From patchwork Wed Apr  7 11:53:34 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 416683
Delivered-To: patch@linaro.org
Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp394133jai;
 Wed, 7 Apr 2021 04:55:33 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxpnTIxwp64/rqS5YPA0xEbYgEYY7MsTgbw7+ynhncVxtmeIGwYGdKV0VycFZyUzvMsx5C3
X-Received: by 2002:a17:906:f8d7:: with SMTP id
 lh23mr3308277ejb.457.1617796533203; 
 Wed, 07 Apr 2021 04:55:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617796533; cv=none;
 d=google.com; s=arc-20160816;
 b=u4VgBxgui9uWAjJt3Kqpba0L5xd5rehMntwI0E4ITK9Bcxe3A2HoGlGKLpBxO9u7mU
 Pu472vndShyNOX+v7cLx7y1Our1t7OWIJpnmyPQjDhwiof1hj+1Mz1vrryaj7lzxzdrc
 fmnOUBBDD5fWq/l+YANglNzM7WPPP90v6evtv9BaNnbkNX6xLQ0tLcNCIFOHjoE/WB/c
 eNvmNjzQYFz8KQ6ROADfcJc5JxQZxrqrXnX+WeuRQ4prg+DV3vApQjbkHAVqnVClw+wY
 RJfHDaCawB7lcR2I43ULNwoKxzB8HCiShzQZPLfFqMWs+Oj7S6zp+cNEsysaim0C2zPK
 /Pog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:cc:to:from;
 bh=IXhcdHmnGpVLiA+Hz9oe/zBMjeTLsf1VRaP75r2Gclg=;
 b=MmhZG6iNjlTGIaxLCibjIsjV7Zs8ua4rzhl1d4/oMqjc/sF3G2aymmWgK1aPXl3ddN
 lEmcBnEtEaRiHYANx27c4B+GYkm7bU3b57RxXpGYEYe0iURB9luwnZP4yig3AH1zUn7J
 Mx3t0ud2758RiBfp2Crb/mtYMVe2KCHqS05YG6GGICTCpCqHkv8T1OxPBvK+auzKNGbW
 Xs/hX1lxQwXs2VVI9NBEpv0ioT75VFCUxLtLC2EqsqPgUF/722DhV1hAoojP6juNXgdF
 3wGXgbiQY1l6Lska47hVvkM9dDm0JhctYiLKQzPZi0N1mZZP2J+We7qZgD71EZmBrfqd
 zYTQ==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de.
 [2a01:238:438b:c500:173d:9f52:ddab:ee01])
 by mx.google.com with ESMTPS id
 da2si7658941edb.506.2021.04.07.04.55.32
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Apr 2021 04:55:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender)
 client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id 636F681777;
 Wed,  7 Apr 2021 13:54:44 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id 1A365816A4; Wed,  7 Apr 2021 13:54:31 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE
 autolearn=ham autolearn_force=no version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id B988881578
 for <u-boot@lists.denx.de>; Wed,  7 Apr 2021 13:54:25 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5049F13A1;
 Wed,  7 Apr 2021 04:54:24 -0700 (PDT)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 3840C3F792; Wed,  7 Apr 2021 04:54:21 -0700 (PDT)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>,
 Bin Meng <bmeng.cn@gmail.com>, =?utf-8?q?Pali_Roh=C3=A1r?=
 <pali@kernel.org>,  Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [PATCH 4/5] efi_capsule: Add a weak function to get the public key
 needed for capsule authentication
Date: Wed,  7 Apr 2021 17:23:34 +0530
Message-Id: <20210407115335.8615-5-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210407115335.8615-1-sughosh.ganu@linaro.org>
References: <20210407115335.8615-1-sughosh.ganu@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
X-Virus-Status: Clean

Define a weak function which would be used in the scenario where the
public key is stored on the platform's dtb. This dtb is concatenated
with the u-boot binary during the build process. Platforms which have
a different mechanism for getting the public key would define their
own platform specific function.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
 lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

-- 
2.17.1

diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 1423b675c8..fc5e1c0856 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -14,10 +14,13 @@
 #include <mapmem.h>
 #include <sort.h>
 
+#include <asm/global_data.h>
 #include <crypto/pkcs7.h>
 #include <crypto/pkcs7_parser.h>
 #include <linux/err.h>
 
+DECLARE_GLOBAL_DATA_PTR;
+
 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
 static const efi_guid_t efi_guid_firmware_management_capsule_id =
 		EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
@@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid =
 
 __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
 {
-	/* The platform is supposed to provide
-	 * a method for getting the public key
-	 * stored in the form of efi signature
-	 * list
+	/*
+	 * This is a function for retrieving the public key from the
+	 * platform's device tree. The platform's device tree has been
+	 * concatenated with the u-boot binary.
+	 * If a platform has a different mechanism to get the public
+	 * key, it can define it's own function.
 	 */
+	const void *fdt_blob = gd->fdt_blob;
+	const void *blob;
+	const char *cnode_name = "capsule-key";
+	const char *snode_name = "signature";
+	int sig_node;
+	int len;
+
+	sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
+	if (sig_node < 0) {
+		EFI_PRINT("Unable to get signature node offset\n");
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
+
+	if (!blob || len < 0) {
+		EFI_PRINT("Unable to get capsule-key value\n");
+		*pkey = NULL;
+		*pkey_len = 0;
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	*pkey = (void *)blob;
+	*pkey_len = len;
+
 	return 0;
 }