Support authentication of uefi priv. variables
To authenticate private uefi variables a fingerprint has to be
calculated based on the common name of the signing certificate's
Subject field and the tbsCertificate of the top-level issuer
certificate.
These variables have a public key certificate attached so the
verify_pkcs7_signature_handler is also reorganized to be able
to verify its own signature with its internal public key.
This commit implements the changes needed for the described
functionality.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: Ida22977f3ef1a730ea95834ca5c9f9e4ed78d927
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 64f7543..b733d9c 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -38,6 +38,7 @@
"components/common/endian/test"
"components/common/crc32"
"components/common/crc32/test"
+ "components/common/mbedtls"
"components/config/ramstore"
"components/config/ramstore/test"
"components/messaging/ffa/libsp/mock"
diff --git a/deployments/crypto/crypto.cmake b/deployments/crypto/crypto.cmake
index 098861c..963dde5 100644
--- a/deployments/crypto/crypto.cmake
+++ b/deployments/crypto/crypto.cmake
@@ -8,6 +8,7 @@
add_components(TARGET "crypto"
BASE_DIR ${TS_ROOT}
COMPONENTS
+ "components/common/mbedtls"
"components/common/tlv"
"components/rpc/common/interface"
"components/rpc/common/endpoint"
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 24b89d4..300f77d 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -65,6 +65,7 @@
"components/common/utils"
"components/common/trace"
"components/common/crc32"
+ "components/common/mbedtls"
"components/config/ramstore"
"components/service/common/include"
"components/service/common/client"
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index e5ee03b..562d9d1 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -17,6 +17,12 @@
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto)
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509)
+# Pass the mbedtls config file to C preprocessor so the uefi
+# direct backend will access the mbedtls headers
+target_compile_definitions(smm-gateway PRIVATE
+ MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+)
+
target_compile_definitions(smm-gateway PRIVATE
-DUEFI_INTERNAL_CRYPTO
)
@@ -24,6 +30,7 @@
add_components(TARGET "smm-gateway"
BASE_DIR ${TS_ROOT}
COMPONENTS
+ "components/common/mbedtls"
"components/service/uefi/smm_variable/backend/direct"
)