All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mat Martineau <mathew.j.martineau@linux.intel.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, matthew.garrett@nebula.com,
	linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 6/9] efi: Add EFI signature data types
Date: Wed, 16 Nov 2016 15:43:48 -0800 (PST)	[thread overview]
Message-ID: <alpine.OSX.2.20.1611161535590.67352@mjmartin-mac01.local> (raw)
In-Reply-To: <147931988803.16460.18213104388363289832.stgit@warthog.procyon.org.uk>


David,

On Wed, 16 Nov 2016, David Howells wrote:

> From: Dave Howells <dhowells@redhat.com>
>
> Add the data types that are used for containing hashes, keys and
> certificates for cryptographic verification along with their corresponding
> type GUIDs.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>
> include/linux/efi.h |   24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/include/linux/efi.h b/include/linux/efi.h
> index acfdea8381de..6fb50bafedc7 100644
> --- a/include/linux/efi.h
> +++ b/include/linux/efi.h
> @@ -594,6 +594,9 @@ void efi_native_runtime_setup(void);
>
> #define EFI_IMAGE_SECURITY_DATABASE_GUID	EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
> #define EFI_SHIM_LOCK_GUID			EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
> +#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 )
> +#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
> +#define EFI_CERT_X509_SHA256_GUID		EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed );

The trailing ';' on EFI_CERT_X509_SHA256_GUID could trip someone up later. 
As long as you're fixing that, the spaces before the closing parens are 
inconsistent with the other GUID definitions in this file.

> /*
>  * This GUID is used to pass to the kernel proper the struct screen_info
> @@ -853,6 +856,27 @@ typedef struct {
> 	efi_memory_desc_t entry[0];
> } efi_memory_attributes_table_t;
>
> +typedef struct  {
> +	efi_guid_t signature_owner;
> +	u8 signature_data[];
> +} efi_signature_data_t;
> +
> +typedef struct {
> +	efi_guid_t signature_type;
> +	u32 signature_list_size;
> +	u32 signature_header_size;
> +	u32 signature_size;
> +	u8 signature_header[];
> +	/* efi_signature_data_t signatures[][] */
> +} efi_signature_list_t;
> +
> +typedef u8 efi_sha256_hash_t[32];
> +
> +typedef struct {
> +	efi_sha256_hash_t to_be_signed_hash;
> +	efi_time_t time_of_revocation;
> +} efi_cert_x509_sha256_t;
> +
> /*
>  * All runtime access to EFI goes through this structure:
>  */

--
Mat Martineau
Intel OTC

  reply	other threads:[~2016-11-16 23:44 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-16 18:10 [PATCH 0/9] KEYS: Blacklisting & UEFI database load David Howells
2016-11-16 18:10 ` David Howells
2016-11-16 18:10 ` [PATCH 1/9] KEYS: Add a system blacklist keyring David Howells
2016-11-16 18:10 ` [PATCH 2/9] X.509: Allow X.509 certs to be blacklisted David Howells
2016-11-16 18:11 ` [PATCH 3/9] PKCS#7: Handle blacklisted certificates David Howells
2016-11-16 18:11 ` [PATCH 4/9] KEYS: Allow unrestricted boot-time addition of keys to secondary keyring David Howells
2016-11-17  6:41   ` Petko Manolov
2016-11-17  9:56   ` David Howells
2016-11-17 10:22     ` Petko Manolov
2016-11-17 10:22       ` Petko Manolov
2016-11-17 11:18     ` David Howells
2016-11-17 11:18       ` David Howells
2016-11-21 14:04     ` Mimi Zohar
2016-11-21 14:04       ` Mimi Zohar
2016-11-21 15:17     ` David Howells
2016-11-21 16:24       ` Mimi Zohar
2016-11-16 18:11 ` [PATCH 5/9] efi: Add SHIM and image security database GUID definitions David Howells
2016-11-21 16:07   ` Ard Biesheuvel
2016-11-16 18:11 ` [PATCH 6/9] efi: Add EFI signature data types David Howells
2016-11-16 23:43   ` Mat Martineau [this message]
2016-11-17  9:44   ` David Howells
2016-11-17  9:44     ` David Howells
2016-11-21 16:08     ` Ard Biesheuvel
2016-11-21 16:08       ` Ard Biesheuvel
2016-11-16 18:11 ` [PATCH 7/9] efi: Add an EFI signature blob parser David Howells
2016-11-16 18:11 ` [PATCH 8/9] MODSIGN: Import certificates from UEFI Secure Boot David Howells
2016-11-21 16:16   ` Ard Biesheuvel
2016-11-21 16:25     ` Josh Boyer
2016-11-21 16:25       ` Josh Boyer
2016-11-24 19:22       ` James Bottomley
2016-11-24 19:22         ` James Bottomley
2016-11-24 19:17     ` James Bottomley
2016-11-24 19:17       ` James Bottomley
2016-12-02 18:57       ` James Bottomley
2016-12-02 20:18         ` Mimi Zohar
2016-11-16 18:11 ` [PATCH 9/9] MODSIGN: Allow the "db" UEFI variable to be suppressed David Howells
2016-11-21 16:18   ` Ard Biesheuvel
2016-11-21 16:18     ` Ard Biesheuvel
2016-11-21 16:26     ` Josh Boyer
2016-11-21 16:26       ` Josh Boyer
2016-11-21 16:42       ` Ard Biesheuvel
2016-11-21 16:42         ` Ard Biesheuvel
2016-11-21 19:05         ` Peter Jones
2016-11-21 19:05           ` Peter Jones
2016-11-21 19:06           ` Ard Biesheuvel
2016-11-21 19:18             ` Peter Jones
2016-11-21 19:33               ` Ard Biesheuvel
2018-03-06 14:05 ` [PATCH 0/9] KEYS: Blacklisting & UEFI database load Jiri Slaby
2018-03-06 14:05   ` Jiri Slaby
2018-03-06 14:05   ` Jiri Slaby
2018-03-07 13:18   ` Mimi Zohar
2018-03-07 13:18     ` Mimi Zohar
2018-03-07 13:18     ` Mimi Zohar
2018-03-07 15:28     ` James Bottomley
2018-03-07 15:28       ` James Bottomley
2018-03-07 15:28       ` James Bottomley
2018-03-11  3:20       ` joeyli
2018-03-11  3:20         ` joeyli
2018-03-11  3:20         ` joeyli
2018-03-19 14:12         ` Mimi Zohar
2018-03-19 14:12           ` Mimi Zohar
2018-03-19 14:12           ` Mimi Zohar
2018-03-27 11:08           ` joeyli
2018-03-27 11:08             ` joeyli
2018-03-27 11:08             ` joeyli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.OSX.2.20.1611161535590.67352@mjmartin-mac01.local \
    --to=mathew.j.martineau@linux.intel.com \
    --cc=dhowells@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthew.garrett@nebula.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.