From patchwork Mon Apr 12 15:05:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sughosh Ganu X-Patchwork-Id: 419564 Delivered-To: patch@linaro.org Received: by 2002:a17:906:6d12:0:0:0:0 with SMTP id m18csp1703831ejr; Mon, 12 Apr 2021 08:07:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztquLkQkIEBPHIu4oZ1s+Co+d+N+UuJQBG1nwFwT+Nlh61OstBsvC3BiCfUqPz8uWBZ8rw X-Received: by 2002:aa7:c7d5:: with SMTP id o21mr29827308eds.166.1618240067115; Mon, 12 Apr 2021 08:07:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618240067; cv=none; d=google.com; s=arc-20160816; b=HsDaejGha8t/qFQ6Mtj7hjIeBxx2IuK5dKYbWK1y8JuD8jXd4V/DmaDCMt6j/60iMQ l8OYQ2+WWo/7Aq4jGDIWaZwpcJUdqNWN+XnMsB4rH6NtlfDnLVCz/m3oWjHX2OOrtK3N Vq6emBS02pKPQEQRn1kmdxVGTxOSrzuYISB1JZAVnTnOjlCBX/8l0h/VKfYSBsbm2PeQ ozn0QmTFNNX35SnUZ3Bul2g984q0G4TWN0PvoAJlRiAduXc3YVnrCygkFgp/J9cBdnD3 Xy/DqLsrcMMEG6iqQnieGUq+sLtr6OmfxQUHm3jgnUqIo4sH5LZZpYGqU1jbo/JJJAFL VW6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from; bh=rCvjFyLRMH4+c+qWx9DRfA4EYvht0mkidz4FwgiNYhc=; b=AkyH/Ra/l+lLaBf10xU8vJeInoavvdInWRChoWxDQAA5leQFNvUTzXUiSdPfiee2It l8RsivHYLf+DCPTbQHbWglUQkvzs0OSKG5K89ke73n7tyLsjEJjYWqhxvPOF9NnTr4wo O69bK16/DSs6sEY3IHD6ciDBAe5Y+/wKkc7imr8LBsBSDQSnrWbaiykGiR0nCG64jyAv Q5GNcLFJ9rDOBknf563aZ0MsH8uOj68UiFaStcSDT3FjOG+5xDxU93zjrNISWMXijCHz zG1aBjEWpSx0UMQES4DhtHzkEvIzqV1mls4URhXuEq84Wi09HRaqc1V5ctq4+UhfwpFO T5TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id du4si5271301ejc.522.2021.04.12.08.07.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Apr 2021 08:07:47 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6C7A0818C7; Mon, 12 Apr 2021 17:06:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id A7F18817B4; Mon, 12 Apr 2021 17:06:11 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id B45DC816AF for ; Mon, 12 Apr 2021 17:05:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=sughosh.ganu@linaro.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A053A113E; Mon, 12 Apr 2021 08:05:57 -0700 (PDT) Received: from a076522.blr.arm.com (a076522.blr.arm.com [10.162.16.44]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 88D2A3F694; Mon, 12 Apr 2021 08:05:55 -0700 (PDT) From: Sughosh Ganu To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Alexander Graf , Simon Glass , Bin Meng , Pali Rohar , Sughosh Ganu Subject: [PATCH v2 3/4] efi_capsule: Add a function to get the public key needed for capsule authentication Date: Mon, 12 Apr 2021 20:35:25 +0530 Message-Id: <20210412150526.29822-4-sughosh.ganu@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210412150526.29822-1-sughosh.ganu@linaro.org> References: <20210412150526.29822-1-sughosh.ganu@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Define a function which would be used in the scenario where the public key is stored on the platform's dtb. This dtb is concatenated with the u-boot binary during the build process. Platforms which have a different mechanism for getting the public key would define their own platform specific function under a different Kconfig symbol. Signed-off-by: Sughosh Ganu --- Changes since V1: * Remove the weak function, and add the functionality to retrieve the public key under the config symbol CONFIG_EFI_PKEY_DTB_EMBED. lib/efi_loader/efi_capsule.c | 43 +++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) -- 2.17.1 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 2cc8f2dee0..d95e9377fe 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -14,10 +14,13 @@ #include #include +#include #include #include #include +DECLARE_GLOBAL_DATA_PTR; + const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; static const efi_guid_t efi_guid_firmware_management_capsule_id = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; @@ -208,15 +211,45 @@ skip: const efi_guid_t efi_guid_capsule_root_cert_guid = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; -__weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) +#if defined(CONFIG_EFI_PKEY_DTB_EMBED) +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) { - /* The platform is supposed to provide - * a method for getting the public key - * stored in the form of efi signature - * list + /* + * This is a function for retrieving the public key from the + * platform's device tree. The platform's device tree has been + * concatenated with the u-boot binary. + * If a platform has a different mechanism to get the public + * key, it can define it's own kconfig symbol and define a + * function to retrieve the public key */ + const void *fdt_blob = gd->fdt_blob; + const void *blob; + const char *cnode_name = "capsule-key"; + const char *snode_name = "signature"; + int sig_node; + int len; + + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); + if (sig_node < 0) { + EFI_PRINT("Unable to get signature node offset\n"); + return -FDT_ERR_NOTFOUND; + } + + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); + + if (!blob || len < 0) { + EFI_PRINT("Unable to get capsule-key value\n"); + *pkey = NULL; + *pkey_len = 0; + return -FDT_ERR_NOTFOUND; + } + + *pkey = (void *)blob; + *pkey_len = len; + return 0; } +#endif /* CONFIG_EFI_PKEY_DTB_EMBED */ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size, void **image, efi_uintn_t *image_size)