nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
3efed6
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
3efed6
From: Daniel Axtens <dja@axtens.net>
3efed6
Date: Wed, 29 Jul 2020 17:46:16 +1000
3efed6
Subject: [PATCH] verifiers: provide unsafe module list
3efed6
3efed6
Other verifiers that implement secure boot may want to be able to
3efed6
use this list and behaviour.
3efed6
3efed6
Upstream, this factors the list out of the shim_lock verifier.
3efed6
However, that hasn't hit the RHEL8.4 tree yet, so instead
3efed6
of factoring it out of that we just create it.
3efed6
3efed6
Signed-off-by: Daniel Axtens <dja@axtens.net>
3efed6
---
3efed6
 grub-core/commands/verifiers.c | 46 ++++++++++++++++++++++++++++++++++++++++++
3efed6
 include/grub/verify.h          | 13 ++++++++++++
3efed6
 2 files changed, 59 insertions(+)
3efed6
3efed6
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
b71686
index 599d79b75..f64343ac9 100644
3efed6
--- a/grub-core/commands/verifiers.c
3efed6
+++ b/grub-core/commands/verifiers.c
3efed6
@@ -218,6 +218,52 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
3efed6
   return GRUB_ERR_NONE;
3efed6
 }
3efed6
 
3efed6
+/* List of modules which may allow for verifcation to be bypassed. */
3efed6
+static const char *const disabled_mods[] = { "iorw", "memrw", "wrmsr", NULL };
3efed6
+
3efed6
+/*
3efed6
+ * Does the module in file `io' allow for the a verifier to be bypassed?
3efed6
+ *
3efed6
+ * Returns 1 if so, otherwise 0.
3efed6
+ */
3efed6
+char
3efed6
+grub_is_dangerous_module (grub_file_t io)
3efed6
+{
3efed6
+  char *b, *e;
3efed6
+  int i;
3efed6
+
3efed6
+  /* Establish GRUB module name. */
3efed6
+  b = grub_strrchr (io->name, '/');
3efed6
+  e = grub_strrchr (io->name, '.');
3efed6
+
3efed6
+  b = b ? (b + 1) : io->name;
3efed6
+  e = e ? e : io->name + grub_strlen (io->name);
3efed6
+  e = (e > b) ? e : io->name + grub_strlen (io->name);
3efed6
+
3efed6
+  for (i = 0; disabled_mods[i]; i++)
3efed6
+    if (!grub_strncmp (b, disabled_mods[i],
3efed6
+		       grub_strlen (b) - grub_strlen (e)))
3efed6
+      return 1;
3efed6
+  return 0;
3efed6
+}
3efed6
+
3efed6
+/*
3efed6
+ * Is there already an unsafe module in memory?
3efed6
+ * Returns the name if one is loaded, otherwise NULL.
3efed6
+ */
3efed6
+const char *
3efed6
+grub_dangerous_module_loaded (void)
3efed6
+{
3efed6
+  int i;
3efed6
+
3efed6
+  for (i = 0; disabled_mods[i]; i++)
3efed6
+    if (grub_dl_get (disabled_mods[i]))
3efed6
+      {
3efed6
+	return disabled_mods[i];
3efed6
+      }
3efed6
+  return NULL;
3efed6
+}
3efed6
+
3efed6
 GRUB_MOD_INIT(verifiers)
3efed6
 {
3efed6
   grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
3efed6
diff --git a/include/grub/verify.h b/include/grub/verify.h
b71686
index 79022b422..60c13e7ea 100644
3efed6
--- a/include/grub/verify.h
3efed6
+++ b/include/grub/verify.h
3efed6
@@ -76,3 +76,16 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
3efed6
 
3efed6
 grub_err_t
3efed6
 grub_verify_string (char *str, enum grub_verify_string_type type);
3efed6
+
3efed6
+/*
3efed6
+ * Does the module in file `io' allow for the a verifier to be bypassed?
3efed6
+ *
3efed6
+ * Returns 1 if so, otherwise 0.
3efed6
+ */
3efed6
+char grub_is_dangerous_module (grub_file_t io);
3efed6
+
3efed6
+/*
3efed6
+ * Is there already an unsafe module in memory?
3efed6
+ * Returns the name if one is loaded, otherwise NULL.
3efed6
+ */
3efed6
+const char *grub_dangerous_module_loaded (void);