nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch

3efed6
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
3efed6
From: Daniel Kiper <daniel.kiper@oracle.com>
3efed6
Date: Wed, 26 Sep 2018 13:17:52 +0200
3efed6
Subject: [PATCH] verifiers: Add possibility to defer verification to other
3efed6
 verifiers
3efed6
3efed6
This way if a verifier requires verification of a given file it can defer task
3efed6
to another verifier (another authority) if it is not able to do it itself. E.g.
3efed6
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
3efed6
files. This means that it is not able to verify any of GRUB2 modules which have
3efed6
to be trusted on UEFI systems with secure boot enabled. So, it can defer
3efed6
verification to other verifier, e.g. PGP one.
3efed6
3efed6
I silently assume that other verifiers are trusted and will do good job for us.
3efed6
Or at least they will not do any harm.
3efed6
3efed6
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
3efed6
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
3efed6
---
3efed6
 grub-core/commands/verifiers.c | 23 ++++++++++++++++++++---
3efed6
 include/grub/verify.h          |  4 +++-
3efed6
 2 files changed, 23 insertions(+), 4 deletions(-)
3efed6
3efed6
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
3efed6
index 59ea418a2d9..c638d5f43e0 100644
3efed6
--- a/grub-core/commands/verifiers.c
3efed6
+++ b/grub-core/commands/verifiers.c
3efed6
@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
3efed6
   void *context;
3efed6
   grub_file_t ret = 0;
3efed6
   grub_err_t err;
3efed6
+  int defer = 0;
3efed6
 
3efed6
   grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
3efed6
 
3efed6
@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
3efed6
       err = ver->init (io, type, &context, &flags);
3efed6
       if (err)
3efed6
 	goto fail_noclose;
3efed6
+      if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
3efed6
+	{
3efed6
+	  defer = 1;
3efed6
+	  continue;
3efed6
+	}
3efed6
       if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
3efed6
 	break;
3efed6
     }
3efed6
 
3efed6
   if (!ver)
3efed6
-    /* No verifiers wanted to verify. Just return underlying file. */
3efed6
-    return io;
3efed6
+    {
3efed6
+      if (defer)
3efed6
+	{
3efed6
+	  grub_error (GRUB_ERR_ACCESS_DENIED,
3efed6
+		      N_("verification requested but nobody cares: %s"), io->name);
3efed6
+	  goto fail_noclose;
3efed6
+	}
3efed6
+
3efed6
+      /* No verifiers wanted to verify. Just return underlying file. */
3efed6
+      return io;
3efed6
+    }
3efed6
 
3efed6
   ret = grub_malloc (sizeof (*ret));
3efed6
   if (!ret)
3efed6
@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
3efed6
       err = ver->init (io, type, &context, &flags);
3efed6
       if (err)
3efed6
 	goto fail_noclose;
3efed6
-      if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
3efed6
+      if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
3efed6
+	  /* Verification done earlier. So, we are happy here. */
3efed6
+	  flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
3efed6
 	continue;
3efed6
       err = ver->write (context, verified->buf, ret->size);
3efed6
       if (err)
3efed6
diff --git a/include/grub/verify.h b/include/grub/verify.h
3efed6
index 9f892d8fedb..79022b42258 100644
3efed6
--- a/include/grub/verify.h
3efed6
+++ b/include/grub/verify.h
3efed6
@@ -22,7 +22,9 @@
3efed6
 enum grub_verify_flags
3efed6
   {
3efed6
     GRUB_VERIFY_FLAGS_SKIP_VERIFICATION	= 1,
3efed6
-    GRUB_VERIFY_FLAGS_SINGLE_CHUNK	= 2
3efed6
+    GRUB_VERIFY_FLAGS_SINGLE_CHUNK	= 2,
3efed6
+    /* Defer verification to another authority. */
3efed6
+    GRUB_VERIFY_FLAGS_DEFER_AUTH	= 4
3efed6
   };
3efed6
 
3efed6
 enum grub_verify_string_type