[3/5] efi_capsule: Add a weak function to check whether capsule authentication is enabled

Message ID 20210407115335.8615-4-sughosh.ganu@linaro.org
State Superseded
Headers show
Series
  • Add support for embedding public key in platform's dtb
Related show

Commit Message

Sughosh Ganu April 7, 2021, 11:53 a.m.
Define a weak function which checks if the environment variable
capsule_authentication_enabled has been set, for enabling capsule
authentication. Other platforms might have a different mechanism to
determine this, and would then define their own platform specific
function.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

---
 board/emulation/common/qemu_capsule.c | 6 ------
 lib/efi_loader/efi_capsule.c          | 6 ++++++
 2 files changed, 6 insertions(+), 6 deletions(-)

-- 
2.17.1

Comments

Heinrich Schuchardt April 8, 2021, 7:47 p.m. | #1
On 4/7/21 1:53 PM, Sughosh Ganu wrote:
> Define a weak function which checks if the environment variable

> capsule_authentication_enabled has been set, for enabling capsule

> authentication. Other platforms might have a different mechanism to

> determine this, and would then define their own platform specific

> function.


I cannot yet understand the concrete need for such a function.

Is there any Linaro customer who actually needs it? What is the use case?

Best regards

Heinrich

>

> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> ---

>   board/emulation/common/qemu_capsule.c | 6 ------

>   lib/efi_loader/efi_capsule.c          | 6 ++++++

>   2 files changed, 6 insertions(+), 6 deletions(-)

>

> diff --git a/board/emulation/common/qemu_capsule.c b/board/emulation/common/qemu_capsule.c

> index 5cb461d52b..6b8a87022a 100644

> --- a/board/emulation/common/qemu_capsule.c

> +++ b/board/emulation/common/qemu_capsule.c

> @@ -41,9 +41,3 @@ int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

>

>   	return 0;

>   }

> -

> -bool efi_capsule_auth_enabled(void)

> -{

> -	return env_get("capsule_authentication_enabled") != NULL ?

> -		true : false;

> -}

> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> index 0cfff0daf7..1423b675c8 100644

> --- a/lib/efi_loader/efi_capsule.c

> +++ b/lib/efi_loader/efi_capsule.c

> @@ -218,6 +218,12 @@ __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

>   	return 0;

>   }

>

> +__weak bool efi_capsule_auth_enabled(void)

> +{

> +	return env_get("capsule_authentication_enabled") ?

> +		true : false;

> +}

> +

>   efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,

>   				      void **image, efi_uintn_t *image_size)

>   {

>
Sughosh Ganu April 9, 2021, 6:25 a.m. | #2
On Fri, 9 Apr 2021 at 01:22, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:

> On 4/7/21 1:53 PM, Sughosh Ganu wrote:

> > Define a weak function which checks if the environment variable

> > capsule_authentication_enabled has been set, for enabling capsule

> > authentication. Other platforms might have a different mechanism to

> > determine this, and would then define their own platform specific

> > function.

>

> I cannot yet understand the concrete need for such a function.

>

> Is there any Linaro customer who actually needs it? What is the use case?

>


This point was discussed in another mail thread[1]. I will be dropping the
additional knob, so this weak function will go away.

-sughosh

[1] - https://lists.denx.de/pipermail/u-boot/2021-April/446694.html


> Best regards

>

> Heinrich

>

> >

> > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> > ---

> >   board/emulation/common/qemu_capsule.c | 6 ------

> >   lib/efi_loader/efi_capsule.c          | 6 ++++++

> >   2 files changed, 6 insertions(+), 6 deletions(-)

> >

> > diff --git a/board/emulation/common/qemu_capsule.c

> b/board/emulation/common/qemu_capsule.c

> > index 5cb461d52b..6b8a87022a 100644

> > --- a/board/emulation/common/qemu_capsule.c

> > +++ b/board/emulation/common/qemu_capsule.c

> > @@ -41,9 +41,3 @@ int efi_get_public_key_data(void **pkey, efi_uintn_t

> *pkey_len)

> >

> >       return 0;

> >   }

> > -

> > -bool efi_capsule_auth_enabled(void)

> > -{

> > -     return env_get("capsule_authentication_enabled") != NULL ?

> > -             true : false;

> > -}

> > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> > index 0cfff0daf7..1423b675c8 100644

> > --- a/lib/efi_loader/efi_capsule.c

> > +++ b/lib/efi_loader/efi_capsule.c

> > @@ -218,6 +218,12 @@ __weak int efi_get_public_key_data(void **pkey,

> efi_uintn_t *pkey_len)

> >       return 0;

> >   }

> >

> > +__weak bool efi_capsule_auth_enabled(void)

> > +{

> > +     return env_get("capsule_authentication_enabled") ?

> > +             true : false;

> > +}

> > +

> >   efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t

> capsule_size,

> >                                     void **image, efi_uintn_t

> *image_size)

> >   {

> >

>

>

Patch

diff --git a/board/emulation/common/qemu_capsule.c b/board/emulation/common/qemu_capsule.c
index 5cb461d52b..6b8a87022a 100644
--- a/board/emulation/common/qemu_capsule.c
+++ b/board/emulation/common/qemu_capsule.c
@@ -41,9 +41,3 @@  int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
 
 	return 0;
 }
-
-bool efi_capsule_auth_enabled(void)
-{
-	return env_get("capsule_authentication_enabled") != NULL ?
-		true : false;
-}
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 0cfff0daf7..1423b675c8 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -218,6 +218,12 @@  __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
 	return 0;
 }
 
+__weak bool efi_capsule_auth_enabled(void)
+{
+	return env_get("capsule_authentication_enabled") ?
+		true : false;
+}
+
 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
 				      void **image, efi_uintn_t *image_size)
 {