iPXE
Functions
imgtrust.h File Reference

Image trust management. More...

#include <ipxe/image.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
int imgverify (struct image *image, struct image *signature, const char *name)
 Verify image using downloaded signature.

Detailed Description

Image trust management.

Definition in file imgtrust.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

References name, and signature.

◆ imgverify()

int imgverify ( struct image * image,
struct image * signature,
const char * name )
extern

Verify image using downloaded signature.

Parameters
imageImage to verify
signatureImage containing signature
nameRequired common name, or NULL to allow any name
Return values
rcReturn status code

Definition at line 52 of file imgtrust.c.

53 {
54 struct cms_message *cms;
55 struct cms_participant *part;
56 time_t now;
57 int rc;
58
59 /* Parse signature */
60 if ( ( rc = cms_message ( signature, &cms ) ) != 0 )
61 goto err_parse;
62
63 /* Complete all certificate chains */
64 list_for_each_entry ( part, &cms->participants, list ) {
65 if ( ( rc = create_validator ( &monojob, part->chain,
66 NULL ) ) != 0 )
67 goto err_create_validator;
68 if ( ( rc = monojob_wait ( NULL, 0 ) ) != 0 )
69 goto err_validator_wait;
70 }
71
72 /* Use signature to verify image */
73 now = time ( NULL );
74 if ( ( rc = cms_verify ( cms, image, name, now, NULL, NULL ) ) != 0 )
75 goto err_verify;
76
77 /* Drop reference to message */
78 cms_put ( cms );
79 cms = NULL;
80
81 /* Record signature verification */
82 syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
83
84 return 0;
85
86 err_verify:
87 err_validator_wait:
88 err_create_validator:
89 cms_put ( cms );
90 err_parse:
91 syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
92 image->name, strerror ( rc ) );
93 return rc;
94}
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
signature
u8 signature
CPU signature.
Definition CIB_PRM.h:7
rc
struct arbelprm_rc_send_wqe rc
Definition arbel.h:3
name
const char * name
Definition ath9k_hw.c:1986
cms_verify
int cms_verify(struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
Definition cms.c:834
cms_put
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition cms.h:94
LOG_ERR
#define LOG_ERR
Error: error conditions.
Definition syslog.h:36
LOG_NOTICE
#define LOG_NOTICE
Notice: normal but significant conditions.
Definition syslog.h:42
time_t
int64_t time_t
Seconds since the Epoch.
Definition time.h:19
list_for_each_entry
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition list.h:432
monojob
struct interface monojob
Definition monojob.c:57
monojob_wait
int monojob_wait(const char *string, unsigned long timeout)
Wait for single foreground job to complete.
Definition monojob.c:82
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition strerror.c:79
cms_message
A CMS message.
Definition cms.h:55
cms_message::participants
struct list_head participants
List of participant information blocks.
Definition cms.h:66
cms_participant
CMS participant information.
Definition cms.h:39
cms_participant::list
struct list_head list
List of participant information blocks.
Definition cms.h:41
cms_participant::chain
struct x509_chain * chain
Certificate chain.
Definition cms.h:43
image
An executable image.
Definition image.h:24
image::name
char * name
Name.
Definition image.h:38
syslog
#define syslog(priority, fmt,...)
Write message to system log.
Definition syslog.h:94
create_validator
int create_validator(struct interface *job, struct x509_chain *chain, struct x509_root *root)
Instantiate a certificate validator.
Definition validator.c:760

References cms_participant::chain, cms_put(), cms_verify(), create_validator(), cms_participant::list, list_for_each_entry, LOG_ERR, LOG_NOTICE, monojob, monojob_wait(), image::name, name, NULL, cms_message::participants, rc, signature, strerror(), and syslog.

Referenced by COMMAND(), and imgverify_exec().

Generated by doxygen 1.14.0