]) + + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'ON'): + u_boot_console.p.expect([i]) + + # fail to set KEK.esl + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 7, True, 'Quit') + for i in ('ERROR! Failed to update signature database', + 'Press any key to continue'): + u_boot_console.p.expect([i]) + press_escape_key(False) + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # fail to set db.esl + press_up_down_enter_and_wait(0, 2, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 1, True, 'Quit') + for i in ('ERROR! Failed to update signature database', + 'Press any key to continue'): + u_boot_console.p.expect([i]) + press_escape_key(False) + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # fail to set dbx_hash.crl + press_up_down_enter_and_wait(0, 3, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 3, True, 'Quit') + for i in ('ERROR! Failed to update signature database', + 'Press any key to continue'): + u_boot_console.p.expect([i]) + press_escape_key(False) + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # + # Test Case 3: Enroll signed ESL(.auth) in order of PK, KEK, and db, then check status + # + + # Restart the system to clean the previous state + u_boot_console.restart_uboot() + # bind the test disk image for succeeding tests + u_boot_console.run_command(cmd = f'host bind 0 {efi_boot_env}') + + with u_boot_console.temporary_timeout(500): + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + press_up_down_enter_and_wait(0, 4, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'OFF'): + u_boot_console.p.expect([i]) + + # set PK.auth to PK + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 8, True, 'Quit') + # check PK is expected value + press_up_down_enter_and_wait(0, 1, True, None) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'PK', + 'Owner GUID', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type', 'X509', 'Subject', 'TEST_PK', 'Issuer', 'TEST_PK', + 'Can not delete PK, Press any key to continue'): + u_boot_console.p.expect([i]) + + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set KEK.auth to KEK + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 6, True, 'Quit') + # check KEK is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'KEK', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509', 'Subject:', 'TEST_KEK', 'Issuer:', 'TEST_KEK'): + u_boot_console.p.expect([i]) + + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set db.auth to db + press_up_down_enter_and_wait(0, 2, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + # check db is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'db', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509', 'Subject:', 'TEST_db', 'Issuer:', 'TEST_db'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'ON'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 4, True, 'Quit') + check_current_is_maintenance_menu() + + # + # Test Case 4: start signed image allowed in db + # + + # Select 'Add Boot Option' + press_up_down_enter_and_wait(0, 0, True, 'Quit') + # Press the enter key to select 'Description:' entry, then enter Description + press_up_down_enter_and_wait(0, 0, True, 'enter description:') + # Send Description user input, press ENTER key to complete + send_user_input_and_wait('hello', 'Quit') + + # Set EFI image(helloworld.efi.signed) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'host 0:1') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 5, True, 'Quit') + for i in ('Description: hello', 'File: host 0:1/helloworld.efi.signed', + 'Initrd File:', 'Optional Data:', 'Save', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 4, True, 'Quit') + press_escape_key(False) + check_current_is_maintenance_menu() + press_escape_key(True) + response = u_boot_console.run_command(cmd = 'bootefi bootmgr') + assert 'Hello, world!' in response + + # + # Test Case 5: can not start the image if it is not signed + # + + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + # Select 'Edit Boot Option' + press_up_down_enter_and_wait(0, 1, True, None) + # Check the curren BootOrder + for i in ('hello', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + # Set EFI image(helloworld.efi) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'host 0:1') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 4, True, 'Quit') + for i in ('Description: hello', 'File: host 0:1/helloworld.efi', + 'Initrd File:', 'Optional Data:', 'Save', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 4, True, 'Quit') + press_escape_key(False) + check_current_is_maintenance_menu() + press_escape_key(True) + response = u_boot_console.run_command(cmd = 'bootefi bootmgr') + assert 'Image not authenticated' in response + + # + # Test Case 6: can not start the signed image if dbx revokes db certificate + # + + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + # Select 'Edit Boot Option' + press_up_down_enter_and_wait(0, 1, True, None) + # Check the curren BootOrder + for i in ('hello', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, 'Quit') + # Set EFI image(helloworld.efi.signed) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'host 0:1') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 5, True, 'Quit') + for i in ('Description: hello', 'File: host 0:1/helloworld.efi.signed', + 'Initrd File:', 'Optional Data:', 'Save', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 4, True, 'Quit') + press_escape_key(False) + check_current_is_maintenance_menu() + press_up_down_enter_and_wait(0, 4, True, 'Quit') + # set dbx_hash.auth to dbx + press_up_down_enter_and_wait(0, 3, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + # check db is expected value + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, None) + # verify CRL, skip hash comparison because it varies in every test + for i in ('Show/Delete Signature Database', 'dbx', + 'Owner GUID:', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type:', 'X509_SHA256 CRL', + 'TimeOfRevocation:', '2013-5-27 01:02:03'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + press_escape_key(False) + check_current_is_maintenance_menu() + press_escape_key(True) + response = u_boot_console.run_command(cmd = 'bootefi bootmgr') + assert 'Image not authenticated' in response + + # + # Test Case 7: clear PK with null key, check secure boot is OFF + # + + u_boot_console.run_command('eficonfig', wait_for_prompt=False) + check_current_is_maintenance_menu() + press_up_down_enter_and_wait(0, 4, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'ON'): + u_boot_console.p.expect([i]) + + # clear PK with null key + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 10, True, 'Quit') + + press_up_down_enter_and_wait(0, 1, True, None) + for i in ('There is no entry in the signature database.', 'Press any key to continue'): + u_boot_console.p.expect([i]) + + press_enter_key(False) + press_up_down_enter_and_wait(0, 2, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'OFF'): + u_boot_console.p.expect([i]) + + # delete dbx + press_up_down_enter_and_wait(0, 3, True, 'Quit') + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_enter_key(False) + for i in ('TimeOfRevocation:', '2013-5-27 01:02:03'): + u_boot_console.p.expect([i]) + press_enter_key(False) + for i in ('Are you sure you want to delete this item?', 'Press ENTER to delete'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('There is no entry in the signature database.', + 'Press any key to continue'): + u_boot_console.p.expect([i]) + press_enter_key(False) + press_up_down_enter_and_wait(0, 2, True, 'Quit') + + # set PK.auth to PK + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 0, True, 'Quit') + press_up_down_enter_and_wait(0, 8, True, 'Quit') + # check PK is expected value + press_up_down_enter_and_wait(0, 1, True, None) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 0, True, None) + for i in ('Show/Delete Signature Database', 'PK', + 'Owner GUID', '11111111-2222-3333-4444-123456789ABC', + 'Signature Type', 'X509', 'Subject', 'TEST_PK', 'Issuer', 'TEST_PK', + 'Can not delete PK, Press any key to continue'): + u_boot_console.p.expect([i]) + press_escape_key(False) + for i in ('11111111-2222-3333-4444-123456789ABC', 'Quit'): + u_boot_console.p.expect([i]) + press_up_down_enter_and_wait(0, 1, True, 'Quit') + press_up_down_enter_and_wait(0, 2, True, 'Quit') + for i in ('UEFI Secure Boot Key Configuration', 'SecureBoot :', 'ON'): + u_boot_console.p.expect([i]) + press_escape_key(False) + check_current_is_maintenance_menu() + press_escape_key(True) + response = u_boot_console.run_command(cmd = 'bootefi bootmgr') + assert 'Hello, world!' in response