// SPDX-License-Identifier: GPL-2.0+ /* * Copyright (c) 2020, Linaro Limited */ #define LOG_CATEGORY LOGC_EFI #include #include #include #include #include #include #include #include #if defined(CONFIG_CMD_EFIDEBUG) || defined(CONFIG_EFI_LOAD_FILE2_INITRD) /* GUID used by Linux to identify the LoadFile2 protocol with the initrd */ const efi_guid_t efi_lf2_initrd_guid = EFI_INITRD_MEDIA_GUID; #endif /** * efi_create_current_boot_var() - Return Boot#### name were #### is replaced by * the value of BootCurrent * * @var_name: variable name * @var_name_size: size of var_name * * Return: Status code */ static efi_status_t efi_create_current_boot_var(u16 var_name[], size_t var_name_size) { efi_uintn_t boot_current_size; efi_status_t ret; u16 boot_current; u16 *pos; boot_current_size = sizeof(boot_current); ret = efi_get_variable_int(u"BootCurrent", &efi_global_variable_guid, NULL, &boot_current_size, &boot_current, NULL); if (ret != EFI_SUCCESS) goto out; pos = efi_create_indexed_name(var_name, var_name_size, "Boot", boot_current); if (!pos) { ret = EFI_OUT_OF_RESOURCES; goto out; } out: return ret; } /** * efi_get_dp_from_boot() - Retrieve and return a device path from an EFI * Boot### variable. * A boot option may contain an array of device paths. * We use a VenMedia() with a specific GUID to identify * the usage of the array members. This function is * used to extract a specific device path * * @guid: vendor GUID of the VenMedia() device path node identifying the * device path * * Return: device path or NULL. Caller must free the returned value */ struct efi_device_path *efi_get_dp_from_boot(const efi_guid_t guid) { struct efi_load_option lo; void *var_value; efi_uintn_t size; efi_status_t ret; u16 var_name[16]; ret = efi_create_current_boot_var(var_name, sizeof(var_name)); if (ret != EFI_SUCCESS) return NULL; var_value = efi_get_var(var_name, &efi_global_variable_guid, &size); if (!var_value) return NULL; ret = efi_deserialize_load_option(&lo, var_value, &size); if (ret != EFI_SUCCESS) goto err; return efi_dp_from_lo(&lo, &guid); err: free(var_value); return NULL; } const struct guid_to_hash_map { efi_guid_t guid; const char algo[32]; u32 bits; } guid_to_hash[] = { { EFI_CERT_X509_SHA256_GUID, "sha256", SHA256_SUM_LEN * 8, }, { EFI_CERT_SHA256_GUID, "sha256", SHA256_SUM_LEN * 8, }, { EFI_CERT_X509_SHA384_GUID, "sha384", SHA384_SUM_LEN * 8, }, { EFI_CERT_X509_SHA512_GUID, "sha512", SHA512_SUM_LEN * 8, }, }; #define MAX_GUID_TO_HASH_COUNT ARRAY_SIZE(guid_to_hash) /** guid_to_sha_str - return the sha string e.g "sha256" for a given guid * used on EFI security databases * * @guid: guid to check * * Return: len or 0 if no match is found */ const char *guid_to_sha_str(const efi_guid_t *guid) { size_t i; for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) { if (!guidcmp(guid, &guid_to_hash[i].guid)) return guid_to_hash[i].algo; } return NULL; } /** algo_to_len - return the sha size in bytes for a given string * * @algo: string indicating hashing algorithm to check * * Return: length of hash in bytes or 0 if no match is found */ int algo_to_len(const char *algo) { size_t i; for (i = 0; i < MAX_GUID_TO_HASH_COUNT; i++) { if (!strcmp(algo, guid_to_hash[i].algo)) return guid_to_hash[i].bits / 8; } return 0; }