vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sbvarsign: Improve default GUID choice

Browse source 
For db and dbx, we want EFI_IMAGE_SECURITY_DATABASE.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-08-24 20:57:00 +08:00
parent 03e6a4e2b3
commit 41c8bb9ea2
2 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/efivars.h
View file

@ -46,6 +46,10 @@
{ 0xc1c41626, 0x504c, 0x4092, \ { 0xc1c41626, 0x504c, 0x4092, \
{ 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } } { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } }
#define EFI_IMAGE_SECURITY_DATABASE_GUID \
{ 0xd719b2cb, 0x3d3a, 0x4596, \
{ 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } }
#ifndef EFI_VARIABLE_NON_VOLATILE #ifndef EFI_VARIABLE_NON_VOLATILE
#define EFI_VARIABLE_NON_VOLATILE 0x00000001 #define EFI_VARIABLE_NON_VOLATILE 0x00000001

23
src/sbvarsign.c
View file

@ -59,7 +59,6 @@
static const char *toolname = "sbvarsign"; static const char *toolname = "sbvarsign";
struct varsign_context { struct varsign_context {
const char *infilename; const char *infilename;
const char *outfilename; const char *outfilename;
@ -379,6 +378,17 @@ err:
} }
static void set_default_guid(struct varsign_context *ctx, const char *varname)
{
EFI_GUID secdb_guid = EFI_IMAGE_SECURITY_DATABASE_GUID;
EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
if (!strcmp(varname, "db") || !strcmp(varname, "dbx"))
ctx->var_guid = secdb_guid;
else
ctx->var_guid = global_guid;
}
static struct option options[] = { static struct option options[] = {
{ "output", required_argument, NULL, 'o' }, { "output", required_argument, NULL, 'o' },
{ "guid", required_argument, NULL, 'g' }, { "guid", required_argument, NULL, 'g' },
@ -405,7 +415,9 @@ void usage(void)
"\t--cert <certfile> certificate (x509 certificate)\n" "\t--cert <certfile> certificate (x509 certificate)\n"
"\t--include-attrs include attrs at beginning of output file\n" "\t--include-attrs include attrs at beginning of output file\n"
"\t--guid <GUID> EFI GUID for the variable. If omitted,\n" "\t--guid <GUID> EFI GUID for the variable. If omitted,\n"
"\t EFI_GLOBAL_VARIABLE will be used\n" "\t EFI_IMAGE_SECURITY_DATABASE or\n"
"\t EFI_GLOBAL_VARIABLE (depending on\n"
"\t <var-name>) will be used.\n"
"\t--attr <attrs> variable attributes. One or more of:\n", "\t--attr <attrs> variable attributes. One or more of:\n",
toolname); toolname);
@ -426,8 +438,8 @@ static void version(void)
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
const char *guid_str, *attr_str, *varname;
const char *keyfilename, *certfilename; const char *keyfilename, *certfilename;
const char *guid_str, *attr_str;
struct varsign_context *ctx; struct varsign_context *ctx;
bool include_attrs; bool include_attrs;
int c; int c;
@ -498,7 +510,8 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
/* set up the variable signing context */ /* set up the variable signing context */
set_varname(ctx, argv[optind]); varname = argv[optind];
set_varname(ctx, varname);
ctx->infilename = argv[optind+1]; ctx->infilename = argv[optind+1];
if (!ctx->outfilename) if (!ctx->outfilename)
@ -518,7 +531,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE; return EXIT_FAILURE;
} }
} else { } else {
ctx->var_guid = default_guid; set_default_guid(ctx, varname);
} }
if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len)) if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len))