lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1340629939-30048-1-git-send-email-pjones@redhat.com>
Date:	Mon, 25 Jun 2012 09:12:19 -0400
From:	Peter Jones <pjones@...hat.com>
To:	Matthew Garrett <mjg@...hat.com>
Cc:	linux-kernel@...r.kernel.org, Peter Jones <pjones@...hat.com>
Subject: [PATCH] Support UEFI variable append and deleting authenticated variables.

This adds support for appending to all UEFI variables, and also for
deleting authentication variables.

Signed-off-by: Peter Jones <pjones@...hat.com>
---
 drivers/firmware/efivars.c |   99 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 94 insertions(+), 5 deletions(-)

diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
index 47408e8..b12a2f0 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
@@ -108,6 +108,27 @@ struct efi_variable {
 	__u32         Attributes;
 } __attribute__((packed));
 
+struct win_certificate {
+	__u32	dwLength;
+	__u16	wRevision;
+	__u16	wCertificateType;
+	__u8	wCertificate[];
+};
+
+struct win_certificate_uefi_guid {
+	struct win_certificate	Hdr;
+	efi_guid_t		CertType;
+};
+
+struct efi_variable_authentication {
+	__u64					MonotonicCount;
+	struct win_certificate_uefi_guid	AuthInfo;
+};
+
+struct efi_variable_authentication_2 {
+	efi_time_t				TimeStamp;
+	struct win_certificate_uefi_guid	AuthInfo;
+};
 
 struct efivar_entry {
 	struct efivars *efivars;
@@ -802,6 +823,54 @@ static struct pstore_info efi_pstore_info = {
 	.erase		= efi_pstore_erase,
 };
 
+static int is_authenticated_delete(struct efi_variable *new_var)
+{
+	/* If we get a set_variable() call that's got an authenticated
+	 * variable attribute set, and its DataSize is the same size as
+	 * the AuthInfo descriptor, then it's really a delete. */
+	if (new_var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {
+		struct efi_variable_authentication *eva;
+		__u32 size;
+
+		if (new_var->DataSize <
+				sizeof(struct efi_variable_authentication))
+			return 0;
+
+		eva = (struct efi_variable_authentication *)new_var->Data;
+
+		/* 27.2.4 says:
+		 * dwLength: The length of the entire certificate, including
+		 *           the length of the header, in bytes.
+		 */
+		size = sizeof(eva->AuthInfo.CertType) +
+		       eva->AuthInfo.Hdr.dwLength;
+
+		if (size == new_var->DataSize)
+			return 1;
+	} else if (new_var->Attributes
+			& EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
+		struct efi_variable_authentication_2 *eva;
+		__u32 size;
+
+		if (new_var->DataSize <
+				sizeof(struct efi_variable_authentication_2))
+			return 0;
+
+		eva = (struct efi_variable_authentication_2 *)new_var->Data;
+
+		/* 27.2.4 says:
+		 * dwLength: The length of the entire certificate, including
+		 *           the length of the header, in bytes.
+		 */
+		size = sizeof(eva->AuthInfo.CertType) +
+		       eva->AuthInfo.Hdr.dwLength;
+
+		if (size == new_var->DataSize)
+			return 1;
+	}
+	return 0;
+}
+
 static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
 			     struct bin_attribute *bin_attr,
 			     char *buf, loff_t pos, size_t count)
@@ -812,6 +881,8 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
 	unsigned long strsize1, strsize2;
 	efi_status_t status = EFI_NOT_FOUND;
 	int found = 0;
+	int is_append = 0;
+	int is_delete = 0;
 
 	if (!capable(CAP_SYS_ADMIN))
 		return -EACCES;
@@ -839,11 +910,20 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
 			break;
 		}
 	}
-	if (found) {
+	if (new_var->Attributes & EFI_VARIABLE_APPEND_WRITE) {
+		if (!found) {
+			spin_unlock(&efivars->lock);
+			return -EINVAL;
+		}
+		is_append = 1;
+	} else if (is_authenticated_delete(new_var)) {
+		is_delete = 1;
+	} else if (found) {
 		spin_unlock(&efivars->lock);
 		return -EINVAL;
 	}
 
+
 	/* now *really* create the variable via EFI */
 	status = efivars->ops->set_variable(new_var->VariableName,
 					    &new_var->VendorGuid,
@@ -857,16 +937,25 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj,
 		spin_unlock(&efivars->lock);
 		return -EIO;
 	}
-	spin_unlock(&efivars->lock);
 
 	/* Create the entry in sysfs.  Locking is not required here */
-	status = efivar_create_sysfs_entry(efivars,
+	if (is_delete) {
+		list_del(&search_efivar->list);
+
+		/* We need to release this lock before unregistering. */
+		spin_unlock(&efivars->lock);
+		efivar_unregister(search_efivar);
+	} else if (is_append) {
+		spin_unlock(&efivars->lock);
+	} else {
+		spin_unlock(&efivars->lock);
+		status = efivar_create_sysfs_entry(efivars,
 					   utf16_strsize(new_var->VariableName,
 							 1024),
 					   new_var->VariableName,
 					   &new_var->VendorGuid);
-	if (status) {
-		printk(KERN_WARNING "efivars: variable created, but sysfs entry wasn't.\n");
+		if (status)
+			pr_warn("efivars: variable created, but sysfs entry wasn't.\n");
 	}
 	return count;
 }
-- 
1.7.10.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