From patchwork Wed Dec 30 13:57:08 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 355263
Delivered-To: patch@linaro.org
Received: by 2002:a02:85a7:0:0:0:0:0 with SMTP id d36csp11351256jai;
 Wed, 30 Dec 2020 05:59:38 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzfApT7myfRDTO9sCGDndATDDU5fK2hVXGZLk2WehyH7vDl0OsgSso9RTOnRfM+mtLEyT8R
X-Received: by 2002:a17:906:2f8b:: with SMTP id
 w11mr43285312eji.246.1609336778101; 
 Wed, 30 Dec 2020 05:59:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1609336778; cv=none;
 d=google.com; s=arc-20160816;
 b=KKJ3n9SkN+RCVZskQhc8JFalVWUnkeKGwyMuGDreAxPLuhq7aDJnDSfhXgfz7FjKa4
 1qvn3/b4oUXep2PSPKv0GuFJvZA41TryEySKHIO/dl60lKyBVdYcM36pqULXom4SrdrK
 k9HX7Qu+a/pV1rX9kvhh0nkOCnTzTrXplqO0eX/Yq3XwUgaZrx6hvE+T5ooi208cSKhO
 +FUNpgZ2iB5QyMw8vRy6Mrx/Gql+0Yexb6bZNR2rGQajHjwG9CUfhokyrpV32Yezt9qn
 tzT3oLNgl65cD4fjVw7VTMHVFcxNbwlv8SVPI/qhbaPxns7ml0Oac/2SmBLNXhWC+guh
 XY6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:cc:to:from;
 bh=9NPgtTl3UPNpxdzAXJHwNDdmLd8TWr5uf4hAtpQDhfU=;
 b=0jpQBDLEGPH4dtQVvM15/0/a9ukwIigja+E4Y8HAWSwWaC6u8nbEaVnmpKqPcJF8x5
 yGa2QmHZGDSVAlZAU3Y5hDFblN1iWvqVF0Rt4bX2tR7TvY4Nl5D20k/i815KoUSEG0O7
 pFZsSJPaVjn5STK7GBPgJcTly1jZUeJMFFO47u1BCMxyoXHdWe+GYmBnG/JU5plvEj4B
 MI3uynBryvMsiWVhwIxslLb6ppW28DkTJL01RGqBxuqS3bx6J4OKnCimaSp8l9wFefgI
 uFo+Fx2E6I7deJQ4UHpG7b2XDTEUg93qI5wSAc0wyxEzSwEDv3TXP7OVWhBzLI44eYvw
 ik+w==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de.
 [2a01:238:438b:c500:173d:9f52:ddab:ee01])
 by mx.google.com with ESMTPS id
 t2si21970614ejd.302.2020.12.30.05.59.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 30 Dec 2020 05:59:38 -0800 (PST)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender)
 client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id BEB53825AB;
 Wed, 30 Dec 2020 14:58:42 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 1A3DE825DC; Wed, 30 Dec 2020 14:58:09 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, 
 SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id B6A2482570
 for <u-boot@lists.denx.de>; Wed, 30 Dec 2020 14:58:03 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 61BE51396;
 Wed, 30 Dec 2020 05:58:02 -0800 (PST)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 BE0663F6CF; Wed, 30 Dec 2020 05:57:59 -0800 (PST)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Takahiro Akashi <takahiro.akashi@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Alexander Graf <agraf@csgraf.de>, Lukasz Majewski <lukma@denx.de>,
 Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>, Tom Rini <trini@konsulko.com>, 
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH v4 10/14] efi_loader: Re-factor code to build the signature
 store from efi signature list
Date: Wed, 30 Dec 2020 19:27:08 +0530
Message-Id: <20201230135712.5289-11-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201230135712.5289-1-sughosh.ganu@linaro.org>
References: <20201230135712.5289-1-sughosh.ganu@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

The efi_sigstore_parse_sigdb function reads the uefi authenticated
variable, stored in the signature database format and builds the
signature store structure. Factor out the code for building
the signature store. This can then be used by the capsule
authentication routine to build the signature store even when the
signature database is not stored as an uefi authenticated variable

