From 0e3c374e8c0dbf3586fa9ac0262c953585456201 Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Wed, 21 Sep 2022 12:39:46 +0200 Subject: [PATCH] boot: Use proper security arch protocol names This is how the Platform Intregration Specification defines these. --- src/boot/efi/missing_efi.h | 51 ++++++++++++++++---------------------- src/boot/efi/shim.c | 23 ++++++++++------- 2 files changed, 36 insertions(+), 38 deletions(-) diff --git a/src/boot/efi/missing_efi.h b/src/boot/efi/missing_efi.h index 4e80acca56..f9169248ec 100644 --- a/src/boot/efi/missing_efi.h +++ b/src/boot/efi/missing_efi.h @@ -309,41 +309,34 @@ typedef struct tdEFI_TCG2_PROTOCOL { {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68} } /* UEFI Platform Initialization (Vol2: DXE) */ -#ifndef SECURITY_PROTOCOL_GUID +#ifndef EFI_SECURITY_ARCH_PROTOCOL_GUID -#define SECURITY_PROTOCOL_GUID \ - &(const EFI_GUID) { 0xa46423e3, 0x4617, 0x49f1, { 0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } } -#define SECURITY_PROTOCOL2_GUID \ - &(const EFI_GUID) { 0x94ab2f58, 0x1438, 0x4ef1, { 0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } } +#define EFI_SECURITY_ARCH_PROTOCOL_GUID \ + { 0xa46423e3, 0x4617, 0x49f1, { 0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } } +#define EFI_SECURITY2_ARCH_PROTOCOL_GUID \ + { 0x94ab2f58, 0x1438, 0x4ef1, { 0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } } -struct _EFI_SECURITY2_PROTOCOL; -struct _EFI_SECURITY_PROTOCOL; -struct _EFI_DEVICE_PATH_PROTOCOL; +typedef struct EFI_SECURITY_ARCH_PROTOCOL EFI_SECURITY_ARCH_PROTOCOL; +typedef struct EFI_SECURITY2_ARCH_PROTOCOL EFI_SECURITY2_ARCH_PROTOCOL; -typedef struct _EFI_SECURITY2_PROTOCOL EFI_SECURITY2_PROTOCOL; -typedef struct _EFI_SECURITY_PROTOCOL EFI_SECURITY_PROTOCOL; -typedef struct _EFI_DEVICE_PATH_PROTOCOL EFI_DEVICE_PATH_PROTOCOL; +typedef EFI_STATUS (EFIAPI *EFI_SECURITY_FILE_AUTHENTICATION_STATE)( + const EFI_SECURITY_ARCH_PROTOCOL *This, + uint32_t AuthenticationStatus, + const EFI_DEVICE_PATH *File); -typedef EFI_STATUS (EFIAPI *EFI_SECURITY_FILE_AUTHENTICATION_STATE) ( - const EFI_SECURITY_PROTOCOL *This, - UINT32 AuthenticationStatus, - const EFI_DEVICE_PATH_PROTOCOL *File -); - -typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) ( - const EFI_SECURITY2_PROTOCOL *This, - const EFI_DEVICE_PATH_PROTOCOL *DevicePath, - VOID *FileBuffer, - UINTN FileSize, - BOOLEAN BootPolicy -); - -struct _EFI_SECURITY2_PROTOCOL { - EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication; +struct EFI_SECURITY_ARCH_PROTOCOL { + EFI_SECURITY_FILE_AUTHENTICATION_STATE FileAuthenticationState; }; -struct _EFI_SECURITY_PROTOCOL { - EFI_SECURITY_FILE_AUTHENTICATION_STATE FileAuthenticationState; +typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION)( + const EFI_SECURITY2_ARCH_PROTOCOL *This, + const EFI_DEVICE_PATH *DevicePath, + void *FileBuffer, + UINTN FileSize, + BOOLEAN BootPolicy); + +struct EFI_SECURITY2_ARCH_PROTOCOL { + EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication; }; #endif diff --git a/src/boot/efi/shim.c b/src/boot/efi/shim.c index 8b0407857e..79c89c067e 100644 --- a/src/boot/efi/shim.c +++ b/src/boot/efi/shim.c @@ -69,9 +69,12 @@ static EFI_SECURITY2_FILE_AUTHENTICATION es2fa = NULL; * the SB failure code seems to vary from one implementation to another, and I * don't want to interfere with that at this time. */ -static EFIAPI EFI_STATUS security2_policy_authentication (const EFI_SECURITY2_PROTOCOL *this, - const EFI_DEVICE_PATH_PROTOCOL *device_path, - void *file_buffer, UINTN file_size, BOOLEAN boot_policy) { +static EFIAPI EFI_STATUS security2_policy_authentication( + const EFI_SECURITY2_ARCH_PROTOCOL *this, + const EFI_DEVICE_PATH *device_path, + void *file_buffer, + UINTN file_size, + BOOLEAN boot_policy) { EFI_STATUS err; assert(this); @@ -99,8 +102,10 @@ static EFIAPI EFI_STATUS security2_policy_authentication (const EFI_SECURITY2_PR * authentication failure, be it EFI_ACCESS_DENIED, EFI_SECURITY_VIOLATION, or something * else. (This seems to vary between implementations.) */ -static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROTOCOL *this, uint32_t authentication_status, - const EFI_DEVICE_PATH_PROTOCOL *device_path_const) { +static EFIAPI EFI_STATUS security_policy_authentication( + const EFI_SECURITY_ARCH_PROTOCOL *this, + uint32_t authentication_status, + const EFI_DEVICE_PATH *device_path_const) { EFI_STATUS err; _cleanup_free_ char16_t *dev_path_str = NULL; EFI_HANDLE h; @@ -138,8 +143,8 @@ static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROT } EFI_STATUS security_policy_install(void) { - EFI_SECURITY_PROTOCOL *security_protocol; - EFI_SECURITY2_PROTOCOL *security2_protocol = NULL; + EFI_SECURITY_ARCH_PROTOCOL *security_protocol; + EFI_SECURITY2_ARCH_PROTOCOL *security2_protocol = NULL; EFI_STATUS err; /* Already Installed */ @@ -151,9 +156,9 @@ EFI_STATUS security_policy_install(void) { * to fail, since SECURITY2 was introduced in PI 1.2.1. * Use security2_protocol == NULL as indicator. */ - BS->LocateProtocol((EFI_GUID*) SECURITY_PROTOCOL2_GUID, NULL, (void**) &security2_protocol); + BS->LocateProtocol(&(EFI_GUID) EFI_SECURITY2_ARCH_PROTOCOL_GUID, NULL, (void **) &security2_protocol); - err = BS->LocateProtocol((EFI_GUID*) SECURITY_PROTOCOL_GUID, NULL, (void**) &security_protocol); + err = BS->LocateProtocol(&(EFI_GUID) EFI_SECURITY_ARCH_PROTOCOL_GUID, NULL, (void**) &security_protocol); /* This one is mandatory, so there's a serious problem */ if (err != EFI_SUCCESS) return err;