lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201030060840.1810-2-clin@suse.com>
Date:   Fri, 30 Oct 2020 14:08:38 +0800
From:   Chester Lin <clin@...e.com>
To:     ardb@...nel.org, zohar@...ux.ibm.com, jmorris@...ei.org,
        serge@...lyn.com, dmitry.kasatkin@...il.com,
        catalin.marinas@....com, will@...nel.org, tglx@...utronix.de,
        mingo@...hat.com, bp@...en8.de, hpa@...or.com
CC:     linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-efi@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, x86@...nel.org,
        jlee@...e.com, clin@...e.com
Subject: [PATCH v3 1/3] efi: generalize efi_get_secureboot

Generalize the efi_get_secureboot() function so not only efistub but also
other subsystems can use it.

Signed-off-by: Chester Lin <clin@...e.com>
---
 drivers/firmware/efi/libstub/Makefile     |  2 +-
 drivers/firmware/efi/libstub/efi-stub.c   |  2 +-
 drivers/firmware/efi/libstub/efistub.h    | 22 ++++---
 drivers/firmware/efi/libstub/secureboot.c | 76 -----------------------
 drivers/firmware/efi/libstub/x86-stub.c   |  2 +-
 include/linux/efi.h                       | 41 +++++++++++-
 6 files changed, 57 insertions(+), 88 deletions(-)
 delete mode 100644 drivers/firmware/efi/libstub/secureboot.c

diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 8a94388e38b3..88e47b0ca09d 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -49,7 +49,7 @@ OBJECT_FILES_NON_STANDARD	:= y
 # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in.
 KCOV_INSTRUMENT			:= n
 
-lib-y				:= efi-stub-helper.o gop.o secureboot.o tpm.o \
+lib-y				:= efi-stub-helper.o gop.o tpm.o \
 				   file.o mem.o random.o randomalloc.o pci.o \
 				   skip_spaces.o lib-cmdline.o lib-ctype.o \
 				   alignedmem.o relocate.o vsprintf.o
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 914a343c7785..ad96f1d786a9 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -196,7 +196,7 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 	/* Ask the firmware to clear memory on unclean shutdown */
 	efi_enable_reset_attack_mitigation();
 
-	secure_boot = efi_get_secureboot();
+	secure_boot = efi_get_secureboot(get_efi_var);
 
 	/*
 	 * Unauthenticated device tree data is a security hazard, so ignore
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index 2d7abcd99de9..b1833b51e6d6 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -91,14 +91,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 	fdt_setprop((fdt), (node_offset), (name), &(var), sizeof(var))
 #endif
 
-#define get_efi_var(name, vendor, ...)				\
-	efi_rt_call(get_variable, (efi_char16_t *)(name),	\
-		    (efi_guid_t *)(vendor), __VA_ARGS__)
-
-#define set_efi_var(name, vendor, ...)				\
-	efi_rt_call(set_variable, (efi_char16_t *)(name),	\
-		    (efi_guid_t *)(vendor), __VA_ARGS__)
-
 #define efi_get_handle_at(array, idx)					\
 	(efi_is_native() ? (array)[idx] 				\
 		: (efi_handle_t)(unsigned long)((u32 *)(array))[idx])
@@ -112,6 +104,20 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 		((handle = efi_get_handle_at((array), i)) || true);	\
 	     i++)
 
