| Message ID | 20210510081931.43983-1-takahiro.akashi@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | efi_loader: capsule: add a debug message in case of no key | expand |
On 5/10/21 10:19 AM, AKASHI Takahiro wrote: > It will probably be a common error case that a certificate (public key) > is not provided by the system while capsule authentication is enabled. > So add a debug message. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > lib/efi_loader/efi_capsule.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > index 90893f85e22c..84ddaf50d13f 100644 > --- a/lib/efi_loader/efi_capsule.c > +++ b/lib/efi_loader/efi_capsule.c > @@ -316,8 +316,10 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > } > > ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); > - if (ret < 0) > + if (ret < 0) { > + debug("Public key/certificate not found\n"); Currently the only implementation of efi_get_public_key_data() actually providing keys is the one in board/emulation/common/qemu_capsule.c where the user has to manually upload the esl file. For future implementation it is preferable to build the public key data into the U-Boot binary. If it is part of the build process then the only error that could come up is that the public key data has the wrong format. If we are using the weak implementation of efi_get_public_key_data() in lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the system is misconfigured. Do we need that weak implementation at all? I would prefer to remove to get a build error. I suggest that you add a log_err() message with above text into the board/emulation/common/qemu_capsule.c implementation of efi_get_public_key_data(). This way the user will see that he forgot a step. Best regards Heinrich > goto out; > + } > > pkey = malloc(pkey_len); > if (!pkey) >
On Thu, May 20, 2021 at 04:06:12AM +0200, Heinrich Schuchardt wrote: > On 5/10/21 10:19 AM, AKASHI Takahiro wrote: > > It will probably be a common error case that a certificate (public key) > > is not provided by the system while capsule authentication is enabled. > > So add a debug message. > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > --- > > lib/efi_loader/efi_capsule.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > index 90893f85e22c..84ddaf50d13f 100644 > > --- a/lib/efi_loader/efi_capsule.c > > +++ b/lib/efi_loader/efi_capsule.c > > @@ -316,8 +316,10 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > > } > > > > ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); > > - if (ret < 0) > > + if (ret < 0) { > > + debug("Public key/certificate not found\n"); > > Currently the only implementation of efi_get_public_key_data() actually > providing keys is the one in board/emulation/common/qemu_capsule.c where > the user has to manually upload the esl file. > > For future implementation it is preferable to build the public key data > into the U-Boot binary. If it is part of the build process then the only > error that could come up is that the public key data has the wrong format. Now Ilias posted a patch to embed a public key in the U-Boot binary. But it won't be the only solution in the future and the system owners may want to provide a key in their own way; hence, it might not be "part of build process." So I think that adding a message is still valid, even it should be treated as an error message instead of a debug message to warn "users". -Takahiro Akashi > If we are using the weak implementation of efi_get_public_key_data() in > lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the > system is misconfigured. Do we need that weak implementation at all? I > would prefer to remove to get a build error. > > I suggest that you add a log_err() message with above text into the > board/emulation/common/qemu_capsule.c implementation of > efi_get_public_key_data(). This way the user will see that he forgot a step. > > Best regards > > Heinrich > > > goto out; > > + } > > > > pkey = malloc(pkey_len); > > if (!pkey) > > >
Akashi-san, On Tue, Jul 20, 2021 at 11:13:40AM +0900, AKASHI Takahiro wrote: > On Thu, May 20, 2021 at 04:06:12AM +0200, Heinrich Schuchardt wrote: > > On 5/10/21 10:19 AM, AKASHI Takahiro wrote: > > > It will probably be a common error case that a certificate (public key) > > > is not provided by the system while capsule authentication is enabled. > > > So add a debug message. > > > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > --- > > > lib/efi_loader/efi_capsule.c | 4 +++- > > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > > index 90893f85e22c..84ddaf50d13f 100644 > > > --- a/lib/efi_loader/efi_capsule.c > > > +++ b/lib/efi_loader/efi_capsule.c > > > @@ -316,8 +316,10 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > > > } > > > > > > ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); > > > - if (ret < 0) > > > + if (ret < 0) { > > > + debug("Public key/certificate not found\n"); > > > > Currently the only implementation of efi_get_public_key_data() actually > > providing keys is the one in board/emulation/common/qemu_capsule.c where > > the user has to manually upload the esl file. > > > > For future implementation it is preferable to build the public key data > > into the U-Boot binary. If it is part of the build process then the only > > error that could come up is that the public key data has the wrong format. > > Now Ilias posted a patch to embed a public key in the U-Boot binary. > But it won't be the only solution in the future and the system owners > may want to provide a key in their own way; hence, it might not be "part > of build process." > Correct. My patch intentionally leaves out that part and I hope someone will need it and implement it. > So I think that adding a message is still valid, even it should be > treated as an error message instead of a debug message to warn "users". Keep in mind that the makefile currently checks for the .esl file. if the file is not found there's a compilation error, prompting the user to add a valid file Thanks /Ilias > > -Takahiro Akashi > > > > If we are using the weak implementation of efi_get_public_key_data() in > > lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the > > system is misconfigured. Do we need that weak implementation at all? I > > would prefer to remove to get a build error. > > > > I suggest that you add a log_err() message with above text into the > > board/emulation/common/qemu_capsule.c implementation of > > efi_get_public_key_data(). This way the user will see that he forgot a step. > > > > Best regards > > > > Heinrich > > > > > goto out; > > > + } > > > > > > pkey = malloc(pkey_len); > > > if (!pkey) > > > > >
