Merge tag 'efi-2022-07-rc7' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request efi-2022-07-rc7

UEFI:

* correct verification of signed UEFI binaries

2 files changed, 45 insertions, 0 deletions

diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h
new file mode 100644
index 00000000000..551058b96e6
--- /dev/null
+++ b/include/crypto/mscode.h
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/* PE Binary parser bits
+ *
+ * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#include <crypto/pkcs7.h>
+#ifndef __UBOOT__
+#include <crypto/hash_info.h>
+#endif
+
+struct pefile_context {
+#ifndef __UBOOT__
+	unsigned	header_size;
+	unsigned	image_checksum_offset;
+	unsigned	cert_dirent_offset;
+	unsigned	n_data_dirents;
+	unsigned	n_sections;
+	unsigned	certs_size;
+	unsigned	sig_offset;
+	unsigned	sig_len;
+	const struct section_header *secs;
+#endif
+
+	/* PKCS#7 MS Individual Code Signing content */
+	const void	*digest;		/* Digest */
+	unsigned	digest_len;		/* Digest length */
+	const char	*digest_algo;		/* Digest algorithm */
+};
+
+#ifndef __UBOOT__
+#define kenter(FMT, ...)					\
+	pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__)
+#define kleave(FMT, ...) \
+	pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
+#endif
+
+/*
+ * mscode_parser.c
+ */
+extern int mscode_parse(void *_ctx, const void *content_data, size_t data_len,
+			size_t asn1hdrlen);
diff --git a/include/efi_loader.h b/include/efi_loader.h
index c1e00ebac39..11930fbea83 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -931,6 +931,8 @@ struct efi_signature_store {
 struct x509_certificate;
 struct pkcs7_message;
 
+bool efi_hash_regions(struct image_region *regs, int count,
+		      void **hash, const char *hash_algo, int *len);
 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
 				 struct efi_signature_store *db,
 				 bool dbx);