+static inline
+efi_status_t get_efi_var(efi_char16_t *name, efi_guid_t *vendor, u32 *attr,
+			 unsigned long *size, void *data)
+{
+	return efi_rt_call(get_variable, name, vendor, attr, size, data);
+}
+
+static inline
+efi_status_t set_efi_var(efi_char16_t *name, efi_guid_t *vendor, u32 attr,
+			 unsigned long size, void *data)
+{
+	return efi_rt_call(set_variable, name, vendor, attr, size, data);
+}
+
 static inline
 void efi_set_u64_split(u64 data, u32 *lo, u32 *hi)
 {
diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c
deleted file mode 100644
index 5efc524b14be..000000000000
--- a/drivers/firmware/efi/libstub/secureboot.c
+++ /dev/null
@@ -1,76 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * Secure boot handling.
- *
- * Copyright (C) 2013,2014 Linaro Limited
- *     Roy Franz <roy.franz@...aro.org
- * Copyright (C) 2013 Red Hat, Inc.
- *     Mark Salter <msalter@...hat.com>
- */
-#include <linux/efi.h>
-#include <asm/efi.h>
-
-#include "efistub.h"
-
-/* BIOS variables */
-static const efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
-static const efi_char16_t efi_SecureBoot_name[] = L"SecureBoot";
-static const efi_char16_t efi_SetupMode_name[] = L"SetupMode";
-
-/* SHIM variables */
-static const efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
-static const efi_char16_t shim_MokSBState_name[] = L"MokSBState";
-
-/*
- * Determine whether we're in secure boot mode.
- *
- * Please keep the logic in sync with
- * arch/x86/xen/efi.c:xen_efi_get_secureboot().
- */
-enum efi_secureboot_mode efi_get_secureboot(void)
-{
-	u32 attr;
-	u8 secboot, setupmode, moksbstate;
-	unsigned long size;
-	efi_status_t status;
-
-	size = sizeof(secboot);
-	status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid,
-			     NULL, &size, &secboot);
-	if (status == EFI_NOT_FOUND)
-		return efi_secureboot_mode_disabled;
-	if (status != EFI_SUCCESS)
-		goto out_efi_err;
-
-	size = sizeof(setupmode);
-	status = get_efi_var(efi_SetupMode_name, &efi_variable_guid,
-			     NULL, &size, &setupmode);
-	if (status != EFI_SUCCESS)
-		goto out_efi_err;
-
-	if (secboot == 0 || setupmode == 1)
-		return efi_secureboot_mode_disabled;
-
-	/*
-	 * See if a user has put the shim into insecure mode. If so, and if the
-	 * variable doesn't have the runtime attribute set, we might as well
-	 * honor that.
-	 */
-	size = sizeof(moksbstate);
-	status = get_efi_var(shim_MokSBState_name, &shim_guid,
-			     &attr, &size, &moksbstate);
-
-	/* If it fails, we don't care why. Default to secure */
-	if (status != EFI_SUCCESS)
-		goto secure_boot_enabled;
-	if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS) && moksbstate == 1)
-		return efi_secureboot_mode_disabled;
-
-secure_boot_enabled:
-	efi_info("UEFI Secure Boot is enabled.\n");
-	return efi_secureboot_mode_enabled;
-
-out_efi_err:
-	efi_err("Could not determine UEFI Secure Boot status.\n");
-	return efi_secureboot_mode_unknown;
-}
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index 3672539cb96e..3f9b492c566b 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -781,7 +781,7 @@ unsigned long efi_main(efi_handle_t handle,
 	 * otherwise we ask the BIOS.
 	 */
 	if (boot_params->secure_boot == efi_secureboot_mode_unset)
-		boot_params->secure_boot = efi_get_secureboot();
+		boot_params->secure_boot = efi_get_secureboot(get_efi_var);
 
 	/* Ask the firmware to clear memory on unclean shutdown */
 	efi_enable_reset_attack_mitigation();
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d7c0e73af2b9..cc2d3de39031 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -1089,7 +1089,46 @@ enum efi_secureboot_mode {
 	efi_secureboot_mode_disabled,
 	efi_secureboot_mode_enabled,
 };
-enum efi_secureboot_mode efi_get_secureboot(void);
+
+static inline enum efi_secureboot_mode efi_get_secureboot(efi_get_variable_t *get_var)
+{
+	efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID;
+	efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
+	efi_status_t status;
+	unsigned long size;
+	u8 secboot, setupmode, moksbstate;
+	u32 attr;
+
+	size = sizeof(secboot);
+	status = get_var(L"SecureBoot", &var_guid, NULL, &size, &secboot);
+
+	if (status == EFI_NOT_FOUND)
+		return efi_secureboot_mode_disabled;
+	if (status != EFI_SUCCESS)
+		return efi_secureboot_mode_unknown;
+
+	size = sizeof(setupmode);
+	status = get_var(L"SetupMode", &var_guid, NULL, &size, &setupmode);
+
+	if (status != EFI_SUCCESS)
+		return efi_secureboot_mode_unknown;
+	if (secboot == 0 || setupmode == 1)
+		return efi_secureboot_mode_disabled;
+
+	/*
+	 * See if a user has put the shim into insecure mode. If so, and if the
+	 * variable doesn't have the runtime attribute set, we might as well
+	 * honor that.
+	 */
+	size = sizeof(moksbstate);
+	status = get_var(L"MokSBState", &shim_guid, &attr, &size, &moksbstate);
+	/* If it fails, we don't care why. Default to secure */
+	if (status == EFI_SUCCESS && moksbstate == 1
+	    && !(attr & EFI_VARIABLE_RUNTIME_ACCESS))
+		return efi_secureboot_mode_disabled;
+
+	return efi_secureboot_mode_enabled;
+}
 
 #ifdef CONFIG_RESET_ATTACK_MITIGATION
 void efi_enable_reset_attack_mitigation(void);
-- 
2.28.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