discover/boot: abort kexec on any error from validation

Message ID	1526441029-3798-1-git-send-email-brett.grandbois@opengear.com
State	Accepted
Headers	show Return-Path: <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Brett Grandbois <brett.grandbois@opengear.com> To: petitboot@lists.ozlabs.org Subject: [PATCH] discover/boot: abort kexec on any error from validation Date: Wed, 16 May 2018 13:23:49 +1000 Message-Id: <1526441029-3798-1-git-send-email-brett.grandbois@opengear.com> MIME-Version: 1.0 Received-SPF: None (protection.outlook.com: opengear.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR1501MB2056; 23:4gB3EG952oPbXG++Jx+2px64XJjSUgfMQj1324z?= f7HF5zzMMC3bVG/e8PN8jq/7OxtHSzN+s4Iu6MJwT+wpuZhm/enNtRi17v4wbWNAjl+1q+8ef4ro0q1bGvN654SZCOXBccuy2WHtGc8EBxAtWd3XvuasIS3ozX0h7t6lSiAoDh+/G1QDUcTrWo6NVqi2PJGF6msxgWdnpo0PzCMYTp6yAXOZlCWlNcpwgg3Kkw7aGLvON9vHmWUQFUfnAIAeEvH24/DOIH58ER6D7hvP1nJ0gywAKtSqg9stv7JhgsPEjamakDTE+oTMmKpjfWlLJnjzYlrLi3JOEVY5Bfa1saBLCsGBau2Lwezmi7EE+vh9epxar4DBevMOzVZfBuoX6FkZACUD4fb7DtTj+qkW5IUMDETGJqVkKUL6VUt5SCtmMMoXGb1hOwb94ZW8v8gqPp0yMuL19QYuJS4+R/7zMoNsw89l6Lj+5KvU/D3UGgiiXhoQ6yLiD82JJzvcne/PY4rdkRnVl84lw6fyMODyc6t2SG3YaFIuiS0Lq7WjitFgV4IZMzfAEjDpGDzn2aDcsFIGz6lSRLY1YYYxRKf8U3LQ2NeTL+aT0JTwdLN3yvY8uyF1p3N6SWcp0NIhN9boAbVynUmDys2wRMCGxrGDpY5ABcNAq+R7D3rAQS96pTcqTrLf3UK8sD4+hO0bI5utKJ8n8AZeyVvGc89t7sRjO4pvOcc+0ztJ1tY0ZNyxfk25sSD1u+qyo5XBjDUK/LTFpNVKp4PorGkXRswNHi7iCKaamKkRTuWKDaB2ZxwmYLBGXoo6T8Jr/7DRH+IO9ffP9Y4Vq4deSiKnSi2s0j4HSfL5ktxnbc/WKxyIBFs3BmeAApt0SEHa6b31OoVNICYMVxW2OAXiDkF9uGjNJV2/AoxbwKVs4mej4zlhU5PoD1ImCL+8vbg1Rwsoyg/VgLkLdtMCNT/jBvynzBOYgvzKyniIcW+WnnkxmFWVdcvBsBtUy8M/WSmJ/K31xI+y5gnpYjZFjdQz9nkcYes7nnyFDPztxP8hQwk4mV7pnVPOSdZI5BdRr4hEFb7x5T5l2YGIIiwAr/CjwDxf9pZIOwiVRfNJnsMMnZhtkCplph7S24S63ao5CCSIBDNXy0If2EEXDqAcSaScqqoEb9uFG9WGbD4/S3Ut+BcRFO1J4M283LdqvWB2WWFb/zKJhsWSCyTxwYLkIHuwCncx4vIpixHtaLjeb2nDDY75ReS9o5sEZZeLyMl/jZQPYpRCLmNF2r5+8 X-Microsoft-Antispam-Message-Info: G3EVAroNJ1yr7ZAq/Dooekft2hmI8+WyQpXCRrLAfbnn87U5nN7A0FyI0YYVa47aVZOrKHVYC6Hew+f+NmU2IMwe4C2JkjlBcQDxr65U9pkaJm1iD1dRmWC8PLkUC6vDm6eImoRmbvbIMyhJ5AAM8ILYG8aihf/qk79kRtzMghCiQfUEdrIBtteweonY/a5H X-Microsoft-Exchange-Diagnostics: 1; DM5PR1501MB2056; 6:tx+b0c8sKagP7kMtsKmFuYSp60hPUoozuiRt8Rlp1xXWYTVe8GH/Ga+40juRavOM0iRD6NwjT8nKNw3I4s7T3/LiQyamNoCb5cH2n2+Gdlm0KCxbX2R89XtjvWZTJHVlTn9Ro0cY74KNkNkMVKZive2Mu8WnzivMF9LSNViZBJBkqfBRA8sgKY+h9bND8TbtBf2gakidt1aUT9keCF6WIbKL6X/u9aV84KC8QTzygb0yrfQAvsefUeRhQrnvqavL/CKR28Mx9m8KlJDGh0RN3HmrghTLcn0njs6B82pWfORAqMXjBaI6Km5ZOdUFoTrxt6k4CgPrfrtKy50MHzvslzZ/d1RD9Yoq6YvMWZtYci9P/RlbBJhkTYsWHy10j5W2+MTcqRg0BUu6pdsCeznj/3TwyOfZ6hAAniNDrefFIcHB7Yjx7h+KheUq0fACbw1Yl/juNdxYtLwz8xNtmUjwuA==; 5:aU2Eso5Hh5aE3K9oBz5j525cnp2EZLMR2NsL/bWMouvoeFmFwAZPRsCQ4grXeLNiNGpGpNL0PsgGeLyF16bAa2eijqPPfnD9ri8tPnOIMxVNlOUtDZEcsAs6DHu7+gpF7hyZ9xMSWnn6c8xprKL3QybguF3HeJaAcfimNa8quNE=; 24:G/Rvc0f7ZMroKNvVPIhui1LeSxW9NRA9bG15P6TDrm0w7NmFRgAMAFnZgvzkMeapUftkNe9qrlpBB2nw4Z2etux+7r2jL980dzEn7mMUzMM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR1501MB2056; 7:DiCmbEHHnd88zFqarFJJooPJGMNaH5laBqCsUh5USJ+QspgwXFqNkiefensJHAqcXYIAh2OZh2V5h2ysOKo5tTPFRIR9WDIgc51tIOoXSMfheDe4IGxxFxPaeeTMIrbRUgv87RZ/nZaJOhQl74RD7h1Y/AIX27WRKdwS0QHdjjT5p8s5Kqkchlc3B3xMf9P/W/P2zwOFwM+Pzm9PYbz7LIqmj3DHj7CsKHjU6vK5d/tlFxPI83z2esxaPO3TDpg2 X-MS-Office365-Filtering-Correlation-Id: b8b74244-becb-45b6-dffc-08d5badc7e71 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" <petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	discover/boot: abort kexec on any error from validation \| expand discover/boot: abort kexec on any error from validation

