discover/boot: abort kexec on any error from validation

Message ID 1526441029-3798-1-git-send-email-brett.grandbois@opengear.com
State Accepted
Headers show
Series
  • discover/boot: abort kexec on any error from validation
Related show

Commit Message

Brett Grandbois May 16, 2018, 3:23 a.m.
gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
---
 discover/boot.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Samuel Mendoza-Jonas May 23, 2018, 1:30 a.m. | #1
On Wed, 2018-05-16 at 13:23 +1000, Brett Grandbois wrote:
> gpg_validate_boot_files() can return error codes for a variety of
> reasons but kexec_load only aborts for signature or decryption failure.
> In any other failure case like unable to open LOCKDOWN_FILE or do the
> secure copy the validation is bypassed by an early return but kexec_load
> does not abort.
> 
> Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>

Thanks, merged as 1214247

> ---
>  discover/boot.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/discover/boot.c b/discover/boot.c
> index 0da40e3..09e42f2 100644
> --- a/discover/boot.c
> +++ b/discover/boot.c
> @@ -76,13 +76,13 @@ static int kexec_load(struct boot_task *boot_task)
>  		if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
>  			pb_log("%s: Aborting kexec due to"
>  				" decryption failure\n", __func__);
> -			goto abort_kexec;
>  		}
>  		if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
>  			pb_log("%s: Aborting kexec due to signature"
>  				" verification failure\n", __func__);
> -			goto abort_kexec;
>  		}
> +
> +		goto abort_kexec;
>  	}
>  
>  	const char* local_initrd = (boot_task->local_initrd_override) ?

Patch

diff --git a/discover/boot.c b/discover/boot.c
index 0da40e3..09e42f2 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -76,13 +76,13 @@  static int kexec_load(struct boot_task *boot_task)
 		if (result == KEXEC_LOAD_DECRYPTION_FALURE) {
 			pb_log("%s: Aborting kexec due to"
 				" decryption failure\n", __func__);
-			goto abort_kexec;
 		}
 		if (result == KEXEC_LOAD_SIGNATURE_FAILURE) {
 			pb_log("%s: Aborting kexec due to signature"
 				" verification failure\n", __func__);
-			goto abort_kexec;
 		}
+
+		goto abort_kexec;
 	}
 
 	const char* local_initrd = (boot_task->local_initrd_override) ?