iPXE
Functions
efi_siglist.c File Reference

EFI signature lists. More...

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ipxe/asn1.h>
#include <ipxe/der.h>
#include <ipxe/pem.h>
#include <ipxe/image.h>
#include <ipxe/efi/efi.h>
#include <ipxe/efi/Guid/ImageAuthentication.h>
#include <ipxe/efi/efi_siglist.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static int efisig_find (const void *data, size_t len, size_t *start, const EFI_SIGNATURE_LIST **lhdr, const EFI_SIGNATURE_DATA **dhdr)
 Find EFI signature list entry. More...
 
int efisig_asn1 (const void *data, size_t len, size_t offset, struct asn1_cursor **cursor)
 Extract ASN.1 object from EFI signature list. More...
 
static int efisig_image_probe (struct image *image)
 Probe EFI signature list image. More...
 
static int efisig_image_asn1 (struct image *image, size_t offset, struct asn1_cursor **cursor)
 Extract ASN.1 object from EFI signature list image. More...
 
struct image_type efisig_image_type __image_type (PROBE_NORMAL)
 EFI signature list image type. More...
 

Detailed Description

EFI signature lists.

Definition in file efi_siglist.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ efisig_find()

static int efisig_find ( const void *  data,
size_t  len,
size_t start,
const EFI_SIGNATURE_LIST **  lhdr,
const EFI_SIGNATURE_DATA **  dhdr 
)
static

Find EFI signature list entry.

Parameters
dataEFI signature list
lenLength of EFI signature list
startStarting offset to update
lhdrSignature list header to fill in
dhdrSignature data header to fill in
Return values
rcReturn status code

Definition at line 53 of file efi_siglist.c.

55  {
56  size_t offset;
57  size_t remaining;
58  size_t skip;
59  size_t dlen;
60 
61  /* Scan through signature list */
62  offset = 0;
63  while ( 1 ) {
64 
65  /* Read list header */
66  assert ( offset <= len );
67  remaining = ( len - offset );
68  if ( remaining < sizeof ( **lhdr ) ) {
69  DBGC ( data, "EFISIG [%#zx,%#zx) truncated header "
70  "at +%#zx\n", *start, len, offset );
71  return -EINVAL;
72  }
73  *lhdr = ( data + offset );
74 
75  /* Get length of this signature list */
76  if ( remaining < (*lhdr)->SignatureListSize ) {
77  DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at "
78  "+%#zx\n", *start, len, offset );
79  return -EINVAL;
80  }
81  remaining = (*lhdr)->SignatureListSize;
82 
83  /* Get length of each signature in list */
84  dlen = (*lhdr)->SignatureSize;
85  if ( dlen < sizeof ( **dhdr ) ) {
86  DBGC ( data, "EFISIG [%#zx,%#zx) underlength "
87  "signatures at +%#zx\n", *start, len, offset );
88  return -EINVAL;
89  }
90 
91  /* Strip list header (including variable portion) */
92  if ( ( remaining < sizeof ( **lhdr ) ) ||
93  ( ( remaining - sizeof ( **lhdr ) ) <
94  (*lhdr)->SignatureHeaderSize ) ) {
95  DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at "
96  "+%#zx\n", *start, len, offset );
97  return -EINVAL;
98  }
99  skip = ( sizeof ( **lhdr ) + (*lhdr)->SignatureHeaderSize );
100  offset += skip;
101  remaining -= skip;
102 
103  /* Read signatures */
104  for ( ; remaining ; offset += dlen, remaining -= dlen ) {
105 
106  /* Check length */
107  if ( remaining < dlen ) {
108  DBGC ( data, "EFISIG [%#zx,%#zx) truncated "
109  "at +%#zx\n", *start, len, offset );
110  return -EINVAL;
111  }
112 
113  /* Continue until we find the requested signature */
114  if ( offset < *start )
115  continue;
116 
117  /* Read data header */
118  *dhdr = ( data + offset );
119  DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ",
120  offset, ( offset + dlen ),
121  efi_guid_ntoa ( &(*lhdr)->SignatureType ) );
122  DBGC2 ( data, "owner %s\n",
123  efi_guid_ntoa ( &(*dhdr)->SignatureOwner ) );
124  *start = offset;
125  return 0;
126  }
127  }
128 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
DBGC
#define DBGC(...)
Definition: compiler.h:505
start
uint32_t start
Starting offset.
Definition: netvsc.h:12
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
len
ring len
Length.
Definition: dwmac.h:231
efi_guid_ntoa
const char * efi_guid_ntoa(CONST EFI_GUID *guid)
Convert GUID to a printable string.
Definition: efi_guid.c:725
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8

References assert(), data, DBGC, DBGC2, efi_guid_ntoa(), EINVAL, len, offset, and start.

