From mboxrd@z Thu Jan  1 00:00:00 1970
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Thu, 8 Apr 2021 21:48:50 +0200
Subject: [PATCH 4/5] efi_capsule: Add a weak function to get the public
 key needed for capsule authentication
In-Reply-To: <20210407115335.8615-5-sughosh.ganu@linaro.org>
References: <20210407115335.8615-1-sughosh.ganu@linaro.org>
 <20210407115335.8615-5-sughosh.ganu@linaro.org>
Message-ID: <dcb5d808-328d-1bf5-b0f9-fe513340fc17@gmx.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On 4/7/21 1:53 PM, Sughosh Ganu wrote:
> Define a weak function which would be used in the scenario where the
> public key is stored on the platform's dtb. This dtb is concatenated
> with the u-boot binary during the build process. Platforms which have
> a different mechanism for getting the public key would define their
> own platform specific function.

Storing the public key in U-Boot's dtb is reasonable. But what is the
use case for a weak function?

Best regards

Heinrich

>
> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
> ---
>   lib/efi_loader/efi_capsule.c | 38 ++++++++++++++++++++++++++++++++----
>   1 file changed, 34 insertions(+), 4 deletions(-)
>
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index 1423b675c8..fc5e1c0856 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -14,10 +14,13 @@
>   #include <mapmem.h>
>   #include <sort.h>
>
> +#include <asm/global_data.h>
>   #include <crypto/pkcs7.h>
>   #include <crypto/pkcs7_parser.h>
>   #include <linux/err.h>
>
> +DECLARE_GLOBAL_DATA_PTR;
> +
>   const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
>   static const efi_guid_t efi_guid_firmware_management_capsule_id =
>   		EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID;
> @@ -210,11 +213,38 @@ const efi_guid_t efi_guid_capsule_root_cert_guid =
>
>   __weak int efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len)
>   {
> -	/* The platform is supposed to provide
> -	 * a method for getting the public key
> -	 * stored in the form of efi signature
> -	 * list
> +	/*
> +	 * This is a function for retrieving the public key from the
> +	 * platform's device tree. The platform's device tree has been
> +	 * concatenated with the u-boot binary.
> +	 * If a platform has a different mechanism to get the public
> +	 * key, it can define it's own function.
>   	 */
> +	const void *fdt_blob = gd->fdt_blob;
> +	const void *blob;
> +	const char *cnode_name = "capsule-key";
> +	const char *snode_name = "signature";
> +	int sig_node;
> +	int len;
> +
> +	sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name);
> +	if (sig_node < 0) {
> +		EFI_PRINT("Unable to get signature node offset\n");
> +		return -FDT_ERR_NOTFOUND;
> +	}
> +
> +	blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len);
> +
> +	if (!blob || len < 0) {
> +		EFI_PRINT("Unable to get capsule-key value\n");
> +		*pkey = NULL;
> +		*pkey_len = 0;
> +		return -FDT_ERR_NOTFOUND;
> +	}
> +
> +	*pkey = (void *)blob;
> +	*pkey_len = len;
> +
>   	return 0;
>   }
>
>