From 9ef82e29478c76f17b536f8f289fd0406067ab01 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Wed, 25 Aug 2021 19:13:24 +0200 Subject: efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h index 4623a641427..2d97655e1f1 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -161,10 +161,13 @@ efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t * /** * efi_var_restore() - restore EFI variables from buffer * + * Only if @safe is set secure boot related variables will be restored. + * * @buf: buffer + * @safe: restoring from tamper-resistant storage * Return: status code */ -efi_status_t efi_var_restore(struct efi_var_file *buf); +efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe); /** * efi_var_from_file() - read variables from file -- cgit v1.2.3 From b191aa429e509ba6bf9eb446ae27b1a4fcd83276 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 26 Aug 2021 04:30:24 +0200 Subject: efi_loader: efi_auth_var_type for AuditMode, DeployedMode Writing variables AuditMode and DeployedMode serves to switch between Secure Boot modes. Provide a separate value for these in efi_auth_var_type. With this patch the variables will not be read from from file even if they are marked as non-volatile by mistake. Signed-off-by: Heinrich Schuchardt --- include/efi_variable.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/efi_variable.h b/include/efi_variable.h index 2d97655e1f1..0440d356bc8 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -12,6 +12,7 @@ enum efi_auth_var_type { EFI_AUTH_VAR_NONE = 0, + EFI_AUTH_MODE, EFI_AUTH_VAR_PK, EFI_AUTH_VAR_KEK, EFI_AUTH_VAR_DB, -- cgit v1.2.3 From db3ed2cf9c67ed6a0da0bab6e43edae90ced4bf2 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 3 Sep 2021 10:55:51 +0900 Subject: efi_loader: fix boot_service_capability_min calculation TCG EFI Protocol Specification requires to the input ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the vendor ID field. Current implementation does different calculation, let's fix it. Signed-off-by: Masahisa Kojima Reviewed-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- include/efi_tcg2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index b6b958da514..a8c43e415f3 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -127,8 +127,8 @@ struct efi_tcg2_boot_service_capability { efi_tcg_event_algorithm_bitmap active_pcr_banks; }; +/* up to and including the vendor ID (manufacturer_id) field */ #define boot_service_capability_min \ - sizeof(struct efi_tcg2_boot_service_capability) - \ offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks) #define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03" -- cgit v1.2.3 From 538c0f2d3798261161a28a05e445d0c85af56276 Mon Sep 17 00:00:00 2001 From: Masahisa Kojima Date: Fri, 3 Sep 2021 10:55:52 +0900 Subject: efi_loader: fix efi_tcg2_hash_log_extend_event() parameter check TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima Acked-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- include/efi_tcg2.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index a8c43e415f3..c99384fb005 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -28,6 +28,8 @@ #define EFI_TCG2_EXTEND_ONLY 0x0000000000000001 #define PE_COFF_IMAGE 0x0000000000000010 +#define EFI_TCG2_MAX_PCR_INDEX 23 + /* Algorithm Registry */ #define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 #define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 -- cgit v1.2.3