[v2,3/4] efi_capsule: Add a function to get the public key needed for capsule authentication

Message ID 20210412150526.29822-4-sughosh.ganu@linaro.org
State New
Headers show
Series
  • Add support for embedding public key in platform's dtb
Related show

Commit Message

Sughosh Ganu April 12, 2021, 3:05 p.m.
Define a function which would be used in the scenario where the
public key is stored on the platform's dtb. This dtb is concatenated
with the u-boot binary during the build process. Platforms which have
a different mechanism for getting the public key would define their
own platform specific function under a different Kconfig symbol.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

---

Changes since V1:
* Remove the weak function, and add the functionality to retrieve the
  public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

 lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

-- 
2.17.1

Comments

Simon Glass April 14, 2021, 7:37 p.m. | #1
On Mon, 12 Apr 2021 at 16:06, Sughosh Ganu <sughosh.ganu@linaro.org> wrote:
>

> Define a function which would be used in the scenario where the

> public key is stored on the platform's dtb. This dtb is concatenated

> with the u-boot binary during the build process. Platforms which have

> a different mechanism for getting the public key would define their

> own platform specific function under a different Kconfig symbol.

>

> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> ---

>

> Changes since V1:

> * Remove the weak function, and add the functionality to retrieve the

>   public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

>

>  lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++-----

>  1 file changed, 38 insertions(+), 5 deletions(-)


Is this defined in a header file somewhere?

>

> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> index 2cc8f2dee0..d95e9377fe 100644

> --- a/lib/efi_loader/efi_capsule.c

> +++ b/lib/efi_loader/efi_capsule.c

> @@ -14,10 +14,13 @@

>  #include <mapmem.h>

>  #include <sort.h>

>

> +#include <asm/global_data.h>

>  #include <crypto/pkcs7.h>

>  #include <crypto/pkcs7_parser.h>

>  #include <linux/err.h>

>

> +DECLARE_GLOBAL_DATA_PTR;

> +

>  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;

>  static const efi_guid_t efi_guid_firmware_management_capsule_id =

>                 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> @@ -208,15 +211,45 @@ skip:

>  const efi_guid_t efi_guid_capsule_root_cert_guid =

>         EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

>

> -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

> +#if defined(CONFIG_EFI_PKEY_DTB_EMBED)


Can you drop the #ifdef ?

> +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)


pkey should really have a time...what is it?

>  {

> -       /* The platform is supposed to provide

> -        * a method for getting the public key

> -        * stored in the form of efi signature

> -        * list

> +       /*

> +        * This is a function for retrieving the public key from the

> +        * platform's device tree. The platform's device tree has been

> +        * concatenated with the u-boot binary.

> +        * If a platform has a different mechanism to get the public

> +        * key, it can define it's own kconfig symbol and define a

> +        * function to retrieve the public key

>          */

> +       const void *fdt_blob = gd->fdt_blob;

> +       const void *blob;


prop? val? It is not a DT blob

> +       const char *cnode_name = "capsule-key";

> +       const char *snode_name = "signature";


I believe these FIT things are defined in image.h

> +       int sig_node;

> +       int len;

> +

> +       sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);

> +       if (sig_node < 0) {

> +               EFI_PRINT("Unable to get signature node offset\n");

> +               return -FDT_ERR_NOTFOUND;

> +       }


Can you use the livetree API?

> +

> +       blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);

> +

> +       if (!blob || len < 0) {

> +               EFI_PRINT("Unable to get capsule-key value\n");

> +               *pkey = NULL;

> +               *pkey_len = 0;

> +               return -FDT_ERR_NOTFOUND;

> +       }

> +

> +       *pkey = (void *)blob;

> +       *pkey_len = len;

> +

>         return 0;

>  }

> +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */

>

>  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,

>                                       void **image, efi_uintn_t *image_size)

> --

> 2.17.1

>


Regards,
Simon
Sughosh Ganu April 15, 2021, 10:25 a.m. | #2
On Thu, 15 Apr 2021 at 01:08, Simon Glass <sjg@chromium.org> wrote:

> On Mon, 12 Apr 2021 at 16:06, Sughosh Ganu <sughosh.ganu@linaro.org>

> wrote:

> >

> > Define a function which would be used in the scenario where the

> > public key is stored on the platform's dtb. This dtb is concatenated

> > with the u-boot binary during the build process. Platforms which have

> > a different mechanism for getting the public key would define their

> > own platform specific function under a different Kconfig symbol.

