| Message ID | 1384141165-5084-1-git-send-email-ivan.hu@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 11/11/13 03:39, Ivan Hu wrote: > Add the function of comparing the SignarureType guid, print out the readable > type. Also fixed the build error that duplicated define of EFI_CERT_X509_GUID > from the securebootcert test, when add the define EFI_CERT_X509_GUID on fwts_uefi.h > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/lib/include/fwts_uefi.h | 36 +++++++++++++++++++++++++++ > src/uefi/securebootcert/securebootcert.c | 6 ----- > src/uefi/uefidump/uefidump.c | 39 ++++++++++++++++++++++++++++-- > 3 files changed, 73 insertions(+), 8 deletions(-) > > diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h > index a64be92..9f9fd5c 100644 > --- a/src/lib/include/fwts_uefi.h > +++ b/src/lib/include/fwts_uefi.h > @@ -95,6 +95,42 @@ enum { > #define EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED 0x0000000000000008 > #define EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED 0x0000000000000010 > > +#define EFI_CERT_SHA256_GUID \ > +{ 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }} > + > +#define EFI_CERT_RSA2048_GUID \ > +{ 0x3c5766e8, 0x269c, 0x4e34, { 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }} > + > +#define EFI_CERT_RSA2048_SHA256_GUID \ > +{ 0xe2b36190, 0x879b, 0x4a3d, { 0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }} > + > +#define EFI_CERT_SHA1_GUID \ > +{ 0x826ca512, 0xcf10, 0x4ac9, { 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }} > + > +#define EFI_CERT_RSA2048_SHA1_GUID \ > +{ 0x67f8444f, 0x8743, 0x48f1, { 0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }} > + > +#define EFI_CERT_X509_GUID \ > +{ 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }} > + > +#define EFI_CERT_SHA224_GUID \ > +{ 0xb6e5233, 0xa65c, 0x44c9, { 0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }} > + > +#define EFI_CERT_SHA384_GUID \ > +{ 0xff3e5307, 0x9fd0, 0x48c9, { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }} > + > +#define EFI_CERT_SHA512_GUID \ > +{ 0x93e0fae, 0xa6c4, 0x4f50, { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }} > + > +#define EFI_CERT_X509_SHA256_GUID \ > +{ 0x3bd2a492, 0x96c0, 0x4079, { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }} > + > +#define EFI_CERT_X509_SHA384_GUID \ > +{ 0x7076876e, 0x80c2, 0x4ee6, { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }} > + > +#define EFI_CERT_X509_SHA512_GUID \ > +{ 0x446dbf63, 0x2502, 0x4cda, { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }} > + > #if 0 > typedef struct { > char *description; > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 9fa469b..86f5e0e 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -61,12 +61,6 @@ typedef struct _EFI_SIGNATURE_LIST { > 0xd0, 0x0e, 0x67, 0x65, 0x6f} \ > } > > -#define EFI_CERT_X509_GUID \ > -{ \ > - 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, \ > - 0x15, 0x5c, 0x2b, 0xf0, 0x72 } \ > -} > - > static uint8_t var_found; > > static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) > diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c > index 9371f60..72557b9 100644 > --- a/src/uefi/uefidump/uefidump.c > +++ b/src/uefi/uefidump/uefidump.c > @@ -51,7 +51,7 @@ static void uefidump_data_hexdump(fwts_framework *fw, uint8_t *data, size_t size > { > size_t i; > > - for (i = 0; i < size; i+= 16) { > + for (i = 0; i < size; i += 16) { > char buffer[128]; > size_t left = size - i; > > @@ -892,6 +892,36 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v > fwts_uefi_signature_list *signature_list; > char guid_str[37]; > size_t offset = 0, list_start = 0; > + size_t i; > + fwts_uefi_guid guid[] = { > + EFI_CERT_X509_GUID, > + EFI_CERT_SHA256_GUID, > + EFI_CERT_RSA2048_GUID, > + EFI_CERT_RSA2048_SHA256_GUID, > + EFI_CERT_SHA1_GUID, > + EFI_CERT_RSA2048_SHA1_GUID, > + EFI_CERT_SHA224_GUID, > + EFI_CERT_SHA384_GUID, > + EFI_CERT_SHA512_GUID, > + EFI_CERT_X509_SHA256_GUID, > + EFI_CERT_X509_SHA384_GUID, > + EFI_CERT_X509_SHA512_GUID > + }; > + char *str[] = { > + "EFI_CERT_X509_GUID", > + "EFI_CERT_SHA256_GUID", > + "EFI_CERT_RSA2048_GUID", > + "EFI_CERT_RSA2048_SHA256_GUID", > + "EFI_CERT_SHA1_GUID", > + "EFI_CERT_RSA2048_SHA1_GUID", > + "EFI_CERT_SHA224_GUID", > + "EFI_CERT_SHA384_GUID", > + "EFI_CERT_SHA512_GUID", > + "EFI_CERT_X509_SHA256_GUID", > + "EFI_CERT_X509_SHA384_GUID", > + "EFI_CERT_X509_SHA512_GUID", > + "Unknown GUID" > + }; > > if (var->datalen < sizeof(fwts_uefi_signature_list)) > return; > @@ -899,7 +929,12 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v > do { > signature_list = (fwts_uefi_signature_list *)(var->data + list_start); > fwts_guid_buf_to_str(var->data, guid_str, sizeof(guid_str)); > - fwts_log_info_verbatum(fw, " SignatureType: %s", guid_str); > + > + for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++) > + if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0) > + break; > + > + fwts_log_info_verbatum(fw, " SignatureType: %s (%s)", guid_str, str[i]); > fwts_log_info_verbatum(fw, " SignatureListSize: 0x%" PRIx32, signature_list->signaturelistsize); > fwts_log_info_verbatum(fw, " SignatureHeaderSize: 0x%" PRIx32, signature_list->signatureheadersize); > fwts_log_info_verbatum(fw, " SignatureSize: 0x%" PRIx32, signature_list->signaturesize); > Acked-by: Colin Ian King <colin.king@canonical.com>
On 11/11/2013 11:39 AM, Ivan Hu wrote: > Add the function of comparing the SignarureType guid, print out the readable > type. Also fixed the build error that duplicated define of EFI_CERT_X509_GUID > from the securebootcert test, when add the define EFI_CERT_X509_GUID on fwts_uefi.h > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/lib/include/fwts_uefi.h | 36 +++++++++++++++++++++++++++ > src/uefi/securebootcert/securebootcert.c | 6 ----- > src/uefi/uefidump/uefidump.c | 39 ++++++++++++++++++++++++++++-- > 3 files changed, 73 insertions(+), 8 deletions(-) > > diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h > index a64be92..9f9fd5c 100644 > --- a/src/lib/include/fwts_uefi.h > +++ b/src/lib/include/fwts_uefi.h > @@ -95,6 +95,42 @@ enum { > #define EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED 0x0000000000000008 > #define EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED 0x0000000000000010 > > +#define EFI_CERT_SHA256_GUID \ > +{ 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }} > + > +#define EFI_CERT_RSA2048_GUID \ > +{ 0x3c5766e8, 0x269c, 0x4e34, { 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }} > + > +#define EFI_CERT_RSA2048_SHA256_GUID \ > +{ 0xe2b36190, 0x879b, 0x4a3d, { 0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }} > + > +#define EFI_CERT_SHA1_GUID \ > +{ 0x826ca512, 0xcf10, 0x4ac9, { 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }} > + > +#define EFI_CERT_RSA2048_SHA1_GUID \ > +{ 0x67f8444f, 0x8743, 0x48f1, { 0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }} > + > +#define EFI_CERT_X509_GUID \ > +{ 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }} > + > +#define EFI_CERT_SHA224_GUID \ > +{ 0xb6e5233, 0xa65c, 0x44c9, { 0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }} > + > +#define EFI_CERT_SHA384_GUID \ > +{ 0xff3e5307, 0x9fd0, 0x48c9, { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }} > + > +#define EFI_CERT_SHA512_GUID \ > +{ 0x93e0fae, 0xa6c4, 0x4f50, { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }} > + > +#define EFI_CERT_X509_SHA256_GUID \ > +{ 0x3bd2a492, 0x96c0, 0x4079, { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }} > + > +#define EFI_CERT_X509_SHA384_GUID \ > +{ 0x7076876e, 0x80c2, 0x4ee6, { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }} > + > +#define EFI_CERT_X509_SHA512_GUID \ > +{ 0x446dbf63, 0x2502, 0x4cda, { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }} > + > #if 0 > typedef struct { > char *description; > diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c > index 9fa469b..86f5e0e 100644 > --- a/src/uefi/securebootcert/securebootcert.c > +++ b/src/uefi/securebootcert/securebootcert.c > @@ -61,12 +61,6 @@ typedef struct _EFI_SIGNATURE_LIST { > 0xd0, 0x0e, 0x67, 0x65, 0x6f} \ > } > > -#define EFI_CERT_X509_GUID \ > -{ \ > - 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, \ > - 0x15, 0x5c, 0x2b, 0xf0, 0x72 } \ > -} > - > static uint8_t var_found; > > static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) > diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c > index 9371f60..72557b9 100644 > --- a/src/uefi/uefidump/uefidump.c > +++ b/src/uefi/uefidump/uefidump.c > @@ -51,7 +51,7 @@ static void uefidump_data_hexdump(fwts_framework *fw, uint8_t *data, size_t size > { > size_t i; > > - for (i = 0; i < size; i+= 16) { > + for (i = 0; i < size; i += 16) { > char buffer[128]; > size_t left = size - i; > > @@ -892,6 +892,36 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v > fwts_uefi_signature_list *signature_list; > char guid_str[37]; > size_t offset = 0, list_start = 0; > + size_t i; > + fwts_uefi_guid guid[] = { > + EFI_CERT_X509_GUID, > + EFI_CERT_SHA256_GUID, > + EFI_CERT_RSA2048_GUID, > + EFI_CERT_RSA2048_SHA256_GUID, > + EFI_CERT_SHA1_GUID, > + EFI_CERT_RSA2048_SHA1_GUID, > + EFI_CERT_SHA224_GUID, > + EFI_CERT_SHA384_GUID, > + EFI_CERT_SHA512_GUID, > + EFI_CERT_X509_SHA256_GUID, > + EFI_CERT_X509_SHA384_GUID, > + EFI_CERT_X509_SHA512_GUID > + }; > + char *str[] = { > + "EFI_CERT_X509_GUID", > + "EFI_CERT_SHA256_GUID", > + "EFI_CERT_RSA2048_GUID", > + "EFI_CERT_RSA2048_SHA256_GUID", > + "EFI_CERT_SHA1_GUID", > + "EFI_CERT_RSA2048_SHA1_GUID", > + "EFI_CERT_SHA224_GUID", > + "EFI_CERT_SHA384_GUID", > + "EFI_CERT_SHA512_GUID", > + "EFI_CERT_X509_SHA256_GUID", > + "EFI_CERT_X509_SHA384_GUID", > + "EFI_CERT_X509_SHA512_GUID", > + "Unknown GUID" > + }; > > if (var->datalen < sizeof(fwts_uefi_signature_list)) > return; > @@ -899,7 +929,12 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v > do { > signature_list = (fwts_uefi_signature_list *)(var->data + list_start); > fwts_guid_buf_to_str(var->data, guid_str, sizeof(guid_str)); > - fwts_log_info_verbatum(fw, " SignatureType: %s", guid_str); > + > + for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++) > + if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0) > + break; > + > + fwts_log_info_verbatum(fw, " SignatureType: %s (%s)", guid_str, str[i]); > fwts_log_info_verbatum(fw, " SignatureListSize: 0x%" PRIx32, signature_list->signaturelistsize); > fwts_log_info_verbatum(fw, " SignatureHeaderSize: 0x%" PRIx32, signature_list->signatureheadersize); > fwts_log_info_verbatum(fw, " SignatureSize: 0x%" PRIx32, signature_list->signaturesize); > Acked-by: Alex Hung <alex.hung@canonical.com>
diff --git a/src/lib/include/fwts_uefi.h b/src/lib/include/fwts_uefi.h index a64be92..9f9fd5c 100644 --- a/src/lib/include/fwts_uefi.h +++ b/src/lib/include/fwts_uefi.h @@ -95,6 +95,42 @@ enum { #define EFI_OS_INDICATIONS_FMP_CAPSULE_SUPPORTED 0x0000000000000008 #define EFI_OS_INDICATIONS_CAPSULE_RESULT_VAR_SUPPORTED 0x0000000000000010 +#define EFI_CERT_SHA256_GUID \ +{ 0xc1c41626, 0x504c, 0x4092, { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }} + +#define EFI_CERT_RSA2048_GUID \ +{ 0x3c5766e8, 0x269c, 0x4e34, { 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }} + +#define EFI_CERT_RSA2048_SHA256_GUID \ +{ 0xe2b36190, 0x879b, 0x4a3d, { 0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }} + +#define EFI_CERT_SHA1_GUID \ +{ 0x826ca512, 0xcf10, 0x4ac9, { 0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }} + +#define EFI_CERT_RSA2048_SHA1_GUID \ +{ 0x67f8444f, 0x8743, 0x48f1, { 0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }} + +#define EFI_CERT_X509_GUID \ +{ 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 }} + +#define EFI_CERT_SHA224_GUID \ +{ 0xb6e5233, 0xa65c, 0x44c9, { 