From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=APhn=MM=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E0087C07E95
	for <u-boot@archiver.kernel.org>; Tue, 20 Jul 2021 05:51:33 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2E75C6113A
	for <u-boot@archiver.kernel.org>; Tue, 20 Jul 2021 05:51:33 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2E75C6113A
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id ED8D881BDA;
	Tue, 20 Jul 2021 07:51:30 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ykd0p9sj";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id E20108262E; Tue, 20 Jul 2021 07:51:28 +0200 (CEST)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com
 [IPv6:2607:f8b0:4864:20::633])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 45CB481BC8
 for <u-boot@lists.denx.de>; Tue, 20 Jul 2021 07:51:25 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=takahiro.akashi@linaro.org
Received: by mail-pl1-x633.google.com with SMTP id e14so8161572plh.8
 for <u-boot@lists.denx.de>; Mon, 19 Jul 2021 22:51:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:mail-followup-to:references
 :mime-version:content-disposition:in-reply-to;
 bh=WMhBB0D0B82GtyCI6SoeZtG+ykZ+dDWfbC0TP8uNqnw=;
 b=ykd0p9sjWagC2i89RDCx0v6ORER7J+POxrzAgenU4+J0xzl/FqLBDEl/934GC2blx+
 pdumII4BdeFpTlzChQE/mmgS9NjopgMtv9wfj87gahDinn1+zvJfSuHTVVxejD6d6NAZ
 RkGSNbsiRw9eQub1dvoIXu4I14v+amgywFyJNYi6dG8JAtaQ4mqciB/XlqQTdSC4p3b7
 5ousKbST0Sv3un+ysXVVp72z/pVTVExgXsAhmj1I7hjLJXDnOtBd4kow923E0e/t1zgX
 z7ULTK2tK/9d4zmkhZtlI/v+PdQIxjPJD/u+HiXBc+pqa7sl8FR7UOKpLJyXA9mUkMsn
 9uyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id
 :mail-followup-to:references:mime-version:content-disposition
 :in-reply-to;
 bh=WMhBB0D0B82GtyCI6SoeZtG+ykZ+dDWfbC0TP8uNqnw=;
 b=DgPnQJ3zNNbX8gNLOjGIkCdEJyelLsYd/bJMc9SDA774WqNwyJnVauaUOoofQaCthx
 MWJ1ByU5SNdzt4f9bZFn1sIi9IBeeYHKGZlwxlo4doDKl7mLAxPF9zAGpBoluHIH7Lwc
 G3Gk20a0zdI8CPUN8kjVz0UVXAoBhzyKiln2LXMxj/OfAsPmBo8AcFONY5FPX2ZixJvb
 gO66EoEU+UKHkhYp2Ag0dYmz5iHNFD5/1B076OSCBwuH2VT5V8f4A7yNMD8NJwadkqFn
 jYzh2MkrBlR/7z6icJM6/S3RMoy64GsKii8a0C9ATJi2+kFoW/8toIMIsfivXYVz1c4R
 jzxQ==
X-Gm-Message-State: AOAM532hB57soWNpL6ziZiPBFFJR1ZrKeOb2CtKviu/gEx8VQoaY+gQo
 lvIqynaT20F+ZW7gXwglb7BNcQ==
X-Google-Smtp-Source: ABdhPJz+otKqXlMXAb70Pozi2Sv3CiF/pBcGe6c7EPIwgeS/4CAFWe+fQBC+YeIe399dL9peXkVjAA==
X-Received: by 2002:a17:90b:4c0c:: with SMTP id
 na12mr28099260pjb.74.1626760283266; 
 Mon, 19 Jul 2021 22:51:23 -0700 (PDT)
Received: from laputa (p784a236a.tkyea130.ap.so-net.ne.jp. [120.74.35.106])
 by smtp.gmail.com with ESMTPSA id n23sm23833451pgv.76.2021.07.19.22.51.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 Jul 2021 22:51:22 -0700 (PDT)
Date: Tue, 20 Jul 2021 14:51:04 +0900
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: xypron.glpk@gmx.de, agraf@csgraf.de
Cc: u-boot@lists.denx.de
Subject: Re: [PATCH] efi_loader: capsule: remove authentication data
Message-ID: <20210720055104.GG77259@laputa>
Mail-Followup-To: AKASHI Takahiro <takahiro.akashi@linaro.org>,
 xypron.glpk@gmx.de, agraf@csgraf.de, u-boot@lists.denx.de
References: <20210720054442.102780-1-takahiro.akashi@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210720054442.102780-1-takahiro.akashi@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Please ignore this patch as I mistakenly sent out v1.

-Takahiro Akashi

On Tue, Jul 20, 2021 at 02:44:42PM +0900, AKASHI Takahiro wrote:
> If capsule authentication is disabled and yet a capsule file is signed,
> its signature must be removed from image data to flush.
