From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Fri, 10 Jun 2016 14:06:15 -0400

Subject: [PATCH] Rework even more of efi chainload so non-sb cases work right.

This ensures that if shim protocol is not loaded, or is loaded but shim

is disabled, we will fall back to a correct load method for the efi

chain loader.

Here's what I tested with this version:

results                             expected    actual

------------------------------------------------------------

sb + enabled + shim + fedora        success     success

sb + enabled + shim + win           success     success

sb + enabled + grub + fedora        fail        fail

sb + enabled + grub + win           fail        fail

sb + mokdisabled + shim + fedora    success     success

sb + mokdisabled + shim + win       success     success

sb + mokdisabled + grub + fedora    fail        fail

sb + mokdisabled + grub + win       fail        fail

sb disabled + shim + fedora         success     success*

sb disabled + shim + win            success     success*

sb disabled + grub + fedora         success     success

sb disabled + grub + win            success     success

nosb + shim + fedora                success     success*

nosb + shim + win                   success     success*

nosb + grub + fedora                success     success

nosb + grub + win                   success     success

* for some reason shim protocol is being installed in these cases, and I

  can't see why, but I think it may be this firmware build returning an

  erroneous value.  But this effectively falls back to the mokdisabled

  behavior, which works correctly, and the presence of the "grub" (i.e.

  no shim) tests effectively tests the desired behavior here.

Resolves: rhbz#1344512

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 grub-core/kern/efi/sb.c            |  14 +++--

 grub-core/loader/arm64/linux.c     |   4 +-

 grub-core/loader/efi/chainloader.c | 117 ++++++++++++++++++++++---------------

 grub-core/loader/efi/linux.c       |  13 +++--

 grub-core/loader/i386/efi/linux.c  |  10 +++-

 include/grub/efi/linux.h           |   2 +-

 6 files changed, 100 insertions(+), 60 deletions(-)

diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c

index a41b6c5b851..d74778b0cac 100644

--- a/grub-core/kern/efi/sb.c

+++ b/grub-core/kern/efi/sb.c

@@ -36,14 +36,20 @@ grub_efi_secure_boot (void)

   grub_efi_boolean_t ret = 0;

   secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize);

-

   if (datasize != 1 || !secure_boot)

-    goto out;

+    {

+      grub_dprintf ("secureboot", "No SecureBoot variable\n");

+      goto out;

+    }

+  grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot);

   setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize);

-

   if (datasize != 1 || !setup_mode)

-    goto out;

+    {

+      grub_dprintf ("secureboot", "No SetupMode variable\n");

+      goto out;

+    }

+  grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode);

   if (*secure_boot && !*setup_mode)

     ret = 1;

diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c

index bdd9c9b4968..0452a20e98b 100644

--- a/grub-core/loader/arm64/linux.c

+++ b/grub-core/loader/arm64/linux.c

@@ -380,6 +380,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

   grub_file_t file = 0;

   struct grub_arm64_linux_kernel_header lh;

   struct grub_arm64_linux_pe_header *pe;

+  int rc;

   grub_dl_ref (my_mod);

@@ -424,7 +425,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

   grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);

-  if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size))

+  rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);

+  if (rc < 0)

     {

       grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);

       goto fail;

diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c

index 4b77a7d5adb..3e89de9006c 100644

--- a/grub-core/loader/efi/chainloader.c

+++ b/grub-core/loader/efi/chainloader.c

@@ -182,7 +182,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)

   /* Fill the file path for the directory.  */

   d = (grub_efi_device_path_t *) ((char *) file_path

 				  + ((char *) d - (char *) dp));

-  grub_efi_print_device_path (d);

   copy_file_path ((grub_efi_file_path_device_path_t *) d,

 		  dir_start, dir_end - dir_start);

@@ -252,10 +251,9 @@ read_header (void *data, grub_efi_uint32_t size,

   grub_efi_status_t status;

   shim_lock = grub_efi_locate_protocol (&guid, NULL);

-

   if (!shim_lock)

     {

-      grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol");

+      grub_dprintf ("chain", "no shim lock protocol");

       return 0;

     }

@@ -280,7 +278,7 @@ read_header (void *data, grub_efi_uint32_t size,

       break;

     }

-  return 0;

+  return -1;

 }

 static void*

@@ -514,18 +512,25 @@ handle_image (void *data, grub_efi_uint32_t datasize)

   grub_uint32_t section_alignment;

   grub_uint32_t buffer_size;

   int found_entry_point = 0;

+  int rc;

   b = grub_efi_system_table->boot_services;

-  if (read_header (data, datasize, &context))

-    {

-      grub_dprintf ("chain", "Succeed to read header\n");

-    }

-  else

+  rc = read_header (data, datasize, &context);

+  if (rc < 0)

     {

       grub_dprintf ("chain", "Failed to read header\n");

       goto error_exit;

     }

+  else if (rc == 0)

+    {

+      grub_dprintf ("chain", "Secure Boot is not enabled\n");

+      return 0;

+    }

+  else

+    {

+      grub_dprintf ("chain", "Header read without error\n");

+    }

   /*

    * The spec says, uselessly, of SectionAlignment:

@@ -796,10 +801,56 @@ grub_secureboot_chainloader_unload (void)

   return GRUB_ERR_NONE;

 }

+static grub_err_t

+grub_load_and_start_image(void *boot_image)

+{

+  grub_efi_boot_services_t *b;

+  grub_efi_status_t status;

+  grub_efi_loaded_image_t *loaded_image;

+

+  b = grub_efi_system_table->boot_services;

+

+  status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,

+		       boot_image, fsize, &image_handle);

+  if (status != GRUB_EFI_SUCCESS)

+    {

+      if (status == GRUB_EFI_OUT_OF_RESOURCES)

+	grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");

+      else

+	grub_error (GRUB_ERR_BAD_OS, "cannot load image");

+      return -1;

+    }

+

+  /* LoadImage does not set a device handler when the image is

+     loaded from memory, so it is necessary to set it explicitly here.

