[PATCH 3/3] uefi: uefidump: Add support for VendorKeys

Colin Ian King colin.king at canonical.com
Thu Sep 5 13:45:40 UTC 2013 

On 05/09/13 09:27, Ivan Hu wrote:
> The VendorKeys variable is an 8-bit unsigned integer that defines whether the PK, KEK, db and dbx databases have been modified by anyone other than the platform vendor or a holder of the vendor-provided keys. This variable is new added to the UEFI spec version 2.4.
> 
> Signed-off-by: Ivan Hu <ivan.hu at canonical.com>
> ---
>  src/uefi/uefidump/uefidump.c |   25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/src/uefi/uefidump/uefidump.c b/src/uefi/uefidump/uefidump.c
> index fd5e378..f732bef 100644
> --- a/src/uefi/uefidump/uefidump.c
> +++ b/src/uefi/uefidump/uefidump.c
> @@ -722,6 +722,30 @@ static void uefidump_info_osindications_supported(fwts_framework *fw, fwts_uefi_
>  	}
>  }
>  
> +static void uefidump_info_vendor_keys(fwts_framework *fw, fwts_uefi_var *var)
> +{
> +	if (var->datalen != 1) {
> +		/* Should be 1 byte, of not, dump it out as a hex dump */
> +		uefidump_var_hexdump(fw, var);
> +	} else {
> +		char *modified;
> +		uint8_t value = (uint8_t)var->data[0];
> +
> +		switch (value) {
> +		case 0:
> +			modified = " (databases have been modified)";
> +			break;
> +		case 1:
> +			modified = " (databases haven't been modified)";
> +			break;

Not sure if it is worth adding that a value of zero means that somebody
other than the original platform vendor transitioned the system into
setup mode or updated the PK, KEK, db, dbx using a mechanism not defined
in the UEFI specification.  So is the message "databases have been
modified" sufficient?

> +		default:
> +			modified = "";
> +			break;
> +		}
> +		fwts_log_info_verbatum(fw, "  Value: 0x%2.2" PRIx8 "%s.", value, modified);
> +	}
> +}
> +
>  static uefidump_info uefidump_info_table[] = {
>  	{ "PlatformLangCodes",	uefidump_info_platform_langcodes },
>  	{ "PlatformLang",	uefidump_info_platform_lang },
> @@ -748,6 +772,7 @@ static uefidump_info uefidump_info_table[] = {
>  	{ "SignatureSupport",	uefidump_info_signature_support },
>  	{ "HwErrRecSupport",	uefidump_info_hwerrrec_support },
>  	{ "OsIndicationsSupported",	uefidump_info_osindications_supported },
> +	{ "VendorKeys",		uefidump_info_vendor_keys },
>  	{ NULL, NULL }
>  };
>  
>

More information about the fwts-devel mailing list