efi_loader: identify PK, KEK, db, dbx correctly

To determine if a varible is on the of the authentication variables
PK, KEK, db, dbx we have to check both the name and the GUID.

Provide a function converting the variable-name/guid pair to an enum and
use it consistently.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

1 files changed, 27 insertions, 0 deletions

diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 36e31b4d454..ee2e67bc8cb 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -16,6 +16,23 @@ enum efi_secure_mode {
 	EFI_MODE_DEPLOYED,
 };
 
+struct efi_auth_var_name_type {
+	const u16 *name;
+	const efi_guid_t *guid;
+	const enum efi_auth_var_type type;
+};
+
+static const struct efi_auth_var_name_type name_type[] = {
+	{u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK},
+	{u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},
+	{u"db",  &efi_guid_image_security_database, EFI_AUTH_VAR_DB},
+	{u"dbx",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBX},
+	/* not used yet
+	{u"dbt",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBT},
+	{u"dbr",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBR},
+	*/
+};
+
 static bool efi_secure_boot;
 static enum efi_secure_mode efi_secure_mode;
 
@@ -293,3 +310,13 @@ bool efi_secure_boot_enabled(void)
 {
 	return efi_secure_boot;
 }
+
+enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid)
+{
+	for (size_t i = 0; i < ARRAY_SIZE(name_type); ++i) {
+		if (!u16_strcmp(name, name_type[i].name) &&
+		    !guidcmp(guid, name_type[i].guid))
+			return name_type[i].type;
+	}
+	return EFI_AUTH_VAR_NONE;
+}