diff mbox series

[v6,12/13] integrity: Trust MOK keys if MokListTrustedRT found

Message ID 20210914211416.34096-13-eric.snowberg@oracle.com (mailing list archive)
State New
Headers show
Series Enroll kernel keys thru MOK | expand

Commit Message

Eric Snowberg Sept. 14, 2021, 9:14 p.m. UTC
A new Machine Owner Key (MOK) variable called MokListTrustedRT has been
introduced in shim. When this UEFI variable is set, it indicates the
end-user has made the decision themself that they wish to trust MOK keys
within the Linux trust boundary.  It is not an error if this variable
does not exist. If it does not exist, the MOK keys should not be trusted
within the kernel.

MOK variables are mirrored from Boot Services to Runtime Services.  When
shim sees the new MokTML BS variable, it will create a new variable
(before Exit Boot Services is called) called MokListTrustedRT without
EFI_VARIABLE_NON_VOLATILE set.  Following Exit Boot Services, UEFI
variables can only be set and created with SetVariable if both
EFI_VARIABLE_RUNTIME_ACCESS & EFI_VARIABLE_NON_VOLATILE are set.
Therefore, this can not be defeated by simply creating a
MokListTrustedRT variable from Linux, the existence of
EFI_VARIABLE_NON_VOLATILE will cause uefi_check_trust_machine_keys to
return false.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
---
v1: Initial version
v2: Removed mok_keyring_trust_setup function
v4: Unmodified from v2
v5: Rename to machine keyring
v6: Unmodified from v5
---
 .../platform_certs/machine_keyring.c          | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

Comments

Peter Jones Sept. 16, 2021, 10:19 p.m. UTC | #1
On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote:
> +/*
> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust
> + * the mok keys within the kernel. It is not an error if this variable
> + * does not exist.  If it does not exist, mok keys should not be trusted
> + * within the machine keyring.
> + */
> +static __init bool uefi_check_trust_mok_keys(void)
> +{
> +	efi_status_t status;
> +	unsigned int mtrust = 0;
> +	unsigned long size = sizeof(mtrust);
> +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
> +	u32 attr;
> +
> +	status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust);

This should use efi_mokvar_entry_find("MokListTrustedRT") instead,
similar to how load_moklist_certs() does.  It's a *much* more reliable
mechanism.  We don't even need to fall back to checking for the
variable, as any version of shim that populates this supports the config
table method.
Eric Snowberg Sept. 17, 2021, 2 a.m. UTC | #2
> On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote:
> 
> On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote:
>> +/*
>> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust
>> + * the mok keys within the kernel. It is not an error if this variable
>> + * does not exist.  If it does not exist, mok keys should not be trusted
>> + * within the machine keyring.
>> + */
>> +static __init bool uefi_check_trust_mok_keys(void)
>> +{
>> +	efi_status_t status;
>> +	unsigned int mtrust = 0;
>> +	unsigned long size = sizeof(mtrust);
>> +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
>> +	u32 attr;
>> +
>> +	status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust);
> 
> This should use efi_mokvar_entry_find("MokListTrustedRT") instead,
> similar to how load_moklist_certs() does.  It's a *much* more reliable
> mechanism.  We don't even need to fall back to checking for the
> variable, as any version of shim that populates this supports the config
> table method.

I’ll change this in v7, thanks.
Peter Jones Sept. 17, 2021, 3:03 p.m. UTC | #3
On Thu, Sep 16, 2021 at 08:00:54PM -0600, Eric Snowberg wrote:
> 
> > On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote:
> > 
> > On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote:
> >> +/*
> >> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust
> >> + * the mok keys within the kernel. It is not an error if this variable
> >> + * does not exist.  If it does not exist, mok keys should not be trusted
> >> + * within the machine keyring.
> >> + */
> >> +static __init bool uefi_check_trust_mok_keys(void)
> >> +{
> >> +	efi_status_t status;
> >> +	unsigned int mtrust = 0;
> >> +	unsigned long size = sizeof(mtrust);
> >> +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
> >> +	u32 attr;
> >> +
> >> +	status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust);
> > 
> > This should use efi_mokvar_entry_find("MokListTrustedRT") instead,
> > similar to how load_moklist_certs() does.  It's a *much* more reliable
> > mechanism.  We don't even need to fall back to checking for the
> > variable, as any version of shim that populates this supports the config
> > table method.
> 
> I’ll change this in v7, thanks.

