[Skiboot] [PATCH v2 0/4] secvar: ESL validation fixes
Nick Child
nnac123 at gmail.com
Tue Jun 29 05:37:28 AEST 2021
v1: https://lists.ozlabs.org/pipermail/skiboot/2021-June/017570.html
Responded to reviews from Daniel Axtens. He made some really great
points about data types and return codes. I tried my best to find a
decent solution to many of them. Ultimately, I snuck in a redesign
of `get_esl_signature_list` in the third patch. As an effect, it
allowed for the removal of `get_esl_signature_list_size`.
Best,
Nick Child
Nick Child (4):
secvar: ensure ESL buf size is at least what ESL header expects
secvar: Make `validate_esl_list` iterate through esl chain
secvar: return error if validate_esl has extra data
secvar: return error if verify_signature runs out of ESLs
libstb/secvar/backend/edk2-compat-process.c | 94 ++++----
libstb/secvar/test/data/multipletrimmedKEK.h | 225 +++++++++++++++++++
libstb/secvar/test/data/trimmedKEK.h | 161 +++++++++++++
libstb/secvar/test/secvar-test-edk2-compat.c | 72 ++++++
4 files changed, 503 insertions(+), 49 deletions(-)
create mode 100644 libstb/secvar/test/data/multipletrimmedKEK.h
create mode 100644 libstb/secvar/test/data/trimmedKEK.h
--
2.25.1
More information about the Skiboot
mailing list