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---

Changes since V3: None

 include/efi_loader.h           |   2 +
 lib/efi_loader/efi_signature.c | 103 +++++++++++++++++++--------------
 2 files changed, 63 insertions(+), 42 deletions(-)

-- 
2.17.1

diff --git a/include/efi_loader.h b/include/efi_loader.h
index 8807fcd913..73c3c4b85a 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -811,6 +811,8 @@ efi_status_t efi_image_region_add(struct efi_image_regions *regs,
 				  int nocheck);
 
 void efi_sigstore_free(struct efi_signature_store *sigstore);
+struct efi_signature_store *efi_build_signature_store(void *sig_list,
+						      efi_uintn_t size);
 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name);
 
 bool efi_secure_boot_enabled(void);
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 9ab071b611..87525bdc80 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -736,6 +736,63 @@ err:
 	return NULL;
 }
 
+/**
+ * efi_sigstore_parse_sigdb - parse the signature list and populate
+ * the signature store
+ *
+ * @sig_list:	Pointer to the signature list
+ * @size:	Size of the signature list
+ *
+ * Parse the efi signature list and instantiate a signature store
+ * structure.
+ *
+ * Return:	Pointer to signature store on success, NULL on error
+ */
+struct efi_signature_store *efi_build_signature_store(void *sig_list,
+						      efi_uintn_t size)
+{
+	struct efi_signature_list *esl;
+	struct efi_signature_store *sigstore = NULL, *siglist;
+
+	esl = sig_list;
+	while (size > 0) {
+		/* List must exist if there is remaining data. */
+		if (size < sizeof(*esl)) {
+			EFI_PRINT("Signature list in wrong format\n");
+			goto err;
+		}
+
+		if (size < esl->signature_list_size) {
+			EFI_PRINT("Signature list in wrong format\n");
+			goto err;
+		}
+
+		/* Parse a single siglist. */
+		siglist = efi_sigstore_parse_siglist(esl);
+		if (!siglist) {
+			EFI_PRINT("Parsing of signature list of failed\n");
+			goto err;
+		}
+
+		/* Append siglist */
+		siglist->next = sigstore;
+		sigstore = siglist;
+
+		/* Next */
+		size -= esl->signature_list_size;
+		esl = (void *)esl + esl->signature_list_size;
+	}
+	free(sig_list);
+
+	return sigstore;
+
+err:
+	efi_sigstore_free(sigstore);
+	free(sig_list);
+
+	return NULL;
+}
+
 /**
  * efi_sigstore_parse_sigdb - parse a signature database variable
  * @name:	Variable's name
@@ -747,8 +804,7 @@ err:
  */
 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 {
-	struct efi_signature_store *sigstore = NULL, *siglist;
-	struct efi_signature_list *esl;
+	struct efi_signature_store *sigstore = NULL;
 	const efi_guid_t *vendor;
 	void *db;
 	efi_uintn_t db_size;
@@ -784,47 +840,10 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 	ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
 	if (ret != EFI_SUCCESS) {
 		EFI_PRINT("Getting variable, %ls, failed\n", name);
-		goto err;
-	}
-
-	/* Parse siglist list */
-	esl = db;
-	while (db_size > 0) {
-		/* List must exist if there is remaining data. */
-		if (db_size < sizeof(*esl)) {
-			EFI_PRINT("variable, %ls, in wrong format\n", name);
-			goto err;
-		}
-
-		if (db_size < esl->signature_list_size) {
-			EFI_PRINT("variable, %ls, in wrong format\n", name);
-			goto err;
-		}
-
-		/* Parse a single siglist. */
-		siglist = efi_sigstore_parse_siglist(esl);
-		if (!siglist) {
-			EFI_PRINT("Parsing signature list of %ls failed\n",
-				  name);
-			goto err;
-		}
-
-		/* Append siglist */
-		siglist->next = sigstore;
-		sigstore = siglist;
-
-		/* Next */
-		db_size -= esl->signature_list_size;
-		esl = (void *)esl + esl->signature_list_size;
+		free(db);
+		return NULL;
 	}
-	free(db);
-
-	return sigstore;
 
-err:
-	efi_sigstore_free(sigstore);
-	free(db);
-
-	return NULL;
+	return efi_build_signature_store(db, db_size);
 }
 #endif /* CONFIG_EFI_SECURE_BOOT */