[Skiboot] [PATCH v2 0/4] secvar: ESL validation fixes

Nick Child nnac123 at gmail.com
Tue Jun 29 05:37:28 AEST 2021

v1: https://lists.ozlabs.org/pipermail/skiboot/2021-June/017570.html

Responded to reviews from Daniel Axtens. He made some really great 
points about data types and return codes. I tried my best to find a
decent solution to many of them. Ultimately, I snuck in a redesign
of `get_esl_signature_list` in the third patch. As an effect, it 
allowed for the removal of `get_esl_signature_list_size`. 

Nick Child

Nick Child (4):
  secvar: ensure ESL buf size is at least what ESL header expects
  secvar: Make `validate_esl_list` iterate through esl chain
  secvar: return error if validate_esl has extra data
  secvar: return error if verify_signature runs out of ESLs

 libstb/secvar/backend/edk2-compat-process.c  |  94 ++++----
 libstb/secvar/test/data/multipletrimmedKEK.h | 225 +++++++++++++++++++
 libstb/secvar/test/data/trimmedKEK.h         | 161 +++++++++++++
 libstb/secvar/test/secvar-test-edk2-compat.c |  72 ++++++
 4 files changed, 503 insertions(+), 49 deletions(-)
 create mode 100644 libstb/secvar/test/data/multipletrimmedKEK.h
 create mode 100644 libstb/secvar/test/data/trimmedKEK.h


More information about the Skiboot mailing list