> >

> > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> > ---

> >

> > Changes since V1:

> > * Remove the weak function, and add the functionality to retrieve the

> >   public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

> >

> >  lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++-----

> >  1 file changed, 38 insertions(+), 5 deletions(-)

>

> Is this defined in a header file somewhere?

>


No, I will declare the function in a header. Will do so in the next version.


>

> >

> > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> > index 2cc8f2dee0..d95e9377fe 100644

> > --- a/lib/efi_loader/efi_capsule.c

> > +++ b/lib/efi_loader/efi_capsule.c

> > @@ -14,10 +14,13 @@

> >  #include <mapmem.h>

> >  #include <sort.h>

> >

> > +#include <asm/global_data.h>

> >  #include <crypto/pkcs7.h>

> >  #include <crypto/pkcs7_parser.h>

> >  #include <linux/err.h>

> >

> > +DECLARE_GLOBAL_DATA_PTR;

> > +

> >  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;

> >  static const efi_guid_t efi_guid_firmware_management_capsule_id =

> >                 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> > @@ -208,15 +211,45 @@ skip:

> >  const efi_guid_t efi_guid_capsule_root_cert_guid =

> >         EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> >

> > -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

> > +#if defined(CONFIG_EFI_PKEY_DTB_EMBED)

>

> Can you drop the #ifdef ?

>


It will be good to keep the ifdef. This way, if some other platform wants
to define a function for getting the public key using a different, platform
specific method(for e.g. getting the keys from some read-only device like a
fuse), it will be possible to do so. Without the ifdef, this becomes the
only way to get the public key.


> > +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

>

> pkey should really have a time...what is it?

>


This is really a public key certificate in an efi signature list(esl)
format. The parsing of the certificate and it's use for capsule
authentication is done by the same set of functions which perform image
authentication for the  uefi secure boot feature.


> >  {

> > -       /* The platform is supposed to provide

> > -        * a method for getting the public key

> > -        * stored in the form of efi signature

> > -        * list

> > +       /*

> > +        * This is a function for retrieving the public key from the

> > +        * platform's device tree. The platform's device tree has been

> > +        * concatenated with the u-boot binary.

> > +        * If a platform has a different mechanism to get the public

> > +        * key, it can define it's own kconfig symbol and define a

> > +        * function to retrieve the public key

> >          */

> > +       const void *fdt_blob = gd->fdt_blob;

> > +       const void *blob;

>

> prop? val? It is not a DT blob

>


Okay.


>

> > +       const char *cnode_name = "capsule-key";

> > +       const char *snode_name = "signature";

>

> I believe these FIT things are defined in image.h

>


These are based on the node names that are populated by the mkeficapsule
utility. If you don't have a strong opinion on this, I would like to keep
them as is. I can define macros for them.


>

> > +       int sig_node;

> > +       int len;

> > +

> > +       sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);

> > +       if (sig_node < 0) {

> > +               EFI_PRINT("Unable to get signature node offset\n");

> > +               return -FDT_ERR_NOTFOUND;

> > +       }

>

> Can you use the livetree API?

>


Can you please point me to the specific API that you are referring to.
Thanks.

-sughosh


>

> > +

> > +       blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);

> > +

> > +       if (!blob || len < 0) {

> > +               EFI_PRINT("Unable to get capsule-key value\n");

> > +               *pkey = NULL;

> > +               *pkey_len = 0;

> > +               return -FDT_ERR_NOTFOUND;

> > +       }

> > +

> > +       *pkey = (void *)blob;

> > +       *pkey_len = len;

> > +

> >         return 0;

> >  }

> > +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */

> >

> >  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t

> capsule_size,

> >                                       void **image, efi_uintn_t

> *image_size)

> > --

> > 2.17.1

> >

>

> Regards,

> Simon

>
Heinrich Schuchardt April 24, 2021, 4:47 a.m. | #3
On 4/15/21 12:25 PM, Sughosh Ganu wrote:
>

