From patchwork Fri Apr 4 18:45:13 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leif Lindholm X-Patchwork-Id: 3940461 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 5D0399F334 for ; Fri, 4 Apr 2014 19:15:36 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id D42BF20395 for ; Fri, 4 Apr 2014 19:15:32 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AC10720394 for ; Fri, 4 Apr 2014 19:15:26 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WW9AO-0006XF-6p; Fri, 04 Apr 2014 18:48:41 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WW99V-0004Oi-4T; Fri, 04 Apr 2014 18:47:45 +0000 Received: from mail-we0-f175.google.com ([74.125.82.175]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WW98H-0004Cw-Hd for linux-arm-kernel@lists.infradead.org; Fri, 04 Apr 2014 18:46:39 +0000 Received: by mail-we0-f175.google.com with SMTP id q58so3818328wes.6 for ; Fri, 04 Apr 2014 11:46:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=zB/Qv+QkpMh8yzYk2F0J/DWSYEoGxoAWJqIJl8nxR74=; b=IsqbYOIt7YMYW4vObXwxEkzcZsNW00bf0gLSqs0d04khSvfVEHr52DmC0NZWHyGarP ZUUwObyO9wsGeKihI/JI/88QGxUfF5+rnWUaMwqEfNfu69k103ElfyGQiK0ooyTDwrGE QlSD4UA9VCGPf3bUH+Iyhzf9brHqyThpJmj4FDgRjREaMIn9+yXb5CSi3GriBppR4tPB 6+ObQfTJrk0FYpuipejAy9Nfu6o+XWCVae6uR2jo6Pxin1k0u4YhPbLtnt/uJaV1dJg7 1s/1//gNDMI6K35R0qBogqdAiiSGHXX0mWg+TKC1UJL8AvL9TkyZht/yT38uPMdbldAm jNWg== X-Gm-Message-State: ALoCoQnFP66E4KZHBpT79hT8zxs7QQpTMygCAHsAmnxFpqd6Bwxi1oVuT+b/QVHfU7BNwFprHGRr X-Received: by 10.180.149.240 with SMTP id ud16mr6677603wib.23.1396637167816; Fri, 04 Apr 2014 11:46:07 -0700 (PDT) Received: from mohikan.mushroom.smurfnet.nu (cpc4-cmbg17-2-0-cust71.5-4.cable.virginm.net. [86.14.224.72]) by mx.google.com with ESMTPSA id cu6sm3899626wjb.8.2014.04.04.11.46.06 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Apr 2014 11:46:07 -0700 (PDT) From: Leif Lindholm To: linux-arm-kernel@lists.infradead.org, linux-efi@vger.kernel.org Subject: [PATCH v3 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is enabled Date: Fri, 4 Apr 2014 19:45:13 +0100 Message-Id: <1396637113-22790-11-git-send-email-leif.lindholm@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1396637113-22790-1-git-send-email-leif.lindholm@linaro.org> References: <1396637113-22790-1-git-send-email-leif.lindholm@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20140404_144629_763427_F55C98B6 X-CRM114-Status: GOOD ( 15.45 ) X-Spam-Score: -2.6 (--) Cc: Catalin Marinas , Matt Fleming , linux-kernel@vger.kernel.org, Leif Lindholm , Ard Biesheuvel X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Ard Biesheuvel Loading unauthenticated FDT blobs directly from storage is a security hazard, so this should only be allowed when running with UEFI Secure Boot disabled. Signed-off-by: Ard Biesheuvel Signed-off-by: Leif Lindholm Cc: Catalin Marinas Cc: Matt Fleming --- drivers/firmware/efi/arm-stub.c | 15 +++++++++++---- drivers/firmware/efi/efi-stub-helper.c | 24 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/efi/arm-stub.c b/drivers/firmware/efi/arm-stub.c index b9b7c00..c8988b2 100644 --- a/drivers/firmware/efi/arm-stub.c +++ b/drivers/firmware/efi/arm-stub.c @@ -145,7 +145,7 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table, /* addr/point and size pairs for memory management*/ unsigned long initrd_addr; u64 initrd_size = 0; - unsigned long fdt_addr; /* Original DTB */ + unsigned long fdt_addr = 0; /* Original DTB */ u64 fdt_size = 0; /* We don't get size from configuration table */ char *cmdline_ptr = NULL; int cmdline_size = 0; @@ -197,9 +197,13 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table, goto fail_free_image; } - /* Load a device tree from the configuration table, if present. */ - fdt_addr = (uintptr_t)get_fdt(sys_table); - if (!fdt_addr) { + /* + * Unauthenticated device tree data is a security hazard, so + * ignore 'dtb=' unless UEFI Secure Boot is disabled. + */ + if (efi_secureboot_enabled(sys_table)) { + pr_efi(sys_table, "UEFI Secure Boot is enabled.\n"); + } else { status = handle_cmdline_files(sys_table, image, cmdline_ptr, "dtb=", ~0UL, (unsigned long *)&fdt_addr, @@ -210,6 +214,9 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table, goto fail_free_cmdline; } } + if (!fdt_addr) + /* Look for a device tree configuration table entry. */ + fdt_addr = (uintptr_t)get_fdt(sys_table); status = handle_cmdline_files(sys_table, image, cmdline_ptr, "initrd=", dram_base + SZ_512M, diff --git a/drivers/firmware/efi/efi-stub-helper.c b/drivers/firmware/efi/efi-stub-helper.c index 998b884..8f8b538 100644 --- a/drivers/firmware/efi/efi-stub-helper.c +++ b/drivers/firmware/efi/efi-stub-helper.c @@ -632,3 +632,27 @@ static char *efi_convert_cmdline(efi_system_table_t *sys_table_arg, *cmd_line_len = options_bytes; return (char *)cmdline_addr; } + +static int __init efi_secureboot_enabled(efi_system_table_t *sys_table_arg) +{ + static efi_guid_t const var_guid __initconst = EFI_GLOBAL_VARIABLE_GUID; + static efi_char16_t const var_name[] __initconst = { + 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 }; + + efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable; + unsigned long size = sizeof(u8); + efi_status_t status; + u8 val; + + status = efi_call_phys5(f_getvar, (efi_char16_t *)var_name, + (efi_guid_t *)&var_guid, NULL, &size, &val); + + switch (status) { + case EFI_SUCCESS: + return val; + case EFI_NOT_FOUND: + return 0; + default: + return 1; + } +}