On Tue, Jul 20, 2021 at 09:39:12AM +0300, Ilias Apalodimas wrote: > Akashi-san, > > On Tue, Jul 20, 2021 at 11:13:40AM +0900, AKASHI Takahiro wrote: > > On Thu, May 20, 2021 at 04:06:12AM +0200, Heinrich Schuchardt wrote: > > > On 5/10/21 10:19 AM, AKASHI Takahiro wrote: > > > > It will probably be a common error case that a certificate (public key) > > > > is not provided by the system while capsule authentication is enabled. > > > > So add a debug message. > > > > > > > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > > > > --- > > > > lib/efi_loader/efi_capsule.c | 4 +++- > > > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > > > index 90893f85e22c..84ddaf50d13f 100644 > > > > --- a/lib/efi_loader/efi_capsule.c > > > > +++ b/lib/efi_loader/efi_capsule.c > > > > @@ -316,8 +316,10 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s > > > > } > > > > > > > > ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); > > > > - if (ret < 0) > > > > + if (ret < 0) { > > > > + debug("Public key/certificate not found\n"); > > > > > > Currently the only implementation of efi_get_public_key_data() actually > > > providing keys is the one in board/emulation/common/qemu_capsule.c where > > > the user has to manually upload the esl file. > > > > > > For future implementation it is preferable to build the public key data > > > into the U-Boot binary. If it is part of the build process then the only > > > error that could come up is that the public key data has the wrong format. > > > > Now Ilias posted a patch to embed a public key in the U-Boot binary. > > But it won't be the only solution in the future and the system owners > > may want to provide a key in their own way; hence, it might not be "part > > of build process." > > > > Correct. My patch intentionally leaves out that part and I hope someone > will need it and implement it. > > > So I think that adding a message is still valid, even it should be > > treated as an error message instead of a debug message to warn "users". > > > Keep in mind that the makefile currently checks for the .esl file. if the > file is not found there's a compilation error, prompting the user to add a > valid file If your efi_get_public_key_data() is the only implementation in the system, checking a return value (if ret < 0) is also meaningless. -Takahiro Akashi > > Thanks > /Ilias > > > > -Takahiro Akashi > > > > > > > If we are using the weak implementation of efi_get_public_key_data() in > > > lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the > > > system is misconfigured. Do we need that weak implementation at all? I > > > would prefer to remove to get a build error. > > > > > > I suggest that you add a log_err() message with above text into the > > > board/emulation/common/qemu_capsule.c implementation of > > > efi_get_public_key_data(). This way the user will see that he forgot a step. > > > > > > Best regards > > > > > > Heinrich > > > > > > > goto out; > > > > + } > > > > > > > > pkey = malloc(pkey_len); > > > > if (!pkey) > > > > > > >
> > > > > + debug("Public key/certificate not found\n"); [...] > > > > > > > > Currently the only implementation of efi_get_public_key_data() actually > > > > providing keys is the one in board/emulation/common/qemu_capsule.c where > > > > the user has to manually upload the esl file. > > > > > > > > For future implementation it is preferable to build the public key data > > > > into the U-Boot binary. If it is part of the build process then the only > > > > error that could come up is that the public key data has the wrong format. > > > > > > Now Ilias posted a patch to embed a public key in the U-Boot binary. > > > But it won't be the only solution in the future and the system owners > > > may want to provide a key in their own way; hence, it might not be "part > > > of build process." > > > > > > > Correct. My patch intentionally leaves out that part and I hope someone > > will need it and implement it. > > > > > So I think that adding a message is still valid, even it should be > > > treated as an error message instead of a debug message to warn "users". > > > > > > Keep in mind that the makefile currently checks for the .esl file. if the > > file is not found there's a compilation error, prompting the user to add a > > valid file > > If your efi_get_public_key_data() is the only implementation in > the system, checking a return value (if ret < 0) is also meaningless. Yea but what I expect here, is to make it a __weak function in the future and allow reading the key from hardware. So the check is there to ensure that when we add other ways of reading the key we are doing the right thing Thanks /Ilias > > -Takahiro Akashi > > > > > > Thanks > > /Ilias > > > > > > -Takahiro Akashi > > > > > > > > > > If we are using the weak implementation of efi_get_public_key_data() in > > > > lib/efi_loader/efi_capsule.cwith CONFIG_EFI_CAPSULE_AUTHENTICATE=y, the > > > > system is misconfigured. Do we need that weak implementation at all? I > > > > would prefer to remove to get a build error. > > > > > > > > I suggest that you add a log_err() message with above text into the > > > > board/emulation/common/qemu_capsule.c implementation of > > > > efi_get_public_key_data(). This way the user will see that he forgot a step. > > > > > > > > Best regards > > > > > > > > Heinrich > > > > > > > > > goto out; > > > > > + } > > > > > > > > > > pkey = malloc(pkey_len); > > > > > if (!pkey) > > > > > > > > >
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 90893f85e22c..84ddaf50d13f 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -316,8 +316,10 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s } ret = efi_get_public_key_data(&fdt_pkey, &pkey_len); - if (ret < 0) + if (ret < 0) { + debug("Public key/certificate not found\n"); goto out; + } pkey = malloc(pkey_len); if (!pkey)
It will probably be a common error case that a certificate (public key) is not provided by the system while capsule authentication is enabled. So add a debug message. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- lib/efi_loader/efi_capsule.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.31.0