diff options
| author | Sughosh Ganu | 2020-12-30 19:27:09 +0530 |
|---|---|---|
| committer | Heinrich Schuchardt | 2020-12-31 14:41:31 +0100 |
| commit | 04be98bd6bcfccf3ab028fda0ca962dd00f61260 (patch) | |
| tree | 3c5364e835613770b47a069ca9dd398ac0ac4ceb /include/efi_loader.h | |
| parent | b4f20a5d83f0b8a5c30128966eabe68748631e66 (diff) | |
efi: capsule: Add support for uefi capsule authentication
Add support for authenticating uefi capsules. Most of the signature
verification functionality is shared with the uefi secure boot
feature.
The root certificate containing the public key used for the signature
verification is stored as part of the device tree blob. The root
certificate is stored as an efi signature list(esl) file -- this file
contains the x509 certificate which is the root certificate.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Diffstat (limited to 'include/efi_loader.h')
| -rw-r--r-- | include/efi_loader.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/efi_loader.h b/include/efi_loader.h index 7fd65eeb8db..4719fa93f06 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -819,6 +819,8 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name); bool efi_secure_boot_enabled(void); +bool efi_capsule_auth_enabled(void); + bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, WIN_CERTIFICATE **auth, size_t *auth_len); @@ -847,6 +849,10 @@ efi_status_t EFIAPI efi_query_capsule_caps( u64 *maximum_capsule_size, u32 *reset_type); +efi_status_t efi_capsule_authenticate(const void *capsule, + efi_uintn_t capsule_size, + void **image, efi_uintn_t *image_size); + #define EFI_CAPSULE_DIR L"\\EFI\\UpdateCapsule\\" /* Hook at initialization */ |