From patchwork Wed Apr  7 14:41:46 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sughosh Ganu <sughosh.ganu@linaro.org>
X-Patchwork-Id: 416718
Delivered-To: patch@linaro.org
Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp531666jai;
 Wed, 7 Apr 2021 07:43:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwtMjVo2hE0siJq7jwStN8DgBJ2HI5FQZd21gog4+xta5GLrAiiB1uWjJubqiy9q5wnMoIv
X-Received: by 2002:a17:906:7db:: with SMTP id
 m27mr4165996ejc.484.1617806599201; 
 Wed, 07 Apr 2021 07:43:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617806599; cv=none;
 d=google.com; s=arc-20160816;
 b=xaFEYSADAjLKTdftI0YZ4ebFGniF14IqrCjEL91RRbYWbs21k3rxgPolLXScIwEaro
 4uRTUJt4sZpIKU6u1cnVvsPLqZcwH0j7Ua3gDqGpa3w0Dz6/IqyJWbLkPIvkHkSOTC55
 w3BG+SRJ16AAs4aMSQFWlN1ChfcTEkqvric0V1cqMcmqIibA2orFaTN1En7Pk0bW+SvU
 DwjN22PZQpz5UWovtzYEZhUrqFmjym1Kin+3JRRJWF2Ulxa00BZ+Vo6kq8LE12zPMraj
 hT0FeBSEq1WCd2sajU8YDHuL0sHk7yupznlUK+JGkNcSAEVBDGUs0PSZCArQn0m8EMCp
 O/tw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:references:in-reply-to
 :message-id:date:subject:cc:to:from;
 bh=IXhcdHmnGpVLiA+Hz9oe/zBMjeTLsf1VRaP75r2Gclg=;
 b=hItczch6wK6KbNJiX8P2QY7qLzpH90m0LmYdJ5npwg4jFdedSFduWF/ZN29A0dXMZP
 nVNtHqlNOdyiI/D1r84/IvkBTwHZ7UQGg1AjL8AMuvdA4ZN0RIciux69qq7d/4BGw6cs
 ks6nmXVU9a7hKt7F0m5h3uiOwLARPOLGx3Ux4foaOXo1/AXKFt5LaBDniaq07T6uLm1J
 BM4NR9USiUDJVTH0MruyizvSGscaNHsWpOrgPzsuKB5164zMmUzfbVa0/myu26xVdK/d
 SILjOwPKW8rpb9fCHTW0eYgR1h812xkwYzmO7ee+xPj4XKBywLXBGC/jPL+VX6c8YqcU
 RRBA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 l7si18274122edc.307.2021.04.07.07.43.18
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 Apr 2021 07:43:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 client-ip=85.214.62.61; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id B13788039D;
 Wed,  7 Apr 2021 16:42:48 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
 id DAFED81780; Wed,  7 Apr 2021 16:42:29 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE
 autolearn=ham autolearn_force=no version=3.4.2
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by phobos.denx.de (Postfix) with ESMTP id 4F4AC81777
 for <u-boot@lists.denx.de>; Wed,  7 Apr 2021 16:42:23 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=fail smtp.mailfrom=sughosh.ganu@linaro.org
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9D72013A1;
 Wed,  7 Apr 2021 07:42:22 -0700 (PDT)
Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 859913F792; Wed,  7 Apr 2021 07:42:20 -0700 (PDT)
From: Sughosh Ganu <sughosh.ganu@linaro.org>
To: u-boot@lists.denx.de
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Alexander Graf <agraf@csgraf.de>, 
 Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
 Pali Rohar <pali@kernel.org>, Sughosh Ganu <sughosh.ganu@linaro.org>
Subject: [RESEND PATCH v1 4/5] efi_capsule: Add a weak function to get the
 public key needed for capsule authentication
Date: Wed,  7 Apr 2021 20:11:46 +0530
Message-Id: <20210407144147.29251-5-sughosh.ganu@linaro.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210407144147.29251-1-sughosh.ganu@linaro.org>
References: <20210407144147.29251-1-sughosh.ganu@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
X-Virus-Status: Clean

Define a weak function which would be used in the scenario where the
public key is stored on the platform's dtb. This dtb is concatenated
with the u-boot binary during the build process. Platforms which have
a different mechanism for getting the public key would define their
own platform specific function.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
---
 lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

-- 
2.17.1

diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 1423b675c8..fc5e1c0856 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -14,10 +14,13 @@
 #include <mapmem.h>
 #include <sort.h>
 
+#include <asm/global_data.h>
 #include <crypto/pkcs7.h>
 #include <crypto/pkcs7_parser.h>
 #include <linux/err.h>
 
+DECLARE_GLOBAL_DATA_PTR;
+
 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
 static const efi_guid_t efi_guid_firmware_management_capsule_id =
 		EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
@@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid =
 
 __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
 {
-	/* The platform is supposed to provide
-	 * a method for getting the public key
-	 * stored in the form of efi signature
-	 * list
+	/*
+	 * This is a function for retrieving the public key from the
+	 * platform's device tree. The platform's device tree has been
+	 * concatenated with the u-boot binary.
+	 * If a platform has a different mechanism to get the public
+	 * key, it can define it's own function.
 	 */
+	const void *fdt_blob = gd->fdt_blob;
+	const void *blob;
+	const char *cnode_name = "capsule-key";
+	const char *snode_name = "signature";
+	int sig_node;
+	int len;
+
+	sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
+	if (sig_node < 0) {
+		EFI_PRINT("Unable to get signature node offset\n");
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
+
+	if (!blob || len < 0) {
+		EFI_PRINT("Unable to get capsule-key value\n");
+		*pkey = NULL;
+		*pkey_len = 0;
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	*pkey = (void *)blob;
+	*pkey_len = len;
+
 	return 0;
 }