From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id A7E1AC43334
	for <u-boot@archiver.kernel.org>; Fri,  8 Jul 2022 09:15:00 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 8490F8458F;
	Fri,  8 Jul 2022 11:14:58 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="jRoKqBfn";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id B7A4D84580; Fri,  8 Jul 2022 11:14:56 +0200 (CEST)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com
 [IPv6:2a00:1450:4864:20::433])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 2FBD384580
 for <u-boot@lists.denx.de>; Fri,  8 Jul 2022 11:14:54 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-wr1-x433.google.com with SMTP id f2so24290552wrr.6
 for <u-boot@lists.denx.de>; Fri, 08 Jul 2022 02:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=rrWj7P1UBeWX/d19DCX3ENFSDV4M3pr4L0Q0g461fSs=;
 b=jRoKqBfnytKEoiYyadj4oaBLAqgoVWAazqaQnm6mqx738DAMnDw/d9jhgXP23HapAz
 ZCNO6hEikKqp4A5Kx++7u07Nlpv9NXsreDgiBWggOAXTfjcP3sWuXOnfV5GiovkQDQot
 z19nycxY5fZZoeuxaQg+3fnQSIc3ghwMa0uVCOPa06taJ8buEcOuV9rkpuaCH0Yr0jNV
 LCXUl9A9QewxMNIJS2nuSPVCJshIZ7EqLCQEsfrw9Ie8EjR/VLtrge2imC1puXOFs14B
 53OpMU20EA0TjAEDqHp9brJr+EBNyuG3p94FUTnDbe27k9mXj0irF6ig57lLj6mgSAtX
 IStA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=rrWj7P1UBeWX/d19DCX3ENFSDV4M3pr4L0Q0g461fSs=;
 b=I/4dxXpKQgcmNWdfuBXFJa4DMU0hapOrQYfJauVlUFvTmhUJFECcrkIDEUd8Lj+F03
 +qsjYXSH0dtCiSKxF0dZSZEcP+VYQre6dRNAYPDD1fdd1+PVQnJI21OKVtwzcfRf++I0
 jNWwj+DWlzOoH0hc+b+zVaDIBDMM0n8dyiCiLeuYQAc+qvJFu+zoJImVWWavaI4GSOb7
 gu6845OvVdICNv/GiCgwpUYlnblwb5pP8fTs35SSRmtPMUTDKJ2olL8qzQKbca5Axvek
 +g2fyGosFRPGIuZgIC6SighNuipCqQJ1vYOlemIi3K9VK5Ujxpnuo7xyNwSnw68FuS1I
 B2MQ==
X-Gm-Message-State: AJIora9yY1Wy4lNO9v5/apRPnHTP9E/v3AliIGL77LzJrm9AAhM+e8YN
 HN/BBBKu5OCtY8rk0IFZU+qNCA==
X-Google-Smtp-Source: AGRyM1tC8DZuPVmCrVo5ofAKlASmWtKl8QvWm1E+ZRh1IdMfz+K7Dx+TOKaeZPYAlSNQq5ZxekTijg==
X-Received: by 2002:a05:6000:2a9:b0:21d:7059:7156 with SMTP id
 l9-20020a05600002a900b0021d70597156mr2387206wry.90.1657271693698; 
 Fri, 08 Jul 2022 02:14:53 -0700 (PDT)
Received: from hades ([46.103.15.185]) by smtp.gmail.com with ESMTPSA id
 v3-20020adfedc3000000b0021d76a1b0e3sm8912761wro.6.2022.07.08.02.14.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 08 Jul 2022 02:14:53 -0700 (PDT)
Date: Fri, 8 Jul 2022 12:14:50 +0300
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Simon Glass <sjg@chromium.org>,
 Takahiro Akashi <takahiro.akashi@linaro.org>,
 Francois Ozog <francois.ozog@linaro.org>,
 Mark Kettenis <mark.kettenis@xs4all.nl>,
 Chris Morgan <macromorgan@hotmail.com>,
 Roland Gaudig <roland.gaudig@weidmueller.com>,
 Huang Jianan <jnhuang95@gmail.com>,
 Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>,
 Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: Re: [RFC PATCH 1/3] eficonfig: add UEFI Secure Boot Key enrollment
 interface
Message-ID: <Ysf1ilNmpZQN9+MP@hades>
References: <20220619052022.2694-1-masahisa.kojima@linaro.org>
 <20220619052022.2694-2-masahisa.kojima@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20220619052022.2694-2-masahisa.kojima@linaro.org>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

