diff --git a/src/config/config_asn1.c b/src/config/config_asn1.c index c4419d04d..107f99c1d 100644 --- a/src/config/config_asn1.c +++ b/src/config/config_asn1.c @@ -37,3 +37,6 @@ REQUIRE_OBJECT ( der ); #ifdef IMAGE_PEM REQUIRE_OBJECT ( pem ); #endif +#ifdef IMAGE_EFISIG +REQUIRE_OBJECT ( efi_siglist ); +#endif diff --git a/src/config/defaults/efi.h b/src/config/defaults/efi.h index 607f94c14..d9814eab5 100644 --- a/src/config/defaults/efi.h +++ b/src/config/defaults/efi.h @@ -35,6 +35,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define IMAGE_EFI /* EFI image support */ #define IMAGE_SCRIPT /* iPXE script image support */ +#define IMAGE_EFISIG /* EFI signature list support */ #define SANBOOT_PROTO_ISCSI /* iSCSI protocol */ #define SANBOOT_PROTO_AOE /* AoE protocol */ diff --git a/src/config/general.h b/src/config/general.h index 763a34aa0..c40e4fdae 100644 --- a/src/config/general.h +++ b/src/config/general.h @@ -125,6 +125,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define IMAGE_PNG /* PNG image support */ #define IMAGE_DER /* DER image support */ #define IMAGE_PEM /* PEM image support */ +//#define IMAGE_EFISIG /* EFI signature list image support */ //#define IMAGE_ZLIB /* ZLIB image support */ //#define IMAGE_GZIP /* GZIP image support */ //#define IMAGE_UCODE /* Microcode update image support */ diff --git a/src/image/efi_siglist.c b/src/image/efi_siglist.c new file mode 100644 index 000000000..56c8493d6 --- /dev/null +++ b/src/image/efi_siglist.c @@ -0,0 +1,253 @@ +/* + * Copyright (C) 2025 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * EFI signature lists + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * Find EFI signature list entry + * + * @v data EFI signature list + * @v len Length of EFI signature list + * @v start Starting offset to update + * @v lhdr Signature list header to fill in + * @v dhdr Signature data header to fill in + * @ret rc Return status code + */ +static int efisig_find ( userptr_t data, size_t len, size_t *start, + EFI_SIGNATURE_LIST *lhdr, EFI_SIGNATURE_DATA *dhdr ) { + size_t offset; + size_t remaining; + size_t skip; + size_t dlen; + + /* Scan through signature list */ + offset = 0; + while ( 1 ) { + + /* Read list header */ + assert ( offset <= len ); + remaining = ( len - offset ); + if ( remaining < sizeof ( *lhdr ) ) { + DBGC ( data, "EFISIG [%#zx,%#zx) truncated header " + "at +%#zx\n", *start, len, offset ); + return -EINVAL; + } + copy_from_user ( lhdr, data, offset, sizeof ( *lhdr ) ); + + /* Get length of this signature list */ + if ( remaining < lhdr->SignatureListSize ) { + DBGC ( data, "EFISIG [%#zx,%#zx) truncated list at " + "+%#zx\n", *start, len, offset ); + return -EINVAL; + } + remaining = lhdr->SignatureListSize; + + /* Get length of each signature in list */ + dlen = lhdr->SignatureSize; + if ( dlen < sizeof ( *dhdr ) ) { + DBGC ( data, "EFISIG [%#zx,%#zx) underlength " + "signatures at +%#zx\n", *start, len, offset ); + return -EINVAL; + } + + /* Strip list header (including variable portion) */ + if ( ( remaining < sizeof ( *lhdr ) ) || + ( ( remaining - sizeof ( *lhdr ) ) < + lhdr->SignatureHeaderSize ) ) { + DBGC ( data, "EFISIG [%#zx,%#zx) malformed header at " + "+%#zx\n", *start, len, offset ); + return -EINVAL; + } + skip = ( sizeof ( *lhdr ) + lhdr->SignatureHeaderSize ); + offset += skip; + remaining -= skip; + + /* Read signatures */ + for ( ; remaining ; offset += dlen, remaining -= dlen ) { + + /* Check length */ + if ( remaining < dlen ) { + DBGC ( data, "EFISIG [%#zx,%#zx) truncated " + "at +%#zx\n", *start, len, offset ); + return -EINVAL; + } + + /* Continue until we find the requested signature */ + if ( offset < *start ) + continue; + + /* Read data header */ + copy_from_user ( dhdr, data, offset, sizeof ( *dhdr )); + DBGC2 ( data, "EFISIG [%#zx,%#zx) %s ", + offset, ( offset + dlen ), + efi_guid_ntoa ( &lhdr->SignatureType ) ); + DBGC2 ( data, "owner %s\n", + efi_guid_ntoa ( &dhdr->SignatureOwner ) ); + *start = offset; + return 0; + } + } +} + +/** + * Extract ASN.1 object from EFI signature list + * + * @v data EFI signature list + * @v len Length of EFI signature list + * @v offset Offset within image + * @v cursor ASN.1 cursor to fill in + * @ret next Offset to next image, or negative error + * + * The caller is responsible for eventually calling free() on the + * allocated ASN.1 cursor. + */ +int efisig_asn1 ( userptr_t data, size_t len, size_t offset, + struct asn1_cursor **cursor ) { + EFI_SIGNATURE_LIST lhdr; + EFI_SIGNATURE_DATA dhdr; + int ( * asn1 ) ( userptr_t data, size_t len, size_t offset, + struct asn1_cursor **cursor ); + size_t skip = offsetof ( typeof ( dhdr ), SignatureData ); + int next; + int rc; + + /* Locate signature list entry */ + if ( ( rc = efisig_find ( data, len, &offset, &lhdr, &dhdr ) ) != 0 ) + goto err_entry; + len = ( offset + lhdr.SignatureSize ); + + /* Parse as PEM or DER based on first character */ + asn1 = ( ( dhdr.SignatureData[0] == ASN1_SEQUENCE ) ? + der_asn1 : pem_asn1 ); + DBGC2 ( data, "EFISIG [%#zx,%#zx) extracting %s\n", offset, len, + ( ( asn1 == der_asn1 ) ? "DER" : "PEM" ) ); + next = asn1 ( data, len, ( offset + skip ), cursor ); + if ( next < 0 ) { + rc = next; + DBGC ( data, "EFISIG [%#zx,%#zx) could not extract ASN.1: " + "%s\n", offset, len, strerror ( rc ) ); + goto err_asn1; + } + + /* Check that whole entry was consumed */ + if ( ( ( unsigned int ) next ) != len ) { + DBGC ( data, "EFISIG [%#zx,%#zx) malformed data\n", + offset, len ); + rc = -EINVAL; + goto err_whole; + } + + return len; + + err_whole: + free ( *cursor ); + err_asn1: + err_entry: + return rc; +} + +/** + * Probe EFI signature list image + * + * @v image EFI signature list + * @ret rc Return status code + */ +static int efisig_image_probe ( struct image *image ) { + EFI_SIGNATURE_LIST lhdr; + EFI_SIGNATURE_DATA dhdr; + size_t offset = 0; + unsigned int count = 0; + int rc; + + /* Check file is a well-formed signature list */ + while ( 1 ) { + + /* Find next signature list entry */ + if ( ( rc = efisig_find ( image->data, image->len, &offset, + &lhdr, &dhdr ) ) != 0 ) { + return rc; + } + + /* Skip this entry */ + offset += lhdr.SignatureSize; + count++; + + /* Check if we have reached end of the image */ + if ( offset == image->len ) { + DBGC ( image, "EFISIG %s contains %d