From: Lukas Wunner <lukas@wunner.de>
To: David Howells <dhowells@redhat.com>
Cc: Matthew Garrett <matthew.garrett@nebula.com>,
linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH 4/6] efi: Get the secure boot status
Date: Tue, 22 Nov 2016 11:44:01 +0100 [thread overview]
Message-ID: <20161122104401.GC1552@wunner.de> (raw)
In-Reply-To: <147977472115.6360.13015228230799369019.stgit@warthog.procyon.org.uk>
On Tue, Nov 22, 2016 at 12:32:01AM +0000, David Howells wrote:
> Get the firmware's secure-boot status in the kernel boot wrapper and stash
> it somewhere that the main kernel image can find.
That's a bit terse. You could write here that you're moving the
existing ARM function to generic stub code to be able to reuse it
on x86.
Further comments below.
>
> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>
> Documentation/x86/zero-page.txt | 2 +
> arch/x86/boot/compressed/eboot.c | 5 ++
> arch/x86/include/uapi/asm/bootparam.h | 3 +
> drivers/firmware/efi/libstub/Makefile | 2 -
> drivers/firmware/efi/libstub/arm-stub.c | 46 --------------------
> drivers/firmware/efi/libstub/secureboot.c | 66 +++++++++++++++++++++++++++++
> include/linux/efi.h | 2 +
> 7 files changed, 78 insertions(+), 48 deletions(-)
> create mode 100644 drivers/firmware/efi/libstub/secureboot.c
>
> diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
> index 95a4d34af3fd..b8527c6b7646 100644
> --- a/Documentation/x86/zero-page.txt
> +++ b/Documentation/x86/zero-page.txt
> @@ -31,6 +31,8 @@ Offset Proto Name Meaning
> 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
> 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
> (below)
> +1EB/001 ALL kbd_status Numlock is enabled
> +1EC/001 ALL secure_boot Secure boot is enabled in the firmware
> 1EF/001 ALL sentinel Used to detect broken bootloaders
> 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
> 2D0/A00 ALL e820_map E820 memory map table
> diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
> index c8c32ebcdfdb..fd6506de480d 100644
> --- a/arch/x86/boot/compressed/eboot.c
> +++ b/arch/x86/boot/compressed/eboot.c
> @@ -12,6 +12,7 @@
> #include <asm/efi.h>
> #include <asm/setup.h>
> #include <asm/desc.h>
> +#include <asm/bootparam_utils.h>
>
> #include "../string.h"
> #include "eboot.h"
> @@ -1158,6 +1159,10 @@ struct boot_params *efi_main(struct efi_config *c,
> else
> setup_boot_services32(efi_early);
>
> + sanitize_boot_params(boot_params);
What is the connection of this change to the rest of the patch?
Needs an explanation in the commit message.
> +
> + boot_params->secure_boot = efi_get_secureboot();
> +
> setup_graphics(boot_params);
>
> setup_efi_pci(boot_params);
> diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
> index b10bf319ed20..5138dacf8bb8 100644
> --- a/arch/x86/include/uapi/asm/bootparam.h
> +++ b/arch/x86/include/uapi/asm/bootparam.h
> @@ -135,7 +135,8 @@ struct boot_params {
> __u8 eddbuf_entries; /* 0x1e9 */
> __u8 edd_mbr_sig_buf_entries; /* 0x1ea */
> __u8 kbd_status; /* 0x1eb */
> - __u8 _pad5[3]; /* 0x1ec */
> + __u8 secure_boot; /* 0x1ec */
> + __u8 _pad5[2]; /* 0x1ed */
> /*
> * The sentinel is set to a nonzero value (0xff) in header.S.
> *
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index 6621b13c370f..9af966863612 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -28,7 +28,7 @@ OBJECT_FILES_NON_STANDARD := y
> # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in.
