-
Notifications
You must be signed in to change notification settings - Fork 14
Issue #70: Disable SVP with build flag #71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,9 +16,11 @@ | |
| * SPDX-License-Identifier: Apache-2.0 | ||
| */ | ||
|
|
||
| #include "sa_svp.h" | ||
| #include "sec_security_svp.h" // NOLINT | ||
|
|
||
| #ifdef ENABLE_SVP | ||
| #include "sa_svp.h" | ||
|
|
||
| sa_svp_buffer get_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle) { | ||
| if (processorHandle == NULL || opaqueBufferHandle == NULL) | ||
| return INVALID_HANDLE; | ||
|
|
@@ -376,3 +378,61 @@ Sec_Result SecOpaqueBuffer_CopyByIndex(Sec_OpaqueBufferHandle* outOpaqueBufferHa | |
| CHECK_STATUS(status) | ||
| return SEC_RESULT_SUCCESS; | ||
| } | ||
|
|
||
| #else // ENABLE_SVP | ||
|
|
||
| // Stub implementations when SVP is disabled | ||
|
|
||
| // Deprecated | ||
| Sec_Result Sec_OpaqueBufferMalloc(SEC_SIZE bufLength, void** handle, void* params) { | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why include these functions in the non-SVP code base? They are specific to SVP operation.
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't want to break the build if any app tries to call it, but I do want to return an error with a descriptive reason why. |
||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecOpaqueBuffer_Malloc(SEC_SIZE bufLength, Sec_OpaqueBufferHandle** opaqueBufferHandle) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result Sec_OpaqueBufferWrite(Sec_OpaqueBufferHandle* opaqueBufferHandle, SEC_SIZE offset, void* data, | ||
| SEC_SIZE length) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecOpaqueBuffer_Write(Sec_OpaqueBufferHandle* opaqueBufferHandle, SEC_SIZE offset, SEC_BYTE* data, | ||
| SEC_SIZE length) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result Sec_OpaqueBufferFree(Sec_OpaqueBufferHandle* opaqueBufferHandle, void* params) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecOpaqueBuffer_Free(Sec_OpaqueBufferHandle* opaqueBufferHandle) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecOpaqueBuffer_Copy(Sec_OpaqueBufferHandle* outOpaqueBufferHandle, SEC_SIZE out_offset, | ||
| Sec_OpaqueBufferHandle* inOpaqueBufferHandle, SEC_SIZE in_offset, SEC_SIZE num_to_copy) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecOpaqueBuffer_Release(Sec_OpaqueBufferHandle* opaqueBufferHandle, Sec_ProtectedMemHandle** svpHandle) { | ||
| SEC_LOG_ERROR("SVP not supported"); | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecCodeIntegrity_SecureBootEnabled(void) { | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| Sec_Result SecSVP_SetTime(time_t time) { | ||
| return SEC_RESULT_UNIMPLEMENTED_FEATURE; | ||
| } | ||
|
|
||
| #endif // ENABLE_SVP | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why include this function at all since it is specific to SVP?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the function stub exists, but only returns an error message if someone tries to call it.
are you saying they should be removed completely? there is some value to keeping the stubs in responding with an unimplemented error, right? that way a caller would see that SVP isn't supported if called. although, maybe the better response is to just fail to link so they'll have a program crash and have to look at why?