208 lines
7.8 KiB
C
208 lines
7.8 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
/*
|
|
* Port to systemd-boot
|
|
* Copyright © 2017 Max Resch <resch.max@gmail.com>
|
|
*
|
|
* Security Policy Handling
|
|
* Copyright © 2012 <James.Bottomley@HansenPartnership.com>
|
|
* https://github.com/mjg59/efitools
|
|
*/
|
|
|
|
#include <efi.h>
|
|
#include <efilib.h>
|
|
|
|
#include "util.h"
|
|
#include "shim.h"
|
|
|
|
/* well known shim lock guid */
|
|
#define SHIM_LOCK_GUID
|
|
|
|
struct ShimLock {
|
|
EFI_STATUS __attribute__((sysv_abi)) (*shim_verify) (VOID *buffer, UINT32 size);
|
|
|
|
/* context is actually a struct for the PE header, but it isn't needed so void is sufficient just do define the interface
|
|
* see shim.c/shim.h and PeHeader.h in the github shim repo */
|
|
EFI_STATUS __attribute__((sysv_abi)) (*generate_hash) (VOID *data, UINT32 datasize, VOID *context, UINT8 *sha256hash, UINT8 *sha1hash);
|
|
|
|
EFI_STATUS __attribute__((sysv_abi)) (*read_header) (VOID *data, UINT32 datasize, VOID *context);
|
|
};
|
|
|
|
static const EFI_GUID simple_fs_guid = SIMPLE_FILE_SYSTEM_PROTOCOL;
|
|
static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
|
|
|
|
static const EFI_GUID security_protocol_guid = { 0xa46423e3, 0x4617, 0x49f1, {0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } };
|
|
static const EFI_GUID security2_protocol_guid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } };
|
|
static const EFI_GUID shim_lock_guid = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
|
|
|
|
BOOLEAN shim_loaded(void) {
|
|
struct ShimLock *shim_lock;
|
|
|
|
return uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) == EFI_SUCCESS;
|
|
}
|
|
|
|
static BOOLEAN shim_validate(VOID *data, UINT32 size) {
|
|
struct ShimLock *shim_lock;
|
|
|
|
if (!data)
|
|
return FALSE;
|
|
|
|
if (uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) != EFI_SUCCESS)
|
|
return FALSE;
|
|
|
|
if (!shim_lock)
|
|
return FALSE;
|
|
|
|
return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
|
|
}
|
|
|
|
BOOLEAN secure_boot_enabled(void) {
|
|
_cleanup_freepool_ CHAR8 *b = NULL;
|
|
UINTN size;
|
|
|
|
if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
|
|
return *b > 0;
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
/*
|
|
* See the UEFI Platform Initialization manual (Vol2: DXE) for this
|
|
*/
|
|
struct _EFI_SECURITY2_PROTOCOL;
|
|
struct _EFI_SECURITY_PROTOCOL;
|
|
struct _EFI_DEVICE_PATH_PROTOCOL;
|
|
|
|
typedef struct _EFI_SECURITY2_PROTOCOL EFI_SECURITY2_PROTOCOL;
|
|
typedef struct _EFI_SECURITY_PROTOCOL EFI_SECURITY_PROTOCOL;
|
|
typedef struct _EFI_DEVICE_PATH_PROTOCOL EFI_DEVICE_PATH_PROTOCOL;
|
|
|
|
typedef EFI_STATUS (EFIAPI *EFI_SECURITY_FILE_AUTHENTICATION_STATE) (
|
|
const EFI_SECURITY_PROTOCOL *This,
|
|
UINT32 AuthenticationStatus,
|
|
const EFI_DEVICE_PATH_PROTOCOL *File
|
|
);
|
|
|
|
typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
|
|
const EFI_SECURITY2_PROTOCOL *This,
|
|
const EFI_DEVICE_PATH_PROTOCOL *DevicePath,
|
|
VOID *FileBuffer,
|
|
UINTN FileSize,
|
|
BOOLEAN BootPolicy
|
|
);
|
|
|
|
struct _EFI_SECURITY2_PROTOCOL {
|
|
EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
|
|
};
|
|
|
|
struct _EFI_SECURITY_PROTOCOL {
|
|
EFI_SECURITY_FILE_AUTHENTICATION_STATE FileAuthenticationState;
|
|
};
|
|
|
|
/* Handle to the original authenticator for security1 protocol */
|
|
static EFI_SECURITY_FILE_AUTHENTICATION_STATE esfas = NULL;
|
|
|
|
/* Handle to the original authenticator for security2 protocol */
|
|
static EFI_SECURITY2_FILE_AUTHENTICATION es2fa = NULL;
|
|
|
|
/*
|
|
* Perform shim/MOK and Secure Boot authentication on a binary that's already been
|
|
* loaded into memory. This function does the platform SB authentication first
|
|
* but preserves its return value in case of its failure, so that it can be
|
|
* returned in case of a shim/MOK authentication failure. This is done because
|
|
* the SB failure code seems to vary from one implementation to another, and I
|
|
* don't want to interfere with that at this time.
