You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
3.1 KiB
92 lines
3.1 KiB
10 months ago
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Daniel Kiper <daniel.kiper@oracle.com>
|
||
|
Date: Wed, 26 Sep 2018 13:17:52 +0200
|
||
|
Subject: [PATCH] verifiers: Add possibility to defer verification to other
|
||
|
verifiers
|
||
|
|
||
|
This way if a verifier requires verification of a given file it can defer task
|
||
|
to another verifier (another authority) if it is not able to do it itself. E.g.
|
||
|
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
|
||
|
files. This means that it is not able to verify any of GRUB2 modules which have
|
||
|
to be trusted on UEFI systems with secure boot enabled. So, it can defer
|
||
|
verification to other verifier, e.g. PGP one.
|
||
|
|
||
|
I silently assume that other verifiers are trusted and will do good job for us.
|
||
|
Or at least they will not do any harm.
|
||
|
|
||
|
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||
|
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
|
||
|
---
|
||
|
grub-core/commands/verifiers.c | 23 ++++++++++++++++++++---
|
||
|
include/grub/verify.h | 4 +++-
|
||
|
2 files changed, 23 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
|
||
|
index 59ea418a2..c638d5f43 100644
|
||
|
--- a/grub-core/commands/verifiers.c
|
||
|
+++ b/grub-core/commands/verifiers.c
|
||
|
@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||
|
void *context;
|
||
|
grub_file_t ret = 0;
|
||
|
grub_err_t err;
|
||
|
+ int defer = 0;
|
||
|
|
||
|
grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
|
||
|
|
||
|
@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||
|
err = ver->init (io, type, &context, &flags);
|
||
|
if (err)
|
||
|
goto fail_noclose;
|
||
|
+ if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
||
|
+ {
|
||
|
+ defer = 1;
|
||
|
+ continue;
|
||
|
+ }
|
||
|
if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if (!ver)
|
||
|
- /* No verifiers wanted to verify. Just return underlying file. */
|
||
|
- return io;
|
||
|
+ {
|
||
|
+ if (defer)
|
||
|
+ {
|
||
|
+ grub_error (GRUB_ERR_ACCESS_DENIED,
|
||
|
+ N_("verification requested but nobody cares: %s"), io->name);
|
||
|
+ goto fail_noclose;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* No verifiers wanted to verify. Just return underlying file. */
|
||
|
+ return io;
|
||
|
+ }
|
||
|
|
||
|
ret = grub_malloc (sizeof (*ret));
|
||
|
if (!ret)
|
||
|
@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||
|
err = ver->init (io, type, &context, &flags);
|
||
|
if (err)
|
||
|
goto fail_noclose;
|
||
|
- if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
|
||
|
+ if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
|
||
|
+ /* Verification done earlier. So, we are happy here. */
|
||
|
+ flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
||
|
continue;
|
||
|
err = ver->write (context, verified->buf, ret->size);
|
||
|
if (err)
|
||
|
diff --git a/include/grub/verify.h b/include/grub/verify.h
|
||
|
index 9f892d8fe..79022b422 100644
|
||
|
--- a/include/grub/verify.h
|
||
|
+++ b/include/grub/verify.h
|
||
|
@@ -22,7 +22,9 @@
|
||
|
enum grub_verify_flags
|
||
|
{
|
||
|
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
|
||
|
- GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2
|
||
|
+ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
|
||
|
+ /* Defer verification to another authority. */
|
||
|
+ GRUB_VERIFY_FLAGS_DEFER_AUTH = 4
|
||
|
};
|
||
|
|
||
|
enum grub_verify_string_type
|