From patchwork Tue Oct 6 22:25:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1377691 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C5X9n4LDDz9sTD for ; Wed, 7 Oct 2020 09:26:05 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=k7hwE7nQ; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4C5X9n3qzvzDqGG for ; Wed, 7 Oct 2020 09:26:05 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0b-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=k7hwE7nQ; dkim-atps=neutral Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4C5X9V6CczzDqFh for ; Wed, 7 Oct 2020 09:25:49 +1100 (AEDT) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 096MCgY2156058 for ; Tue, 6 Oct 2020 18:25:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=OkHP0tgMQHC4SqJoC89oXuPuXuYjUQr4W0Gpi5NIVnA=; b=k7hwE7nQdvGjMRD1tx2E4rV6KVHsUocfkY4dAw3891RgLN38+2rb0Qimqzh5bnTkh4S2 EZwrbgcZKgwpmsTxYuokDoDtDvI1XhvgK3vigHvC/jZ4HjgBGMpivGKaNSXKXGke3wxO 1fZ7XtnZGPEmxm6E+oX5Fu+z6N+7PoTy8ntU6/wpDTZGsNFwG3M8L1pVHAyQoiDErAM3 0TFMVLYDFHDoRnPmdbesq7JsfSWtw6qnwPJ5T7gPFnrA0SUOWc5nc1myiLmIv9sfelI5 Eu2e6NsGIJY0iwxEmO7KgqNwgxo2CnmVyxcTjhNghCthqdJD/2mdsIcFMr6F3Gms1iJL fg== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 34116206xv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 06 Oct 2020 18:25:45 -0400 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 096MDXVL031240 for ; Tue, 6 Oct 2020 22:25:44 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma04ams.nl.ibm.com with ESMTP id 33xgx83n73-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 06 Oct 2020 22:25:43 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 096MPfhL22282514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 6 Oct 2020 22:25:41 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1EEB7A405F; Tue, 6 Oct 2020 22:25:41 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E88EA405B; Tue, 6 Oct 2020 22:25:40 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.163.45.154]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 6 Oct 2020 22:25:39 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 6 Oct 2020 17:25:37 -0500 Message-Id: <20201006222537.26119-1-erichte@linux.ibm.com> X-Mailer: git-send-email 2.21.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-06_14:2020-10-06, 2020-10-06 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 adultscore=0 mlxlogscore=601 malwarescore=0 lowpriorityscore=0 spamscore=0 suspectscore=1 mlxscore=0 priorityscore=1501 phishscore=0 clxscore=1015 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010060142 Subject: [Skiboot] [PATCH] libstb/secvar: remove hard stop if storage driver fails to initialize X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: klaus@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" If the storage driver failed to initialize, secvar would immediately terminate the boot. The original intent was to fail early, however this has proven to affect usability as it prevents the machine from being able to boot even to skiroot/petitboot. This patch instead causes secvar to halt at petitboot in secure-enforcing mode, without any keys or secvar support. Signed-off-by: Eric Richter --- doc/secvar/driver-api.rst | 8 ++++---- libstb/secvar/secvar_main.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/secvar/driver-api.rst b/doc/secvar/driver-api.rst index 32ca5785..80986910 100644 --- a/doc/secvar/driver-api.rst +++ b/doc/secvar/driver-api.rst @@ -57,10 +57,10 @@ intialization. This hook should perform any initialization logic required for the other hooks to operate. IMPORTANT: If this hook returns an error (non-zero) code, secvar will -immediately halt the boot. When implementing this hook, consider the -implications of any errors in initialization, and whether they may affect the -secure state. For example, if secure state is indeterminable due to some -hardware failure, this is grounds for a halt. +quit initializing, and instruct petitboot to halt the boot. When implementing +this hook, consider the implications of any errors in initialization, and +whether they may affect the secure state. For example, if secure state is +indeterminable due to some hardware failure, this is grounds for a halt. This hook should only be called once. Subsequent calls should have no effect, or raise an error. diff --git a/libstb/secvar/secvar_main.c b/libstb/secvar/secvar_main.c index 759d8ef4..e38ca967 100644 --- a/libstb/secvar/secvar_main.c +++ b/libstb/secvar/secvar_main.c @@ -46,7 +46,7 @@ int secvar_main(struct secvar_storage_driver storage_driver, */ rc = secvar_storage.store_init(); if (rc) - secureboot_enforce(); + goto fail; rc = secvar_storage.load_bank(&variable_bank, SECVAR_VARIABLE_BANK); if (rc)