Proposed changes to the kernel will establish /sys/firmware/efi/efivars
as the canonical mountpoint for the efivars filesystem.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than overrunning the heap, explicitly allocate the pad area for
cases where we've aligned-up the section table sizes.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Since we write the certificate table starting at data_size (not size),
use this value when generating the cert table header.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
The PE/COFF spec allows variable-sized data directories, which reduce
the size of the optional header. While GNU ld always produces
maximum-sized headers, the kernel's EFI_STUB code generates a smaller
header size, which causes the image parsing code to abort.
This change allows variable-sized optional headers, but checks for at
least enough of an optional header to contain a CERT_TABLE data
directory entry.
We also rename struct image's aouthdr to opthdr, as it contains more
than just the a.out fields.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We were updating siglist before incrementing i, and so aborting the
siglist iteration earlier than necessary.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than having three sets of (firmware, filesystem) key databases,
refactor into two sets of (kdk, db, dbx) databases. This allows us to
add the PK later.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We should free filename, and buf on error.
Also, check for the length of the file's data; we may be passed empty
files, and end up with a negative len.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We want to collect keystore entries on a separate list, so rename the
'list' member to something more specific.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We want to call key_id on file buffers too, which don't have the
EFI_SIGNATURE_DATA encapsulation.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We may want to read files which can be absent. In this case, we don't
want to print an error.
This change adds fileio_read_file_noerror(), which suppresses error
output.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We're almost always going to want the attributes set to
NON_VOLATILE | BOOTSERVICE_ACCESS | RUNTIME_ACCES | APPEND_WRITE,
and TIME_BASED_AUTHENTICATED_WRITE is required. So, provide this
as the default if no --attrs argument is specified.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than making these private to sbvarsign, move the EFI_VARIABLE
attribute defintions to efivars.h
Since some of these are defined by gnu-efi, we need to protect the
definitions with an #ifdef.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than checking the size with the EFI_SIGNATURE_DATA header, just
check the data len.
Also, fix the definition for the SHA256 size.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Despite what the Authenticode spec says ("dwLength is set to the length
of bCertificate"), the MS var sign tool and EDK2 sources include the
header in the dwLength size.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.
When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than only calling image_find_regions when we want to sign or
verify image, call it when the image is loaded. We'll want to use the
parse data later, which will require it to be present on all instances
of an image.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>