All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Takahiro Akashi <takahiro.akashi@linaro.org>,
	 Masami Hiramatsu <masami.hiramatsu@linaro.org>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	 Alexander Graf <agraf@csgraf.de>,
	Sughosh Ganu <sughosh.ganu@linaro.org>,
	 Simon Glass <sjg@chromium.org>,
	U-Boot Mailing List <u-boot@lists.denx.de>
Subject: Re: [PATCH 1/3] efi_capsule: Move signature from DTB to .rodata
Date: Sat, 17 Jul 2021 17:14:55 +0300	[thread overview]
Message-ID: <CAC_iWjJ=JN72+a0huD-M_LimXxOLBwWeE2pjmYFrh3vsy4QpUQ@mail.gmail.com> (raw)
In-Reply-To: <YPLAhWu+qmiMmpdB@apalos.home>

On Sat, 17 Jul 2021 at 14:35, Ilias Apalodimas
<ilias.apalodimas@linaro.org> wrote:
>
> > > >

[...]

> > > >  obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o
> > > > +obj-$(CONFIG_EFI_CAPSULE_AUTHENTICATE) += efi_capsule_key.o
> >
> > We should give users another choice here to allow them to add their
> > own solution for key storage.
> > Or only enable this line if "CONFIG_EFI_CAPSULE_KEY_PATH" != null?

Actually once you enable the capsule authentication compilation fails
now if a file is not provided, with a message asking for the use to
provide a valid filepath.  I'd prefer leaving it as is and once we get
a hardware that can override the embedded key, we can add an extra
Kconfig option.

> >
> > > >  obj-$(CONFIG_EFI_CAPSULE_FIRMWARE) += efi_firmware.o
> > > >  obj-y += efi_console.o
> > > >  obj-y += efi_device_path.o
> > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> > > > index b878e71438b8..50e93cad4ee5 100644
> > > > --- a/lib/efi_loader/efi_capsule.c
> > > > +++ b/lib/efi_loader/efi_capsule.c
> > > > @@ -16,6 +16,7 @@
> > > >  #include <mapmem.h>
> > > >  #include <sort.h>
> > > >
> > > > +#include <asm/sections.h>
> > > >  #include <crypto/pkcs7.h>
> > > >  #include <crypto/pkcs7_parser.h>
> > > >  #include <linux/err.h>
> > > > @@ -222,12 +223,23 @@ skip:
> > > >  const efi_guid_t efi_guid_capsule_root_cert_guid =
> > > >         EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> > > >
> > > > +int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
> >
> > static?
>
> yea

Once we do get support for hardware stored signatures, this can be
changed to a __weak function.

>
> >
> > > > +{
> > > > +       const void *blob = __efi_capsule_sig_begin;
> > > > +       const int len = __efi_capsule_sig_end - __efi_capsule_sig_begin;
> >
> > It seems that the length can be calculated at compile time.
> >
>
> Yea but you still need the __efi_capsule_sig_begin.  What's the proposal
> here? Replace __efi_capsule_sig_end with the size on the .S file?
>
> > > > +       *pkey = (void *)blob;
> > > > +       *pkey_len = len;
> > > > +
> > > > +       return 0;
> > > > +}
> > > > +
> > > >  efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size,
> > > >                                       void **image, efi_uintn_t *image_size)
> > > >  {
> > > >         u8 *buf;
> > > >         int ret;
> > > > -       void *fdt_pkey, *pkey;
> > > > +       void *stored_pkey, *pkey;
> > > >         efi_uintn_t pkey_len;
> > > >         uint64_t monotonic_count;
> > > >         struct efi_signature_store *truststore;
> > > > @@ -286,7 +298,7 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s
> > > >                 goto out;
> > > >         }
> > > >
> > > > -       ret = efi_get_public_key_data(&fdt_pkey, &pkey_len);
> > > > +       ret = efi_get_public_key_data(&stored_pkey, &pkey_len);
> > > >         if (ret < 0)
> > > >                 goto out;
> > > >
> > > > @@ -294,7 +306,7 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s
> > > >         if (!pkey)
> > > >                 goto out;
> > > >
> > > > -       memcpy(pkey, fdt_pkey, pkey_len);
> > > > +       memcpy(pkey, stored_pkey, pkey_len);
> > > >         truststore = efi_build_signature_store(pkey, pkey_len);
> > > >         if (!truststore)
> > > >                 goto out;
> > > > diff --git a/lib/efi_loader/efi_capsule_key.S b/lib/efi_loader/efi_capsule_key.S
> > > > new file mode 100644
> > > > index 000000000000..f7047a42e39d
> > > > --- /dev/null
> > > > +++ b/lib/efi_loader/efi_capsule_key.S
> > > > @@ -0,0 +1,8 @@
> >
> > Should we have "#include <config.h>" here?
>
> Hmm maybe. Compiling didn't cause any problems, but it seems we can add
> that include
>
>
> > Otherwise it looks good.
> >
> > -Takahiro Akashi
>
> Thanks
> /Ilias
> >
> > > > +.section .rodata.capsule_key.init,"a"
> > > > +.balign 16
> > > > +.global __efi_capsule_sig_begin
> > > > +__efi_capsule_sig_begin:
> > > > +.incbin CONFIG_EFI_CAPSULE_KEY_PATH
> > > > +__efi_capsule_sig_end:
> > > > +.global __efi_capsule_sig_end
> > > > +.balign 16
> > > > --
> > > > 2.32.0.rc0
> > > >
> > >
> > >
> > > --
> > > Masami Hiramatsu

  reply	other threads:[~2021-07-17 14:15 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-15 17:00 [PATCH 1/3] efi_capsule: Move signature from DTB to .rodata Ilias Apalodimas
2021-07-15 17:00 ` [PATCH 2/3] mkeficapsule: Remove dtb related options Ilias Apalodimas
2021-07-16  5:57   ` Masami Hiramatsu
2021-07-16 13:53     ` Takahiro Akashi
2021-07-16 14:03   ` Simon Glass
2021-07-17  7:24     ` Ilias Apalodimas
2021-07-20 18:33       ` Simon Glass
2021-07-20 18:43         ` Ilias Apalodimas
2021-07-20 18:50           ` Simon Glass
2021-07-15 17:00 ` [PATCH 3/3] doc: Update CapsuleUpdate READMEs Ilias Apalodimas
2021-07-16  6:50   ` Heinrich Schuchardt
2021-07-16  7:09     ` Ilias Apalodimas
2021-07-16 12:33       ` AKASHI Takahiro
2021-07-16  5:57 ` [PATCH 1/3] efi_capsule: Move signature from DTB to .rodata Masami Hiramatsu
2021-07-16 13:39   ` Takahiro Akashi
2021-07-17 11:35     ` Ilias Apalodimas
2021-07-17 14:14       ` Ilias Apalodimas [this message]
2021-07-16  6:44 ` Sughosh Ganu
2021-07-16 13:49 ` Simon Glass
2021-07-17 11:36   ` Ilias Apalodimas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAC_iWjJ=JN72+a0huD-M_LimXxOLBwWeE2pjmYFrh3vsy4QpUQ@mail.gmail.com' \
    --to=ilias.apalodimas@linaro.org \
    --cc=agraf@csgraf.de \
    --cc=masami.hiramatsu@linaro.org \
    --cc=sjg@chromium.org \
    --cc=sughosh.ganu@linaro.org \
    --cc=takahiro.akashi@linaro.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.