From 31e1aa7aca6a0d3bd4f26008b455e27be0952bea Mon Sep 17 00:00:00 2001
From: Alex Burmashev <alexander.burmashev@oracle.com>
Date: Tue, 16 Feb 2021 07:08:35 -0500
Subject: pe.c: parse SBAT variable and perform basic verification

Per Peter Jones suggestion, we will be flexible in what data we expect
while parsing the variable. Three fields are mandatory:
component_generation, component_name_size, component_name
However we also support adding comments and additional information to be
added after component name, with ',' as a separator. Those information
will be ignored and not used for verification purposes.
So:
grub,1
and
grub,1,wow,this,is,my,comment
will provide exactly same set of data for verification.

[0]: https://github.com/rhboot/shim/blob/main/SBAT.md

Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/sbat.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'include')

diff --git a/include/sbat.h b/include/sbat.h
index c34ad319..7441fa00 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -6,6 +6,15 @@
 #ifndef SBAT_H_
 #define SBAT_H_
 
+struct sbat_var {
+	const CHAR8 *component_name;
+	const CHAR8 *component_generation;
+	list_t list;
+};
+
+EFI_STATUS parse_sbat_var(list_t *entries);
+void cleanup_sbat_var(list_t *entries);
+
 struct sbat_entry {
 	const CHAR8 *component_name;
 	const CHAR8 *component_generation;
@@ -17,5 +26,7 @@ struct sbat_entry {
 
 EFI_STATUS parse_sbat(char *sbat_base, size_t sbat_size, size_t *sbats, struct sbat_entry ***sbat);
 
+EFI_STATUS verify_sbat(size_t n, struct sbat_entry **entries, list_t *var_entries);
+
 #endif /* !SBAT_H_ */
 // vim:fenc=utf-8:tw=75:noet
-- 
cgit v1.2.3