From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E05C1C4332F for ; Tue, 20 Dec 2022 06:56:30 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 31C2F83D18; Tue, 20 Dec 2022 07:56:29 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="R0KPbnsr"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0997083673; Tue, 20 Dec 2022 07:56:27 +0100 (CET) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 518D683673 for ; Tue, 20 Dec 2022 07:56:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x536.google.com with SMTP id m21so5679052edc.3 for ; Mon, 19 Dec 2022 22:56:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=bodjrRZ7kwfCTs0pe0tEe4FgtQcjv3+StRCmxxZDvFM=; b=R0KPbnsra3BP+dFbB7zbRj76qWZ6SBM0K4h3C/cGWCd17aOkNwbO0r809on6mV6YdC 0qA4c5T9ung3/xKDeNyyrqSjHruuol8V6lN9Nl5dtNuXj9q5ZCBnWu6z9DsMyVgM0SK0 aQVOCPnKEVxJZZxds7oh7SBEEbvhlskJWii/bUWsj9/zlA7OWzjByBP8HD3e+hxJD8Po wAc0g4wbM/IOMJ3R0xAqOBMCF0y5fgC4yPmqN7mN7l0SgUT8dw5xDGxnESwSq0ggqoW8 ANoHr0T2Sk0sS43BON0tVAvPAxJUpbu1X5I/EDmON6Wtf/GtbuYyEENZxyZ6oUFtPhKD qt6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bodjrRZ7kwfCTs0pe0tEe4FgtQcjv3+StRCmxxZDvFM=; b=ufCZuul/IZlmQMgDqco+5MpjxMIuSuwFXipjvy8B7HVDDVgiA7VuQVNGEyk6RP4BEq PN30iwVRbTayfqYONVsdHwSdLGApiQEc12R+mcTBEOY/woM+8uIwUICzY5yslbJbCirT xr+5PkdrJSdZ4V5Z5rQioyo+cuo0NyRV6pb1LBUTJ93N4UIkeusvodBnW5y7Aa1/ROT+ TbXd9/UV1TIhVebPFH8PajT9mD0mUaaPkLHMSCwGzDLQ2gnYZ6Z5n36UxLDAOUS1GOZZ RZ5e15lZLb6J3rQB9A7QCamjKjIhm2eH0ANhZrB+CMeQXXRM5GHvLuO64FCmGmAt+I65 jDgA== X-Gm-Message-State: ANoB5plv5f1cgo//via3fAOqcjSNqjay/EaIsF/8/ygz0wYZkyIxu6IE 3fYYGjscJ7s588fzvswyVMrXgA== X-Google-Smtp-Source: AA0mqf6mgAxMeCzJNZZBkVSGenPBHJMVzH0e8mZPaXgneomDTqZVvuSsWYm0n/xZjgVEctppeYU+8Q== X-Received: by 2002:a05:6402:3906:b0:461:79d8:f51a with SMTP id fe6-20020a056402390600b0046179d8f51amr37831247edb.10.1671519383938; Mon, 19 Dec 2022 22:56:23 -0800 (PST) Received: from hera (ppp079167090036.access.hol.gr. [79.167.90.36]) by smtp.gmail.com with ESMTPSA id b10-20020a056402278a00b0046bb7503d9asm5204049ede.24.2022.12.19.22.56.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Dec 2022 22:56:23 -0800 (PST) Date: Tue, 20 Dec 2022 08:56:21 +0200 From: Ilias Apalodimas To: Masahisa Kojima Cc: u-boot@lists.denx.de, Heinrich Schuchardt Subject: Re: [PATCH] eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key Message-ID: References: <20221219151257.23623-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221219151257.23623-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Tue, Dec 20, 2022 at 12:12:56AM +0900, Masahisa Kojima wrote: > The signed null key with authenticated header is used to clear > the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled > (StMM and OP-TEE based RPMB storage is used as the EFI variable > storage), clearing KEK, db and dbx by enrolling a signed null > key does not work as expected if EFI_VARIABLE_APPEND_WRITE > attritube is set. > > This commit checks the selected file is null key, then > EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key. > > Signed-off-by: Masahisa Kojima > --- > cmd/eficonfig_sbkey.c | 40 ++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 38 insertions(+), 2 deletions(-) > > diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c > index 6e0bebf1d4..bd2671bf8f 100644 > --- a/cmd/eficonfig_sbkey.c > +++ b/cmd/eficonfig_sbkey.c > @@ -72,6 +72,30 @@ static bool file_have_auth_header(void *buf, efi_uintn_t size) > return true; > } > > +/** > + * file_is_null_key() - check the file is an authenticated and signed null key > + * @auth: pointer to the file > + * @size: file size > + * @null_key: pointer to store the result > + * Return: status code > + */ > +static efi_status_t file_is_null_key(struct efi_variable_authentication_2 *auth, > + efi_uintn_t size, bool *null_key) > +{ > + efi_status_t ret = EFI_SUCCESS; > + > + if (size < (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength)) > + return EFI_INVALID_PARAMETER; > + > + size -= (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength); > + if (size == 0) /* No payload */ s/size == 0/!size > + *null_key = true; > + else > + *null_key = false; > + > + return ret; > +} > + > /** > * eficonfig_process_enroll_key() - enroll key into signature database > * > @@ -84,6 +108,7 @@ static efi_status_t eficonfig_process_enroll_key(void *data) > char *buf = NULL; > efi_uintn_t size; > efi_status_t ret; > + bool null_key = false; > struct efi_file_handle *f = NULL; > struct efi_device_path *full_dp = NULL; > struct eficonfig_select_file_info file_info; > @@ -149,13 +174,24 @@ static efi_status_t eficonfig_process_enroll_key(void *data) > goto out; > } > > + ret = file_is_null_key((struct efi_variable_authentication_2 *)buf, > + size, &null_key); > + if (ret != EFI_SUCCESS) { > + eficonfig_print_msg("ERROR! Invalid file format."); > + goto out; > + } > + > attr = EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS | > EFI_VARIABLE_RUNTIME_ACCESS | > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > > - /* PK can enroll only one certificate */ > - if (u16_strcmp(data, u"PK")) { > + /* > + * PK can enroll only one certificate. > + * The signed null key is used to clear KEK, db and dbx. > + * EFI_VARIABLE_APPEND_WRITE attribute must not be set in these cases. > + */ > + if (u16_strcmp(data, u"PK") && !null_key) { > efi_uintn_t db_size = 0; > > /* check the variable exists. If exists, add APPEND_WRITE attribute */ > -- > 2.17.1 > Reviewed-by: Ilias Apalodimas