Cleanups and a small feature for "efisecdb --annotate"#298
Open
vathpela wants to merge 15 commits intorhboot:mainfrom
Open
Cleanups and a small feature for "efisecdb --annotate"#298vathpela wants to merge 15 commits intorhboot:mainfrom
vathpela wants to merge 15 commits intorhboot:mainfrom
Conversation
This changes our abixml generation in a few ways: - no longer include file locations - no longer include architecture information - uses hashes for the type-ids instead of enumerating them This should enhance the ability to read updates to these files in the future. Signed-off-by: Peter Jones <pjones@redhat.com>
EFISECDB_SOURCES was missing from ALL_SOURCES. Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
It's 2026 and we have compilers that support '#pragma once' instead of '#define' include guards. It's really a lot nicer. Unfortunately we can't really use it for the external headers, because we need the names to make sure we're always including the development versions instead of the system versions. Signed-off-by: Peter Jones <pjones@redhat.com>
GCC says this buffer is too small. I don't quite see how, but it matters little. Signed-off-by: Peter Jones <pjones@redhat.com>
There are a few changes to efi_signature_list_t debug prints here: - at a few places, add display sizes in hex as well, to make comparing to x509 dumps easier. - at the place where we complain about not having valid x509 and then do nothing with that, the address it's comparing is wrong. This leads to making it look like the "invalid" x509 is related to the problem you're debugging, when it isn't related and may not even be invalid. This patch fixes that location. Signed-off-by: Peter Jones <pjones@redhat.com>
enums in C are absolutely hopeless in many ways, and one of them is that they don't get their own namespace. Unfortunately that means if you named a value in an enum "SHA256" (for example) and you want to include a header that also names something entirely different "SHA256", it doesn't work. This changes the name of our enum values in libefisec's public API so that they're prefixed appropriately so as not to conflict with e.g. openssl. Hopefully this doesn't break any consumers, but it's how it always should have been. Unfortunately (and for reasons that aren't quite clear to me) these values show up in our public ABI, and their /names/ show up in the .abixml files, so it might be a (minor) breaking change. Signed-off-by: Peter Jones <pjones@redhat.com>
I don't think there was ever a reason not to export efi_secdb_visit_entries, and I need it exported, so here it is exported. Signed-off-by: Peter Jones <pjones@redhat.com>
In the /private/ headers, we need to be sure to always use quote includes so that we always get headers from the development tree, not the installed efivar-devel package or similar. Signed-off-by: Peter Jones <pjones@redhat.com>
This changes the private efisec.h in a couple of ways: - tells clangd we're exporting all the headers we import, so its useless "complain about your headers" feature stops complaining. - includes the exported headers directly, so they'll never get included via some other path. Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
This code initially supported sha256 and sha512, but not sha384. That's wrong, so this adds sha384. Signed-off-by: Peter Jones <pjones@redhat.com>
This changes the annotated output for certs from: 0000002c 30 82 05 a4 |0...| esl[0].signature[0].data (end:0x000005d4) 00000030 30 82 03 8c a0 03 02 01 02 02 13 33 00 00 00 16 |0..........3....| 00000040 36 bf 36 89 9f 15 75 cc 00 00 00 00 00 16 30 0d |6.6...u.......0.| 00000050 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 5a 31 |..*.H........0Z1| to: 0000002c esl[0].signature[0].data (end:0x000005d4) 0000002c 30 82 05 a4 |0...| /C=US/O=Microsoft Corporation/CN=Microsoft UEFI CA 2023 00000030 30 82 03 8c a0 03 02 01 02 02 13 33 00 00 00 16 |0..........3....| 00000040 36 bf 36 89 9f 15 75 cc 00 00 00 00 00 16 30 0d |6.6...u.......0.| 00000050 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 5a 31 |..*.H........0Z1| and for simple digests from: 0000002c 80 b4 d9 69 |...i| esl[0].signature[0].data (end:0x0000004c) 00000030 31 bf 0d 02 fd 91 a6 1e 19 d1 4f 1d a4 52 e6 6d |1.........O..R.m| 00000040 b2 40 8c a8 60 4d 41 1f 92 65 9f 0a |.@..`MA..e..| to: 0000002c esl[0].signature[0].data (end:0x0000004c) 0000002c 80 b4 d9 69 |...i| SHA256:80b4d96931bf0d02fd91a61e19d14f1da452e66db2408ca8604d411f92659f0a 00000030 31 bf 0d 02 fd 91 a6 1e 19 d1 4f 1d a4 52 e6 6d |1.........O..R.m| 00000040 b2 40 8c a8 60 4d 41 1f 92 65 9f 0a |.@..`MA..e..| Signed-off-by: Peter Jones <pjones@redhat.com>
vathpela
force-pushed
the
annotate-digests-and-certs
branch
from
907a8fd to
6a9b070
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a bunch of minor to medium cleanups, plus adding some better annotations for hashes and certs in efisecdb.