From 04e8509f04a4cd123bc9f290e60f582d57b2f258 Mon Sep 17 00:00:00 2001 From: Sudhakar Kuppusamy Date: Tue, 27 Dec 2022 17:47:41 +0530 Subject: [PATCH 1/8] ieee1275: Platform Keystore (PKS) Support enhancing the infrastructure to enable the Platform Keystore (PKS) feature, which provides access to the SB VERSION, DB, and DBX secure boot variables from PKS. Signed-off-by: Sudhakar Kuppusamy Reviewed-by: Stefan Berger Tested-by: Nageswara Sastry --- grub-core/kern/ieee1275/ieee1275.c | 117 +++++++++++++++++++++++++++++ include/grub/ieee1275/ieee1275.h | 15 ++++ 2 files changed, 132 insertions(+) diff --git a/grub-core/kern/ieee1275/ieee1275.c b/grub-core/kern/ieee1275/ieee1275.c index 36ca2dbfc..8d0048844 100644 --- a/grub-core/kern/ieee1275/ieee1275.c +++ b/grub-core/kern/ieee1275/ieee1275.c @@ -807,3 +807,120 @@ grub_ieee1275_get_block_size (grub_ieee1275_ihandle_t ihandle) return args.size; } + +int +grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing) +{ + struct test_args + { + struct grub_ieee1275_common_hdr common; + grub_ieee1275_cell_t name; + grub_ieee1275_cell_t missing; + } args; + + INIT_IEEE1275_COMMON (&args.common, "test", 1, 1); + args.name = (grub_ieee1275_cell_t) name; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; + + if (args.missing == IEEE1275_CELL_INVALID) + return -1; + + *missing = args.missing; + + return 0; +} + +int +grub_ieee1275_pks_max_object_size (grub_size_t *result) +{ + struct mos_args + { + struct grub_ieee1275_common_hdr common; + grub_ieee1275_cell_t size; + } args; + + INIT_IEEE1275_COMMON (&args.common, "pks-max-object-size", 0, 1); + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; + + if (args.size == IEEE1275_CELL_INVALID) + return -1; + + *result = args.size; + + return 0; +} + +int +grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, + grub_size_t label_len, grub_uint8_t *buffer, + grub_size_t buffer_len, grub_size_t *data_len, + grub_uint32_t *policies) +{ + struct pks_read_args + { + struct grub_ieee1275_common_hdr common; + grub_ieee1275_cell_t consumer; + grub_ieee1275_cell_t label; + grub_ieee1275_cell_t label_len; + grub_ieee1275_cell_t buffer; + grub_ieee1275_cell_t buffer_len; + grub_ieee1275_cell_t data_len; + grub_ieee1275_cell_t policies; + grub_ieee1275_cell_t rc; + } args; + + INIT_IEEE1275_COMMON (&args.common, "pks-read-object", 5, 3); + args.consumer = (grub_ieee1275_cell_t) consumer; + args.label = (grub_ieee1275_cell_t) label; + args.label_len = (grub_ieee1275_cell_t) label_len; + args.buffer = (grub_ieee1275_cell_t) buffer; + args.buffer_len = (grub_ieee1275_cell_t) buffer_len; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; + + if (args.data_len == IEEE1275_CELL_INVALID) + return -1; + + *data_len = args.data_len; + *policies = args.policies; + + return (int) args.rc; +} + +int +grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype, + grub_uint8_t *buffer, grub_size_t buffer_len, + grub_size_t *data_len) +{ + struct pks_read_sbvar_args + { + struct grub_ieee1275_common_hdr common; + grub_ieee1275_cell_t sbvarflags; + grub_ieee1275_cell_t sbvartype; + grub_ieee1275_cell_t buffer; + grub_ieee1275_cell_t buffer_len; + grub_ieee1275_cell_t data_len; + grub_ieee1275_cell_t rc; + } args; + + INIT_IEEE1275_COMMON (&args.common, "pks-read-sbvar", 4, 2); + args.sbvarflags = (grub_ieee1275_cell_t) sbvarflags; + args.sbvartype = (grub_ieee1275_cell_t) sbvartype; + args.buffer = (grub_ieee1275_cell_t) buffer; + args.buffer_len = (grub_ieee1275_cell_t) buffer_len; + + if (IEEE1275_CALL_ENTRY_FN (&args) == -1) + return -1; + + if (args.data_len == IEEE1275_CELL_INVALID) + return -1; + + *data_len = args.data_len; + + return (int) args.rc; +} diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h index ea90d79f7..6d8dd9463 100644 --- a/include/grub/ieee1275/ieee1275.h +++ b/include/grub/ieee1275/ieee1275.h @@ -237,6 +237,21 @@ char *EXPORT_FUNC(grub_ieee1275_encode_uint4) (grub_ieee1275_ihandle_t ihandle, grub_size_t *size); int EXPORT_FUNC(grub_ieee1275_get_block_size) (grub_ieee1275_ihandle_t ihandle); +int EXPORT_FUNC (grub_ieee1275_test) (const char *name, + grub_ieee1275_cell_t *missing); + +// not exported: I don't want modules interacting with PKS. +int grub_ieee1275_pks_max_object_size (grub_size_t *result); + +int grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label, + grub_size_t label_len, grub_uint8_t *buffer, + grub_size_t buffer_len, grub_size_t *data_len, + grub_uint32_t *policies); + +int grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype, + grub_uint8_t *buffer, grub_size_t buffer_len, + grub_size_t *data_len); + grub_err_t EXPORT_FUNC(grub_claimmap) (grub_addr_t addr, grub_size_t size); void EXPORT_FUNC(grub_releasemap) (void); -- 2.47.0