From: Daniel Kiper <daniel.kiper@oracle.com>
To: grub-devel@gnu.org
Cc: dpsmith.dev@gmail.com, eric.snowberg@oracle.com,
javierm@redhat.com, jonmccune@google.com,
kanth.ghatraju@oracle.com, keng-yu.lin@hpe.com,
konrad.wilk@oracle.com, leif.lindholm@linaro.org,
mjg59@srcf.ucam.org, phcoder@gmail.com,
philip.b.tricca@intel.com, ross.philipson@oracle.com
Subject: [PATCH RFC v2 0/5] verifiers: Framework and EFI shim lock verifier
Date: Fri, 3 Aug 2018 15:39:53 +0200 [thread overview]
Message-ID: <1533303598-13233-1-git-send-email-daniel.kiper@oracle.com> (raw)
Hi,
As I promised I am posting verifiers framework patchset. This is an RFC because
I have some concerns which should be discussed.
Some verifiers, e.g. shim lock, may not be able to verify all file types, e.g.
GRUB2 modules, on your own and would want to delegate verification to other
verifiers, e.g. PGP. Currently this is not possible. So, I think that we should
extend the interface with relevant functionality. However, this will not solve
all problems. E.g. it is dangerous to load iorw or memrw modules, even if they
are signed e.g. with PGP, if UEFI secure boot is enabled. So, I think that we
should disable module loading if such verifiers are in use or provide
a functionality which gives us a chance to black list some modules.
If TPM verifier is introduced then module loading order changes will change
measurements. So, in this case maybe we should encourage users to use
standalone GRUB2. Or enforce module loading order somehow. However, this
can be difficult and not reliable.
Additionally, I would split PGP code changes from verifiers introduction (patch #2),
rename grub-core/commands/verify.c to grub-core/commands/pgp.c and rename
grub-core/commands/verify_helper.c to grub-core/commands/verifiers.c.
And I am tempted to rename verify_detached/trust/list_trusted/distrust
commands to pgp_verify_detached/pgp_trust/pgp_list_trusted/pgp_distrust.
Though this may create some backward compatibility issues, so, ...
Anyway, please take look and say what you think about that.
Daniel
docs/grub-dev.texi | 53 +++++++
grub-core/Makefile.core.def | 11 ++
grub-core/commands/acpi.c | 2 +-
grub-core/commands/blocklist.c | 4 +-
grub-core/commands/cat.c | 2 +-
grub-core/commands/cmp.c | 4 +-
grub-core/commands/efi/loadbios.c | 4 +-
grub-core/commands/efi/shim_lock.c | 93 ++++++++++++
grub-core/commands/file.c | 5 +-
grub-core/commands/hashsum.c | 22 ++-
grub-core/commands/hexdump.c | 2 +-
grub-core/commands/i386/nthibr.c | 79 ++++++++++
grub-core/commands/i386/pc/play.c | 2 +-
grub-core/commands/keylayouts.c | 2 +-
grub-core/commands/legacycfg.c | 2 +-
grub-core/commands/loadenv.c | 24 +--
grub-core/commands/ls.c | 8 +-
grub-core/commands/minicmd.c | 2 +-
grub-core/commands/nativedisk.c | 3 +-
grub-core/commands/parttool.c | 2 +-
grub-core/commands/search.c | 4 +-
grub-core/commands/test.c | 4 +-
grub-core/commands/testload.c | 2 +-
grub-core/commands/testspeed.c | 2 +-
grub-core/commands/verify.c | 564 ++++++++++++++++++++++++++++++++++-------------------------------------
grub-core/commands/verify_helper.c | 208 ++++++++++++++++++++++++++
grub-core/disk/loopback.c | 3 +-
grub-core/efiemu/main.c | 2 +-
grub-core/font/font.c | 4 +-
grub-core/fs/zfs/zfscrypt.c | 2 +-
grub-core/gettext/gettext.c | 2 +-
grub-core/gfxmenu/theme_loader.c | 2 +-
grub-core/io/bufio.c | 10 +-
grub-core/io/gzio.c | 5 +-
grub-core/io/lzopio.c | 6 +-
grub-core/io/offset.c | 7 +-
grub-core/io/xzio.c | 6 +-
