From patchwork Sat Jul 8 21:53:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Kiper X-Patchwork-Id: 9831547 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B9FD7603B5 for ; Sat, 8 Jul 2017 21:56:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD38827F91 for ; Sat, 8 Jul 2017 21:56:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A229127F92; Sat, 8 Jul 2017 21:56:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 4420927E5A for ; Sat, 8 Jul 2017 21:56:33 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTxfm-0004A1-7N; Sat, 08 Jul 2017 21:53:54 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTxfk-00049b-Jx for xen-devel@lists.xenproject.org; Sat, 08 Jul 2017 21:53:52 +0000 Received: from [85.158.137.68] by server-8.bemta-3.messagelabs.com id 38/08-02176-F6451695; Sat, 08 Jul 2017 21:53:51 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnkeJIrShJLcpLzFFi42LpnVTnqpsfkhh psO0Zt8X3LZOZHBg9Dn+4whLAGMWamZeUX5HAmjF1y0HWgg7RinN/XrE3ME4W7GLk4hASmMQk sbVpHQuE84tRYvu9Y8wQzgZGiSWPD7J3MXICORMYJR7OVQGx2QR0JC5+eQgWFxFQkri3ajITi M0s4CHx/sssoDgHh7CAucS+2UEgYRYBVYlD+y+zgti8Au4SL+8uBWuVEFCU6H42gQ3E5gRqbW j/xQaxyl3i8dMzzBA1xhLtby+yTWDkW8DIsIpRozi1qCy1SNfIUi+pKDM9oyQ3MTNH19DAWC8 3tbg4MT01JzGpWC85P3cTIzBQ6hkYGHcwNu31O8QoycGkJMor1psQKcSXlJ9SmZFYnBFfVJqT WnyIUYaDQ0mCty04MVJIsCg1PbUiLTMHGLIwaQkOHiURXquvQK28xQWJucWZ6RCpU4y6HK8m/ P/GJMSSl5+XKiXOuwdkhgBIUUZpHtwIWPxcYpSVEuZlZGBgEOIpSC3KzSxBlX/FKM7BqCTMuw FkCk9mXgncpldARzABHcFWB3ZESSJCSqqBsX1xVMvfnFzfm4rMrBv67PJ2f7C/L6P4JeBP4T2 l17dEm30u+tntdT6xfUN88p4DLg0BMw6cy9TkvyNiElj67O2xDbuE+A+f/Xakdmnc01KTLxE8 vCW+38SWnmPewcc8n3lL6s6CktIo2xSL6UuqvB+KTLxVfStMo1mnyybONP2P5Jwt63e9VWIpz kg01GIuKk4EAD4QJpqaAgAA X-Env-Sender: daniel.kiper@oracle.com X-Msg-Ref: server-7.tower-31.messagelabs.com!1499550829!96994883!1 X-Originating-IP: [141.146.126.69] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogMTQxLjE0Ni4xMjYuNjkgPT4gMjc3MjE4\n X-StarScan-Received: X-StarScan-Version: 9.4.25; banners=-,-,- X-VirusChecked: Checked Received: (qmail 55806 invoked from network); 8 Jul 2017 21:53:50 -0000 Received: from aserp1040.oracle.com (HELO aserp1040.oracle.com) (141.146.126.69) by server-7.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 8 Jul 2017 21:53:50 -0000 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v68LrmOH014931 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 8 Jul 2017 21:53:48 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v68Lrmtr019565 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 8 Jul 2017 21:53:48 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v68Lrl62026718; Sat, 8 Jul 2017 21:53:47 GMT Received: from olila.local.net-space.pl (/10.175.230.11) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 08 Jul 2017 14:53:47 -0700 From: Daniel Kiper To: xen-devel@lists.xenproject.org Date: Sat, 8 Jul 2017 23:53:20 +0200 Message-Id: <1499550803-25664-6-git-send-email-daniel.kiper@oracle.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1499550803-25664-1-git-send-email-daniel.kiper@oracle.com> References: <1499550803-25664-1-git-send-email-daniel.kiper@oracle.com> X-Source-IP: aserv0022.oracle.com [141.146.126.234] Cc: andrew.cooper3@citrix.com, jbeulich@suse.com Subject: [Xen-devel] [PATCH RFC 5/7] efi: split out efi_shim_lock() X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP ..which verifies PE signatures with SHIM_LOCK protocol. We want to re-use this code in subsequent patch in efi_multiboot2(). Signed-off-by: Daniel Kiper --- xen/common/efi/boot.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index 11bdc7a..7db3829 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -124,6 +124,7 @@ static void efi_console_set_mode(void); static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(void); static UINTN efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN cols, UINTN rows, UINTN depth); +static void efi_shim_lock(VOID *Buffer, UINT32 Size); static void efi_tables(void); static void setup_efi_pci(void); static void efi_variables(void); @@ -797,6 +798,17 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, return gop_mode; } +static void __init efi_shim_lock(VOID *Buffer, UINT32 Size) +{ + static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID; + EFI_SHIM_LOCK_PROTOCOL *shim_lock; + EFI_STATUS status; + + if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL, (void **)&shim_lock)) && + (status = shim_lock->Verify(Buffer, Size)) != EFI_SUCCESS ) + PrintErrMesg(L"Dom0 kernel image could not be verified", status); +} + static void __init efi_tables(void) { unsigned int i; @@ -1062,13 +1074,11 @@ void EFIAPI __init noreturn efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) { static EFI_GUID __initdata loaded_image_guid = LOADED_IMAGE_PROTOCOL; - static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID; EFI_LOADED_IMAGE *loaded_image; EFI_STATUS status; unsigned int i, argc; CHAR16 **argv, *file_name, *cfg_file_name = NULL, *options = NULL; UINTN gop_mode = ~0; - EFI_SHIM_LOCK_PROTOCOL *shim_lock; EFI_GRAPHICS_OUTPUT_PROTOCOL *gop = NULL; union string section = { NULL }, name; bool base_video = false; @@ -1225,10 +1235,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) read_file(dir_handle, s2w(&name), &kernel, option_str); efi_bs->FreePool(name.w); - if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL, - (void **)&shim_lock)) && - (status = shim_lock->Verify(kernel.ptr, kernel.size)) != EFI_SUCCESS ) - PrintErrMesg(L"Dom0 kernel image could not be verified", status); + efi_shim_lock(kernel.ptr, kernel.size); name.s = get_value(&cfg, section.s, "ramdisk"); if ( name.s )