Referenced by efisig_asn1(), and efisig_image_probe().

◆ efisig_asn1()

int efisig_asn1 ( const void *  data,
size_t  len,
size_t  offset,
struct asn1_cursor **  cursor 
)

Extract ASN.1 object from EFI signature list.

Parameters
dataEFI signature list
lenLength of EFI signature list
offsetOffset within image
cursorASN.1 cursor to fill in
Return values
nextOffset to next image, or negative error

The caller is responsible for eventually calling free() on the allocated ASN.1 cursor.

Definition at line 142 of file efi_siglist.c.

143  {
144  const EFI_SIGNATURE_LIST *lhdr;
145  const EFI_SIGNATURE_DATA *dhdr;
146  int ( * asn1 ) ( const void *data, size_t len, size_t offset,
147  struct asn1_cursor **cursor );
148  size_t skip = offsetof ( typeof ( *dhdr ), SignatureData );
149  int next;
150  int rc;
151 
152  /* Locate signature list entry */
153  if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 )
154  goto err_entry;
155  len = ( offset + lhdr->SignatureSize );
156 
157  /* Parse as PEM or DER based on first character */
158  asn1 = ( ( dhdr->SignatureData[0] == ASN1_SEQUENCE ) ?
159  der_asn1 : pem_asn1 );
160  DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len,
161  ( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) );
162  next = asn1 ( data, len, ( offset + skip ), cursor );
163  if ( next < 0 ) {
164  rc = next;
165  DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: "
166  "%s\n", offset, len, strerror ( rc ) );
167  goto err_asn1;
168  }
169 
170  /* Check that whole entry was consumed */
171  if ( ( ( unsigned int ) next ) != len ) {
172  DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n",
173  offset, len );
174  rc = -EINVAL;
175  goto err_whole;
176  }
177 
178  return len;
179 
180  err_whole:
181  free ( *cursor );
182  err_asn1:
183  err_entry:
184  return rc;
185 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
pem_asn1
int pem_asn1(const void *data, size_t len, size_t offset, struct asn1_cursor **cursor)
Extract ASN.1 object from PEM data.
Definition: pem.c:103
EFI_SIGNATURE_LIST::SignatureSize
UINT32 SignatureSize
Size of each signature.
Definition: ImageAuthentication.h:84
DBGC
#define DBGC(...)
Definition: compiler.h:505
offsetof
#define offsetof(type, field)
Get offset of a field within a structure.
Definition: stddef.h:24
EFI_SIGNATURE_DATA::SignatureData
UINT8 SignatureData[1]
The format of the signature is defined by the SignatureType.
Definition: ImageAuthentication.h:65
EFI_SIGNATURE_LIST
Definition: ImageAuthentication.h:68
len
ring len
Length.
Definition: dwmac.h:231
efisig_find
static int efisig_find(const void *data, size_t len, size_t *start, const EFI_SIGNATURE_LIST **lhdr, const EFI_SIGNATURE_DATA **dhdr)
Find EFI signature list entry.
Definition: efi_siglist.c:53
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
ASN1_SEQUENCE
#define ASN1_SEQUENCE
ASN.1 sequence.
Definition: asn1.h:89
next
uint32_t next
Next descriptor address.
Definition: dwmac.h:22
EFI_SIGNATURE_DATA
The format of a signature database.
Definition: ImageAuthentication.h:57
DBGC2
#define DBGC2(...)
Definition: compiler.h:522
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
der_asn1
int der_asn1(const void *data, size_t len, size_t offset, struct asn1_cursor **cursor)
Extract ASN.1 object from DER data.
Definition: der.c:52
typeof
typeof(acpi_finder=acpi_find)
ACPI table finder.
Definition: acpi.c:47
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20

References image_type::asn1, ASN1_SEQUENCE, data, DBGC, DBGC2, der_asn1(), efisig_find(), EINVAL, free, len, next, offset, offsetof, pem_asn1(), rc, EFI_SIGNATURE_DATA::SignatureData, EFI_SIGNATURE_LIST::SignatureSize, strerror(), and typeof().

