[PATCH 2/3] uefi: uefidump: compare the SignarureType GUID and print out type for signature database parser (LP:#1247749)

Colin Ian King colin.king at canonical.com
Fri Nov 8 09:15:17 UTC 2013 

On 08/11/13 09:11, Colin Ian King wrote:
> On 08/11/13 05:56, Ivan Hu wrote:
>> Add the function of comparing the SignarureType guid, print out the readable
>> type. Also fixed the build error that duplicated define of EFI_CERT_X509_GUID
>> from the securebootcert test, when add the define EFI_CERT_X509_GUID on fwts_uefi.h
>>
>> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
>> ---
>>  src/lib/include/fwts_uefi.h              |   36 ++++++++++++++++++++++++++++++
>>  src/uefi/securebootcert/securebootcert.c |    6 -----
>>  src/uefi/uefidump/uefidump.c             |   18 ++++++++++++---
>>  3 files changed, 51 insertions(+), 9 deletions(-)
>>
>> diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h
>> index a64be92..9f9fd5c 100644
>> --- a/src/lib/include/fwts_uefi.h
>> +++ b/src/lib/include/fwts_uefi.h
>> @@ -95,6 +95,42 @@ enum {
>>  #define EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED 		0x0000000000000008
>>  #define EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED		0x0000000000000010
>>  
>> +#define EFI_CERT_SHA256_GUID \
>> +{ 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
>> +
>> +#define EFI_CERT_RSA2048_GUID \
>> +{ 0x3c5766e8, 0x269c, 0x4e34, { 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
>> +
>> +#define EFI_CERT_RSA2048_SHA256_GUID \
>> +{ 0xe2b36190, 0x879b, 0x4a3d, { 0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
>> +
>> +#define EFI_CERT_SHA1_GUID \
>> +{ 0x826ca512, 0xcf10, 0x4ac9, { 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
>> +
>> +#define EFI_CERT_RSA2048_SHA1_GUID \
>> +{ 0x67f8444f, 0x8743, 0x48f1, { 0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
>> +
>> +#define EFI_CERT_X509_GUID \
>> +{ 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }}
>> +
>> +#define EFI_CERT_SHA224_GUID \
>> +{ 0xb6e5233, 0xa65c, 0x44c9, { 0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }}
>> +
>> +#define EFI_CERT_SHA384_GUID \
>> +{ 0xff3e5307, 0x9fd0, 0x48c9, { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }}
>> +
>> +#define EFI_CERT_SHA512_GUID \
>> +{ 0x93e0fae, 0xa6c4, 0x4f50, { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }}
>> +
>> +#define EFI_CERT_X509_SHA256_GUID \
>> +{ 0x3bd2a492, 0x96c0, 0x4079, { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }}
>> +
>> +#define EFI_CERT_X509_SHA384_GUID \
>> +{ 0x7076876e, 0x80c2, 0x4ee6, { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }}
>> +
>> +#define EFI_CERT_X509_SHA512_GUID \
>> +{ 0x446dbf63, 0x2502, 0x4cda, { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }}
>> +
>>  #if 0
>>  typedef struct {
>>  	char *description;
>> diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c
>> index 9fa469b..86f5e0e 100644
>> --- a/src/uefi/securebootcert/securebootcert.c
>> +++ b/src/uefi/securebootcert/securebootcert.c
>> @@ -61,12 +61,6 @@ typedef struct _EFI_SIGNATURE_LIST {
>>  						0xd0, 0x0e, 0x67, 0x65, 0x6f} \
>>  }
>>  
>> -#define EFI_CERT_X509_GUID \
>> -{ \
>> -	0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, \
>> -						0x15, 0x5c, 0x2b, 0xf0, 0x72 } \
>> -}
>> -
>>  static uint8_t var_found;
>>  
>>  static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2)
>> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
>> index c8c6a35..166d968 100644
>> --- a/src/uefi/uefidump/uefidump.c
>> +++ b/src/uefi/uefidump/uefidump.c
>> @@ -51,7 +51,7 @@ static void uefidump_data_hexdump(fwts_framework *fw, uint8_t *data, size_t size
>>  {
>>  	size_t i;
>>  
>> -	for (i = 0; i < size; i+= 16) {
>> +	for (i = 0; i < size; i += 16) {
>>  		char buffer[128];
>>  		size_t left = size - i;
>>  
>> @@ -892,6 +892,13 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v
>>  	fwts_uefi_signature_list *signature_list;
>>  	char guid_str[37];
>>  	size_t offset = 0, list_start = 0;
>> +	size_t i;
>> +	fwts_uefi_guid guid[] = { EFI_CERT_X509_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_RSA2048_SHA256_GUID, \
>> +				    EFI_CERT_SHA1_GUID, EFI_CERT_RSA2048_SHA1_GUID, EFI_CERT_SHA224_GUID, EFI_CERT_SHA384_GUID, \
>> +				    EFI_CERT_SHA512_GUID, EFI_CERT_X509_SHA256_GUID, EFI_CERT_X509_SHA384_GUID, EFI_CERT_X509_SHA512_GUID };
>> +	char *str[] = { "EFI_CERT_X509_GUID", "EFI_CERT_SHA256_GUID", "EFI_CERT_RSA2048_GUID", "EFI_CERT_RSA2048_SHA256_GUID", \
>> +			  "EFI_CERT_SHA1_GUID", "EFI_CERT_RSA2048_SHA1_GUID", "EFI_CERT_SHA224_GUID", "EFI_CERT_SHA384_GUID", \
>> +			  "EFI_CERT_SHA512_GUID", "EFI_CERT_X509_SHA256_GUID", "EFI_CERT_X509_SHA384_GUID", "EFI_CERT_X509_SHA512_GUID" };
>>  
> 
> Minor quibble, rather than have multiple items listed per line, it may
> look neater if you have something like:
> 
> 	fwts_uefi_guid guid [] = {
> 		EFI_CERT_X509_GUID,
> 		EFI_CERT_SHA256_GUID,
> 		...
> 
> 	};
> 
> and same for str too:
> 
> 	char *str[] = {
> 
> 	};
> 
> 
> 
> 
>>  	if (var->datalen < sizeof(fwts_uefi_signature_list))
>>  		return;
>> @@ -899,14 +906,19 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v
>>  	do {
>>  		signature_list = (fwts_uefi_signature_list *)(var->data + list_start);
>>  		fwts_guid_buf_to_str(var->data, guid_str, sizeof(guid_str));
>> -		fwts_log_info_verbatum(fw, "  SignatureType: %s", guid_str);
>> +
>> +		for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++)
>> +			if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0)
>> +				break;
>> +
>> +		fwts_log_info_verbatum(fw, "  SignatureType: %s (%s)", guid_str, str[i]);