> On Thu, 15 Apr 2021 at 01:08, Simon Glass <sjg@chromium.org

> <mailto:sjg@chromium.org>> wrote:

>

>     On Mon, 12 Apr 2021 at 16:06, Sughosh Ganu <sughosh.ganu@linaro.org

>     <mailto:sughosh.ganu@linaro.org>> wrote:

>      >

>      > Define a function which would be used in the scenario where the

>      > public key is stored on the platform's dtb. This dtb is concatenated

>      > with the u-boot binary during the build process. Platforms which have

>      > a different mechanism for getting the public key would define their

>      > own platform specific function under a different Kconfig symbol.

>      >

>      > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org

>     <mailto:sughosh.ganu@linaro.org>>

>      > ---

>      >

>      > Changes since V1:

>      > * Remove the weak function, and add the functionality to retrieve the

>      >   public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

>      >

>      >  lib/efi_loader/efi_capsule.c | 43

>     +++++++++++++++++++++++++++++++-----

>      >  1 file changed, 38 insertions(+), 5 deletions(-)

>

>     Is this defined in a header file somewhere?

>

>

> No, I will declare the function in a header. Will do so in the next version.

>

>

>      >

>      > diff --git a/lib/efi_loader/efi_capsule.c

>     b/lib/efi_loader/efi_capsule.c

>      > index 2cc8f2dee0..d95e9377fe 100644

>      > --- a/lib/efi_loader/efi_capsule.c

>      > +++ b/lib/efi_loader/efi_capsule.c

>      > @@ -14,10 +14,13 @@

>      >  #include <mapmem.h>

>      >  #include <sort.h>

>      >

>      > +#include <asm/global_data.h>

>      >  #include <crypto/pkcs7.h>

>      >  #include <crypto/pkcs7_parser.h>

>      >  #include <linux/err.h>

>      >

>      > +DECLARE_GLOBAL_DATA_PTR;

>      > +

>      >  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;

>      >  static const efi_guid_t efi_guid_firmware_management_capsule_id =

>      >                 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

>      > @@ -208,15 +211,45 @@ skip:

>      >  const efi_guid_t efi_guid_capsule_root_cert_guid =

>      >         EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

>      >

>      > -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t

>     *pkey_len)

>      > +#if defined(CONFIG_EFI_PKEY_DTB_EMBED)

>

>     Can you drop the #ifdef ?

>

>

> It will be good to keep the ifdef. This way, if some other platform

> wants to define a function for getting the public key using a different,

> platform specific method(for e.g. getting the keys from some read-only

> device like a fuse), it will be possible to do so. Without the ifdef,

> this becomes the only way to get the public key.


We prefer 'if (IS_ENABLED(CONFIG...))' instead of '#if or #ifdef' if
possible. See scripts/checkpatch.pl. This allows the compiler to check
the syntax of all code. With gcc -Os or -O2 the code on the dead branch
will be eliminated from the binary. In some cases variables or static
function will have to marked as __maybe_unused to follow this concept.

Best regards

Heinrich

>

>

>      > +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

>

>     pkey should really have a time...what is it?

>

>

> This is really a public key certificate in an efi signature list(esl)

> format. The parsing of the certificate and it's use for capsule

> authentication is done by the same set of functions which perform image

> authentication for the  uefi secure boot feature.

>

>

>      >  {

>      > -       /* The platform is supposed to provide

>      > -        * a method for getting the public key

>      > -        * stored in the form of efi signature

>      > -        * list

>      > +       /*

>      > +        * This is a function for retrieving the public key from the

>      > +        * platform's device tree. The platform's device tree has

>     been

>      > +        * concatenated with the u-boot binary.

>      > +        * If a platform has a different mechanism to get the public

>      > +        * key, it can define it's own kconfig symbol and define a

>      > +        * function to retrieve the public key

>      >          */

>      > +       const void *fdt_blob = gd->fdt_blob;

>      > +       const void *blob;

>

>     prop? val? It is not a DT blob

>

>

> Okay.