> KCOV_INSTRUMENT := n
>
> -lib-y := efi-stub-helper.o gop.o
> +lib-y := efi-stub-helper.o gop.o secureboot.o
>
> # include the stub's generic dependencies from lib/ when building for ARM/arm64
> arm-deps := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c sort.c
> diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
> index b4f7d78f9e8b..552ee61ddbed 100644
> --- a/drivers/firmware/efi/libstub/arm-stub.c
> +++ b/drivers/firmware/efi/libstub/arm-stub.c
> @@ -20,52 +20,6 @@
>
> bool __nokaslr;
>
> -static int efi_get_secureboot(efi_system_table_t *sys_table_arg)
> -{
> - static efi_char16_t const sb_var_name[] = {
> - 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
> - static efi_char16_t const sm_var_name[] = {
> - 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 };
> -
> - efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
> - efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable;
> - u8 val;
> - unsigned long size = sizeof(val);
> - efi_status_t status;
> -
> - status = f_getvar((efi_char16_t *)sb_var_name, (efi_guid_t *)&var_guid,
> - NULL, &size, &val);
> -
> - if (status != EFI_SUCCESS)
> - goto out_efi_err;
> -
> - if (val == 0)
> - return 0;
> -
> - status = f_getvar((efi_char16_t *)sm_var_name, (efi_guid_t *)&var_guid,
> - NULL, &size, &val);
> -
> - if (status != EFI_SUCCESS)
> - goto out_efi_err;
> -
> - if (val == 1)
> - return 0;
> -
> - return 1;
> -
> -out_efi_err:
> - switch (status) {
> - case EFI_NOT_FOUND:
> - return 0;
> - case EFI_DEVICE_ERROR:
> - return -EIO;
> - case EFI_SECURITY_VIOLATION:
> - return -EACCES;
> - default:
> - return -EINVAL;
> - }
> -}
> -
> efi_status_t efi_open_volume(efi_system_table_t *sys_table_arg,
> void *__image, void **__fh)
> {
> diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c
> new file mode 100644
> index 000000000000..e44d8c9ee150
> --- /dev/null
> +++ b/drivers/firmware/efi/libstub/secureboot.c
> @@ -0,0 +1,66 @@
> +/*
> + * Secure boot handling.
> + *
> + * Copyright (C) 2013,2014 Linaro Limited
> + * Roy Franz <roy.franz@linaro.org
> + * Copyright (C) 2013 Red Hat, Inc.
> + * Mark Salter <msalter@redhat.com>
> + *
> + * This file is part of the Linux kernel, and is made available under the
> + * terms of the GNU General Public License version 2.
> + *
> + */
> +
> +#include <linux/efi.h>
> +#include <linux/sort.h>
You don't need sort.h.
> +#include <asm/efi.h>
> +
> +#include "efistub.h"
>From a cursory look at efistub.h, you don't seem to need this either.
> +
> +int efi_get_secureboot(void)
It looks like you didn't compile-test this on ARM.
You dropped the efi_system_table_t *sys_table_arg argument but this
isn't defined anywhere as a static global.
> +{
> + static const efi_char16_t const sb_var_name[] = {
> + 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
> + static const efi_char16_t const sm_var_name[] = {
> + 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 };
> +
> + static const efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
> +
Gratuitous newline in-between variable declarations.
> + u8 val;
> + unsigned long size = sizeof(val);
> + efi_status_t status;
> +
> +#define f_getvar(...) efi_call_runtime(get_variable, __VA_ARGS__)
> +
> + status = f_getvar((efi_char16_t *)sb_var_name, (efi_guid_t *)&var_guid,
> + NULL, &size, &val);
Just replace the f_getvar yourself instead of having cpp do it:
status = efi_call_runtime(get_variable, (efi_char16_t *)sb_var_name,
(efi_guid_t *)&var_guid, NULL, &size, &val);
> +
> + if (status != EFI_SUCCESS)
> + goto out_efi_err;
> +
> + if (val == 0)
> + return 0;
> +
> + status = f_getvar((efi_char16_t *)sm_var_name, (efi_guid_t *)&var_guid,
> + NULL, &size, &val);
Same here.
> +
> + if (status != EFI_SUCCESS)
> + goto out_efi_err;
> +
> + if (val == 1)
> + return 0;
> +
> + return 1;
> +
> +out_efi_err:
> + switch (status) {
> + case EFI_NOT_FOUND:
> + return 0;
> + case EFI_DEVICE_ERROR:
> + return -EIO;
> + case EFI_SECURITY_VIOLATION:
> + return -EACCES;
> + default:
> + return -EINVAL;
> + }
The "out_efi_err" portion differs from the previous version of this
patch. Setting a __u8 to a negative value, is this really what you
want?
