[PATCH 2/3] uefi: uefidump: compare the SignarureType GUID and print out type for signature database parser (LP:#1247749)
Colin Ian King
colin.king at canonical.com
Fri Nov 8 09:15:17 UTC 2013
On 08/11/13 09:11, Colin Ian King wrote:
> On 08/11/13 05:56, Ivan Hu wrote:
>> Add the function of comparing the SignarureType guid, print out the readable
>> type. Also fixed the build error that duplicated define of EFI_CERT_X509_GUID
>> from the securebootcert test, when add the define EFI_CERT_X509_GUID on fwts_uefi.h
>>
>> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
>> ---
>> src/lib/include/fwts_uefi.h | 36 ++++++++++++++++++++++++++++++
>> src/uefi/securebootcert/securebootcert.c | 6 -----
>> src/uefi/uefidump/uefidump.c | 18 ++++++++++++---
>> 3 files changed, 51 insertions(+), 9 deletions(-)
>>
>> diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
>> index a64be92..9f9fd5c 100644
>> --- a/src/lib/include/fwts_uefi.h
>> +++ b/src/lib/include/fwts_uefi.h
>> @@ -95,6 +95,42 @@ enum {
>> #define EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED 0x0000000000000008
>> #define EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED 0x0000000000000010
>>
>> +#define EFI_CERT_SHA256_GUID \
>> +{ 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
>> +
>> +#define EFI_CERT_RSA2048_GUID \
>> +{ 0x3c5766e8, 0x269c, 0x4e34, { 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
>> +
>> +#define EFI_CERT_RSA2048_SHA256_GUID \
>> +{ 0xe2b36190, 0x879b, 0x4a3d, { 0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
>> +
>> +#define EFI_CERT_SHA1_GUID \
>> +{ 0x826ca512, 0xcf10, 0x4ac9, { 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
>> +
>> +#define EFI_CERT_RSA2048_SHA1_GUID \
>> +{ 0x67f8444f, 0x8743, 0x48f1, { 0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
>> +
>> +#define EFI_CERT_X509_GUID \
>> +{ 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}
>> +
>> +#define EFI_CERT_SHA224_GUID \
>> +{ 0xb6e5233, 0xa65c, 0x44c9, { 0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}
>> +
>> +#define EFI_CERT_SHA384_GUID \
>> +{ 0xff3e5307, 0x9fd0, 0x48c9, { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }}
>> +
>> +#define EFI_CERT_SHA512_GUID \
>> +{ 0x93e0fae, 0xa6c4, 0x4f50, { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}
>> +
>> +#define EFI_CERT_X509_SHA256_GUID \
>> +{ 0x3bd2a492, 0x96c0, 0x4079, { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }}
>> +
>> +#define EFI_CERT_X509_SHA384_GUID \
>> +{ 0x7076876e, 0x80c2, 0x4ee6, { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }}
>> +
>> +#define EFI_CERT_X509_SHA512_GUID \
>> +{ 0x446dbf63, 0x2502, 0x4cda, { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }}
>> +
>> #if 0
>> typedef struct {
>> char *description;
>> diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
>> index 9fa469b..86f5e0e 100644
>> --- a/src/uefi/securebootcert/securebootcert.c
>> +++ b/src/uefi/securebootcert/securebootcert.c
>> @@ -61,12 +61,6 @@ typedef struct _EFI_SIGNATURE_LIST {
>> 0xd0, 0x0e, 0x67, 0x65, 0x6f} \
>> }
>>
>> -#define EFI_CERT_X509_GUID \
>> -{ \
>> - 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, \
>> - 0x15, 0x5c, 0x2b, 0xf0, 0x72 } \
>> -}
>> -
>> static uint8_t var_found;
>>
>> static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2)
>> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
>> index c8c6a35..166d968 100644
>> --- a/src/uefi/uefidump/uefidump.c
>> +++ b/src/uefi/uefidump/uefidump.c
>> @@ -51,7 +51,7 @@ static void uefidump_data_hexdump(fwts_framework *fw, uint8_t *data, size_t size
>> {
>> size_t i;
>>
>> - for (i = 0; i < size; i+= 16) {
>> + for (i = 0; i < size; i += 16) {
>> char buffer[128];
>> size_t left = size - i;
>>
>> @@ -892,6 +892,13 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v
>> fwts_uefi_signature_list *signature_list;
>> char guid_str[37];
>> size_t offset = 0, list_start = 0;
>> + size_t i;
>> + fwts_uefi_guid guid[] = { EFI_CERT_X509_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_RSA2048_SHA256_GUID, \
>> + EFI_CERT_SHA1_GUID, EFI_CERT_RSA2048_SHA1_GUID, EFI_CERT_SHA224_GUID, EFI_CERT_SHA384_GUID, \
>> + EFI_CERT_SHA512_GUID, EFI_CERT_X509_SHA256_GUID, EFI_CERT_X509_SHA384_GUID, EFI_CERT_X509_SHA512_GUID };
>> + char *str[] = { "EFI_CERT_X509_GUID", "EFI_CERT_SHA256_GUID", "EFI_CERT_RSA2048_GUID", "EFI_CERT_RSA2048_SHA256_GUID", \
>> + "EFI_CERT_SHA1_GUID", "EFI_CERT_RSA2048_SHA1_GUID", "EFI_CERT_SHA224_GUID", "EFI_CERT_SHA384_GUID", \
>> + "EFI_CERT_SHA512_GUID", "EFI_CERT_X509_SHA256_GUID", "EFI_CERT_X509_SHA384_GUID", "EFI_CERT_X509_SHA512_GUID" };
>>
>
> Minor quibble, rather than have multiple items listed per line, it may
> look neater if you have something like:
>
> fwts_uefi_guid guid [] = {
> EFI_CERT_X509_GUID,
> EFI_CERT_SHA256_GUID,
> ...
>
> };
>
> and same for str too:
>
> char *str[] = {
>
> };
>
>
>
>
>> if (var->datalen < sizeof(fwts_uefi_signature_list))
>> return;
>> @@ -899,14 +906,19 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v
>> do {
>> signature_list = (fwts_uefi_signature_list *)(var->data + list_start);
>> fwts_guid_buf_to_str(var->data, guid_str, sizeof(guid_str));
>> - fwts_log_info_verbatum(fw, " SignatureType: %s", guid_str);
>> +
>> + for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++)
>> + if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0)
>> + break;
>> +
>> + fwts_log_info_verbatum(fw, " SignatureType: %s (%s)", guid_str, str[i]);
Oops, I clashed on guid_str, re-worked example below:
char *tmp_str = "Unknown GUID";
..
for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++)
if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0) {
tmp_str = str[i];
break;
}
}
fwts_log_info_verbatum(fw, " SignatureType: %s (%s)", guid_str, tmp_str);
>
>> fwts_log_info_verbatum(fw, " SignatureListSize: 0x%" PRIx32, signature_list->signaturelistsize);
>> fwts_log_info_verbatum(fw, " SignatureHeaderSize: 0x%" PRIx32, signature_list->signatureheadersize);
>> fwts_log_info_verbatum(fw, " SignatureSize: 0x%" PRIx32, signature_list->signaturesize);
>>
>> offset = list_start + sizeof (fwts_uefi_signature_list);
>> if (signature_list->signatureheadersize > 0) {
>> - fwts_log_info_verbatum(fw, " SignatureHeader:");
>> + fwts_log_info_verbatum(fw, " SignatureHeader:");
>
> I guess this is fixing up a trailing white space. Perhaps that should
> not have been introduced in patch 1 of the series.
>
>> uefidump_data_hexdump(fw, (uint8_t *)(var->data + offset), signature_list->signatureheadersize);
>> }
>> offset += signature_list->signatureheadersize;
>>
>
More information about the fwts-devel
mailing list