>

>

>      > +       const char *cnode_name = "capsule-key";

>      > +       const char *snode_name = "signature";

>

>     I believe these FIT things are defined in image.h

>

>

> These are based on the node names that are populated by the mkeficapsule

> utility. If you don't have a strong opinion on this, I would like to

> keep them as is. I can define macros for them.

>

>

>      > +       int sig_node;

>      > +       int len;

>      > +

>      > +       sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);

>      > +       if (sig_node < 0) {

>      > +               EFI_PRINT("Unable to get signature node offset\n");

>      > +               return -FDT_ERR_NOTFOUND;

>      > +       }

>

>     Can you use the livetree API?

>

>

> Can you please point me to the specific API that you are referring to.

> Thanks.

>

> -sughosh

>

>

>      > +

>      > +       blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);

>      > +

>      > +       if (!blob || len < 0) {

>      > +               EFI_PRINT("Unable to get capsule-key value\n");

>      > +               *pkey = NULL;

>      > +               *pkey_len = 0;

>      > +               return -FDT_ERR_NOTFOUND;

>      > +       }

>      > +

>      > +       *pkey = (void *)blob;

>      > +       *pkey_len = len;

>      > +

>      >         return 0;

>      >  }

>      > +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */

>      >

>      >  efi_status_t efi_capsule_authenticate(const void *capsule,

>     efi_uintn_t capsule_size,

>      >                                       void **image, efi_uintn_t

>     *image_size)

>      > --

>      > 2.17.1

>      >

>

>     Regards,

>     Simon

>
AKASHI Takahiro April 28, 2021, 5:27 a.m. | #4
Simon,

On Mon, Apr 12, 2021 at 08:35:25PM +0530, Sughosh Ganu wrote:
> Define a function which would be used in the scenario where the

> public key is stored on the platform's dtb. This dtb is concatenated

> with the u-boot binary during the build process. Platforms which have

> a different mechanism for getting the public key would define their

> own platform specific function under a different Kconfig symbol.

> 

> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> ---

> 

> Changes since V1:

> * Remove the weak function, and add the functionality to retrieve the

>   public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

> 

>  lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++-----

>  1 file changed, 38 insertions(+), 5 deletions(-)

> 

> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> index 2cc8f2dee0..d95e9377fe 100644

> --- a/lib/efi_loader/efi_capsule.c

> +++ b/lib/efi_loader/efi_capsule.c

> @@ -14,10 +14,13 @@

>  #include <mapmem.h>

>  #include <sort.h>

>  

> +#include <asm/global_data.h>

>  #include <crypto/pkcs7.h>

>  #include <crypto/pkcs7_parser.h>

>  #include <linux/err.h>

>  

> +DECLARE_GLOBAL_DATA_PTR;

> +

>  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;

>  static const efi_guid_t efi_guid_firmware_management_capsule_id =

>  		EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> @@ -208,15 +211,45 @@ skip:

>  const efi_guid_t efi_guid_capsule_root_cert_guid =

>  	EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

>  

> -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

> +#if defined(CONFIG_EFI_PKEY_DTB_EMBED)

> +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

>  {

> -	/* The platform is supposed to provide

> -	 * a method for getting the public key

> -	 * stored in the form of efi signature

> -	 * list

> +	/*

> +	 * This is a function for retrieving the public key from the

> +	 * platform's device tree. The platform's device tree has been

> +	 * concatenated with the u-boot binary.

> +	 * If a platform has a different mechanism to get the public

> +	 * key, it can define it's own kconfig symbol and define a

> +	 * function to retrieve the public key

>  	 */

> +	const void *fdt_blob = gd->fdt_blob;

> +	const void *blob;

> +	const char *cnode_name = "capsule-key";

> +	const char *snode_name = "signature";


# Again, "key" is not the best word to describe the value.

The syntax assumed here in a device tree (control FDT) is;
/ {
   signature {
       capsule-key = "...";
   };
   ...
};

"signature" node is already used as a directory to hold public keys
for FIT image verification (vboot).
(doc/uImage.FIT/signature.txt)

While it is unlikely that both EFI capsule authentication and
FIT image authentication are enabled at the same time, I'm a bit
concerned if the mixture of different contents might cause
some confusion.
For instance, "required-mode" which has nothing to do with UEFI capsule
may exist directly under "signagture."