signatures\n", + image->name, count ); + return 0; + } + } +} + +/** + * Extract ASN.1 object from EFI signature list image + * + * @v image EFI signature list + * @v offset Offset within image + * @v cursor ASN.1 cursor to fill in + * @ret next Offset to next image, or negative error + * + * The caller is responsible for eventually calling free() on the + * allocated ASN.1 cursor. + */ +static int efisig_image_asn1 ( struct image *image, size_t offset, + struct asn1_cursor **cursor ) { + int next; + int rc; + + /* Extract ASN.1 object */ + if ( ( next = efisig_asn1 ( image->data, image->len, offset, + cursor ) ) < 0 ) { + rc = next; + DBGC ( image, "EFISIG %s could not extract ASN.1: %s\n", + image->name, strerror ( rc ) ); + return rc; + } + + return next; +} + +/** EFI signature list image type */ +struct image_type efisig_image_type __image_type ( PROBE_NORMAL ) = { + .name = "EFISIG", + .probe = efisig_image_probe, + .asn1 = efisig_image_asn1, +}; diff --git a/src/include/ipxe/efi/efi_siglist.h b/src/include/ipxe/efi/efi_siglist.h new file mode 100644 index 000000000..177f28b00 --- /dev/null +++ b/src/include/ipxe/efi/efi_siglist.h @@ -0,0 +1,22 @@ +#ifndef _IPXE_EFI_SIGLIST_H +#define _IPXE_EFI_SIGLIST_H + +/** @file + * + * PEM-encoded ASN.1 data + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include +#include +#include +#include + +extern int efisig_asn1 ( userptr_t data, size_t len, size_t offset, + struct asn1_cursor **cursor ); + +extern struct image_type efisig_image_type __image_type ( PROBE_NORMAL ); + +#endif /* _IPXE_EFI_SIGLIST_H */ diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h index b826a4a6f..15bb31b0e 100644 --- a/src/include/ipxe/errfile.h +++ b/src/include/ipxe/errfile.h @@ -323,6 +323,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_archive ( ERRFILE_IMAGE | 0x000a0000 ) #define ERRFILE_zlib ( ERRFILE_IMAGE | 0x000b0000 ) #define ERRFILE_gzip ( ERRFILE_IMAGE | 0x000c0000 ) +#define ERRFILE_efi_siglist ( ERRFILE_IMAGE | 0x000d0000 ) #define ERRFILE_asn1 ( ERRFILE_OTHER | 0x00000000 ) #define ERRFILE_chap ( ERRFILE_OTHER | 0x00010000 ) diff --git a/src/tests/efi_siglist_test.c b/src/tests/efi_siglist_test.c new file mode 100644 index 000000000..12d1ec6ac --- /dev/null +++ b/src/tests/efi_siglist_test.c @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2025 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * EFI signature list self-tests + * + */ + +/* Forcibly enable assertions */ +#undef NDEBUG + +#include +#include +#include +#include +#include "asn1_test.h" + +/** Define inline data */ +#define DATA(...) { __VA_ARGS__ } + +/** Define inline expected digest */ +#define DIGEST(...) { { __VA_ARGS__ } } + +/** Two certificates, one PEM, one DER, created by efisecdb */ +ASN1 ( efisecdb, &efisig_image_type, + DATA ( 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, + 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, 0x94, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x78, 0x01, 0x00, 0x00, 0xaf, 0x1e, + 0xbb, 0xc0, 0x33, 0x74, 0xa2, 0x4c, 0x93, 0xf2, 0xe9, 0x74, + 0x1b, 0x90, 0x98, 0x6c, 0x30, 0x82, 0x01, 0x64, 0x30, 0x82, + 0x01, 