From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sughosh Ganu Date: Fri, 9 Apr 2021 11:55:57 +0530 Subject: [PATCH 4/5] efi_capsule: Add a weak function to get the public key needed for capsule authentication In-Reply-To: References: <20210407115335.8615-1-sughosh.ganu@linaro.org> <20210407115335.8615-5-sughosh.ganu@linaro.org> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Fri, 9 Apr 2021 at 01:23, Heinrich Schuchardt wrote: > On 4/7/21 1:53 PM, Sughosh Ganu wrote: > > Define a weak function which would be used in the scenario where the > > public key is stored on the platform's dtb. This dtb is concatenated > > with the u-boot binary during the build process. Platforms which have > > a different mechanism for getting the public key would define their > > own platform specific function. > > Storing the public key in U-Boot's dtb is reasonable. But what is the > use case for a weak function? > This point was discussed in another mail thread[1]. -sughosh [1] - https://lists.denx.de/pipermail/u-boot/2021-April/446694.html > Best regards > > Heinrich > > > > > Signed-off-by: Sughosh Ganu > > --- > > lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++---- > > 1 file changed, 34 insertions(+), 4 deletions(-) > > > > diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c > > index 1423b675c8..fc5e1c0856 100644 > > --- a/lib/efi_loader/efi_capsule.c > > +++ b/lib/efi_loader/efi_capsule.c > > @@ -14,10 +14,13 @@ > > #include > > #include > > > > +#include > > #include > > #include > > #include > > > > +DECLARE_GLOBAL_DATA_PTR; > > + > > const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; > > static const efi_guid_t efi_guid_firmware_management_capsule_id = > > EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; > > @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid = > > > > __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) > > { > > - /* The platform is supposed to provide > > - * a method for getting the public key > > - * stored in the form of efi signature > > - * list > > + /* > > + * This is a function for retrieving the public key from the > > + * platform's device tree. The platform's device tree has been > > + * concatenated with the u-boot binary. > > + * If a platform has a different mechanism to get the public > > + * key, it can define it's own function. > > */ > > + const void *fdt_blob = gd->fdt_blob; > > + const void *blob; > > + const char *cnode_name = "capsule-key"; > > + const char *snode_name = "signature"; > > + int sig_node; > > + int len; > > + > > + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); > > + if (sig_node < 0) { > > + EFI_PRINT("Unable to get signature node offset\n"); > > + return -FDT_ERR_NOTFOUND; > > + } > > + > > + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); > > + > > + if (!blob || len < 0) { > > + EFI_PRINT("Unable to get capsule-key value\n"); > > + *pkey = NULL; > > + *pkey_len = 0; > > + return -FDT_ERR_NOTFOUND; > > + } > > + > > + *pkey = (void *)blob; > > + *pkey_len = len; > > + > > return 0; > > } > > > > > >