Do you have any thoughts?

-Takahiro Akashi

> +	int sig_node;

> +	int len;

> +

> +	sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);

> +	if (sig_node < 0) {

> +		EFI_PRINT("Unable to get signature node offset\n");

> +		return -FDT_ERR_NOTFOUND;

> +	}

> +

> +	blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);

> +

> +	if (!blob || len < 0) {

> +		EFI_PRINT("Unable to get capsule-key value\n");

> +		*pkey = NULL;

> +		*pkey_len = 0;

> +		return -FDT_ERR_NOTFOUND;

> +	}

> +

> +	*pkey = (void *)blob;

> +	*pkey_len = len;

> +

>  	return 0;

>  }

> +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */

>  

>  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,

>  				      void **image, efi_uintn_t *image_size)

> -- 

> 2.17.1

>
AKASHI Takahiro May 11, 2021, 1:14 a.m. | #5
On Thu, Apr 15, 2021 at 03:55:52PM +0530, Sughosh Ganu wrote:
> On Thu, 15 Apr 2021 at 01:08, Simon Glass <sjg@chromium.org> wrote:

> 

> > On Mon, 12 Apr 2021 at 16:06, Sughosh Ganu <sughosh.ganu@linaro.org>

> > wrote:

> > >

> > > Define a function which would be used in the scenario where the

> > > public key is stored on the platform's dtb. This dtb is concatenated

> > > with the u-boot binary during the build process. Platforms which have

> > > a different mechanism for getting the public key would define their

> > > own platform specific function under a different Kconfig symbol.

> > >

> > > Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>

> > > ---

> > >

> > > Changes since V1:

> > > * Remove the weak function, and add the functionality to retrieve the

> > >   public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED.

> > >

> > >  lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++-----

> > >  1 file changed, 38 insertions(+), 5 deletions(-)

> >

> > Is this defined in a header file somewhere?

> >

> 

> No, I will declare the function in a header. Will do so in the next version.

> 

> 

> >

> > >

> > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c

> > > index 2cc8f2dee0..d95e9377fe 100644

> > > --- a/lib/efi_loader/efi_capsule.c

> > > +++ b/lib/efi_loader/efi_capsule.c

> > > @@ -14,10 +14,13 @@

> > >  #include <mapmem.h>

> > >  #include <sort.h>

> > >

> > > +#include <asm/global_data.h>

> > >  #include <crypto/pkcs7.h>

> > >  #include <crypto/pkcs7_parser.h>

> > >  #include <linux/err.h>

> > >

> > > +DECLARE_GLOBAL_DATA_PTR;

> > > +

> > >  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;

> > >  static const efi_guid_t efi_guid_firmware_management_capsule_id =

> > >                 EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> > > @@ -208,15 +211,45 @@ skip:

> > >  const efi_guid_t efi_guid_capsule_root_cert_guid =

> > >         EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;

> > >

> > > -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

> > > +#if defined(CONFIG_EFI_PKEY_DTB_EMBED)

> >

> > Can you drop the #ifdef ?

> >

> 

> It will be good to keep the ifdef. This way, if some other platform wants

> to define a function for getting the public key using a different, platform

> specific method(for e.g. getting the keys from some read-only device like a

> fuse), it will be possible to do so. Without the ifdef, this becomes the

> only way to get the public key.

> 

> 

> > > +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)

> >

> > pkey should really have a time...what is it?

> >

> 

> This is really a public key certificate in an efi signature list(esl)

> format. The parsing of the certificate and it's use for capsule

> authentication is done by the same set of functions which perform image

> authentication for the  uefi secure boot feature.

> 

> 

> > >  {

> > > -       /* The platform is supposed to provide

> > > -        * a method for getting the public key

> > > -        * stored in the form of efi signature

> > > -        * list

> > > +       /*

> > > +        * This is a function for retrieving the public key from the

> > > +        * platform's device tree. The platform's device tree has been

> > > +        * concatenated with the u-boot binary.

