From 3dd40ade68c6ff63e776b5f9acbd811a3c345d01 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Thu, 18 Mar 2021 14:32:24 +0000 Subject: Ensure that MOK variable mirroring creates well formed ESLs The MOK variable mirroring makes use of variable_create_esl, which can only create a well-formed EFI_SIGNATURE_LIST containing a single signature. Fix fill_esl and variable_create_esl to support creating a EFI_SIGNATURE_LIST with one or more supplied EFI_SIGNATURE_DATA structures. Introduce variable_create_esl_with_one_signature and fill_esl_with_one_signature for code that does want to create a EFI_SIGNATURE_LIST containing a single signature constructed from a supplied signature data buffer and owner GUID. --- include/variables.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/variables.h b/include/variables.h index 31cfcb65..493f433f 100644 --- a/include/variables.h +++ b/include/variables.h @@ -64,12 +64,20 @@ EFI_STATUS variable_enroll_hash(const CHAR16 * const var, EFI_GUID owner, UINT8 hash[SHA256_DIGEST_SIZE]); EFI_STATUS -variable_create_esl(const uint8_t *cert, const size_t cert_len, - const EFI_GUID *type, const EFI_GUID *owner, +variable_create_esl(const EFI_SIGNATURE_DATA *first_sig, const size_t howmany, + const EFI_GUID *type, const UINT32 sig_size, uint8_t **out, size_t *outlen); EFI_STATUS -fill_esl(const uint8_t *data, const size_t data_len, - const EFI_GUID *type, const EFI_GUID *owner, +variable_create_esl_with_one_signature(const uint8_t* data, const size_t data_len, + const EFI_GUID *type, const EFI_GUID *owner, + uint8_t **out, size_t *outlen); +EFI_STATUS +fill_esl(const EFI_SIGNATURE_DATA *first_sig, const size_t howmany, + const EFI_GUID *type, const UINT32 sig_size, uint8_t *out, size_t *outlen); +EFI_STATUS +fill_esl_with_one_signature(const uint8_t *data, const uint32_t data_len, + const EFI_GUID *type, const EFI_GUID *owner, + uint8_t *out, size_t *outlen); #endif /* SHIM_VARIABLES_H */ -- cgit v1.2.3