diff options
| author | Jeremy Kerr <jeremy.kerr@canonical.com> | 2012-08-24 20:57:00 +0800 |
|---|---|---|
| committer | Jeremy Kerr <jeremy.kerr@canonical.com> | 2012-08-24 20:57:00 +0800 |
| commit | 41c8bb9ea2b2cee52fd3de412b02bc9b7a302ae4 (patch) | |
| tree | 6e4e5661e7cbd3a7e9abeec2942551e394f765b0 | |
| parent | 03e6a4e2b3897d9635dc63a5abc10a2bb45dd13c (diff) | |
| download | sbsigntools-41c8bb9ea2b2cee52fd3de412b02bc9b7a302ae4.tar.gz | |
sbvarsign: Improve default GUID choice
For db and dbx, we want EFI_IMAGE_SECURITY_DATABASE.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
| -rw-r--r-- | src/efivars.h | 4 | ||||
| -rw-r--r-- | src/sbvarsign.c | 23 |
2 files changed, 22 insertions, 5 deletions
diff --git a/src/efivars.h b/src/efivars.h index 08bfeff..d490e48 100644 --- a/src/efivars.h +++ b/src/efivars.h @@ -46,6 +46,10 @@ { 0xc1c41626, 0x504c, 0x4092, \ { 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 } } +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { 0xd719b2cb, 0x3d3a, 0x4596, \ + { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } } + #ifndef EFI_VARIABLE_NON_VOLATILE #define EFI_VARIABLE_NON_VOLATILE 0x00000001 diff --git a/src/sbvarsign.c b/src/sbvarsign.c index c867b09..36142a5 100644 --- a/src/sbvarsign.c +++ b/src/sbvarsign.c @@ -59,7 +59,6 @@ static const char *toolname = "sbvarsign"; - struct varsign_context { const char *infilename; const char *outfilename; @@ -379,6 +378,17 @@ err: } +static void set_default_guid(struct varsign_context *ctx, const char *varname) +{ + EFI_GUID secdb_guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + EFI_GUID global_guid = EFI_GLOBAL_VARIABLE; + + if (!strcmp(varname, "db") || !strcmp(varname, "dbx")) + ctx->var_guid = secdb_guid; + else + ctx->var_guid = global_guid; +} + static struct option options[] = { { "output", required_argument, NULL, 'o' }, { "guid", required_argument, NULL, 'g' }, @@ -405,7 +415,9 @@ void usage(void) "\t--cert <certfile> certificate (x509 certificate)\n" "\t--include-attrs include attrs at beginning of output file\n" "\t--guid <GUID> EFI GUID for the variable. If omitted,\n" - "\t EFI_GLOBAL_VARIABLE will be used\n" + "\t EFI_IMAGE_SECURITY_DATABASE or\n" + "\t EFI_GLOBAL_VARIABLE (depending on\n" + "\t <var-name>) will be used.\n" "\t--attr <attrs> variable attributes. One or more of:\n", toolname); @@ -426,8 +438,8 @@ static void version(void) int main(int argc, char **argv) { + const char *guid_str, *attr_str, *varname; const char *keyfilename, *certfilename; - const char *guid_str, *attr_str; struct varsign_context *ctx; bool include_attrs; int c; @@ -498,7 +510,8 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); /* set up the variable signing context */ - set_varname(ctx, argv[optind]); + varname = argv[optind]; + set_varname(ctx, varname); ctx->infilename = argv[optind+1]; if (!ctx->outfilename) @@ -518,7 +531,7 @@ int main(int argc, char **argv) return EXIT_FAILURE; } } else { - ctx->var_guid = default_guid; + set_default_guid(ctx, varname); } if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len)) |