diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-05-05 13:07:47 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-05-05 13:07:47 -0500 |
| commit | cddccb28e0722d522faf5967d1a83c8595e66242 (patch) | |
| tree | 55be5837f6b8fce794075c22c3248f5897299f38 /Add-EFI-signature-data-types.patch | |
| parent | b88f18484ea4501304fcc597456eb789d884871a (diff) | |
| download | kernel-cddccb28e0722d522faf5967d1a83c8595e66242.tar.gz kernel-cddccb28e0722d522faf5967d1a83c8595e66242.tar.xz kernel-cddccb28e0722d522faf5967d1a83c8595e66242.zip | |
Linux v4.11-8539-gaf82455
Diffstat (limited to 'Add-EFI-signature-data-types.patch')
| -rw-r--r-- | Add-EFI-signature-data-types.patch | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch index 40d14f949..f7f7c36d3 100644 --- a/Add-EFI-signature-data-types.patch +++ b/Add-EFI-signature-data-types.patch @@ -1,37 +1,36 @@ -From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001 +From 0451d4e795929a69a0fda6d960aa4b077c5bd179 Mon Sep 17 00:00:00 2001 From: Dave Howells <dhowells@redhat.com> -Date: Tue, 23 Oct 2012 09:30:54 -0400 -Subject: [PATCH 15/20] Add EFI signature data types +Date: Fri, 5 May 2017 08:21:58 +0100 +Subject: [PATCH 1/4] efi: Add EFI signature data types -Add the data types that are used for containing hashes, keys and certificates -for cryptographic verification. - -Bugzilla: N/A -Upstream-status: Fedora mustard for now +Add the data types that are used for containing hashes, keys and +certificates for cryptographic verification along with their corresponding +type GUIDs. Signed-off-by: David Howells <dhowells@redhat.com> --- - include/linux/efi.h | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) + include/linux/efi.h | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 5af91b58afae..190858d62fe3 100644 +index ec36f42..3259ad6 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void); - #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) - #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) - -+#define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28) -+#define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72) +@@ -614,6 +614,10 @@ void efi_native_runtime_setup(void); + #define EFI_IMAGE_SECURITY_DATABASE_GUID EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f) + #define EFI_SHIM_LOCK_GUID EFI_GUID(0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23) + ++#define EFI_CERT_SHA256_GUID EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28) ++#define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72) ++#define EFI_CERT_X509_SHA256_GUID EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed) + - typedef struct { - efi_guid_t guid; - u64 table; -@@ -853,6 +856,20 @@ typedef struct { + /* + * This GUID is used to pass to the kernel proper the struct screen_info + * structure that was populated by the stub based on the GOP protocol instance +@@ -873,6 +877,27 @@ typedef struct { efi_memory_desc_t entry[0]; } efi_memory_attributes_table_t; - + +typedef struct { + efi_guid_t signature_owner; + u8 signature_data[]; @@ -46,6 +45,13 @@ index 5af91b58afae..190858d62fe3 100644 + /* efi_signature_data_t signatures[][] */ +} efi_signature_list_t; + ++typedef u8 efi_sha256_hash_t[32]; ++ ++typedef struct { ++ efi_sha256_hash_t to_be_signed_hash; ++ efi_time_t time_of_revocation; ++} efi_cert_x509_sha256_t; ++ /* * All runtime access to EFI goes through this structure: */ |