|
|
80913e |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
80913e |
From: Daniel Axtens <dja@axtens.net>
|
|
|
80913e |
Date: Wed, 29 Jul 2020 17:46:16 +1000
|
|
|
80913e |
Subject: [PATCH] verifiers: provide unsafe module list
|
|
|
80913e |
|
|
|
80913e |
Other verifiers that implement secure boot may want to be able to
|
|
|
80913e |
use this list and behaviour.
|
|
|
80913e |
|
|
|
80913e |
Upstream, this factors the list out of the shim_lock verifier.
|
|
|
80913e |
However, that hasn't hit the RHEL8.4 tree yet, so instead
|
|
|
80913e |
of factoring it out of that we just create it.
|
|
|
80913e |
|
|
|
80913e |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
80913e |
---
|
|
|
80913e |
grub-core/commands/verifiers.c | 46 ++++++++++++++++++++++++++++++++++++++++++
|
|
|
80913e |
include/grub/verify.h | 13 ++++++++++++
|
|
|
80913e |
2 files changed, 59 insertions(+)
|
|
|
80913e |
|
|
|
80913e |
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
|
|
|
80913e |
index 599d79b757e..f64343ac90b 100644
|
|
|
80913e |
--- a/grub-core/commands/verifiers.c
|
|
|
80913e |
+++ b/grub-core/commands/verifiers.c
|
|
|
80913e |
@@ -218,6 +218,52 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
|
|
|
80913e |
return GRUB_ERR_NONE;
|
|
|
80913e |
}
|
|
|
80913e |
|
|
|
80913e |
+/* List of modules which may allow for verifcation to be bypassed. */
|
|
|
80913e |
+static const char *const disabled_mods[] = { "iorw", "memrw", "wrmsr", NULL };
|
|
|
80913e |
+
|
|
|
80913e |
+/*
|
|
|
80913e |
+ * Does the module in file `io' allow for the a verifier to be bypassed?
|
|
|
80913e |
+ *
|
|
|
80913e |
+ * Returns 1 if so, otherwise 0.
|
|
|
80913e |
+ */
|
|
|
80913e |
+char
|
|
|
80913e |
+grub_is_dangerous_module (grub_file_t io)
|
|
|
80913e |
+{
|
|
|
80913e |
+ char *b, *e;
|
|
|
80913e |
+ int i;
|
|
|
80913e |
+
|
|
|
80913e |
+ /* Establish GRUB module name. */
|
|
|
80913e |
+ b = grub_strrchr (io->name, '/');
|
|
|
80913e |
+ e = grub_strrchr (io->name, '.');
|
|
|
80913e |
+
|
|
|
80913e |
+ b = b ? (b + 1) : io->name;
|
|
|
80913e |
+ e = e ? e : io->name + grub_strlen (io->name);
|
|
|
80913e |
+ e = (e > b) ? e : io->name + grub_strlen (io->name);
|
|
|
80913e |
+
|
|
|
80913e |
+ for (i = 0; disabled_mods[i]; i++)
|
|
|
80913e |
+ if (!grub_strncmp (b, disabled_mods[i],
|
|
|
80913e |
+ grub_strlen (b) - grub_strlen (e)))
|
|
|
80913e |
+ return 1;
|
|
|
80913e |
+ return 0;
|
|
|
80913e |
+}
|
|
|
80913e |
+
|
|
|
80913e |
+/*
|
|
|
80913e |
+ * Is there already an unsafe module in memory?
|
|
|
80913e |
+ * Returns the name if one is loaded, otherwise NULL.
|
|
|
80913e |
+ */
|
|
|
80913e |
+const char *
|
|
|
80913e |
+grub_dangerous_module_loaded (void)
|
|
|
80913e |
+{
|
|
|
80913e |
+ int i;
|
|
|
80913e |
+
|
|
|
80913e |
+ for (i = 0; disabled_mods[i]; i++)
|
|
|
80913e |
+ if (grub_dl_get (disabled_mods[i]))
|
|
|
80913e |
+ {
|
|
|
80913e |
+ return disabled_mods[i];
|
|
|
80913e |
+ }
|
|
|
80913e |
+ return NULL;
|
|
|
80913e |
+}
|
|
|
80913e |
+
|
|
|
80913e |
GRUB_MOD_INIT(verifiers)
|
|
|
80913e |
{
|
|
|
80913e |
grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
|
|
|
80913e |
diff --git a/include/grub/verify.h b/include/grub/verify.h
|
|
|
80913e |
index 79022b42258..60c13e7ea8e 100644
|
|
|
80913e |
--- a/include/grub/verify.h
|
|
|
80913e |
+++ b/include/grub/verify.h
|
|
|
80913e |
@@ -76,3 +76,16 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
|
|
|
80913e |
|
|
|
80913e |
grub_err_t
|
|
|
80913e |
grub_verify_string (char *str, enum grub_verify_string_type type);
|
|
|
80913e |
+
|
|
|
80913e |
+/*
|
|
|
80913e |
+ * Does the module in file `io' allow for the a verifier to be bypassed?
|
|
|
80913e |
+ *
|
|
|
80913e |
+ * Returns 1 if so, otherwise 0.
|
|
|
80913e |
+ */
|
|
|
80913e |
+char grub_is_dangerous_module (grub_file_t io);
|
|
|
80913e |
+
|
|
|
80913e |
+/*
|
|
|
80913e |
+ * Is there already an unsafe module in memory?
|
|
|
80913e |
+ * Returns the name if one is loaded, otherwise NULL.
|
|
|
80913e |
+ */
|
|
|
80913e |
+const char *grub_dangerous_module_loaded (void);
|