[Skiboot] [PATCH] libstb/secvar: export functions used by secvarctl

Daniel Axtens dja at axtens.net
Tue May 11 11:31:14 AEST 2021


secvarctl has its own implementations of get_esl_signature_list(),
get_esl_cert() and get_pkcs7_len(). We would rather use the ones in
skiboot.

Export the skiboot implementations. Add a print in an error case from
secvarctl.

Signed-off-by: Daniel Axtens <dja at axtens.net>
---
 libstb/secvar/backend/edk2-compat-process.c | 10 +++++---
 libstb/secvar/backend/edk2-compat-process.h | 28 +++++++++++++++++++++
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index dfaec137dfb6..90c581f55685 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -85,12 +85,14 @@ static void get_key_authority(const char *ret[3], const char *key)
 	ret[i] = NULL;
 }
 
-static EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen)
+EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen)
 {
 	EFI_SIGNATURE_LIST *list = NULL;
 
-	if (buflen < sizeof(EFI_SIGNATURE_LIST) || !buf)
+	if (buflen < sizeof(EFI_SIGNATURE_LIST) || !buf) {
+		prlog(PR_ERR, "ERROR: SigList does not have enough data to be valid\n");
 		return NULL;
+	}
 
 	list = (EFI_SIGNATURE_LIST *)buf;
 
@@ -115,7 +117,7 @@ static int32_t get_esl_signature_list_size(const char *buf, const size_t buflen)
  * Copies the certificate from the ESL into cert buffer and returns the size
  * of the certificate
  */
-static int get_esl_cert(const char *buf, const size_t buflen, char **cert)
+int get_esl_cert(const char *buf, const size_t buflen, char **cert)
 {
 	size_t sig_data_offset;
 	size_t size;
@@ -156,7 +158,7 @@ static int get_esl_cert(const char *buf, const size_t buflen, char **cert)
  * Extracts size of the PKCS7 signed data embedded in the
  * struct Authentication 2 Descriptor Header.
  */
-static size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth)
+size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth)
 {
 	uint32_t dw_length;
 	size_t size;
diff --git a/libstb/secvar/backend/edk2-compat-process.h b/libstb/secvar/backend/edk2-compat-process.h
index 737c7329512d..4fb6d60095d8 100644
--- a/libstb/secvar/backend/edk2-compat-process.h
+++ b/libstb/secvar/backend/edk2-compat-process.h
@@ -60,4 +60,32 @@ int process_update(const struct secvar *update, char **newesl,
 		   int *neweslsize, struct efi_time *timestamp,
 		   struct list_head *bank, char *last_timestamp);
 
+
+/* Functions used by external secvarctl */
+
+/**
+ * Parse a buffer into a EFI_SIGNATURE_LIST structure
+ * @param buf pointer to a buffer containing an ESL
+ * @param buflen length of buffer
+ * @return NULL if buflen is smaller than size of sig list struct or if buf is NULL
+ * @return EFI_SIGNATURE_LIST struct
+ */
+EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen);
+
+/**
+ * Copies the certificate from the ESL into cert buffer and returns the size
+ * of the certificate.
+ * @param c Buffer containing an EFI Signature List
+ * @param size size of buffer c
+ * @param cert pointer to destination. Memory will be allocated for the certificate
+ * @return size of memory allocated to cert or negative number if allocation fails
+ */
+int get_esl_cert(const char *buf, const size_t buflen, char **cert);
+
+/*
+ * Extracts size of the PKCS7 signed data embedded in the
+ * struct Authentication 2 Descriptor Header.
+ */
+size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth);
+
 #endif
-- 
2.27.0



More information about the Skiboot mailing list