|
|
*/
|
|
static EFIAPI EFI_STATUS security2_policy_authentication (const EFI_SECURITY2_PROTOCOL *this,
|
|
const EFI_DEVICE_PATH_PROTOCOL *device_path,
|
|
VOID *file_buffer, UINTN file_size, BOOLEAN boot_policy) {
|
|
EFI_STATUS status;
|
|
|
|
/* Chain original security policy */
|
|
status = uefi_call_wrapper(es2fa, 5, this, device_path, file_buffer, file_size, boot_policy);
|
|
|
|
/* if OK, don't bother with MOK check */
|
|
if (status == EFI_SUCCESS)
|
|
return status;
|
|
|
|
if (shim_validate(file_buffer, file_size))
|
|
return EFI_SUCCESS;
|
|
|
|
return status;
|
|
}
|
|
|
|
/*
|
|
* Perform both shim/MOK and platform Secure Boot authentication. This function loads
|
|
* the file and performs shim/MOK authentication first simply to avoid double loads
|
|
* of Linux kernels, which are much more likely to be shim/MOK-signed than platform-signed,
|
|
* since kernels are big and can take several seconds to load on some computers and
|
|
* filesystems. This also has the effect of returning whatever the platform code is for
|
|
* authentication failure, be it EFI_ACCESS_DENIED, EFI_SECURITY_VIOLATION, or something
|
|
* else. (This seems to vary between implementations.)
|
|
*/
|
|
static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROTOCOL *this, UINT32 authentication_status,
|
|
const EFI_DEVICE_PATH_PROTOCOL *device_path_const) {
|
|
EFI_STATUS status;
|
|
_cleanup_freepool_ EFI_DEVICE_PATH *dev_path = NULL;
|
|
_cleanup_freepool_ CHAR16 *dev_path_str = NULL;
|
|
EFI_HANDLE h;
|
|
EFI_FILE *root;
|
|
_cleanup_freepool_ CHAR8 *file_buffer = NULL;
|
|
UINTN file_size;
|
|
|
|
if (!device_path_const)
|
|
return EFI_INVALID_PARAMETER;
|
|
|
|
dev_path = DuplicateDevicePath((EFI_DEVICE_PATH*) device_path_const);
|
|
|
|
status = uefi_call_wrapper(BS->LocateDevicePath, 3, (EFI_GUID*) &simple_fs_guid, &dev_path, &h);
|
|
if (status != EFI_SUCCESS)
|
|
return status;
|
|
|
|
/* No need to check return value, this already happened in efi_main() */
|
|
root = LibOpenRoot(h);
|
|
dev_path_str = DevicePathToStr(dev_path);
|
|
|
|
status = file_read(root, dev_path_str, 0, 0, &file_buffer, &file_size);
|
|
if (EFI_ERROR(status))
|
|
return status;
|
|
uefi_call_wrapper(root->Close, 1, root);
|
|
|
|
if (shim_validate(file_buffer, file_size))
|
|
return EFI_SUCCESS;
|
|
|
|
/* Try using the platform's native policy.... */
|
|
return uefi_call_wrapper(esfas, 3, this, authentication_status, device_path_const);
|
|
}
|
|
|
|
EFI_STATUS security_policy_install(void) {
|
|
EFI_SECURITY_PROTOCOL *security_protocol;
|
|
EFI_SECURITY2_PROTOCOL *security2_protocol = NULL;
|
|
EFI_STATUS status;
|
|
|
|
/* Already Installed */
|
|
if (esfas)
|
|
return EFI_ALREADY_STARTED;
|
|
|
|
/*
|
|
* Don't bother with status here. The call is allowed
|
|
* to fail, since SECURITY2 was introduced in PI 1.2.1.
|
|
* Use security2_protocol == NULL as indicator.
|
|
*/
|
|
uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security2_protocol_guid, NULL, (VOID**) &security2_protocol);
|
|
|
|
status = uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security_protocol_guid, NULL, (VOID**) &security_protocol);
|
|
/* This one is mandatory, so there's a serious problem */
|
|
if (status != EFI_SUCCESS)
|
|
return status;
|
|
|
|
esfas = security_protocol->FileAuthenticationState;
|
|
security_protocol->FileAuthenticationState = security_policy_authentication;
|
|
|
|
if (security2_protocol) {
|
|
es2fa = security2_protocol->FileAuthentication;
|
|
security2_protocol->FileAuthentication = security2_policy_authentication;
|
|
}
|
|
|
|
return EFI_SUCCESS;
|
|
}
|