0x0e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x10, 0x31, 0x0e, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x05, 0x74, 0x65, + 0x73, 0x74, 0x32, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x30, + 0x33, 0x31, 0x31, 0x31, 0x31, 0x31, 0x37, 0x32, 0x36, 0x5a, + 0x17, 0x0d, 0x32, 0x35, 0x30, 0x34, 0x31, 0x30, 0x31, 0x31, + 0x31, 0x37, 0x32, 0x36, 0x5a, 0x30, 0x10, 0x31, 0x0e, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x05, 0x74, 0x65, + 0x73, 0x74, 0x32, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xc6, 0x75, + 0x2e, 0xc8, 0x09, 0x37, 0x14, 0xd3, 0xc0, 0xa5, 0x88, 0x3e, + 0x0d, 0xf9, 0x6f, 0x9f, 0xf2, 0xab, 0x3a, 0xe4, 0x6c, 0x0e, + 0x2b, 0x78, 0x3c, 0xe9, 0x1a, 0x52, 0x66, 0xbc, 0x7b, 0x7f, + 0xbe, 0xaa, 0xcd, 0x23, 0x68, 0x76, 0x26, 0x95, 0x45, 0x42, + 0xb5, 0xc6, 0x16, 0x2e, 0x3b, 0x33, 0x9d, 0x82, 0x6e, 0x6a, + 0xcf, 0xa5, 0x72, 0x71, 0x40, 0xff, 0xdc, 0x1d, 0x77, 0xe6, + 0x6f, 0x87, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, + 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x1c, 0x11, 0x40, 0xcc, 0x63, 0xab, 0xad, 0x6a, + 0xa8, 0x83, 0x17, 0xbb, 0xc5, 0xc6, 0x94, 0x29, 0xe1, 0xad, + 0x4e, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0x1c, 0x11, 0x40, 0xcc, 0x63, + 0xab, 0xad, 0x6a, 0xa8, 0x83, 0x17, 0xbb, 0xc5, 0xc6, 0x94, + 0x29, 0xe1, 0xad, 0x4e, 0x21, 0x30, 0x0f, 0x06, 0x03, 0x55, + 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x41, 0x00, + 0x57, 0xa3, 0x3a, 0x9c, 0x83, 0xae, 0x94, 0x4c, 0xcd, 0x06, + 0x86, 0x9b, 0x25, 0x70, 0x87, 0x61, 0xfe, 0xbf, 0xb4, 0xa6, + 0x52, 0x0b, 0x37, 0x37, 0x85, 0xbb, 0xea, 0x79, 0x2b, 0x0b, + 0xc4, 0x29, 0x03, 0x8d, 0xa0, 0x26, 0xc2, 0xb4, 0x25, 0x1c, + 0x87, 0x08, 0xcb, 0x94, 0xee, 0x61, 0x48, 0xa4, 0xe1, 0x77, + 0xa6, 0x24, 0x2d, 0x15, 0x1b, 0x15, 0x62, 0x6a, 0x0f, 0x28, + 0x7c, 0xcc, 0xa6, 0xaf, 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, + 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, + 0x4a, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0x02, + 0x00, 0x00, 0xaf, 0x1e, 0xbb, 0xc0, 0x33, 0x74, 0xa2, 0x4c, + 0x93, 0xf2, 0xe9, 0x74, 0x1b, 0x90, 0x98, 0x6c, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, + 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x42, + 0x5a, 0x44, 0x43, 0x43, 0x41, 0x51, 0x36, 0x67, 0x41, 0x77, + 0x49, 0x42, 0x41, 0x67, 0x49, 0x42, 0x41, 0x54, 0x41, 0x4e, + 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47, 0x39, 0x77, + 0x30, 0x42, 0x41, 0x51, 0x73, 0x46, 0x41, 0x44, 0x41, 0x51, + 0x4d, 0x51, 0x34, 0x77, 0x44, 0x41, 0x59, 0x44, 0x56, 0x51, + 0x51, 0x44, 0x44, 0x41, 0x56, 0x30, 0x5a, 0x58, 0x4e, 0x30, + 0x0a, 0x4d, 0x54, 0x41, 0x65, 0x46, 0x77, 0x30, 0x79, 0x4e, + 0x54, 0x41, 0x7a, 0x4d, 0x54, 0x45, 0x78, 0x4d, 0x54, 0x45, + 0x33, 0x4d, 0x44, 0x42, 0x61, 0x46, 0x77, 0x30, 0x79, 0x4e, + 0x54, 0x41, 0x30, 0x4d, 0x54, 0x41, 0x78, 0x4d, 0x54, 0x45, + 0x33, 0x4d, 0x44, 0x42, 0x61, 0x4d, 0x42, 0x41, 0x78, 0x44, + 0x6a, 0x41, 0x4d, 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x4d, + 0x4d, 0x42, 0x58, 0x52, 0x6c, 0x0a, 0x63, 0x33, 0x51, 0x78, + 0x4d, 0x46, 0x77, 0x77, 0x44, 0x51, 0x59, 0x4a, 0x4b, 0x6f, + 0x5a, 0x49, 0x68, 0x76, 0x63, 0x4e, 0x41, 