+     This is a mess.  */

+  loaded_image = grub_efi_get_loaded_image (image_handle);

+  if (! loaded_image)

+    {

+      grub_error (GRUB_ERR_BAD_OS, "no loaded image available");

+      return -1;

+    }

+  loaded_image->device_handle = dev_handle;

+

+  if (cmdline)

+    {

+      loaded_image->load_options = cmdline;

+      loaded_image->load_options_size = cmdline_len;

+    }

+

+  return 0;

+}

+

 static grub_err_t

 grub_secureboot_chainloader_boot (void)

 {

-  handle_image ((void *)address, fsize);

+  int rc;

+  rc = handle_image ((void *)address, fsize);

+  if (rc == 0)

+    {

+      grub_load_and_start_image((void *)address);

+    }

+

   grub_loader_unset ();

   return grub_errno;

 }

@@ -813,9 +864,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),

   grub_efi_boot_services_t *b;

   grub_device_t dev = 0;

   grub_efi_device_path_t *dp = 0;

-  grub_efi_loaded_image_t *loaded_image;

   char *filename;

   void *boot_image = 0;

+  int rc;

   if (argc == 0)

     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));

@@ -902,9 +953,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),

   if (! file_path)

     goto fail;

-  grub_printf ("file path: ");

-  grub_efi_print_device_path (file_path);

-

   fsize = grub_file_size (file);

   if (!fsize)

     {

@@ -979,51 +1027,28 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),

     }

 #endif

-  if (grub_linuxefi_secure_validate((void *)address, fsize))

+  rc = grub_linuxefi_secure_validate((void *)address, fsize);

+  grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc);

+  if (rc > 0)

     {

       grub_file_close (file);

       grub_loader_set (grub_secureboot_chainloader_boot,

 		       grub_secureboot_chainloader_unload, 0);

       return 0;

     }

-

-  status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,

-		       boot_image, fsize, &image_handle);

-  if (status != GRUB_EFI_SUCCESS)

+  else if (rc == 0)

     {

-      if (status == GRUB_EFI_OUT_OF_RESOURCES)

-	grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");

-      else

-	grub_error (GRUB_ERR_BAD_OS, "cannot load image");

-

-      goto fail;

-    }

+      grub_load_and_start_image(boot_image);

+      grub_file_close (file);

+      grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);

-  /* LoadImage does not set a device handler when the image is

-     loaded from memory, so it is necessary to set it explicitly here.

-     This is a mess.  */

-  loaded_image = grub_efi_get_loaded_image (image_handle);

-  if (! loaded_image)

-    {

-      grub_error (GRUB_ERR_BAD_OS, "no loaded image available");

-      goto fail;

-    }

-  loaded_image->device_handle = dev_handle;

-

-  if (cmdline)

-    {

-      loaded_image->load_options = cmdline;

-      loaded_image->load_options_size = cmdline_len;

+      return 0;

     }

   grub_file_close (file);

   grub_device_close (dev);

-  grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0);

-  return 0;

-

- fail:

-

+fail:

   if (dev)

     grub_device_close (dev);

diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c

index aea378adf5c..8890bdf059a 100644

--- a/grub-core/loader/efi/linux.c

+++ b/grub-core/loader/efi/linux.c

@@ -33,21 +33,24 @@ struct grub_efi_shim_lock

 };

 typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;

-grub_efi_boolean_t

+int

 grub_linuxefi_secure_validate (void *data, grub_uint32_t size)

 {

   grub_efi_guid_t guid = SHIM_LOCK_GUID;

   grub_efi_shim_lock_t *shim_lock;

+  grub_efi_status_t status;

   shim_lock = grub_efi_locate_protocol(&guid, NULL);

-

+  grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock);

   if (!shim_lock)

-    return 1;

+    return 0;

-  if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)

+  status = shim_lock->verify(data, size);

+  grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status);

+  if (status == GRUB_EFI_SUCCESS)

     return 1;

-  return 0;

+  return -1;

 }

 typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *);

diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c

index 7ccf32d9d45..82f75b7f3ab 100644

--- a/grub-core/loader/i386/efi/linux.c

+++ b/grub-core/loader/i386/efi/linux.c

@@ -155,6 +155,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

   struct linux_kernel_header lh;

   grub_ssize_t len, start, filelen;

   void *kernel = NULL;

+  int rc;

   grub_dl_ref (my_mod);

@@ -180,13 +181,16 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),

   if (grub_file_read (file, kernel, filelen) != filelen)

     {

-      grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]);

+      grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"),

+		  argv[0]);

       goto fail;

     }

-  if (! grub_linuxefi_secure_validate (kernel, filelen))

+  rc = grub_linuxefi_secure_validate (kernel, filelen);

+  if (rc < 0)

     {

-      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);

+      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),

+		  argv[0]);

       grub_free (kernel);

       goto fail;

     }

diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h

index d9ede36773b..0033d9305a9 100644

--- a/include/grub/efi/linux.h

+++ b/include/grub/efi/linux.h

@@ -22,7 +22,7 @@

 #include <grub/err.h>

 #include <grub/symbol.h>

-grub_efi_boolean_t

+int

 EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size);

 grub_err_t

 EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset,