discover/boot: abort kexec if lockdown file not present

Message ID	1526439311-17885-1-git-send-email-brett.grandbois@opengear.com
State	Superseded
Headers	show Return-Path: <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Brett Grandbois <brett.grandbois@opengear.com> To: petitboot@lists.ozlabs.org Subject: [PATCH] discover/boot: abort kexec if lockdown file not present Date: Wed, 16 May 2018 12:55:11 +1000 Message-Id: <1526439311-17885-1-git-send-email-brett.grandbois@opengear.com> MIME-Version: 1.0 Received-SPF: None (protection.outlook.com: opengear.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR1501MB2054; 23:G9aazagEaGzteAFN9c2Ra5fqXW+FKMVzWnQTQ0q?= to/5Y1GbxsnTA3/iuRPhrA6MJNdv+7TLdCvGLd6T+he+AiOAsI7afSVzd9S9eFSxf8iVb+5dxOPC/Liqa9/R/4YjgjdvVZpttW4P0qUgy23iahdfW0ndPycFxU2KfLDlX/WEqqG4a5lhNgLALZ6oUJLdP+CzsjtWPZCthNYtzqoKNfBVfd3bFD9/aJKiWn6oXunI7tK/YQxbx2wQu7jSpl/a4lWezRvBiF0l2lOUS0i9i0LR0k2JFXg1eLURA57ImPZObbeR27spAKsXcO2Kr3M1ZKfTx0dwzafp2v0IvG6z8r/QG+QgZtE/jFLWAg/RxZ/yw8tS5OZZw/iaPur6hB7PYzMgCNi/Q7MBael5riLbSh1netbMSIJeDKb7HwAT7hXjdTxRqqPOmiYBQ9RyG2x9ckBWs0oAxJawaoRcqbH11oe+DPDX44m9N3sY4eIhi9+i5N7VCkqcdvyhP2+E+uOpw8A+qQOFdEwb0eb8+I+I/Wfz8ZwCXOs8798SZ6Nl0O3CSsN/BYBEXRKkLKuIvaBvvCzqF2YeEuak0l2WSBj1TNcAXtpXt3NDtxjjtd+gealyFwgo99wAfCJuObM6Ijrx11ZYOS4WUo576ca3aTqUM3JX+5Eenn9tJmGdRq6hoOdYftC7fw1QC1odRJ8wQ70BF9LCVgd8CC4K51lua8Sed/N8FoeaWwlydTKADdiZFuwTVRVqGEAZHE5hA4Wx6B1ihOUh12vsoFGy53zd49niyKQ1Vpq6nkE+TNJtFpGB1lrr4vwMx7Fk4vnv2W4VtH58dx6lhtaGjvHjHqLYnB981yaWHkQcZdJ4x1c+gBF6Lte+r/bsdiKn/+5NLwUlpCIZwxhjUsw+ZgwOcQcQe1SegSBlZybXfPd78G7cE2kdaTLl/Wk0ng5XFNgeRYz4SK7+TSqfIT3yTJts+TP4lvmZPukO/NxRebPUfgIssaHJfRBbGG8eUhDdrhk6WVIJWbx6JgiTx7ZdxLSG0PiVDJ9nTaQcS9nTRBaRm12VM/s4v8r6rTq7yofgNyPG1v9xVGCimkDhiU1O1QG1mznbVByF8T20YX66nGt/hC/90PFN2SZ5NKb8aNgu3ppeRwGYpMWogG+DS8eCqZRyDDzaY++910yI94eQK+xSy7dnsrJcs72cGrCqpTZ0rcYWWlpNkLjLdtbi+gv5azBhFwF24Zn+ziMC3p4XY5LvnLkMoBxhOGEllNGctzkuzcN4HUdjnb+T1 X-Microsoft-Antispam-Message-Info: LJAKZLnQfZLNi2iosX2sIATgnwC/RLWf4ckVeOj5PSKlbzu1j60UeqNMc4LkBQQAQhsgMYvUgaWuyjD2gcSSPpRaKr0dEWkOzgMhZUjXNISTdLYe3tLTUGl6BLuC/28J5ydYhme4Flfg4ZJ4QnTf5sT4ShHVCEiPw6DfBq3EaRx+fqBxURIOmGgop/9gkWgH X-Microsoft-Exchange-Diagnostics: 1; DM5PR1501MB2054; 6:C8tz116wlB3Jq33yJm4LoWlMJOjqP+V4LStLBQUdXhXX5MGX4Xhb4feXIxORg0r1FtkqZ/V3zClD5WPcwNjmV33uZkPE1KmBcPFKe+tm2sWCsxap4YVPe8wwGSBbSt5LZp9REORm11j2fF5on87t03eDpGBC5Plt3kUzh6woTSQ6bA/AvgDe8oHbEfUhpj6XGVwot2iLO8x7l7/ORienKFzDr6M5ocyNP8MREfLaT1CB+pmyqBnzQyUTTkW7aLuxbC+EnRDCzCJk8XTT1oJ9urbDZq8839Z7RXtx0EoqjB/b3qW8jWj1ym2GzjROZLlf26MuRUSEZMWprowRl3ln6Ldaa8Uq8nefZVApc3fQDPsCpF+N4J3FxxL+nOTRa34wQLon4FOo97rbYjKuqD5x7ywckmezhDdfQGu26G32ryQyNANIXsBHMylg0D0gxaopCP3r1wqbi/i+z6h0GjkbeA==; 5:O7ba+CKPkn1W386HyLf9y8cipygcmgyE4R8B7/uQ1NkZ1N+ukejHYz7GQ+rnfW6r5WZd4kZr52ugUqDXwHqw6f1PYcWzUptfTHT4L6Q6wKx8FknbeWWjjtawHZvASyyLG/fsH6Mwr+PB8K0heexB+ePu13C3liHfig+dHi77RjI=; 24:0Np3MU2zTfCzgfswTpxZibJR5DKLX10O2a20Rxjk1SAsysrhcLP0hEQM4kkOX4M+pbLzlFFMcxkud/kD2mK7TedvCtDkNza8vfo66+gDlpc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR1501MB2054; 7:wKFjdPHXpI4PP9J0mQVHfGuSL2jQ0pJvhzV8Tc3cs9jtPaLkycIdmusaf7RPlZy6oD2VEtBnNyhAiNBitpAV9smL2U+oA8SdxlsZByAZ6pNQpYdZRH/ji+t+yttp5urVLPrLYmnB+iiJehhiWJWOsOSKMZNKVQu1of4kpt4j7F6vj/fEOyoqo1zTNEPFc9wAn81fnol7rWaVRh7ZRNyORMSN0r3EztcBEtfE5j8qOjoK51VG/p/M69osB43KAo5A X-MS-Office365-Filtering-Correlation-Id: e4a2e103-7273-4bc0-ebc0-08d5bad879f1 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	discover/boot: abort kexec if lockdown file not present \| expand discover/boot: abort kexec if lockdown file not present

Message ID

1526439311-17885-1-git-send-email-brett.grandbois@opengear.com

State

Superseded

Headers

From: Brett Grandbois <brett.grandbois@opengear.com>
To: petitboot@lists.ozlabs.org
Subject: [PATCH] discover/boot: abort kexec if lockdown file not present
Date: Wed, 16 May 2018 12:55:11 +1000
Message-Id: <1526439311-17885-1-git-send-email-brett.grandbois@opengear.com>
MIME-Version: 1.0
Received-SPF: None (protection.outlook.com: opengear.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2018 02:55:25.7674
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e4a2e103-7273-4bc0-ebc0-08d5bad879f1
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: a6251c26-d21f-4164-a225-1f4eaebf5f9a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1501MB2054
X-BeenThere: petitboot@lists.ozlabs.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Petitboot bootloader development <petitboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/petitboot/>
List-Post: <mailto:petitboot@lists.ozlabs.org>
List-Help: <mailto:petitboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Petitboot"
	<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

discover/boot: abort kexec if lockdown file not present | expand

Commit Message

Grandbois, Brett May 16, 2018, 2:55 a.m. UTC

In gpg_validate_boot_files() after the check to verify that signed boot
is requested, the LOCKDOWN_FILE is then opened and if not accessible
then returns an error code.  The caller (kexec_load) is not checking for
that particular error code (KEXEC_LOAD_SIG_SETUP_INVALID) and will
proceed to kexec the image even though the validation has not been
performed.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
---
 discover/boot.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Grandbois, Brett May 16, 2018, 3:16 a.m. UTC | #1

Actually ignore this one Sam, there's a more general fix for this coming.


On 16/05/18 12:55, Brett Grandbois wrote:
> In gpg_validate_boot_files() after the check to verify that signed boot
> is requested, the LOCKDOWN_FILE is then opened and if not accessible
> then returns an error code.  The caller (kexec_load) is not checking for
> that particular error code (KEXEC_LOAD_SIG_SETUP_INVALID) and will
> proceed to kexec the image even though the validation has not been
> performed.
>
> Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
> ---
>   discover/boot.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/discover/boot.c b/discover/boot.c
> index 0da40e3..0042f96 100644
> --- a/discover/boot.c
> +++ b/discover/boot.c
> @@ -83,6 +83,10 @@ static int kexec_load(struct boot_task *boot_task)
>   				" verification failure\n", __func__);
>   			goto abort_kexec;
>   		}
> +		if (result == KEXEC_LOAD_SIG_SETUP_INVALID) {
> +			/* already logged */
> +			goto abort_kexec;
> +		}
>   	}
>   
>   	const char* local_initrd = (boot_task->local_initrd_override) ?

diff --git a/discover/boot.c b/discover/boot.c
index 0da40e3..0042f96 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -83,6 +83,10 @@  static int kexec_load(struct boot_task *boot_task)
 				" verification failure\n", __func__);
 			goto abort_kexec;
 		}
+		if (result == KEXEC_LOAD_SIG_SETUP_INVALID) {
+			/* already logged */
+			goto abort_kexec;
+		}
 	}
 
 	const char* local_initrd = (boot_task->local_initrd_override) ?

discover/boot: abort kexec if lockdown file not present

Commit Message

Comments

Patch