We do also need to figure out a path forward for something like Dimitri
Ledkov's MokListX patch[0] from May, though it doesn't necessarily need
to hold up this patch set.  It looks like your patches will change the
structure of the keyrings it needs to apply to, but I don't see a reason
it wouldn't be conditional on the same MokListTrustedRT variable.  Any
thoughts?

[0] https://lore.kernel.org/lkml/20210512153100.285169-1-dimitri.ledkov@canonical.com/
Eric Snowberg Sept. 17, 2021, 4:06 p.m. UTC | #4
> On Sep 17, 2021, at 9:03 AM, Peter Jones <pjones@redhat.com> wrote:
> 
> On Thu, Sep 16, 2021 at 08:00:54PM -0600, Eric Snowberg wrote:
>> 
>>> On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote:
>>> 
>>> On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote:
>>>> +/*
>>>> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust
>>>> + * the mok keys within the kernel. It is not an error if this variable
>>>> + * does not exist.  If it does not exist, mok keys should not be trusted
>>>> + * within the machine keyring.
>>>> + */
>>>> +static __init bool uefi_check_trust_mok_keys(void)
>>>> +{
>>>> +	efi_status_t status;
>>>> +	unsigned int mtrust = 0;
>>>> +	unsigned long size = sizeof(mtrust);
>>>> +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
>>>> +	u32 attr;
>>>> +
>>>> +	status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust);
>>> 
>>> This should use efi_mokvar_entry_find("MokListTrustedRT") instead,
>>> similar to how load_moklist_certs() does.  It's a *much* more reliable
>>> mechanism.  We don't even need to fall back to checking for the
>>> variable, as any version of shim that populates this supports the config
>>> table method.
>> 
>> I’ll change this in v7, thanks.
> 
> We do also need to figure out a path forward for something like Dimitri
> Ledkov's MokListX patch[0] from May, though it doesn't necessarily need
> to hold up this patch set.  It looks like your patches will change the
> structure of the keyrings it needs to apply to, but I don't see a reason
> it wouldn't be conditional on the same MokListTrustedRT variable.  Any
> thoughts?
> 
> [0] https://lore.kernel.org/lkml/20210512153100.285169-1-dimitri.ledkov@canonical.com/
> 

I had a little different approach I was going to send for this problem, but dropped it 
after I saw Dimitri’s patch.  Yes, we will need to figure out a way to merge the two.  
But I don’t see that being too difficult or them being incompatible with one another.
diff mbox series

Patch

diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c
index ea2ac2f9f2b5..68b8f2d449dc 100644
--- a/security/integrity/platform_certs/machine_keyring.c
+++ b/security/integrity/platform_certs/machine_keyring.c
@@ -5,6 +5,7 @@ 
  * Copyright (c) 2021, Oracle and/or its affiliates.
  */
 
+#include <linux/efi.h>
 #include "../integrity.h"
 
 static __init int machine_keyring_init(void)
@@ -40,3 +41,29 @@  void __init add_to_machine_keyring(const char *source, const void *data, size_t
 	if (rc)
 		pr_info("Error adding keys to machine keyring %s\n", source);
 }
+
+/*
+ * Try to load the MokListTrustedRT UEFI variable to see if we should trust
+ * the mok keys within the kernel. It is not an error if this variable
+ * does not exist.  If it does not exist, mok keys should not be trusted
+ * within the machine keyring.
+ */
+static __init bool uefi_check_trust_mok_keys(void)
+{
+	efi_status_t status;
+	unsigned int mtrust = 0;
+	unsigned long size = sizeof(mtrust);
+	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+	u32 attr;
+
+	status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust);
+
+	/*
+	 * The EFI_VARIABLE_NON_VOLATILE check is to verify MokListTrustedRT
+	 * was set thru shim mirrioring and not by a user from the host os.
+	 * According to the UEFI spec, once EBS is performed, SetVariable()
+	 * will succeed only when both EFI_VARIABLE_RUNTIME_ACCESS &
+	 * EFI_VARIABLE_NON_VOLATILE are set.
+	 */
+	return (status == EFI_SUCCESS && (!(attr & EFI_VARIABLE_NON_VOLATILE)));
+}