> > > +        * If a platform has a different mechanism to get the public

> > > +        * key, it can define it's own kconfig symbol and define a

> > > +        * function to retrieve the public key

> > >          */

> > > +       const void *fdt_blob = gd->fdt_blob;

> > > +       const void *blob;

> >

> > prop? val? It is not a DT blob

> >

> 

> Okay.

> 

> 

> >

> > > +       const char *cnode_name = "capsule-key";

> > > +       const char *snode_name = "signature";

> >

> > I believe these FIT things are defined in image.h

> >

> 

> These are based on the node names that are populated by the mkeficapsule

> utility. If you don't have a strong opinion on this, I would like to keep

> them as is. I can define macros for them.

> 

> 

> >

> > > +       int sig_node;

> > > +       int len;

> > > +

> > > +       sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);

> > > +       if (sig_node < 0) {

> > > +               EFI_PRINT("Unable to get signature node offset\n");

> > > +               return -FDT_ERR_NOTFOUND;

> > > +       }

> >

> > Can you use the livetree API?

> >

> 

> Can you please point me to the specific API that you are referring to.

> Thanks.


ofnode_*()
doc/develop/driver-model/livetree.rst

My concern here is that it is utterly unsafe to keep a public key/
certificate in a device tree if the control fdt can be changed by
users. Among others, fdt command (or CONFIG_OF_CONTROL) should be
turned off.

-Takahiro Akashi

> -sughosh

> 

> 

> >

> > > +

> > > +       blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);

> > > +

> > > +       if (!blob || len < 0) {

> > > +               EFI_PRINT("Unable to get capsule-key value\n");

> > > +               *pkey = NULL;

> > > +               *pkey_len = 0;

> > > +               return -FDT_ERR_NOTFOUND;

> > > +       }

> > > +

> > > +       *pkey = (void *)blob;

> > > +       *pkey_len = len;

> > > +

> > >         return 0;

> > >  }

> > > +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */

> > >

> > >  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t

> > capsule_size,

> > >                                       void **image, efi_uintn_t

> > *image_size)

> > > --

> > > 2.17.1

> > >

> >

> > Regards,

> > Simon

> >

Patch

diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
index 2cc8f2dee0..d95e9377fe 100644
--- a/lib/efi_loader/efi_capsule.c
+++ b/lib/efi_loader/efi_capsule.c
@@ -14,10 +14,13 @@ 
 #include <mapmem.h>
 #include <sort.h>
 
+#include <asm/global_data.h>
 #include <crypto/pkcs7.h>
 #include <crypto/pkcs7_parser.h>
 #include <linux/err.h>
 
+DECLARE_GLOBAL_DATA_PTR;
+
 const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
 static const efi_guid_t efi_guid_firmware_management_capsule_id =
 		EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
@@ -208,15 +211,45 @@  skip:
 const efi_guid_t efi_guid_capsule_root_cert_guid =
 	EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
 
-__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
+#if defined(CONFIG_EFI_PKEY_DTB_EMBED)
+int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
 {
-	/* The platform is supposed to provide
-	 * a method for getting the public key
-	 * stored in the form of efi signature
-	 * list
+	/*
+	 * This is a function for retrieving the public key from the
+	 * platform's device tree. The platform's device tree has been
+	 * concatenated with the u-boot binary.
+	 * If a platform has a different mechanism to get the public
+	 * key, it can define it's own kconfig symbol and define a
+	 * function to retrieve the public key
 	 */
+	const void *fdt_blob = gd->fdt_blob;
+	const void *blob;
+	const char *cnode_name = "capsule-key";
+	const char *snode_name = "signature";
+	int sig_node;
+	int len;
+
+	sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
+	if (sig_node < 0) {
+		EFI_PRINT("Unable to get signature node offset\n");
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
+
+	if (!blob || len < 0) {
+		EFI_PRINT("Unable to get capsule-key value\n");
+		*pkey = NULL;
+		*pkey_len = 0;
+		return -FDT_ERR_NOTFOUND;
+	}
+
+	*pkey = (void *)blob;
+	*pkey_len = len;
+
 	return 0;
 }
+#endif /* CONFIG_EFI_PKEY_DTB_EMBED */
 
 efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
 				      void **image, efi_uintn_t *image_size)