[Skiboot] [PATCH] libstb/secvar: export functions used by secvarctl
Daniel Axtens
dja at axtens.net
Tue May 11 11:31:14 AEST 2021
secvarctl has its own implementations of get_esl_signature_list(),
get_esl_cert() and get_pkcs7_len(). We would rather use the ones in
skiboot.
Export the skiboot implementations. Add a print in an error case from
secvarctl.
Signed-off-by: Daniel Axtens <dja at axtens.net>
---
libstb/secvar/backend/edk2-compat-process.c | 10 +++++---
libstb/secvar/backend/edk2-compat-process.h | 28 +++++++++++++++++++++
2 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index dfaec137dfb6..90c581f55685 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -85,12 +85,14 @@ static void get_key_authority(const char *ret[3], const char *key)
ret[i] = NULL;
}
-static EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen)
+EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen)
{
EFI_SIGNATURE_LIST *list = NULL;
- if (buflen < sizeof(EFI_SIGNATURE_LIST) || !buf)
+ if (buflen < sizeof(EFI_SIGNATURE_LIST) || !buf) {
+ prlog(PR_ERR, "ERROR: SigList does not have enough data to be valid\n");
return NULL;
+ }
list = (EFI_SIGNATURE_LIST *)buf;
@@ -115,7 +117,7 @@ static int32_t get_esl_signature_list_size(const char *buf, const size_t buflen)
* Copies the certificate from the ESL into cert buffer and returns the size
* of the certificate
*/
-static int get_esl_cert(const char *buf, const size_t buflen, char **cert)
+int get_esl_cert(const char *buf, const size_t buflen, char **cert)
{
size_t sig_data_offset;
size_t size;
@@ -156,7 +158,7 @@ static int get_esl_cert(const char *buf, const size_t buflen, char **cert)
* Extracts size of the PKCS7 signed data embedded in the
* struct Authentication 2 Descriptor Header.
*/
-static size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth)
+size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth)
{
uint32_t dw_length;
size_t size;
diff --git a/libstb/secvar/backend/edk2-compat-process.h b/libstb/secvar/backend/edk2-compat-process.h
index 737c7329512d..4fb6d60095d8 100644
--- a/libstb/secvar/backend/edk2-compat-process.h
+++ b/libstb/secvar/backend/edk2-compat-process.h
@@ -60,4 +60,32 @@ int process_update(const struct secvar *update, char **newesl,
int *neweslsize, struct efi_time *timestamp,
struct list_head *bank, char *last_timestamp);
+
+/* Functions used by external secvarctl */
+
+/**
+ * Parse a buffer into a EFI_SIGNATURE_LIST structure
+ * @param buf pointer to a buffer containing an ESL
+ * @param buflen length of buffer
+ * @return NULL if buflen is smaller than size of sig list struct or if buf is NULL
+ * @return EFI_SIGNATURE_LIST struct
+ */
+EFI_SIGNATURE_LIST* get_esl_signature_list(const char *buf, size_t buflen);
+
+/**
+ * Copies the certificate from the ESL into cert buffer and returns the size
+ * of the certificate.
+ * @param c Buffer containing an EFI Signature List
+ * @param size size of buffer c
+ * @param cert pointer to destination. Memory will be allocated for the certificate
+ * @return size of memory allocated to cert or negative number if allocation fails
+ */
+int get_esl_cert(const char *buf, const size_t buflen, char **cert);
+
+/*
+ * Extracts size of the PKCS7 signed data embedded in the
+ * struct Authentication 2 Descriptor Header.
+ */
+size_t get_pkcs7_len(const struct efi_variable_authentication_2 *auth);
+
#endif
--
2.27.0
More information about the Skiboot
mailing list