0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd }} + +#define EFI_CERT_SHA384_GUID \ +{ 0xff3e5307, 0x9fd0, 0x48c9, { 0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1 }} + +#define EFI_CERT_SHA512_GUID \ +{ 0x93e0fae, 0xa6c4, 0x4f50, { 0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a }} + +#define EFI_CERT_X509_SHA256_GUID \ +{ 0x3bd2a492, 0x96c0, 0x4079, { 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed }} + +#define EFI_CERT_X509_SHA384_GUID \ +{ 0x7076876e, 0x80c2, 0x4ee6, { 0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b }} + +#define EFI_CERT_X509_SHA512_GUID \ +{ 0x446dbf63, 0x2502, 0x4cda, { 0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d }} + #if 0 typedef struct { char *description; diff --git a/src/uefi/securebootcert/securebootcert.c b/src/uefi/securebootcert/securebootcert.c index 9fa469b..86f5e0e 100644 --- a/src/uefi/securebootcert/securebootcert.c +++ b/src/uefi/securebootcert/securebootcert.c @@ -61,12 +61,6 @@ typedef struct _EFI_SIGNATURE_LIST { 0xd0, 0x0e, 0x67, 0x65, 0x6f} \ } -#define EFI_CERT_X509_GUID \ -{ \ - 0xa5c059a1, 0x94e4, 0x4aa7, { 0x87, 0xb5, 0xab, \ - 0x15, 0x5c, 0x2b, 0xf0, 0x72 } \ -} - static uint8_t var_found; static bool compare_guid(EFI_GUID *guid1, uint8_t *guid2) diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c index 9371f60..72557b9 100644 --- a/src/uefi/uefidump/uefidump.c +++ b/src/uefi/uefidump/uefidump.c @@ -51,7 +51,7 @@ static void uefidump_data_hexdump(fwts_framework *fw, uint8_t *data, size_t size { size_t i; - for (i = 0; i < size; i+= 16) { + for (i = 0; i < size; i += 16) { char buffer[128]; size_t left = size - i; @@ -892,6 +892,36 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v fwts_uefi_signature_list *signature_list; char guid_str[37]; size_t offset = 0, list_start = 0; + size_t i; + fwts_uefi_guid guid[] = { + EFI_CERT_X509_GUID, + EFI_CERT_SHA256_GUID, + EFI_CERT_RSA2048_GUID, + EFI_CERT_RSA2048_SHA256_GUID, + EFI_CERT_SHA1_GUID, + EFI_CERT_RSA2048_SHA1_GUID, + EFI_CERT_SHA224_GUID, + EFI_CERT_SHA384_GUID, + EFI_CERT_SHA512_GUID, + EFI_CERT_X509_SHA256_GUID, + EFI_CERT_X509_SHA384_GUID, + EFI_CERT_X509_SHA512_GUID + }; + char *str[] = { + "EFI_CERT_X509_GUID", + "EFI_CERT_SHA256_GUID", + "EFI_CERT_RSA2048_GUID", + "EFI_CERT_RSA2048_SHA256_GUID", + "EFI_CERT_SHA1_GUID", + "EFI_CERT_RSA2048_SHA1_GUID", + "EFI_CERT_SHA224_GUID", + "EFI_CERT_SHA384_GUID", + "EFI_CERT_SHA512_GUID", + "EFI_CERT_X509_SHA256_GUID", + "EFI_CERT_X509_SHA384_GUID", + "EFI_CERT_X509_SHA512_GUID", + "Unknown GUID" + }; if (var->datalen < sizeof(fwts_uefi_signature_list)) return; @@ -899,7 +929,12 @@ static void uefidump_info_signaturedatabase(fwts_framework *fw, fwts_uefi_var *v do { signature_list = (fwts_uefi_signature_list *)(var->data + list_start); fwts_guid_buf_to_str(var->data, guid_str, sizeof(guid_str)); - fwts_log_info_verbatum(fw, " SignatureType: %s", guid_str); + + for (i = 0; i < sizeof(guid)/sizeof(guid[0]); i++) + if (memcmp(var->data, &guid[i], sizeof(fwts_uefi_guid)) == 0) + break; + + fwts_log_info_verbatum(fw, " SignatureType: %s (%s)", guid_str, str[i]); fwts_log_info_verbatum(fw, " SignatureListSize: 0x%" PRIx32, signature_list->signaturelistsize); fwts_log_info_verbatum(fw, " SignatureHeaderSize: 0x%" PRIx32, signature_list->signatureheadersize); fwts_log_info_verbatum(fw, " SignatureSize: 0x%" PRIx32, signature_list->signaturesize);
Add the function of comparing the SignarureType guid, print out the readable type. Also fixed the build error that duplicated define of EFI_CERT_X509_GUID from the securebootcert test, when add the define EFI_CERT_X509_GUID on fwts_uefi.h Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/lib/include/fwts_uefi.h | 36 +++++++++++++++++++++++++++ src/uefi/securebootcert/securebootcert.c | 6 ----- src/uefi/uefidump/uefidump.c | 39 ++++++++++++++++++++++++++++-- 3 files changed, 73 insertions(+), 8 deletions(-)