grub-core/kern/dl.c | 2 +-
grub-core/kern/elf.c | 4 +-
grub-core/kern/file.c | 22 ++-
grub-core/lib/cmdline.c | 9 +-
grub-core/lib/syslinux_parse.c | 2 +-
grub-core/loader/arm/linux.c | 8 +-
grub-core/loader/arm64/linux.c | 10 +-
grub-core/loader/efi/chainloader.c | 2 +-
grub-core/loader/i386/bsd.c | 22 ++-
grub-core/loader/i386/coreboot/chainloader.c | 2 +-
grub-core/loader/i386/linux.c | 18 ++-
grub-core/loader/i386/multiboot_mbi.c | 16 +-
grub-core/loader/i386/pc/chainloader.c | 4 +-
grub-core/loader/i386/pc/freedos.c | 2 +-
grub-core/loader/i386/pc/linux.c | 15 +-
grub-core/loader/i386/pc/ntldr.c | 2 +-
grub-core/loader/i386/pc/plan9.c | 13 +-
grub-core/loader/i386/pc/pxechainloader.c | 2 +-
grub-core/loader/i386/pc/truecrypt.c | 2 +-
grub-core/loader/i386/xen.c | 14 +-
grub-core/loader/i386/xen_file.c | 2 +-
grub-core/loader/i386/xnu.c | 2 +-
grub-core/loader/ia64/efi/linux.c | 7 +
grub-core/loader/linux.c | 6 +-
grub-core/loader/macho.c | 4 +-
grub-core/loader/mips/linux.c | 10 +-
grub-core/loader/multiboot.c | 8 +-
grub-core/loader/multiboot_mbi2.c | 13 +-
grub-core/loader/powerpc/ieee1275/linux.c | 5 +-
grub-core/loader/sparc64/ieee1275/linux.c | 5 +-
grub-core/loader/xnu.c | 25 +++-
grub-core/loader/xnu_resume.c | 4 +-
grub-core/normal/autofs.c | 11 +-
grub-core/normal/crypto.c | 2 +-
grub-core/normal/dyncmd.c | 2 +-
grub-core/normal/main.c | 2 +-
grub-core/normal/term.c | 2 +-
grub-core/video/readers/jpeg.c | 2 +-
grub-core/video/readers/png.c | 2 +-
grub-core/video/readers/tga.c | 2 +-
include/grub/bufio.h | 6 +-
include/grub/elfload.h | 2 +-
include/grub/file.h | 153 +++++++++++++------
include/grub/lib/cmdline.h | 5 +-
include/grub/list.h | 1 +
include/grub/machoload.h | 3 +-
include/grub/verify.h | 76 ++++++++++
util/grub-fstest.c | 6 +-
util/grub-mount.c | 6 +-
86 files changed, 1172 insertions(+), 532 deletions(-)
Daniel Kiper (1):
efi: Add EFI shim lock verifier
Vladimir Serbinenko (4):
verifiers: File type for fine-grained signature-verification controlling
verifiers: Framework core
verifiers: Add possibility to verify kernel and modules command lines
verifiers: Add the documentation
next reply other threads:[~2018-08-03 13:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-03 13:39 Daniel Kiper [this message]
2018-08-03 13:39 ` [PATCH RFC v2 1/5] verifiers: File type for fine-grained signature-verification controlling Daniel Kiper
2018-08-03 20:56 ` Matthew Garrett
2018-08-03 21:11 ` Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 2/5] verifiers: Framework core Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 3/5] verifiers: Add possibility to verify kernel and modules command lines Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 4/5] verifiers: Add the documentation Daniel Kiper
2018-08-03 13:39 ` [PATCH RFC v2 5/5] efi: Add EFI shim lock verifier Daniel Kiper
2018-08-03 20:55 ` [PATCH RFC v2 0/5] verifiers: Framework and " Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1533303598-13233-1-git-send-email-daniel.kiper@oracle.com \
--to=daniel.kiper@oracle.com \
--cc=dpsmith.dev@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=grub-devel@gnu.org \
--cc=javierm@redhat.com \
--cc=jonmccune@google.com \
--cc=kanth.ghatraju@oracle.com \
--cc=keng-yu.lin@hpe.com \
--cc=konrad.wilk@oracle.com \
--cc=leif.lindholm@linaro.org \
--cc=mjg59@srcf.ucam.org \
--cc=phcoder@gmail.com \
--cc=philip.b.tricca@intel.com \
--cc=ross.philipson@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).