Merge tag 'efi-2020-07-rc6' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

[oweals/u-boot.git] / lib / efi_loader / efi_variable.c

diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
index 568bd3ccfdcf9476a8da924536ae232725e60f30..6271dbcf41f47a91843f030d374d86b4b5b11aa6 100644 (file)
--- a/lib/efi_loader/efi_variable.c
+++ b/lib/efi_loader/efi_variable.c
@@ -7,12 +7,15 @@
 
 #include <common.h>
 #include <efi_loader.h>
+#include <env.h>
 #include <env_internal.h>
 #include <hexdump.h>
 #include <malloc.h>
 #include <rtc.h>
 #include <search.h>
+#include <uuid.h>
 #include <crypto/pkcs7_parser.h>
+#include <linux/bitops.h>
 #include <linux/compat.h>
 #include <u-boot/crc.h>
 
@@ -23,9 +26,8 @@ enum efi_secure_mode {
        EFI_MODE_DEPLOYED,
 };
 
-const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
 static bool efi_secure_boot;
-static int efi_secure_mode;
+static enum efi_secure_mode efi_secure_mode;
 static u8 efi_vendor_keys;
 
 #define READ_ONLY BIT(31)
@@ -183,17 +185,17 @@ static const char *parse_attr(const char *str, u32 *attrp, u64 *timep)
 
 /**
  * efi_set_secure_state - modify secure boot state variables
- * @sec_boot:          value of SecureBoot
+ * @secure_boot:       value of SecureBoot
  * @setup_mode:                value of SetupMode
  * @audit_mode:                value of AuditMode
  * @deployed_mode:     value of DeployedMode
  *
- * Modify secure boot stat-related variables as indicated.
+ * Modify secure boot status related variables as indicated.
  *
  * Return:             status code
  */
-static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
-                                        int audit_mode, int deployed_mode)
+static efi_status_t efi_set_secure_state(u8 secure_boot, u8 setup_mode,
+                                        u8 audit_mode, u8 deployed_mode)
 {
        u32 attributes;
        efi_status_t ret;
@@ -202,8 +204,8 @@ static efi_status_t efi_set_secure_state(int sec_boot, int setup_mode,
                     EFI_VARIABLE_RUNTIME_ACCESS |
                     READ_ONLY;
        ret = efi_set_variable_common(L"SecureBoot", &efi_global_variable_guid,
-                                     attributes, sizeof(sec_boot), &sec_boot,
-                                     false);
+                                     attributes, sizeof(secure_boot),
+                                     &secure_boot, false);
        if (ret != EFI_SUCCESS)
                goto err;
 
@@ -524,9 +526,8 @@ static efi_status_t efi_variable_authenticate(u16 *variable,
        var_sig = efi_variable_parse_signature(auth->auth_info.cert_data,
                                               auth->auth_info.hdr.dwLength
                                                   - sizeof(auth->auth_info));
-       if (IS_ERR(var_sig)) {
+       if (!var_sig) {
                debug("Parsing variable's signature failed\n");
-               var_sig = NULL;
                goto err;
        }
 
@@ -768,7 +769,10 @@ static efi_status_t parse_uboot_variable(char *variable,
        /* guid */
        c = *(name - 1);
        *(name - 1) = '\0'; /* guid need be null-terminated here */
-       uuid_str_to_bin(guid, (unsigned char *)vendor, UUID_STR_FORMAT_GUID);
+       if (uuid_str_to_bin(guid, (unsigned char *)vendor,
+                           UUID_STR_FORMAT_GUID))
+               /* The only error would be EINVAL. */
+               return EFI_INVALID_PARAMETER;
        *(name - 1) = c;
 
        /* attributes */
@@ -881,8 +885,6 @@ static efi_status_t efi_set_variable_common(u16 *variable_name,
        u32 attr;
        efi_status_t ret = EFI_SUCCESS;
 
-       debug("%s: set '%s'\n", __func__, native_name);
-
        if (!variable_name || !*variable_name || !vendor ||
            ((attributes & EFI_VARIABLE_RUNTIME_ACCESS) &&
             !(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS))) {