Add qemu 2.4.0

Change-Id: Ic99cbad4b61f8b127b7dc74d04576c0bcbaaf4f5
Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>

1 files changed, 110 insertions, 0 deletions

diff --git a/qemu/roms/ipxe/src/usr/imgtrust.c b/qemu/roms/ipxe/src/usr/imgtrust.c
new file mode 100644
index 000000000..da7ff2ef0
--- /dev/null
+++ b/qemu/roms/ipxe/src/usr/imgtrust.c
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <syslog.h>
+#include <ipxe/uaccess.h>
+#include <ipxe/image.h>
+#include <ipxe/cms.h>
+#include <ipxe/validator.h>
+#include <ipxe/monojob.h>
+#include <usr/imgtrust.h>
+
+/** @file
+ *
+ * Image trust management
+ *
+ */
+
+/**
+ * Verify image using downloaded signature
+ *
+ * @v image		Image to verify
+ * @v signature		Image containing signature
+ * @v name		Required common name, or NULL to allow any name
+ * @ret rc		Return status code
+ */
+int imgverify ( struct image *image, struct image *signature,
+		const char *name ) {
+	size_t len;
+	void *data;
+	struct cms_signature *sig;
+	struct cms_signer_info *info;
+	time_t now;
+	int rc;
+
+	/* Mark image as untrusted */
+	image_untrust ( image );
+
+	/* Copy signature to internal memory */
+	len = signature->len;
+	data = malloc ( len );
+	if ( ! data ) {
+		rc = -ENOMEM;
+		goto err_alloc;
+	}
+	copy_from_user ( data, signature->data, 0, len );
+
+	/* Parse signature */
+	if ( ( rc = cms_signature ( data, len, &sig ) ) != 0 )
+		goto err_parse;
+
+	/* Free internal copy of signature */
+	free ( data );
+	data = NULL;
+
+	/* Complete all certificate chains */
+	list_for_each_entry ( info, &sig->info, list ) {
+		if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 )
+			goto err_create_validator;
+		if ( ( rc = monojob_wait ( NULL, 0 ) ) != 0 )
+			goto err_validator_wait;
+	}
+
+	/* Use signature to verify image */
+	now = time ( NULL );
+	if ( ( rc = cms_verify ( sig, image->data, image->len,
+				 name, now, NULL, NULL ) ) != 0 )
+		goto err_verify;
+
+	/* Drop reference to signature */
+	cms_put ( sig );
+	sig = NULL;
+
+	/* Mark image as trusted */
+	image_trust ( image );
+	syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
+
+	return 0;
+
+ err_verify:
+ err_validator_wait:
+ err_create_validator:
+	cms_put ( sig );
+ err_parse:
+	free ( data );
+ err_alloc:
+	syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
+		 image->name, strerror ( rc ) );
+	return rc;
+}