diff options
| author | AKASHI Takahiro | 2021-10-07 15:23:32 +0900 |
|---|---|---|
| committer | Heinrich Schuchardt | 2021-10-25 21:13:06 +0200 |
| commit | 7a6fb28c8e4b03bc37b05936ae5fa4c16c278520 (patch) | |
| tree | 6ab339e56499f4b63f06b97f9bf7900d1c0d1123 /lib/efi_loader | |
| parent | c5e81fddf2f0b0068f4763423cd2735e2769cf29 (diff) | |
efi_loader: capsule: add back efi_get_public_key_data()
The commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
.rodata"") failed to revert the removal of efi_get_public_key_data().
Add back this function and move it under lib/efi_loader so that other
platforms can utilize it. It is now declared as a weak function so that
it can be replaced with a platform-specific implementation.
Fixes: 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to
.rodata"")
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Diffstat (limited to 'lib/efi_loader')
| -rw-r--r-- | lib/efi_loader/efi_capsule.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index b75e4bcba1a..44f5da61a9b 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -11,15 +11,20 @@ #include <common.h> #include <efi_loader.h> #include <efi_variable.h> +#include <env.h> +#include <fdtdec.h> #include <fs.h> #include <malloc.h> #include <mapmem.h> #include <sort.h> +#include <asm/global_data.h> #include <crypto/pkcs7.h> #include <crypto/pkcs7_parser.h> #include <linux/err.h> +DECLARE_GLOBAL_DATA_PTR; + const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; static const efi_guid_t efi_guid_firmware_management_capsule_id = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; @@ -251,6 +256,37 @@ out: } #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) +int __weak efi_get_public_key_data(void **pkey, efi_uintn_t *pkey_len) +{ + const void *fdt_blob = gd->fdt_blob; + const void *blob; + const char *cnode_name = "capsule-key"; + const char *snode_name = "signature"; + int sig_node; + int len; + + sig_node = fdt_subnode_offset(fdt_blob, 0, snode_name); + if (sig_node < 0) { + log_err("Unable to get signature node offset\n"); + + return -FDT_ERR_NOTFOUND; + } + + blob = fdt_getprop(fdt_blob, sig_node, cnode_name, &len); + + if (!blob || len < 0) { + log_err("Unable to get capsule-key value\n"); + *pkey = NULL; + *pkey_len = 0; + + return -FDT_ERR_NOTFOUND; + } + + *pkey = (void *)blob; + *pkey_len = len; + + return 0; +} efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_size, void **image, efi_uintn_t *image_size) |