On Tue, Jul 29, 2025 at 08:21:47PM +0530, Sudhakar Kuppusamy wrote:
> Enhancing the infrastructure to enable the Platform Keystore (PKS) feature,
> which provides access to the SB_VERSION, db, and dbx secure boot variables
> from PKS.
>
> If secure boot is enabled with dynamic key management mode, it will read
> secure boot variables such as db and dbx from PKS and extract
> EFI Signature List (ESL) from it. The ESLs would be saved in the
> Platform Keystore buffer, and the appendedsig module would read it later
> to extract the certificate's details from ESL.
>
> In the following scenarios, static key management mode will be activated:
>  1. When Secure Boot is enabled with static key management mode
>  2. When SB_VERSION is unavailable but Secure Boot is enabled
>  3. When PKS support is unavailable but Secure Boot is enabled
>
> Note:-
>
>  SB_VERSION: Key Management Mode
>  1 - Enable dynamic key management mode. Read the db and dbx variables from 
> PKS,
>      and use them for signature verification.
>  0 - Enable static key management mode. Read keys from the GRUB ELF Note and
>      use it for signature verification.
>
> Signed-off-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com>

[...]

> diff --git a/include/grub/ieee1275/ieee1275.h 
> b/include/grub/ieee1275/ieee1275.h
> index 6f7925168..365fbb22c 100644
> --- a/include/grub/ieee1275/ieee1275.h
> +++ b/include/grub/ieee1275/ieee1275.h
> @@ -24,6 +24,9 @@
>  #include <grub/types.h>
>  #include <grub/machine/ieee1275.h>
>
> +#define IEEE1275_CELL_INVALID          ((grub_ieee1275_cell_t) -1)
> +#define IEEE1275_CELL_NOT_FOUND        ((int) -7)

This definition looks strange and I am almost certain it should not be
an int but a "grub_" prefixed type...

> +
>  #define GRUB_IEEE1275_CELL_FALSE       ((grub_ieee1275_cell_t) 0)
>  #define GRUB_IEEE1275_CELL_TRUE        ((grub_ieee1275_cell_t) -1)
>
> diff --git a/include/grub/powerpc/ieee1275/ieee1275.h 
> b/include/grub/powerpc/ieee1275/ieee1275.h
> index 4eb207018..b70b813f2 100644
> --- a/include/grub/powerpc/ieee1275/ieee1275.h
> +++ b/include/grub/powerpc/ieee1275/ieee1275.h
> @@ -28,4 +28,24 @@ typedef grub_uint32_t grub_ieee1275_cell_t;
>  #define PRIxGRUB_IEEE1275_CELL_T     PRIxGRUB_UINT32_T
>  #define PRIuGRUB_IEEE1275_CELL_T     PRIuGRUB_UINT32_T
>
> +#ifdef __powerpc__
> +
> +extern int
> +grub_ieee1275_test (const char *name, grub_ieee1275_cell_t *missing);
> +
> +extern int
> +grub_ieee1275_pks_max_object_size (grub_size_t *result);
> +
> +extern int
> +grub_ieee1275_pks_read_object (grub_uint8_t consumer, grub_uint8_t *label,
> +                               grub_size_t label_len, grub_uint8_t *buffer,
> +                               grub_size_t buffer_len, grub_size_t *data_len,
> +                               grub_uint32_t *policies);
> +
> +extern int
> +grub_ieee1275_pks_read_sbvar (grub_uint8_t sbvarflags, grub_uint8_t 
> sbvartype,
> +                              grub_uint8_t *buffer, grub_size_t buffer_len,
> +                              grub_size_t *data_len);
> +#endif

Return types does not look right for me. I think you should check
IEEE 1275 spec and choose proper "grub_" prefixed type. Same for
some args members, e.g. rc, types in these functions.

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to