discover/boot: abort kexec if lockdown file not present

Message ID 1526439311-17885-1-git-send-email-brett.grandbois@opengear.com
State Superseded
Headers show
Series
  • discover/boot: abort kexec if lockdown file not present
Related show

Commit Message

Brett Grandbois May 16, 2018, 2:55 a.m.
In gpg_validate_boot_files() after the check to verify that signed boot
is requested, the LOCKDOWN_FILE is then opened and if not accessible
then returns an error code.  The caller (kexec_load) is not checking for
that particular error code (KEXEC_LOAD_SIG_SETUP_INVALID) and will
proceed to kexec the image even though the validation has not been
performed.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
---
 discover/boot.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Brett Grandbois May 16, 2018, 3:16 a.m. | #1
Actually ignore this one Sam, there's a more general fix for this coming.


On 16/05/18 12:55, Brett Grandbois wrote:
> In gpg_validate_boot_files() after the check to verify that signed boot
> is requested, the LOCKDOWN_FILE is then opened and if not accessible
> then returns an error code.  The caller (kexec_load) is not checking for
> that particular error code (KEXEC_LOAD_SIG_SETUP_INVALID) and will
> proceed to kexec the image even though the validation has not been
> performed.
>
> Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
> ---
>   discover/boot.c | 4 ++++
>   1 file changed, 4 insertions(+)
>
> diff --git a/discover/boot.c b/discover/boot.c
> index 0da40e3..0042f96 100644
> --- a/discover/boot.c
> +++ b/discover/boot.c
> @@ -83,6 +83,10 @@ static int kexec_load(struct boot_task *boot_task)
>   				" verification failure\n", __func__);
>   			goto abort_kexec;
>   		}
> +		if (result == KEXEC_LOAD_SIG_SETUP_INVALID) {
> +			/* already logged */
> +			goto abort_kexec;
> +		}
>   	}
>   
>   	const char* local_initrd = (boot_task->local_initrd_override) ?

Patch

diff --git a/discover/boot.c b/discover/boot.c
index 0da40e3..0042f96 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -83,6 +83,10 @@  static int kexec_load(struct boot_task *boot_task)
 				" verification failure\n", __func__);
 			goto abort_kexec;
 		}
+		if (result == KEXEC_LOAD_SIG_SETUP_INVALID) {
+			/* already logged */
+			goto abort_kexec;
+		}
 	}
 
 	const char* local_initrd = (boot_task->local_initrd_override) ?