util/smmstoretool: Clarify the auth_vars field

We want to distinguish between a variable store that's marked as capable
of storing authenticated variables (basically, checking their signatures
and promising that there's no TOCTOU possible), and a variable with the
authentication-checking enabled.

Change-Id: Ibf6ffbe279961ff54b0988d98a912a8421598e3b
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88423
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>

util/smmstoretool/fv.c

@@ -124,10 +124,10 @@ static bool check_fw_vol_hdr(const EFI_FIRMWARE_VOLUME_HEADER *hdr,
 
 static bool check_var_store_hdr(const VARIABLE_STORE_HEADER *hdr,
 				size_t max_size,
-				bool *auth_vars)
+				bool *is_auth_var_store)
 {
-	*auth_vars = guid_eq(&hdr->Signature, &EfiAuthenticatedVariableGuid);
-	if (!*auth_vars && !guid_eq(&hdr->Signature, &EfiVariableGuid)) {
+	*is_auth_var_store = guid_eq(&hdr->Signature, &EfiAuthenticatedVariableGuid);
+	if (!*is_auth_var_store && !guid_eq(&hdr->Signature, &EfiVariableGuid)) {
 		fprintf(stderr, "Variable store has unexpected GUID\n");
 		return false;
 	}
@@ -152,7 +152,7 @@ static bool check_var_store_hdr(const VARIABLE_STORE_HEADER *hdr,
 }
 
 bool fv_parse(struct mem_range_t fv, struct mem_range_t *var_store,
-	      bool *auth_vars)
+	      bool *is_auth_var_store)
 {
 	const EFI_FIRMWARE_VOLUME_HEADER *vol_hdr = (void *)fv.start;
 	if (!check_fw_vol_hdr(vol_hdr, fv.length)) {
@@ -163,7 +163,7 @@ bool fv_parse(struct mem_range_t fv, struct mem_range_t *var_store,
 	uint8_t *fw_vol_data = fv.start + vol_hdr->HeaderLength;
 	size_t volume_size = fv.length - vol_hdr->HeaderLength;
 	const VARIABLE_STORE_HEADER *var_store_hdr = (void *)fw_vol_data;
-	if (!check_var_store_hdr(var_store_hdr, volume_size, auth_vars)) {
+	if (!check_var_store_hdr(var_store_hdr, volume_size, is_auth_var_store)) {
 		fprintf(stderr, "No valid variable store was found");
 		return false;
 	}

util/smmstoretool/fv.h

@@ -14,6 +14,6 @@ bool fv_init(struct mem_range_t fv);
 
 bool fv_parse(struct mem_range_t fv,
 	      struct mem_range_t *var_store,
-	      bool *auth_vars);
+	      bool *is_auth_var_store);
 
 #endif // SMMSTORETOOL__FV_H__

util/smmstoretool/storage.c

@@ -41,8 +41,8 @@ bool storage_open(const char store_file[], struct storage_t *storage, bool rw)
 		storage->region.length = area->size;
 	}
 
-	bool auth_vars;
-	if (!fv_parse(storage->region, &storage->store_area, &auth_vars)) {
+	bool is_auth_var_store;
+	if (!fv_parse(storage->region, &storage->store_area, &is_auth_var_store)) {
 		if (!rw) {
 			fprintf(stderr,
 				"Failed to find variable store in \"%s\"\n",
@@ -63,7 +63,7 @@ bool storage_open(const char store_file[], struct storage_t *storage, bool rw)
 			goto error;
 		}
 
-		if (!fv_parse(storage->region, &storage->store_area, &auth_vars)) {
+		if (!fv_parse(storage->region, &storage->store_area, &is_auth_var_store)) {
 			fprintf(stderr,
 				"Failed to parse newly formatted store in \"%s\"\n",
 				store_file);
@@ -75,7 +75,7 @@ bool storage_open(const char store_file[], struct storage_t *storage, bool rw)
 			store_file);
 	}
 
-	storage->vs = vs_load(storage->store_area, auth_vars);
+	storage->vs = vs_load(storage->store_area, is_auth_var_store);
 	return true;
 
 error:

util/smmstoretool/vs.c

@@ -10,32 +10,32 @@
 #include "udk2017.h"
 #include "utils.h"
 
-static size_t get_var_hdr_size(bool auth_vars)
+static size_t get_var_hdr_size(bool is_auth_var_store)
 {
-	if (auth_vars)
+	if (is_auth_var_store)
 		return sizeof(AUTHENTICATED_VARIABLE_HEADER);
 	return sizeof(VARIABLE_HEADER);
 }
 
-struct var_store_t vs_load(struct mem_range_t vs_data, bool auth_vars)
+struct var_store_t vs_load(struct mem_range_t vs_data, bool is_auth_var_store)
 {
 	uint8_t *var_hdr = vs_data.start;
 
 	struct var_store_t vs = {
-		.auth_vars = auth_vars,
+		.is_auth_var_store = is_auth_var_store,
 		.vars = NULL,
 	};
 
 	struct var_t *last_var = NULL;
 
-	const size_t var_hdr_size = get_var_hdr_size(auth_vars);
+	const size_t var_hdr_size = get_var_hdr_size(is_auth_var_store);
 	while (var_hdr + var_hdr_size < vs_data.start + vs_data.length) {
 		uint16_t start_id;
 		uint8_t state;
 		struct var_t var = {0};
 		uint8_t *var_data = var_hdr;
 
-		if (auth_vars) {
+		if (is_auth_var_store) {
 			const AUTHENTICATED_VARIABLE_HEADER *auth_hdr =
 				(void *)var_data;
 
@@ -96,9 +96,9 @@ struct var_store_t vs_load(struct mem_range_t vs_data, bool auth_vars)
 	return vs;
 }
 
-static void store_var(const struct var_t *var, bool auth_vars, uint8_t *data)
+static void store_var(const struct var_t *var, bool is_auth_var_store, uint8_t *data)
 {
-	if (auth_vars) {
+	if (is_auth_var_store) {
 		AUTHENTICATED_VARIABLE_HEADER hdr;
 		memset(&hdr, 0xff, sizeof(hdr));
 
@@ -136,7 +136,7 @@ bool vs_store(struct var_store_t *vs, struct mem_range_t vs_data)
 {
 	uint8_t *out_data = vs_data.start;
 
-	const size_t var_hdr_size = get_var_hdr_size(vs->auth_vars);
+	const size_t var_hdr_size = get_var_hdr_size(vs->is_auth_var_store);
 	for (struct var_t *var = vs->vars; var != NULL; var = var->next) {
 		const size_t var_size =
 			var_hdr_size + var->name_size + var->data_size;
@@ -146,7 +146,7 @@ bool vs_store(struct var_store_t *vs, struct mem_range_t vs_data)
 			return false;
 		}
 
-		store_var(var, vs->auth_vars, out_data);
+		store_var(var, vs->is_auth_var_store, out_data);
 		out_data += HEADER_ALIGN(var_size);
 	}
 

util/smmstoretool/vs.h

@@ -24,10 +24,10 @@ struct var_t {
 
 struct var_store_t {
 	struct var_t *vars;
-	bool auth_vars;
+	bool is_auth_var_store;
 };
 
-struct var_store_t vs_load(struct mem_range_t vs_data, bool auth_vars);
+struct var_store_t vs_load(struct mem_range_t vs_data, bool is_auth_var_store);
 
 bool vs_store(struct var_store_t *vs, struct mem_range_t vs_data);