|
|
3efed6 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
3efed6 |
From: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
3efed6 |
Date: Wed, 26 Sep 2018 13:17:52 +0200
|
|
|
3efed6 |
Subject: [PATCH] verifiers: Add possibility to defer verification to other
|
|
|
3efed6 |
verifiers
|
|
|
3efed6 |
|
|
|
3efed6 |
This way if a verifier requires verification of a given file it can defer task
|
|
|
3efed6 |
to another verifier (another authority) if it is not able to do it itself. E.g.
|
|
|
3efed6 |
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
|
|
|
3efed6 |
files. This means that it is not able to verify any of GRUB2 modules which have
|
|
|
3efed6 |
to be trusted on UEFI systems with secure boot enabled. So, it can defer
|
|
|
3efed6 |
verification to other verifier, e.g. PGP one.
|
|
|
3efed6 |
|
|
|
3efed6 |
I silently assume that other verifiers are trusted and will do good job for us.
|
|
|
3efed6 |
Or at least they will not do any harm.
|
|
|
3efed6 |
|
|
|
3efed6 |
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
3efed6 |
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
|
|
|
3efed6 |
---
|
|
|
3efed6 |
grub-core/commands/verifiers.c | 23 ++++++++++++++++++++---
|
|
|
3efed6 |
include/grub/verify.h | 4 +++-
|
|
|
3efed6 |
2 files changed, 23 insertions(+), 4 deletions(-)
|
|
|
3efed6 |
|
|
|
3efed6 |
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
|
|
|
3efed6 |
index 59ea418a2d9..c638d5f43e0 100644
|
|
|
3efed6 |
--- a/grub-core/commands/verifiers.c
|
|
|
3efed6 |
+++ b/grub-core/commands/verifiers.c
|
|
|
3efed6 |
@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
|
3efed6 |
void *context;
|
|
|
3efed6 |
grub_file_t ret = 0;
|
|
|
3efed6 |
grub_err_t err;
|
|
|
3efed6 |
+ int defer = 0;
|
|
|
3efed6 |
|
|
|
3efed6 |
grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
|
|
|
3efed6 |
|
|
|
3efed6 |
@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
|
3efed6 |
err = ver->init (io, type, &context, &flags);
|
|
|
3efed6 |
if (err)
|
|
|
3efed6 |
goto fail_noclose;
|
|
|
3efed6 |
+ if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
|
|
3efed6 |
+ {
|
|
|
3efed6 |
+ defer = 1;
|
|
|
3efed6 |
+ continue;
|
|
|
3efed6 |
+ }
|
|
|
3efed6 |
if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
|
|
|
3efed6 |
break;
|
|
|
3efed6 |
}
|
|
|
3efed6 |
|
|
|
3efed6 |
if (!ver)
|
|
|
3efed6 |
- /* No verifiers wanted to verify. Just return underlying file. */
|
|
|
3efed6 |
- return io;
|
|
|
3efed6 |
+ {
|
|
|
3efed6 |
+ if (defer)
|
|
|
3efed6 |
+ {
|
|
|
3efed6 |
+ grub_error (GRUB_ERR_ACCESS_DENIED,
|
|
|
3efed6 |
+ N_("verification requested but nobody cares: %s"), io->name);
|
|
|
3efed6 |
+ goto fail_noclose;
|
|
|
3efed6 |
+ }
|
|
|
3efed6 |
+
|
|
|
3efed6 |
+ /* No verifiers wanted to verify. Just return underlying file. */
|
|
|
3efed6 |
+ return io;
|
|
|
3efed6 |
+ }
|
|
|
3efed6 |
|
|
|
3efed6 |
ret = grub_malloc (sizeof (*ret));
|
|
|
3efed6 |
if (!ret)
|
|
|
3efed6 |
@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
|
3efed6 |
err = ver->init (io, type, &context, &flags);
|
|
|
3efed6 |
if (err)
|
|
|
3efed6 |
goto fail_noclose;
|
|
|
3efed6 |
- if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
|
|
|
3efed6 |
+ if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
|
|
|
3efed6 |
+ /* Verification done earlier. So, we are happy here. */
|
|
|
3efed6 |
+ flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
|
|
3efed6 |
continue;
|
|
|
3efed6 |
err = ver->write (context, verified->buf, ret->size);
|
|
|
3efed6 |
if (err)
|
|
|
3efed6 |
diff --git a/include/grub/verify.h b/include/grub/verify.h
|
|
|
3efed6 |
index 9f892d8fedb..79022b42258 100644
|
|
|
3efed6 |
--- a/include/grub/verify.h
|
|
|
3efed6 |
+++ b/include/grub/verify.h
|
|
|
3efed6 |
@@ -22,7 +22,9 @@
|
|
|
3efed6 |
enum grub_verify_flags
|
|
|
3efed6 |
{
|
|
|
3efed6 |
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
|
|
|
3efed6 |
- GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2
|
|
|
3efed6 |
+ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
|
|
|
3efed6 |
+ /* Defer verification to another authority. */
|
|
|
3efed6 |
+ GRUB_VERIFY_FLAGS_DEFER_AUTH = 4
|
|
|
3efed6 |
};
|
|
|
3efed6 |
|
|
|
3efed6 |
enum grub_verify_string_type
|