nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0333-verifiers-Add-possibility-to-defer-verification-to-o.patch

5975ab
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
5975ab
From: Daniel Kiper <daniel.kiper@oracle.com>
5975ab
Date: Wed, 26 Sep 2018 13:17:52 +0200
5975ab
Subject: [PATCH] verifiers: Add possibility to defer verification to other
5975ab
 verifiers
5975ab
5975ab
This way if a verifier requires verification of a given file it can defer task
5975ab
to another verifier (another authority) if it is not able to do it itself. E.g.
5975ab
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
5975ab
files. This means that it is not able to verify any of GRUB2 modules which have
5975ab
to be trusted on UEFI systems with secure boot enabled. So, it can defer
5975ab
verification to other verifier, e.g. PGP one.
5975ab
5975ab
I silently assume that other verifiers are trusted and will do good job for us.
5975ab
Or at least they will not do any harm.
5975ab
5975ab
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
5975ab
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
5975ab
---
5975ab
 grub-core/commands/verifiers.c | 23 ++++++++++++++++++++---
5975ab
 include/grub/verify.h          |  4 +++-
5975ab
 2 files changed, 23 insertions(+), 4 deletions(-)
5975ab
5975ab
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
f6e916
index 59ea418a2..c638d5f43 100644
5975ab
--- a/grub-core/commands/verifiers.c
5975ab
+++ b/grub-core/commands/verifiers.c
5975ab
@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
5975ab
   void *context;
5975ab
   grub_file_t ret = 0;
5975ab
   grub_err_t err;
5975ab
+  int defer = 0;
5975ab
 
5975ab
   grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
5975ab
 
5975ab
@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
5975ab
       err = ver->init (io, type, &context, &flags);
5975ab
       if (err)
5975ab
 	goto fail_noclose;
5975ab
+      if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
5975ab
+	{
5975ab
+	  defer = 1;
5975ab
+	  continue;
5975ab
+	}
5975ab
       if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
5975ab
 	break;
5975ab
     }
5975ab
 
5975ab
   if (!ver)
5975ab
-    /* No verifiers wanted to verify. Just return underlying file. */
5975ab
-    return io;
5975ab
+    {
5975ab
+      if (defer)
5975ab
+	{
5975ab
+	  grub_error (GRUB_ERR_ACCESS_DENIED,
5975ab
+		      N_("verification requested but nobody cares: %s"), io->name);
5975ab
+	  goto fail_noclose;
5975ab
+	}
5975ab
+
5975ab
+      /* No verifiers wanted to verify. Just return underlying file. */
5975ab
+      return io;
5975ab
+    }
5975ab
 
5975ab
   ret = grub_malloc (sizeof (*ret));
5975ab
   if (!ret)
5975ab
@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
5975ab
       err = ver->init (io, type, &context, &flags);
5975ab
       if (err)
5975ab
 	goto fail_noclose;
5975ab
-      if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
5975ab
+      if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
5975ab
+	  /* Verification done earlier. So, we are happy here. */
5975ab
+	  flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
5975ab
 	continue;
5975ab
       err = ver->write (context, verified->buf, ret->size);
5975ab
       if (err)
5975ab
diff --git a/include/grub/verify.h b/include/grub/verify.h
f6e916
index 9f892d8fe..79022b422 100644
5975ab
--- a/include/grub/verify.h
5975ab
+++ b/include/grub/verify.h
5975ab
@@ -22,7 +22,9 @@
5975ab
 enum grub_verify_flags
5975ab
   {
5975ab
     GRUB_VERIFY_FLAGS_SKIP_VERIFICATION	= 1,
5975ab
-    GRUB_VERIFY_FLAGS_SINGLE_CHUNK	= 2
5975ab
+    GRUB_VERIFY_FLAGS_SINGLE_CHUNK	= 2,
5975ab
+    /* Defer verification to another authority. */
5975ab
+    GRUB_VERIFY_FLAGS_DEFER_AUTH	= 4
5975ab
   };
5975ab
 
5975ab
 enum grub_verify_string_type