Message ID | 1526441029-3798-1-git-send-email-brett.grandbois@opengear.com |
---|---|
State | Accepted |
Headers | show |
Series | discover/boot: abort kexec on any error from validation | expand |
On Wed, 2018-05-16 at 13:23 +1000, Brett Grandbois wrote: > gpg_validate_boot_files() can return error codes for a variety of > reasons but kexec_load only aborts for signature or decryption failure. > In any other failure case like unable to open LOCKDOWN_FILE or do the > secure copy the validation is bypassed by an early return but kexec_load > does not abort. > > Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Thanks, merged as 1214247 > --- > discover/boot.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/discover/boot.c b/discover/boot.c > index 0da40e3..09e42f2 100644 > --- a/discover/boot.c > +++ b/discover/boot.c > @@ -76,13 +76,13 @@ static int kexec_load(struct boot_task *boot_task) > if (result == KEXEC_LOAD_DECRYPTION_FALURE) { > pb_log("%s: Aborting kexec due to" > " decryption failure\n", __func__); > - goto abort_kexec; > } > if (result == KEXEC_LOAD_SIGNATURE_FAILURE) { > pb_log("%s: Aborting kexec due to signature" > " verification failure\n", __func__); > - goto abort_kexec; > } > + > + goto abort_kexec; > } > > const char* local_initrd = (boot_task->local_initrd_override) ?
diff --git a/discover/boot.c b/discover/boot.c index 0da40e3..09e42f2 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -76,13 +76,13 @@ static int kexec_load(struct boot_task *boot_task) if (result == KEXEC_LOAD_DECRYPTION_FALURE) { pb_log("%s: Aborting kexec due to" " decryption failure\n", __func__); - goto abort_kexec; } if (result == KEXEC_LOAD_SIGNATURE_FAILURE) { pb_log("%s: Aborting kexec due to signature" " verification failure\n", __func__); - goto abort_kexec; } + + goto abort_kexec; } const char* local_initrd = (boot_task->local_initrd_override) ?
gpg_validate_boot_files() can return error codes for a variety of reasons but kexec_load only aborts for signature or decryption failure. In any other failure case like unable to open LOCKDOWN_FILE or do the secure copy the validation is bypassed by an early return but kexec_load does not abort. Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> --- discover/boot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)