On Fri, Jan 17, 2020 at 06:37:39AM +0100, Heinrich Schuchardt wrote: > On 1/17/20 3:20 AM, AKASHI Takahiro wrote: > >On Wed, Jan 15, 2020 at 01:13:36AM +0100, Heinrich Schuchardt wrote: > >>On 1/15/20 12:43 AM, Heinrich Schuchardt wrote: > >>>On 12/18/19 1:44 AM, AKASHI Takahiro wrote: > >(snip) > >>>>diff --git a/lib/efi_loader/efi_signature.c > >>>>b/lib/efi_loader/efi_signature.c > >>>>new file mode 100644 > >>>>index 000000000000..823d3311e010 > >>>>--- /dev/null > >>>>+++ b/lib/efi_loader/efi_signature.c > >>>>@@ -0,0 +1,584 @@ > >>>>+// SPDX-License-Identifier: GPL-2.0+ > >>>>+/* > >>>>+ * Copyright (c) 2018 Patrick Wildt <patr...@blueri.se> > >>>>+ * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro > >>>>+ */ > >>>>+ > >>>>+#include <common.h> > >>>>+#include <charset.h> > >>>>+#include <efi_loader.h> > >>>>+#include <image.h> > >>>>+#include <hexdump.h> > >>>>+#include <malloc.h> > >>>>+#include <pe.h> > >>>>+#include <linux/compat.h> > >>>>+#include <linux/oid_registry.h> > >>>>+#include <u-boot/rsa.h> > >>>>+#include <u-boot/sha256.h> > >>>>+/* > >>>>+ * avoid duplicated inclusion: > >>>>+ * #include "../lib/crypto/x509_parser.h" > >>>>+ */ > >>>>+#include "../lib/crypto/pkcs7_parser.h" > >>>>+ > >>>>+const efi_guid_t efi_guid_image_security_database = > >>>>+ EFI_IMAGE_SECURITY_DATABASE_GUID; > >>>>+const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; > >>>>+const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; > >>>>+const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; > >>>>+const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; > >>>>+ > >>>>+#ifdef CONFIG_EFI_SECURE_BOOT > >> > >>This is the #ifdef to move to the Makefile. In the previous mail I got > >>into the wrong line. > > > >No. > >As you can see, those guids may also be referred to by other files > >(see efi_variable.c and cmd/nvedit_efi.c) > >even in !EFI_SECURE_BOOT case, and I think that this file is best fit > >for them. > > I cannot find any of these guids in any other C file after applying all > patches from
??? Did you look for efi_guid_image_security_database in efi_variable.c and cmd/nvedit_efi.c? -Takahiro Akashi > https://patchwork.ozlabs.org/project/uboot/list/?series=&submitter=61166&state=&q=&archive=&delegate= > > git grep -n efi_guid_sha256 > include/efi_loader.h:185:extern const efi_guid_t efi_guid_sha256; > lib/efi_loader/efi_signature.c:26:const efi_guid_t efi_guid_sha256 = > EFI_CERT_SHA256_GUID; > lib/efi_loader/efi_signature.c:252: if > (guidcmp(&siglist->sig_type, &efi_guid_sha256)) { > > lib/efi_loader/efi_signature.c:27:const efi_guid_t efi_guid_cert_rsa2048 > = EFI_CERT_RSA2048_GUID; > > git grep -n efi_guid_cert_x509 > include/efi_loader.h:186:extern const efi_guid_t efi_guid_cert_x509; > include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256; > lib/efi_loader/efi_signature.c:28:const efi_guid_t efi_guid_cert_x509 = > EFI_CERT_X509_GUID; > lib/efi_loader/efi_signature.c:29:const efi_guid_t > efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; > lib/efi_loader/efi_signature.c:283: if (guidcmp(&siglist->sig_type, > &efi_guid_cert_x509)) { > lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type, > &efi_guid_cert_x509_sha256)) { > > include/efi_loader.h:187:extern const efi_guid_t efi_guid_cert_x509_sha256; > lib/efi_loader/efi_signature.c:29:const efi_guid_t > efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; > lib/efi_loader/efi_signature.c:406: if (guidcmp(&siglist->sig_type, > &efi_guid_cert_x509_sha256)) { > > Best regards > > Heinrich