Thanks,
Lukas
> +}
> diff --git a/include/linux/efi.h b/include/linux/efi.h
> index 24db4e5ec817..615d8704f048 100644
> --- a/include/linux/efi.h
> +++ b/include/linux/efi.h
> @@ -1477,6 +1477,8 @@ efi_status_t efi_setup_gop(efi_system_table_t *sys_table_arg,
> bool efi_runtime_disabled(void);
> extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
>
> +int efi_get_secureboot(void);
> +
> /*
> * Arch code can implement the following three template macros, avoiding
> * reptition for the void/non-void return cases of {__,}efi_call_virt():
>
next prev parent reply other threads:[~2016-11-22 10:44 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-16 21:47 [PATCH 00/16] Kernel lockdown David Howells
2016-11-16 21:47 ` David Howells
2016-11-16 21:47 ` [PATCH 01/16] Add the ability to lock down access to the running kernel image David Howells
[not found] ` <147933284407.19316.17886320817060158597.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-16 22:20 ` Borislav Petkov
2016-11-16 22:20 ` Borislav Petkov
2016-11-16 22:40 ` David Howells
2016-12-25 21:20 ` Pavel Machek
2016-12-25 21:44 ` David Howells
2016-11-16 21:47 ` [PATCH 02/16] efi: Get the secure boot status David Howells
2016-11-17 12:37 ` Lukas Wunner
2016-11-21 11:46 ` David Howells
2016-11-21 19:58 ` Lukas Wunner
2016-11-22 0:31 ` [PATCH 2/6] arm/efi: Allow invocation of arbitrary runtime services David Howells
2016-11-22 0:31 ` [PATCH 3/6] efi: Add SHIM and image security database GUID definitions David Howells
2016-11-22 0:32 ` [PATCH 4/6] efi: Get the secure boot status David Howells
2016-11-22 10:44 ` Lukas Wunner [this message]
[not found] ` <20161122104401.GC1552-JFq808J9C/izQB+pC5nmwQ@public.gmane.org>
2016-11-22 10:49 ` Ard Biesheuvel
2016-11-22 10:49 ` Ard Biesheuvel
2016-11-22 14:52 ` David Howells
2016-11-22 14:52 ` David Howells
[not found] ` <25371.1479826321-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-22 20:36 ` Lukas Wunner
2016-11-22 20:36 ` Lukas Wunner
2016-11-22 14:47 ` David Howells
2016-11-22 20:30 ` Lukas Wunner
2016-11-23 0:02 ` David Howells
[not found] ` <7199.1479826047-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-22 14:57 ` David Howells
2016-11-22 14:57 ` David Howells
2016-11-22 0:32 ` [PATCH 5/6] efi: Disable secure boot if shim is in insecure mode David Howells
2016-11-22 13:03 ` Lukas Wunner
2016-11-22 0:32 ` [PATCH 6/6] efi: Add EFI_SECURE_BOOT bit David Howells
2016-11-22 13:04 ` Lukas Wunner
[not found] ` <20161117123731.GA11573-JFq808J9C/izQB+pC5nmwQ@public.gmane.org>
2016-11-21 11:42 ` [PATCH 02/16] efi: Get the secure boot status David Howells
2016-11-21 11:42 ` David Howells
[not found] ` <29779.1479728545-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-21 11:52 ` Ard Biesheuvel
2016-11-21 11:52 ` Ard Biesheuvel
[not found] ` <CAKv+Gu-frVDhzORDRZ6XT+FxewsTgrxhXmM=DqaS6Ns4mJhQ9g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-21 12:41 ` David Howells
2016-11-21 12:41 ` David Howells
2016-11-21 13:14 ` Ard Biesheuvel
[not found] ` <CAKv+Gu8Lhm=u97hY1y+Y+Ladk=y7pSVNrow8ML1hQUJ9+74B-w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-21 15:17 ` Lukas Wunner
2016-11-21 15:17 ` Lukas Wunner
2016-11-21 15:25 ` Ard Biesheuvel
2016-11-22 0:31 ` [PATCH 1/6] x86/efi: Allow invocation of arbitrary runtime services David Howells
2016-11-22 0:31 ` David Howells
[not found] ` <147977469914.6360.17194649697208113702.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-22 10:20 ` Lukas Wunner
2016-11-22 10:20 ` Lukas Wunner
2016-11-22 14:17 ` David Howells
2016-11-22 14:58 ` Joe Perches
[not found] ` <1479826691.1942.11.camel-6d6DIl74uiNBDgjK7y7TUQ@public.gmane.org>
2016-11-22 15:52 ` David Howells
2016-11-22 15:52 ` David Howells
