On Wed, Jan 15, 2020 at 01:13:36AM +0100, Heinrich Schuchardt wrote: > On 1/15/20 12:43 AM, Heinrich Schuchardt wrote: > >On 12/18/19 1:44 AM, AKASHI Takahiro wrote: (snip) > >>diff --git a/lib/efi_loader/efi_signature.c > >>b/lib/efi_loader/efi_signature.c > >>new file mode 100644 > >>index 000000000000..823d3311e010 > >>--- /dev/null > >>+++ b/lib/efi_loader/efi_signature.c > >>@@ -0,0 +1,584 @@ > >>+// SPDX-License-Identifier: GPL-2.0+ > >>+/* > >>+ * Copyright (c) 2018 Patrick Wildt <patr...@blueri.se> > >>+ * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro > >>+ */ > >>+ > >>+#include <common.h> > >>+#include <charset.h> > >>+#include <efi_loader.h> > >>+#include <image.h> > >>+#include <hexdump.h> > >>+#include <malloc.h> > >>+#include <pe.h> > >>+#include <linux/compat.h> > >>+#include <linux/oid_registry.h> > >>+#include <u-boot/rsa.h> > >>+#include <u-boot/sha256.h> > >>+/* > >>+ * avoid duplicated inclusion: > >>+ * #include "../lib/crypto/x509_parser.h" > >>+ */ > >>+#include "../lib/crypto/pkcs7_parser.h" > >>+ > >>+const efi_guid_t efi_guid_image_security_database = > >>+ EFI_IMAGE_SECURITY_DATABASE_GUID; > >>+const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; > >>+const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; > >>+const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; > >>+const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; > >>+ > >>+#ifdef CONFIG_EFI_SECURE_BOOT > > This is the #ifdef to move to the Makefile. In the previous mail I got > into the wrong line.
No. As you can see, those guids may also be referred to by other files (see efi_variable.c and cmd/nvedit_efi.c) even in !EFI_SECURE_BOOT case, and I think that this file is best fit for them. -Takahiro Akashi > Best regards > > Heinrich