On Sun, Jun 19, 2022 at 02:20:20PM +0900, Masahisa Kojima wrote:
> This commit adds the menu-driven UEFI Secure Boot Key
> enrollment interface. User can enroll the PK, KEK, db
> and dbx by selecting EFI Signature Lists file.
> After the PK is enrolled, UEFI Secure Boot is enabled and
> EFI Signature Lists file must be signed by KEK or PK.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>  cmd/Makefile          |   3 +
>  cmd/eficonfig.c       |   3 +
>  cmd/eficonfig_sbkey.c | 202 ++++++++++++++++++++++++++++++++++++++++++
>  include/efi_config.h  |   3 +
>  4 files changed, 211 insertions(+)
>  create mode 100644 cmd/eficonfig_sbkey.c
> 
> diff --git a/cmd/Makefile b/cmd/Makefile
> index 0afa687e94..9d87b639fc 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -64,6 +64,9 @@ obj-$(CONFIG_CMD_EEPROM) += eeprom.o
>  obj-$(CONFIG_EFI) += efi.o
>  obj-$(CONFIG_CMD_EFIDEBUG) += efidebug.o
>  obj-$(CONFIG_CMD_EFICONFIG) += eficonfig.o
> +ifdef CONFIG_CMD_EFICONFIG
> +obj-$(CONFIG_EFI_SECURE_BOOT) += eficonfig_sbkey.o
> +endif
>  obj-$(CONFIG_CMD_ELF) += elf.o
>  obj-$(CONFIG_CMD_EROFS) += erofs.o
>  obj-$(CONFIG_HUSH_PARSER) += exit.o
> diff --git a/cmd/eficonfig.c b/cmd/eficonfig.c
> index e62f5e41a4..e6d2cba9c5 100644
> --- a/cmd/eficonfig.c
> +++ b/cmd/eficonfig.c
> @@ -1832,6 +1832,9 @@ static const struct eficonfig_item maintenance_menu_items[] = {
>  	{"Edit Boot Option", eficonfig_process_edit_boot_option},
>  	{"Change Boot Order", eficonfig_process_change_boot_order},
>  	{"Delete Boot Option", eficonfig_process_delete_boot_option},
> +#if (CONFIG_IS_ENABLED(EFI_SECURE_BOOT))
> +	{"Secure Boot Configuration", eficonfig_process_secure_boot_config},
> +#endif
>  	{"Quit", eficonfig_process_quit},
>  };
>  
> diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c
> new file mode 100644
> index 0000000000..a5c0dbe9b3
> --- /dev/null
> +++ b/cmd/eficonfig_sbkey.c
> @@ -0,0 +1,202 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + *  Menu-driven UEFI Secure Boot key maintenance
> + *
> + *  Copyright (c) 2022 Masahisa Kojima, Linaro Limited
> + */
> +
> +#include <ansi.h>
> +#include <common.h>
> +#include <charset.h>
> +#include <hexdump.h>
> +#include <log.h>
> +#include <malloc.h>
> +#include <menu.h>
> +#include <efi_loader.h>
> +#include <efi_config.h>
> +#include <efi_variable.h>
> +#include <crypto/pkcs7_parser.h>
> +
> +static bool is_secureboot_enabled(void)
> +{
> +	efi_status_t ret;
> +	u8 secure_boot;
> +	efi_uintn_t size;
> +
> +	size = sizeof(secure_boot);
> +	ret = efi_get_variable_int(u"SecureBoot", &efi_global_variable_guid,
> +				   NULL, &size, &secure_boot, NULL);
> +
> +	return secure_boot == 1;
> +}
> +
> +static efi_status_t eficonfig_process_enroll_key(void *data)
> +{
> +	u32 attr;
> +	char *buf = NULL;
> +	efi_uintn_t size;
> +	efi_status_t ret;
> +	struct efi_file_handle *f;
> +	struct efi_file_handle *root;
> +	struct eficonfig_select_file_info file_info;
> +
> +	file_info.current_path = calloc(1, EFICONFIG_FILE_PATH_BUF_SIZE);
> +	if (!file_info.current_path)
> +		goto out;
> +
> +	ret = eficonfig_select_file_handler(&file_info);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	ret = efi_open_volume_int(file_info.current_volume, &root);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	ret = efi_file_open_int(root, &f, file_info.current_path, EFI_FILE_MODE_READ, 0);
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	size = 0;
> +	ret = EFI_CALL(f->getinfo(f, &efi_file_info_guid, &size, NULL));
> +	if (ret != EFI_BUFFER_TOO_SMALL)
> +		goto out;
> +
> +	buf = calloc(1, size);
> +	if (!buf) {
> +		ret = EFI_OUT_OF_RESOURCES;
> +		goto out;
> +	}
> +	ret = EFI_CALL(f->getinfo(f, &efi_file_info_guid, &size, buf));
> +	if (ret != EFI_SUCCESS)
> +		goto out;
> +
> +	size = ((struct efi_file_info *)buf)->file_size;
> +	free(buf);

You should set buf to NULL here. 

> +
> +	buf = calloc(1, size);
> +	if (!buf)
> +		goto out;
> +
> +	ret = efi_file_read_int(f, &size, buf);
> +	if (ret != EFI_SUCCESS || size == 0)
> +		goto out;
> +
> +	attr = EFI_VARIABLE_NON_VOLATILE |
> +	       EFI_VARIABLE_BOOTSERVICE_ACCESS |
> +	       EFI_VARIABLE_RUNTIME_ACCESS |
> +	       EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
> +	/* PK can enroll only one certificate */
> +	if (u16_strcmp(data, u"PK")) {
> +		efi_uintn_t db_size = 0;
> +
> +		/* check the variable exists. If exists, add APPEND_WRITE attribute */
> +		ret = efi_get_variable_int(data, efi_auth_var_get_guid(data), NULL,
> +					   &db_size, NULL,  NULL);
> +		if (ret == EFI_BUFFER_TOO_SMALL)
> +			attr |= EFI_VARIABLE_APPEND_WRITE;
> +	}
> +

Why are we appending? Shouldn't we always overwrite the platform key?

> +	ret = efi_set_variable_int((u16 *)data, efi_auth_var_get_guid((u16 *)data),
> +				   attr, size, buf, false);
> +	if (ret != EFI_SUCCESS) {
> +		eficonfig_print_msg("ERROR! Fail to update signature database");
> +		goto out;
> +	}
> +
> +out:
> +	free(file_info.current_path);
> +	free(buf);
> +
> 
[...]

Thanks
/Ilias