0x51, 0x45, 0x42, + 0x42, 0x51, 0x41, 0x44, 0x53, 0x77, 0x41, 0x77, 0x53, 0x41, + 0x4a, 0x42, 0x41, 0x4e, 0x4d, 0x56, 0x4c, 0x35, 0x67, 0x78, + 0x76, 0x6c, 0x35, 0x31, 0x30, 0x32, 0x42, 0x4c, 0x6c, 0x31, + 0x78, 0x79, 0x7a, 0x56, 0x44, 0x6c, 0x4c, 0x77, 0x63, 0x62, + 0x0a, 0x59, 0x72, 0x6e, 0x52, 0x4e, 0x76, 0x53, 0x72, 0x68, + 0x6f, 0x2f, 0x59, 0x61, 0x31, 0x6f, 0x63, 0x31, 0x71, 0x76, + 0x73, 0x75, 0x34, 0x72, 0x71, 0x43, 0x64, 0x2f, 0x30, 0x68, + 0x65, 0x6a, 0x55, 0x6a, 0x4e, 0x66, 0x71, 0x4b, 0x47, 0x64, + 0x79, 0x57, 0x61, 0x49, 0x67, 0x43, 0x45, 0x38, 0x71, 0x78, + 0x4e, 0x50, 0x34, 0x68, 0x32, 0x64, 0x37, 0x4e, 0x72, 0x45, + 0x43, 0x41, 0x77, 0x45, 0x41, 0x0a, 0x41, 0x61, 0x4e, 0x54, + 0x4d, 0x46, 0x45, 0x77, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, + 0x30, 0x4f, 0x42, 0x42, 0x59, 0x45, 0x46, 0x47, 0x38, 0x46, + 0x4d, 0x78, 0x52, 0x6e, 0x53, 0x6b, 0x36, 0x34, 0x65, 0x79, + 0x42, 0x69, 0x56, 0x43, 0x35, 0x75, 0x67, 0x73, 0x35, 0x63, + 0x4f, 0x77, 0x38, 0x6a, 0x4d, 0x42, 0x38, 0x47, 0x41, 0x31, + 0x55, 0x64, 0x49, 0x77, 0x51, 0x59, 0x4d, 0x42, 0x61, 0x41, + 0x0a, 0x46, 0x47, 0x38, 0x46, 0x4d, 0x78, 0x52, 0x6e, 0x53, + 0x6b, 0x36, 0x34, 0x65, 0x79, 0x42, 0x69, 0x56, 0x43, 0x35, + 0x75, 0x67, 0x73, 0x35, 0x63, 0x4f, 0x77, 0x38, 0x6a, 0x4d, + 0x41, 0x38, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45, 0x77, 0x45, + 0x42, 0x2f, 0x77, 0x51, 0x46, 0x4d, 0x41, 0x4d, 0x42, 0x41, + 0x66, 0x38, 0x77, 0x44, 0x51, 0x59, 0x4a, 0x4b, 0x6f, 0x5a, + 0x49, 0x68, 0x76, 0x63, 0x4e, 0x0a, 0x41, 0x51, 0x45, 0x4c, + 0x42, 0x51, 0x41, 0x44, 0x51, 0x51, 0x41, 0x4a, 0x4d, 0x54, + 0x78, 0x6c, 0x62, 0x4e, 0x43, 0x58, 0x62, 0x6b, 0x2f, 0x73, + 0x6a, 0x79, 0x67, 0x4b, 0x30, 0x39, 0x58, 0x68, 0x50, 0x38, + 0x48, 0x74, 0x4c, 0x6b, 0x45, 0x2b, 0x34, 0x33, 0x6e, 0x61, + 0x67, 0x44, 0x39, 0x4b, 0x52, 0x48, 0x35, 0x53, 0x52, 0x47, + 0x6b, 0x68, 0x45, 0x43, 0x34, 0x50, 0x7a, 0x68, 0x53, 0x31, + 0x0a, 0x52, 0x76, 0x65, 0x34, 0x79, 0x4a, 0x35, 0x50, 0x2b, + 0x4b, 0x4a, 0x74, 0x36, 0x4d, 0x65, 0x78, 0x38, 0x4c, 0x48, + 0x37, 0x79, 0x2b, 0x74, 0x38, 0x61, 0x42, 0x62, 0x79, 0x68, + 0x56, 0x30, 0x47, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, + 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, + 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a ), + DIGEST ( 0x87, 0x95, 0x3b, 0x90, 0xb5, 0x5c, 0xb6, 0x7b, 0xc3, 0xfb, + 0xcb, 0x2c, 0x72, 0xbd, 0x4c, 0x2d, 0xb9, 0x9f, 0x10, 0xda ), + DIGEST ( 0x9b, 0x08, 0xa2, 0x7d, 0x53, 0x35, 0x0a, 0xeb, 0x53, 0xca, + 0x50, 0x66, 0xc0, 0xfd, 0xbd, 0x70, 0x78, 0xf2, 0xa0, 0xc9 ) ); + +/** + * Perform EFI signature list self-test + * + */ +static void efisig_test_exec ( void ) { + + /* Perform tests */ + asn1_ok ( &efisecdb ); +} + +/** EFI signature list self-test */ +struct self_test efisig_test __self_test = { + .name = "efisig", + .exec = efisig_test_exec, +}; diff --git a/src/tests/tests.c b/src/tests/tests.c index 96687423f..865818bdc 100644 --- a/src/tests/tests.c +++ b/src/tests/tests.c @@ -88,3 +88,4 @@ REQUIRE_OBJECT ( uuid_test ); REQUIRE_OBJECT ( editstring_test ); REQUIRE_OBJECT ( p256_test ); REQUIRE_OBJECT ( p384_test ); +REQUIRE_OBJECT ( efi_siglist_test );