Referenced by efi_cacert(), and efisig_image_asn1().

◆ efisig_image_probe()

static int efisig_image_probe ( struct image image)
static

Probe EFI signature list image.

Parameters
imageEFI signature list
Return values
rcReturn status code

Definition at line 193 of file efi_siglist.c.

193  {
194  const EFI_SIGNATURE_LIST *lhdr;
195  const EFI_SIGNATURE_DATA *dhdr;
196  size_t offset = 0;
197  unsigned int count = 0;
198  int rc;
199 
200  /* Check file is a well-formed signature list */
201  while ( 1 ) {
202 
203  /* Find next signature list entry */
204  if ( ( rc = efisig_find ( image->data, image->len, &offset,
205  &lhdr, &dhdr ) ) != 0 ) {
206  return rc;
207  }
208 
209  /* Skip this entry */
210  offset += lhdr->SignatureSize;
211  count++;
212 
213  /* Check if we have reached end of the image */
214  if ( offset == image->len ) {
215  DBGC ( image, "EFISIG %s contains %d signatures\n",
216  image->name, count );
217  return 0;
218  }
219  }
220 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
EFI_SIGNATURE_LIST::SignatureSize
UINT32 SignatureSize
Size of each signature.
Definition: ImageAuthentication.h:84
image::data
const void * data
Read-only data.
Definition: image.h:50
DBGC
#define DBGC(...)
Definition: compiler.h:505
image
An executable image.
Definition: image.h:23
EFI_SIGNATURE_LIST
Definition: ImageAuthentication.h:68
count
static unsigned int count
Number of entries.
Definition: dwmac.h:225
efisig_find
static int efisig_find(const void *data, size_t len, size_t *start, const EFI_SIGNATURE_LIST **lhdr, const EFI_SIGNATURE_DATA **dhdr)
Find EFI signature list entry.
Definition: efi_siglist.c:53
image::len
size_t len
Length of raw file image.
Definition: image.h:55
EFI_SIGNATURE_DATA
The format of a signature database.
Definition: ImageAuthentication.h:57
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
image::name
char * name
Name.
Definition: image.h:37

References count, image::data, DBGC, efisig_find(), image::len, image::name, offset, rc, and EFI_SIGNATURE_LIST::SignatureSize.

◆ efisig_image_asn1()

static int efisig_image_asn1 ( struct image image,
size_t  offset,
struct asn1_cursor **  cursor 
)
static

Extract ASN.1 object from EFI signature list image.

Parameters
imageEFI signature list
offsetOffset within image
cursorASN.1 cursor to fill in
Return values
nextOffset to next image, or negative error

The caller is responsible for eventually calling free() on the allocated ASN.1 cursor.

Definition at line 233 of file efi_siglist.c.

234  {
235  int next;
236  int rc;
237 
238  /* Extract ASN.1 object */
239  if ( ( next = efisig_asn1 ( image->data, image->len, offset,
240  cursor ) ) < 0 ) {
241  rc = next;
242  DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n",
243  image->name, strerror ( rc ) );
244  return rc;
245  }
246 
247  return next;
248 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
image::data
const void * data
Read-only data.
Definition: image.h:50
DBGC
#define DBGC(...)
Definition: compiler.h:505
image
An executable image.
Definition: image.h:23
efisig_asn1
int efisig_asn1(const void *data, size_t len, size_t offset, struct asn1_cursor **cursor)
Extract ASN.1 object from EFI signature list.
Definition: efi_siglist.c:142
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
image::len
size_t len
Length of raw file image.
Definition: image.h:55
next
uint32_t next
Next descriptor address.
Definition: dwmac.h:22
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
image::name
char * name
Name.
Definition: image.h:37

References image::data, DBGC, efisig_asn1(), image::len, image::name, next, offset, rc, and strerror().

◆ __image_type()

struct image_type efisig_image_type __image_type ( PROBE_NORMAL  )

EFI signature list image type.

Generated by   doxygen 1.8.15