efi_loader: simplify tcg2_measure_secure_boot_variable()

This commit simplifies tcg2_measure_secure_boot_variable() using secure_variables table. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
author: Masahisa Kojima <masahisa.kojima@linaro.org> 2021-10-26 11:27:26 +0300
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2021-10-26 22:33:19 +0300
commit: 96485d2f3f30c1f482bd138752188cbbc64fb307 (patch)
tree: 760c946bf837aad52cd4116350e96c1c16602a88 /lib
parent: ce3dbc5d080de8045dd5e2b512cad75434ba4cf5 (diff)
download: u-boot-96485d2f3f30c1f482bd138752188cbbc64fb307.tar.xz
1 files changed, 18 insertions, 42 deletions
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index dc45eaf8a9..d1ccd8e3b6 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -81,12 +81,19 @@ static const struct digest_info hash_algo_list[] = {
 	},
 };
 
-static const u16 *secure_variables[] = {
-	u"SecureBoot",
-	u"PK",
-	u"KEK",
-	u"db",
-	u"dbx",
+struct variable_info {
+	const u16	*name;
+	bool		accept_empty;
+};
+
+static struct variable_info secure_variables[] = {
+	{u"SecureBoot",		true},
+	{u"PK",			true},
+	{u"KEK",		true},
+	{u"db",			true},
+	{u"dbx",		true},
+	{u"dbt",		false},
+	{u"dbr",		false},
 };
 
 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
@@ -1820,52 +1827,21 @@ static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
 	for (i = 0; i < count; i++) {
 		const efi_guid_t *guid;
 
-		guid = efi_auth_var_get_guid(secure_variables[i]);
+		guid = efi_auth_var_get_guid(secure_variables[i].name);
 
-		/*
-		 * According to the TCG2 PC Client PFP spec, "SecureBoot",
-		 * "PK", "KEK", "db" and "dbx" variables must be measured
-		 * even if they are empty.
-		 */
-		data = efi_get_var(secure_variables[i], guid, &data_size);
+		data = efi_get_var(secure_variables[i].name, guid, &data_size);
+		if (!data && !secure_variables[i].accept_empty)
+			continue;
 
 		ret = tcg2_measure_variable(dev, 7,
 					    EV_EFI_VARIABLE_DRIVER_CONFIG,
-					    secure_variables[i], guid,
+					    secure_variables[i].name, guid,
 					    data_size, data);
 		free(data);
 		if (ret != EFI_SUCCESS)
 			goto error;
 	}
 
-	/*
-	 * TCG2 PC Client PFP spec says "dbt" and "dbr" are
-	 * measured if present and not empty.
-	 */
-	data = efi_get_var(L"dbt",
-			   &efi_guid_image_security_database,
-			   &data_size);
-	if (data) {
-		ret = tcg2_measure_variable(dev, 7,
-					    EV_EFI_VARIABLE_DRIVER_CONFIG,
-					    L"dbt",
-					    &efi_guid_image_security_database,
-					    data_size, data);
-		free(data);
-	}
-
-	data = efi_get_var(L"dbr",
-			   &efi_guid_image_security_database,
-			   &data_size);
-	if (data) {
-		ret = tcg2_measure_variable(dev, 7,
-					    EV_EFI_VARIABLE_DRIVER_CONFIG,
-					    L"dbr",
-					    &efi_guid_image_security_database,
-					    data_size, data);
-		free(data);
-	}
-
 error:
 	return ret;
 }
author	Masahisa Kojima <masahisa.kojima@linaro.org>	2021-10-26 11:27:26 +0300
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2021-10-26 22:33:19 +0300
commit	96485d2f3f30c1f482bd138752188cbbc64fb307 (patch)
tree	760c946bf837aad52cd4116350e96c1c16602a88 /lib
parent	ce3dbc5d080de8045dd5e2b512cad75434ba4cf5 (diff)
download	u-boot-96485d2f3f30c1f482bd138752188cbbc64fb307.tar.xz