grub2/0001-ieee1275-Platform-Keystore-PKS-Support.patch

From 04e8509f04a4cd123bc9f290e60f582d57b2f258 Mon Sep 17 00:00:00 2001
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Date: Tue, 27 Dec 2022 17:47:41 +0530
Subject: [PATCH 1/8] ieee1275: Platform Keystore (PKS) Support

enhancing the infrastructure to enable the Platform Keystore (PKS) feature,
which provides access to the SB VERSION, DB, and DBX secure boot variables
from PKS.

Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Nageswara Sastry <rnsastry@linux.ibm.com>
---
 grub-core/kern/ieee1275/ieee1275.c | 117 +++++++++++++++++++++++++++++
 include/grub/ieee1275/ieee1275.h   |  15 ++++
 2 files changed, 132 insertions(+)

diff --git a/grub-core/kern/ieee1275/ieee1275.c b/grub-core/kern/ieee1275/ieee1275.c
index 36ca2dbfc..8d0048844 100644
--- a/grub-core/kern/ieee1275/ieee1275.c
+++ b/grub-core/kern/ieee1275/ieee1275.c
@@ -807,3 +807,120 @@ grub_ieee1275_get_block_size (grub_ieee1275_ihandle_t ihandle)
 
   return args.size;
 }
+
+int
+grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing)
+{
+  struct test_args
+  {
+    struct grub_ieee1275_common_hdr common;
+    grub_ieee1275_cell_t name;
+    grub_ieee1275_cell_t missing;
+  } args;
+
+  INIT_IEEE1275_COMMON (&args.common, "test", 1, 1);
+  args.name = (grub_ieee1275_cell_t) name;
+
+  if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+    return -1;
+
+  if (args.missing == IEEE1275_CELL_INVALID)
+    return -1;
+
+  *missing = args.missing;
+
+  return 0;
+}
+
+int
+grub_ieee1275_pks_max_object_size (grub_size_t *result)
+{
+  struct mos_args
+  {
+    struct grub_ieee1275_common_hdr common;
+    grub_ieee1275_cell_t size;
+  } args;
+
+  INIT_IEEE1275_COMMON (&args.common, "pks-max-object-size", 0, 1);
+
+  if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+    return -1;
+
+  if (args.size == IEEE1275_CELL_INVALID)
+    return -1;
+
+  *result = args.size;
+
+  return 0;
+}
+
+int
+grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label,
+                               grub_size_t label_len, grub_uint8_t *buffer,
+                               grub_size_t buffer_len, grub_size_t *data_len,
+                               grub_uint32_t *policies)
+{
+  struct pks_read_args
+  {
+    struct grub_ieee1275_common_hdr common;
+    grub_ieee1275_cell_t consumer;
+    grub_ieee1275_cell_t label;
+    grub_ieee1275_cell_t label_len;
+    grub_ieee1275_cell_t buffer;
+    grub_ieee1275_cell_t buffer_len;
+    grub_ieee1275_cell_t data_len;
+    grub_ieee1275_cell_t policies;
+    grub_ieee1275_cell_t rc;
+  } args;
+
+  INIT_IEEE1275_COMMON (&args.common, "pks-read-object", 5, 3);
+  args.consumer = (grub_ieee1275_cell_t) consumer;
+  args.label = (grub_ieee1275_cell_t) label;
+  args.label_len = (grub_ieee1275_cell_t) label_len;
+  args.buffer = (grub_ieee1275_cell_t) buffer;
+  args.buffer_len = (grub_ieee1275_cell_t) buffer_len;
+
+  if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+    return -1;
+
+  if (args.data_len == IEEE1275_CELL_INVALID)
+    return -1;
+
+  *data_len = args.data_len;
+  *policies = args.policies;
+
+  return (int) args.rc;
+}
+
+int
+grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype,
+                              grub_uint8_t *buffer, grub_size_t buffer_len,
+                              grub_size_t *data_len)
+{
+  struct pks_read_sbvar_args
+  {
+    struct grub_ieee1275_common_hdr common;
+    grub_ieee1275_cell_t sbvarflags;
+    grub_ieee1275_cell_t sbvartype;
+    grub_ieee1275_cell_t buffer;
+    grub_ieee1275_cell_t buffer_len;
+    grub_ieee1275_cell_t data_len;
+    grub_ieee1275_cell_t rc;
+  } args;
+
+  INIT_IEEE1275_COMMON (&args.common, "pks-read-sbvar", 4, 2);
+  args.sbvarflags = (grub_ieee1275_cell_t) sbvarflags;
+  args.sbvartype = (grub_ieee1275_cell_t) sbvartype;
+  args.buffer = (grub_ieee1275_cell_t) buffer;
+  args.buffer_len = (grub_ieee1275_cell_t) buffer_len;
+
+  if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+    return -1;
+
+  if (args.data_len == IEEE1275_CELL_INVALID)
+    return -1;
+
+  *data_len = args.data_len;
+
+  return (int) args.rc;
+}
diff --git a/include/grub/ieee1275/ieee1275.h b/include/grub/ieee1275/ieee1275.h
index ea90d79f7..6d8dd9463 100644
--- a/include/grub/ieee1275/ieee1275.h
+++ b/include/grub/ieee1275/ieee1275.h
@@ -237,6 +237,21 @@ char *EXPORT_FUNC(grub_ieee1275_encode_uint4) (grub_ieee1275_ihandle_t ihandle,
                                              grub_size_t *size);
 int EXPORT_FUNC(grub_ieee1275_get_block_size) (grub_ieee1275_ihandle_t ihandle);
 
+int EXPORT_FUNC (grub_ieee1275_test) (const char *name,
+                                      grub_ieee1275_cell_t *missing);
+
+// not exported: I don't want modules interacting with PKS.
+int grub_ieee1275_pks_max_object_size (grub_size_t *result);
+
+int grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label,
+                                   grub_size_t label_len, grub_uint8_t *buffer,
+                                   grub_size_t buffer_len, grub_size_t *data_len,
+                                   grub_uint32_t *policies);
+
+int grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t sbvartype,
+                                  grub_uint8_t *buffer, grub_size_t buffer_len,
+                                  grub_size_t *data_len);
+
 grub_err_t EXPORT_FUNC(grub_claimmap) (grub_addr_t addr, grub_size_t size);
 void EXPORT_FUNC(grub_releasemap) (void);
 
-- 
2.47.0