> Otherwise, the firmware will be corrupted after update.
> 
> Fixes: 04be98bd6bcf ("efi: capsule: Add support for uefi capsule
> 	authentication")
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  lib/efi_loader/efi_capsule.c | 70 +++++++++++++++++++++++++++++-------
>  1 file changed, 57 insertions(+), 13 deletions(-)
> 
> diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
> index b0dffd3ac9ce..5d156c730faa 100644
> --- a/lib/efi_loader/efi_capsule.c
> +++ b/lib/efi_loader/efi_capsule.c
> @@ -206,6 +206,39 @@ skip:
>  	return NULL;
>  }
>  
> +/**
> + * efi_remove_auth_hdr - remove authentication data from image
> + * @image:	Pointer to pointer to Image
> + * @image_size:	Pointer to Image size
> + *
> + * Remove the authentication data from image if possible.
> + * Update @image and @image_size.
> + *
> + * Return:		status code
> + */
> +static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size)
> +{
> +	struct efi_firmware_image_authentication *auth_hdr;
> +	efi_status_t ret = EFI_INVALID_PARAMETER;
> +
> +	auth_hdr = (struct efi_firmware_image_authentication *)*image;
> +	if (*image_size < sizeof(*auth_hdr))
> +		goto out;
> +
> +	if (auth_hdr->auth_info.hdr.dwLength <=
> +	    offsetof(struct win_certificate_uefi_guid, cert_data))
> +		goto out;
> +
> +	*image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) +
> +		auth_hdr->auth_info.hdr.dwLength;
> +	*image_size = *image_size - auth_hdr->auth_info.hdr.dwLength -
> +		sizeof(auth_hdr->monotonic_count);
> +
> +	ret = EFI_SUCCESS;
> +out:
> +	return ret;
> +}
> +
>  #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
>  
>  #if defined(CONFIG_EFI_PKEY_DTB_EMBED)
> @@ -271,21 +304,15 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s
>  	if (capsule == NULL || capsule_size == 0)
>  		goto out;
>  
> -	auth_hdr = (struct efi_firmware_image_authentication *)capsule;
> -	if (capsule_size < sizeof(*auth_hdr))
> -		goto out;
> -
> -	if (auth_hdr->auth_info.hdr.dwLength <=
> -	    offsetof(struct win_certificate_uefi_guid, cert_data))
> +	*image = (uint8_t *)capsule;
> +	*image_size = capsule_size;
> +	if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS)
>  		goto out;
>  
> +	auth_hdr = (struct efi_firmware_image_authentication *)capsule;
>  	if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
>  		goto out;
>  
> -	*image = (uint8_t *)capsule + sizeof(auth_hdr->monotonic_count) +
> -		auth_hdr->auth_info.hdr.dwLength;
> -	*image_size = capsule_size - auth_hdr->auth_info.hdr.dwLength -
> -		sizeof(auth_hdr->monotonic_count);
>  	memcpy(&monotonic_count, &auth_hdr->monotonic_count,
>  	       sizeof(monotonic_count));
>  
> @@ -367,7 +394,7 @@ static efi_status_t efi_capsule_update_firmware(
>  {
>  	struct efi_firmware_management_capsule_header *capsule;
>  	struct efi_firmware_management_capsule_image_header *image;
> -	size_t capsule_size;
> +	size_t capsule_size, image_binary_size;
>  	void *image_binary, *vendor_code;
>  	efi_handle_t *handles;
>  	efi_uintn_t no_handles;
> @@ -429,13 +456,30 @@ static efi_status_t efi_capsule_update_firmware(
>  		}
>  
>  		/* do update */
> +		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
> +		    !(image->image_capsule_support &
> +				CAPSULE_SUPPORT_AUTHENTICATION)) {
> +			/* no signature */
> +			ret = EFI_SECURITY_VIOLATION;
> +			goto out;
> +		}
> +
>  		image_binary = (void *)image + sizeof(*image);
> -		vendor_code = image_binary + image->update_image_size;
> +		image_binary_size = image->update_image_size;
> +		vendor_code = image_binary + image_binary_size;
> +		if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
> +		    (image->image_capsule_support &
> +				CAPSULE_SUPPORT_AUTHENTICATION)) {
> +			ret = efi_remove_auth_hdr(&image_binary,
> +						  &image_binary_size);
> +			if (ret != EFI_SUCCESS)
> +				goto out;
> +		}
>  
>  		abort_reason = NULL;
>  		ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index,
>  					      image_binary,
> -					      image->update_image_size,
> +					      image_binary_size,
>  					      vendor_code, NULL,
>  					      &abort_reason));
>  		if (ret != EFI_SUCCESS) {
> -- 
> 2.31.0
>