Message ID

1526441029-3798-1-git-send-email-brett.grandbois@opengear.com

State

Accepted

Headers

From: Brett Grandbois <brett.grandbois@opengear.com>
To: petitboot@lists.ozlabs.org
Subject: [PATCH] discover/boot: abort kexec on any error from validation
Date: Wed, 16 May 2018 13:23:49 +1000
Message-Id: <1526441029-3798-1-git-send-email-brett.grandbois@opengear.com>
MIME-Version: 1.0
Received-SPF: None (protection.outlook.com: opengear.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2018 03:24:11.2256
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b8b74244-becb-45b6-dffc-08d5badc7e71
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: a6251c26-d21f-4164-a225-1f4eaebf5f9a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1501MB2056
X-BeenThere: petitboot@lists.ozlabs.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Petitboot bootloader development <petitboot.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/petitboot/>
List-Post: <mailto:petitboot@lists.ozlabs.org>
List-Help: <mailto:petitboot-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/petitboot>,
	<mailto:petitboot-request@lists.ozlabs.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "Petitboot"
	<petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

discover/boot: abort kexec on any error from validation | expand

Commit Message

Grandbois, Brett May 16, 2018, 3:23 a.m. UTC

gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
---
 discover/boot.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Sam Mendoza-Jonas May 23, 2018, 1:30 a.m. UTC | #1

On Wed, 2018-05-16 at 13:23 +1000, Brett Grandbois wrote:
> gpg_validate_boot_files() can return error codes for a variety of
> reasons but kexec_load only aborts for signature or decryption failure.
> In any other failure case like unable to open LOCKDOWN_FILE or do the
> secure copy the validation is bypassed by an early return but kexec_load
> does not abort.
> 
> Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>

Thanks, merged as 1214247

> ---
>  discover/boot.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/discover/boot.c b/discover/boot.c
> index 0da40e3..09e42f2 100644
> --- a/discover/boot.c
> +++ b/discover/boot.c
> @@ -76,13 +76,13 @@ static int kexec_load(struct boot_task *boot_task)
>  		if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
>  			pb_log("%s: Aborting kexec due to"
>  				" decryption failure\n", __func__);
> -			goto abort_kexec;
>  		}
>  		if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
>  			pb_log("%s: Aborting kexec due to signature"
>  				" verification failure\n", __func__);
> -			goto abort_kexec;
>  		}
> +
> +		goto abort_kexec;
>  	}
>  
>  	const char* local_initrd = (boot_task->local_initrd_override) ?

diff --git a/discover/boot.c b/discover/boot.c
index 0da40e3..09e42f2 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -76,13 +76,13 @@  static int kexec_load(struct boot_task *boot_task)
 		if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
 			pb_log("%s: Aborting kexec due to"
 				" decryption failure\n", __func__);
-			goto abort_kexec;
 		}
 		if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
 			pb_log("%s: Aborting kexec due to signature"
 				" verification failure\n", __func__);
-			goto abort_kexec;
 		}
+
+		goto abort_kexec;
 	}
 
 	const char* local_initrd = (boot_task->local_initrd_override) ?

discover/boot: abort kexec on any error from validation

Commit Message

Comments

Patch