From patchwork Wed Jul 6 10:03:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1652886 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=ehyYfasO; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LdFVq1YBDz9s07 for ; Wed, 6 Jul 2022 20:03:47 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 72CF284261; Wed, 6 Jul 2022 12:03:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="ehyYfasO"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 700498453F; Wed, 6 Jul 2022 12:03:34 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E197C84261 for ; Wed, 6 Jul 2022 12:03:31 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1657101810; bh=pO7Up5i5arGL8xrGQIPNGoeay/rwmJRaJZaroH5IVnI=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=ehyYfasOsclN8OM3+In/vA3KM12nMjGcIZCnC0QtE7eqfPeP3vUvPi2M48k/p6vTF aVv74rk5HSWyU8UHCWV/zf9ukA/vg0LdwzBytae7MUxHrrivlEQ3mZmood5jT6B2+s WFO9QoaZ4ioH5r+2gl+/H5dNVJwF3MhGUZlhbPbE= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.67] ([62.143.94.109]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MGz1f-1oMWOX1eRH-00E6XP; Wed, 06 Jul 2022 12:03:30 +0200 Message-ID: <4d498c4c-5d5b-876d-976a-4db6eb2baf6e@gmx.de> Date: Wed, 6 Jul 2022 12:03:24 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US To: Tom Rini Cc: U-Boot Mailing List , AKASHI Takahiro , Ilias Apalodimas From: Heinrich Schuchardt Subject: Pull request efi-2022-07-rc7 X-Provags-ID: V03:K1:z+TTJfua34lOe3j/VhUkV+VqSP5tjq+KL5XAsBjQ2gkTzfftlx0 b1oWm2TdzAH16owut0hQg8Tfi970V48p7AnhmKoXcYGAuCY51UfU9K1ML0WZ9iaPbDUPF9H nwLLC7t+g6u5eIpBtp0pvYNbqPLHOsq1CoQv2AfALjyCnIiwfTkteatfC9P2Hb/9hxM5QG4 HJiz1CiZmTkNiCjKm5qtg== X-UI-Out-Filterresults: notjunk:1;V03:K0:LS5qipunP64=:3c/7NggCfeu+Yg4wkZzwhS sDlAO8sGOJx/iPOi+9kP1jft9d6HXrzjACh6fk8J1y89uUQH4072yS4dxGjA16hqLNAUoDxgP zPByKnP7bqcGeBJhvuHC8fUlCYeUe4+55nlzu3ouVD8ra+YlcQ0xJSGjG3YVKZD19QiGJzLEt 3vgEyGQnU+vCQdRLm8jCg5odKRbz7vLB9l5dV6KAHcLvxQ7OqAVso2abEz6Z99Bc1nuG8llbH D74Jw0p7Htbfhn2b8kXhEKWEnIi2l702p+XSeNIZv4EKGdDhDE+mQXNx8qBK7QiDbCcLPRxM3 4UnQkREPwb8FBSEzcoea5SmHXXMxWvrCaPTxLVHtXFyJSLv15j/3W4j65yi9LJ+s31OtqZ/1O eHKq5guVNdvRtaFm8gROoYnPLoesTbwMg9mAjJOjdIqgOBfLvKa6a/fQkGQWJ2RAFJ20KNolf jAujSN0dZOKAarngqkYdhok1FCiu54Ra1xJtY86SMXTvx3bKmGbeLrJVUG86DRxmbESHadT48 iVKAU1sUYlzTaiFj+diuG7OpcXS9FX3rV9QhL4VtMRU9pfywXkdMTtMA91ag2cC0mV/35DQmq bTP5kLAb8JSnqn/kn5c4SsVJSNwJeeSb6E3BLwHTqnyrpxUqW/pI8T7/C+eUZGVN7PWS6l675 bBZfAHYtdR/kXnW99l34ywLd4rbj4LIaZgSIuRTUAHJSvzvMJMJVycC9jTeFNRyJSXg3XhBmI 1TjVHwdNsmtNbzrgkVLbXJ5MN7GFR2+SfPz6wGZcOey/64z7KsobFEGvyf+rs8PUu+DXlX8lI N/9y53ySJZXj8iqS0QlJriQqxEzMjdF4MHiH6F15avc6DY7Z4fCQJ2c9J8gaCijdHcGoLygPr 5NayBorMY1Nzqlh7sO/nRxCleqHPjfoijXE33EY5fkns7dTmIUL40x0A9dpmVDeLn0ZecwskJ UUey2yndRTOziSiTVuh8wz06kWcnyel6lQs5PABooLtCjiIIoQTLSsidNlr+IwJaF9aFK4n+u EwD/AufJuK+cbWd9/ujIxEpoBW3AewukbBQUXslJG7qHP+YxKPMft56CkPcTAT+7gr9dmdFqe kWMaAxqbVtoGJSU9tfq79vaNQ9KI7RU11ZVPihI1viPsPsZQAETsqpIUQ== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Dear Tom, The following changes since commit 0cc846dafcf6f6270c6587d6fe79011834d6e49a: Prepare v2022.07-rc6 (2022-07-04 08:18:33 -0400) are available in the Git repository at: https://source.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2022-07-rc7 for you to fetch changes up to 8fb9dbdea716ab764c7a3c544569f903cbfdd744: test/py: efi_secboot: add a test for a forged signed image (2022-07-05 14:37:16 +0200) Gitlab-CI showed no issues: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/12623 ---------------------------------------------------------------- Pull request efi-2022-07-rc7 UEFI: * correct verification of signed UEFI binaries ---------------------------------------------------------------- AKASHI Takahiro (5): lib: crypto: add mscode_parser efi_loader: signature: export efi_hash_regions() efi_loader: image_loader: replace EFI_PRINT with log macros efi_loader: image_loader: add a missing digest verification for signed PE image test/py: efi_secboot: add a test for a forged signed image include/crypto/mscode.h | 43 ++++++++ include/efi_loader.h | 2 + lib/crypto/Kconfig | 9 ++ lib/crypto/Makefile | 12 +++ lib/crypto/mscode.asn1 | 28 ++++++ lib/crypto/mscode_parser.c | 135 ++++++++++++++++++++++++++ lib/efi_loader/Kconfig | 1 + lib/efi_loader/efi_image_loader.c | 114 ++++++++++++++++------ lib/efi_loader/efi_signature.c | 4 +- test/py/tests/test_efi_secboot/conftest.py | 3 + test/py/tests/test_efi_secboot/forge_image.sh | 5 + test/py/tests/test_efi_secboot/test_signed.py | 35 +++++++ 12 files changed, 361 insertions(+), 30 deletions(-) create mode 100644 include/crypto/mscode.h create mode 100644 lib/crypto/mscode.asn1 create mode 100644 lib/crypto/mscode_parser.c create mode 100644 test/py/tests/test_efi_secboot/forge_image.sh