From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: u-boot@lists.denx.de
Subject: [PATCH v4 10/16] cmd: env: use appropriate guid for authenticated UEFI variable
Date: Tue, 21 Jan 2020 08:13:06 +0100 [thread overview]
Message-ID: <786152f8-c0ee-1bdd-eac5-62a5be717686@gmx.de> (raw)
In-Reply-To: <20191218004512.24939-11-takahiro.akashi@linaro.org>
On 12/18/19 1:45 AM, AKASHI Takahiro wrote:
> A signature database variable is associated with a specific guid.
> For convenience, if user doesn't supply any guid info, "env set|print -e"
> should complement it.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
> cmd/nvedit_efi.c | 18 ++++++++++++++----
> 1 file changed, 14 insertions(+), 4 deletions(-)
>
> diff --git a/cmd/nvedit_efi.c b/cmd/nvedit_efi.c
> index 8ea0da01283f..579cf430593c 100644
> --- a/cmd/nvedit_efi.c
> +++ b/cmd/nvedit_efi.c
> @@ -41,6 +41,11 @@ static const struct {
> } efi_guid_text[] = {
> /* signature database */
> {EFI_GLOBAL_VARIABLE_GUID, "EFI_GLOBAL_VARIABLE_GUID"},
> + {EFI_IMAGE_SECURITY_DATABASE_GUID, "EFI_IMAGE_SECURITY_DATABASE_GUID"},
> + /* certificate type */
> + {EFI_CERT_SHA256_GUID, "EFI_CERT_SHA256_GUID"},
> + {EFI_CERT_X509_GUID, "EFI_CERT_X509_GUID"},
> + {EFI_CERT_TYPE_PKCS7_GUID, "EFI_CERT_TYPE_PKCS7_GUID"},
> };
>
> /* "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" */
> @@ -525,9 +530,9 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> if (*ep != ',')
> return CMD_RET_USAGE;
>
> + /* 0 should be allowed for delete */
> size = simple_strtoul(++ep, NULL, 16);
> - if (!size)
> - return CMD_RET_FAILURE;
> +
> value_on_memory = true;
> } else if (!strcmp(argv[0], "-v")) {
> verbose = true;
> @@ -539,8 +544,13 @@ int do_env_set_efi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
> return CMD_RET_USAGE;
>
> var_name = argv[0];
> - if (default_guid)
> - guid = efi_global_variable_guid;
> + if (default_guid) {
> + if (!strcmp(var_name, "db") || !strcmp(var_name, "dbx") ||
> + !strcmp(var_name, "dbt"))
Why is "dbr" missing?
I guess dbDefault, dbrDefault, dbxDefault, dbtDefault use
EFI_GLOBAL_VARIABLE?
Best regards
Heinrich
> + guid = efi_guid_image_security_database;
> + else
> + guid = efi_global_variable_guid;
> + }
>
> if (verbose) {
> printf("GUID: %s\n", efi_guid_to_str((const efi_guid_t *)
>
next prev parent reply other threads:[~2020-01-21 7:13 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 0:44 [PATCH v4 00/16] efi_loader: add secure boot support AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 01/16] include: pe.h: add signature-related definitions AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 02/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option AKASHI Takahiro
2019-12-18 0:44 ` [PATCH v4 03/16] efi_loader: add signature verification functions AKASHI Takahiro
2020-01-14 23:43 ` Heinrich Schuchardt
2020-01-15 0:13 ` Heinrich Schuchardt
2020-01-17 2:20 ` AKASHI Takahiro
2020-01-17 5:37 ` Heinrich Schuchardt
2020-01-21 6:00 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 04/16] efi_loader: add signature database parser AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 05/16] efi_loader: variable: support variable authentication AKASHI Takahiro
2020-01-08 22:54 ` Heinrich Schuchardt
2020-01-17 5:35 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 06/16] efi_loader: variable: add secure boot state transition AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 07/16] efi_loader: variable: add VendorKeys variable AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 08/16] efi_loader: image_loader: support image authentication AKASHI Takahiro
2020-01-08 23:55 ` Heinrich Schuchardt
2020-01-17 5:11 ` AKASHI Takahiro
2020-01-17 5:51 ` Heinrich Schuchardt
2020-01-21 6:12 ` AKASHI Takahiro
2020-01-21 7:15 ` Heinrich Schuchardt
2020-01-22 1:13 ` AKASHI Takahiro
2020-01-22 7:42 ` AKASHI Takahiro
2020-01-23 17:41 ` Heinrich Schuchardt
2020-01-27 6:52 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 09/16] efi_loader: set up secure boot AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 10/16] cmd: env: use appropriate guid for authenticated UEFI variable AKASHI Takahiro
2020-01-21 7:13 ` Heinrich Schuchardt [this message]
2020-01-22 1:01 ` AKASHI Takahiro
2020-01-22 6:38 ` Heinrich Schuchardt
2020-01-22 7:15 ` AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 11/16] cmd: env: add "-at" option to "env set -e" command AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 12/16] efi_loader, pytest: set up secure boot environment AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 13/16] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 14/16] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-12-18 0:45 ` [PATCH v4 15/16] sandbox: add extra configurations for UEFI and related tests AKASHI Takahiro
2019-12-28 2:26 ` Simon Glass
2019-12-18 0:45 ` [PATCH v4 16/16] travis: add packages for UEFI secure boot test AKASHI Takahiro
2020-01-08 23:11 ` [PATCH v4 00/16] efi_loader: add secure boot support Heinrich Schuchardt
2020-01-09 0:08 ` Heinrich Schuchardt
2020-01-09 8:02 ` Ilias Apalodimas
2020-01-09 19:09 ` Heinrich Schuchardt
2020-01-09 20:03 ` Ilias Apalodimas
2020-01-17 5:59 ` AKASHI Takahiro
2020-01-17 6:39 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=786152f8-c0ee-1bdd-eac5-62a5be717686@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.