Oops, I clashed on guid_str, re-worked example below:

		char *tmp_str = "Unknown GUID";

		..

		for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++)
			if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0) {
				tmp_str = str[i];
				break;
			}
		}

		fwts_log_info_verbatum(fw, "  SignatureType: %s (%s)", guid_str, tmp_str);

> 
>>  		fwts_log_info_verbatum(fw, "  SignatureListSize: 0x%" PRIx32, signature_list->signaturelistsize);
>>  		fwts_log_info_verbatum(fw, "  SignatureHeaderSize: 0x%" PRIx32, signature_list->signatureheadersize);
>>  		fwts_log_info_verbatum(fw, "  SignatureSize: 0x%" PRIx32, signature_list->signaturesize);
>>  
>>  		offset = list_start + sizeof (fwts_uefi_signature_list);
>>  		if (signature_list->signatureheadersize > 0) {
>> -			fwts_log_info_verbatum(fw, "  SignatureHeader:");	
>> +			fwts_log_info_verbatum(fw, "  SignatureHeader:");
> 
> I guess this is fixing up a trailing white space. Perhaps that should
> not have been introduced in patch 1 of the series.
> 
>>  			uefidump_data_hexdump(fw, (uint8_t *)(var->data + offset), signature_list->signatureheadersize);
>>  		}
>>  		offset += signature_list->signatureheadersize;
>>
>

More information about the fwts-devel mailing list