[not found] ` <24973.1479829961-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-22 16:25 ` Joe Perches
2016-11-22 16:25 ` Joe Perches
2016-11-22 16:40 ` David Howells
2016-11-22 16:51 ` Joe Perches
2016-11-16 21:47 ` [PATCH 03/16] efi: Disable secure boot if shim is in insecure mode David Howells
2016-11-16 21:47 ` [PATCH 04/16] efi: Lock down the kernel if booted in secure boot mode David Howells
2016-11-16 21:47 ` [PATCH 05/16] efi: Add EFI_SECURE_BOOT bit David Howells
2016-11-17 21:58 ` Ard Biesheuvel
2016-11-18 11:58 ` Josh Boyer
[not found] ` <CA+5PVA6F5qEnuL2UaXS9_fJ217J93cEZDDsz9Y2BPwHXcMdX-A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-18 12:10 ` Ard Biesheuvel
2016-11-18 12:10 ` Ard Biesheuvel
[not found] ` <CAKv+Gu_8r3oM-jvvuSiXTzxp0YMEVgc5KkScJ2UhGTaXm28L6w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-18 17:28 ` David Howells
2016-11-18 17:28 ` David Howells
2016-11-16 21:48 ` [PATCH 06/16] Add a sysrq option to exit secure boot mode David Howells
2016-11-16 21:48 ` [PATCH 07/16] kexec: Disable at runtime if the kernel is locked down David Howells
2016-11-16 21:48 ` [PATCH 08/16] Copy secure_boot flag in boot params across kexec reboot David Howells
2016-11-16 21:48 ` [PATCH 09/16] hibernate: Disable when the kernel is locked down David Howells
2016-11-16 21:48 ` [PATCH 10/16] PCI: Lock down BAR access " David Howells
2016-11-16 21:48 ` [PATCH 12/16] ACPI: Limit access to custom_method " David Howells
2016-11-16 21:48 ` [PATCH 13/16] asus-wmi: Restrict debugfs interface " David Howells
2016-11-16 21:48 ` [PATCH 14/16] Restrict /dev/mem and /dev/kmem " David Howells
2016-11-16 21:49 ` [PATCH 15/16] acpi: Ignore acpi_rsdp kernel param when the kernel has been " David Howells
[not found] ` <147933283664.19316.12454053022687659937.stgit-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-16 21:48 ` [PATCH 11/16] x86: Lock down IO port access when the kernel is " David Howells
2016-11-16 21:48 ` David Howells
2016-11-16 21:49 ` [PATCH 16/16] x86: Restrict MSR " David Howells
2016-11-16 21:49 ` David Howells
2016-11-16 22:27 ` [PATCH 00/16] Kernel lockdown One Thousand Gnomes
2016-11-16 22:27 ` One Thousand Gnomes
2016-11-21 19:53 ` Ard Biesheuvel
2016-11-30 14:27 ` One Thousand Gnomes
2016-11-21 23:10 ` [PATCH] Lock down drivers that can have io ports, io mem, irqs and dma changed David Howells
2016-11-22 6:12 ` Dominik Brodowski
2016-11-22 6:12 ` Dominik Brodowski
2016-11-23 12:58 ` David Howells
2016-11-23 19:21 ` Dominik Brodowski
[not found] ` <20161123192143.GA482-SGhQLRGLuNwb6pqDj42GsMgv3T4z79SOrE5yTffgRl4@public.gmane.org>
2016-11-24 17:34 ` David Howells
2016-11-24 17:34 ` David Howells
2016-11-24 20:19 ` Dominik Brodowski
2016-11-25 14:49 ` David Howells
[not found] ` <26173.1479769852-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-28 22:32 ` Corey Minyard
2016-11-28 22:32 ` Corey Minyard
2016-11-29 0:11 ` David Howells
2016-11-29 0:23 ` Corey Minyard
2016-11-29 14:03 ` David Howells
[not found] ` <6973.1480428211-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-11-29 14:35 ` Corey Minyard
2016-11-29 14:35 ` Corey Minyard
2016-11-30 14:41 ` One Thousand Gnomes
2016-11-30 14:41 ` One Thousand Gnomes
[not found] ` <20161130144105.2b6be4fe-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2016-11-30 16:25 ` David Howells
2016-11-30 16:25 ` David Howells
2016-11-29 10:40 ` David Howells
2016-11-16 22:28 ` [PATCH 00/16] Kernel lockdown Justin Forbes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161122104401.GC1552@wunner.de \
--to=lukas@wunner.de \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthew.garrett@nebula.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.