From patchwork Tue Jun 9 05:09:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1305556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=llv0OIu4; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49gyqg3xk5z9sRK for ; Tue, 9 Jun 2020 15:10:23 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EECF2813B3; Tue, 9 Jun 2020 07:10:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="llv0OIu4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id D5BBC813B7; Tue, 9 Jun 2020 07:10:08 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0285D8066F for ; Tue, 9 Jun 2020 07:10:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x643.google.com with SMTP id x11so7561618plv.9 for ; Mon, 08 Jun 2020 22:10:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mv9dENX9dZSsDSUZ2KxlBpHtNRW7t7el2j0du5s7yoY=; b=llv0OIu4mJcfX4oSfaADUO7xRd5txaAtPabSRxvFIGYrZ3udOMfkP1fo1tCG6mYRnw w7uaJFfs4OEFIfLEHdce0zoh342Dtg3zx+eV5f14cyyMap5CxHG43lbXcupqOZikT6EH 41RVFwHmOr7gVVs+/jCN6Zx7aPXE2GAW5J7woudzYtxXRpcWW1tdOEGGc1LIU/TcSxJc H/IZCXM3sdFCAGumJ4TBQPOZYqmdn4W72WXd+1m/+ZZHsmjhFeZU2P/ur38aGJm9s0NW gF7bVvc/DlS1PmIb4Hjf+jX3b3YHd+gz5Zhcz7Q+stwjPhZFEYIvQ26XcU0ZE3wsnPpa KVkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=mv9dENX9dZSsDSUZ2KxlBpHtNRW7t7el2j0du5s7yoY=; b=VTXB737hrPzNEGDUAtaZXOIGmgybZXZ4b9xZ+4uAld5+F0vk9i0IMKnCK73V0tUVu1 BKdACjEd+0LjM+LSHefNdvV1upYI1CRnzwzsBu9rm4eBzKrQPCNEmUdYry0q5r/e3XQO r7OoRi7UP1po+yoi7wCeovIPe0UihTjID7IUQ9UE+cq0Fu0ByTsrdDhHfxFhyaeQbN9v FVCfL6vDedAvRSDNHqaeP4IQXOZzMnDP3qLhpUUVr+Rw/ZyL2lmiDPwyhu4ig3Jedm/8 UbpqUCnSV7vNaWo+RgouElozPklaxYxe726h6Zsqk/dpp9AjEXS8TmOuulZu3eZO7C9g sqhQ== X-Gm-Message-State: AOAM532PJKQzCWN3EWCWiZ9EDe5al01uF+KJO5MaotxCW72yYB1qu4od YOrtpBy/4yNu2hh16YPCmy8yBw== X-Google-Smtp-Source: ABdhPJy7x/IuoZcwHTpZ7Jx8QtTOkyNLnXsZCtI0ep+S5XtW5wscLvPpuycHwtvkYaQy7JCgXHPguQ== X-Received: by 2002:a17:90a:cb8d:: with SMTP id a13mr2809920pju.175.1591679401550; Mon, 08 Jun 2020 22:10:01 -0700 (PDT) Received: from localhost.localdomain (p6e421564.tkyea130.ap.so-net.ne.jp. [110.66.21.100]) by smtp.gmail.com with ESMTPSA id p11sm8958611pfq.10.2020.06.08.22.09.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 22:10:00 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: sughosh.ganu@linaro.org, mail@patrick-wildt.de, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH v2 00/17] efi_loader: rework/improve UEFI secure boot code Date: Tue, 9 Jun 2020 14:09:30 +0900 Message-Id: <20200609050947.17861-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.2 at phobos.denx.de X-Virus-Status: Clean Summary ======= I'm currently working on reworking UEFI secure boot, aiming to add "intermediate certificates" support. In this effort, I found a couple of issues that should immediately be fixed or useful improvements even without intermediate certificates support. Each commit in this patch series has self-explained description of the issue to be addressed. While they are independent in terms of functionality, they are compiled in a set since the one may depend on the other in terms of code change overlap. All the changes can and should be merged at once for best convenience. I hope that I will post intermediate certificates support sometime in the next week. Patch structure =============== Patch#1-#5,#9: rather preparatory patches Patch#6-#8,#10-#11: main commits Patch#12-#17: pytests Patch#15-#16 for Patch#10 Patch#17 for Patch#11 Prerequisite ============ The version of "sbsign" command must be 0.7 or higher to sign an image with multiple signatures. It is required here for testing. Test ==== - The added new pytests in test_signed.py passed locally. - Travis CI passed, except Test Case 5 for signed image (test_efi_signed_image_auth5) because the version of "sbsign" command is old and it doesn't support multiple signatures. v2 (Jun 9, 2020) * on top of v2020.07-rc4 * add patch#1,#2 to remove unnecessary hacks in pytest * use EFI_PRINT() instead of debug() everywhere (patch#3-#5) * fix a verification logic so that we should reject an image if, at least, one of signaures be verified by dbx. New efi_signature_verify_one() has a main role. (patch#10) * use "llu" format instead of "llx" to print out the revocation time (patch#10) * add some description about verification logic against multiple signatures (patch#11) v1 (May 29, 2020) * initial release AKASHI Takahiro (17): efi_loader: change efi objects initialization order Revert "test: stabilize test_efi_secboot" efi_loader: signature: replace debug to EFI_PRINT efi_loader: variable: replace debug to EFI_PRINT efi_loader: image_loader: replace debug to EFI_PRINT efi_loader: image_loader: add a check against certificate type of authenticode efi_loader: image_loader: retrieve authenticode only if it exists efi_loader: signature: fix a size check against revocation list efi_loader: signature: make efi_hash_regions more generic efi_loader: image_loader: verification for all signatures should pass efi_loader: image_loader: add digest-based verification for signed image test/py: efi_secboot: remove all "re.search" test/py: efi_secboot: fix test case 1g of test_authvar test/py: efi_secboot: split "signed image" test case-1 into two cases test/py: efi_secboot: add a test against certificate revocation test/py: efi_secboot: add a test for multiple signatures test/py: efi_secboot: add a test for verifying with digest of signed image include/efi_loader.h | 15 +- lib/efi_loader/efi_image_loader.c | 210 ++++--- lib/efi_loader/efi_setup.c | 7 +- lib/efi_loader/efi_signature.c | 512 +++++++++--------- lib/efi_loader/efi_variable.c | 27 +- test/py/tests/test_efi_secboot/conftest.py | 24 +- .../py/tests/test_efi_secboot/test_authvar.py | 91 ++-- test/py/tests/test_efi_secboot/test_signed.py | 212 ++++++-- .../tests/test_efi_secboot/test_unsigned.py | 38 +- 9 files changed, 696 insertions(+), 440 deletions(-)