On 15.04.21 15:30, Masahisa Kojima wrote: > This is preparation for PE/COFF measurement support. > PE/COFF image hash calculation is same in both > UEFI Secure Boot image verification and measurement in > measured boot. This commit exposes the hash calculation > functions even if UEFI Secure Boot is not enabled. > > Signed-off-by: Masahisa Kojima <masahisa.koj...@linaro.org> > --- > lib/efi_loader/efi_image_loader.c | 2 +- > lib/efi_loader/efi_signature.c | 2 ++ > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/lib/efi_loader/efi_image_loader.c > b/lib/efi_loader/efi_image_loader.c > index f53ef367ec..2c35cb5651 100644 > --- a/lib/efi_loader/efi_image_loader.c > +++ b/lib/efi_loader/efi_image_loader.c > @@ -213,7 +213,6 @@ static void efi_set_code_and_data_type( > } > } > > -#ifdef CONFIG_EFI_SECURE_BOOT > /** > * cmp_pe_section() - compare virtual addresses of two PE image sections > * @arg1: pointer to pointer to first section header > @@ -422,6 +421,7 @@ err: > return false; > } > > +#ifdef CONFIG_EFI_SECURE_BOOT
Please, remove the #ifdef and replace it by if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) { in function efi_image_authenticate(). The advantage of using 'if' instead of '#ifdef' is that all branches are parsed by GCC. This allows us to catch code problems more easily. > /** > * efi_image_unsigned_authenticate() - authenticate unsigned image with > * SHA256 hash > diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c > index c7ec275414..1dd9d0e130 100644 > --- a/lib/efi_loader/efi_signature.c > +++ b/lib/efi_loader/efi_signature.c > @@ -538,6 +538,7 @@ out: > EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked); > return !revoked; > } > +#endif The #if is superfluous. Just add the missing header #include <u-boot/rsa-checksum.h> efi_guid_t efi_guid_image_security_database should be moved to efi_var_common.c. This allows us to decide if lib/efi_loader/efi_signature.c shall be compiled in the Makefile. Best regards Heinrich > > /** > * efi_image_region_add() - add an entry of region > @@ -601,6 +602,7 @@ efi_status_t efi_image_region_add(struct > efi_image_regions *regs, > return EFI_SUCCESS; > } > > +#if defined(CONFIG_EFI_SECURE_BOOT) || > defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) > /** > * efi_sigstore_free - free signature store > * @sigstore: Pointer to signature store structure >