From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Tue, 25 Apr 2017 16:58:50 -0400 Subject: [PATCH] show which db we're checking --- src/certdb.c | 35 ++++++++++++++++++++++++++++++++++- src/pesigcheck_context.c | 2 ++ src/pesigcheck_context.h | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/src/certdb.c b/src/certdb.c index 1a4baf1..673e074 100644 --- a/src/certdb.c +++ b/src/certdb.c @@ -18,6 +18,7 @@ */ #include +#include #include #include #include @@ -42,17 +43,33 @@ add_db_file(pesigcheck_context *ctx, db_specifier which, const char *dbfile, return -1; db->type = type; - db->fd = open(dbfile, O_RDONLY); if (db->fd < 0) { save_errno(free(db)); return -1; } + char *path = strdup(dbfile); + if (!path) { + save_errno(close(db->fd); + free(db)); + return -1; + } + + db->path = basename(path); + db->path = strdup(db->path); + free(path); + if (!db->path) { + save_errno(close(db->fd); + free(db)); + return -1; + } + struct stat sb; int rc = fstat(db->fd, &sb); if (rc < 0) { save_errno(close(db->fd); + free(db->path); free(db)); return -1; } @@ -65,6 +82,7 @@ add_db_file(pesigcheck_context *ctx, db_specifier which, const char *dbfile, rc = read_file(db->fd, (char **)&db->map, &sz); if (rc < 0) { save_errno(close(db->fd); + free(db->path); free(db)); return -1; } @@ -133,6 +151,7 @@ add_cert_file(pesigcheck_context *ctx, const char *filename) #define DB_PATH "/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f" #define MOK_PATH "/sys/firmware/efi/efivars/MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23" #define DBX_PATH "/sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f" +#define MOKX_PATH "/sys/firmware/efi/efivars/MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23" void init_cert_db(pesigcheck_context *ctx, int use_system_dbs) @@ -167,6 +186,18 @@ init_cert_db(pesigcheck_context *ctx, int use_system_dbs) "database \"%s\": %m\n", DBX_PATH); exit(1); } + + rc = add_db_file(ctx, DBX, MOKX_PATH, DB_EFIVAR); + if (rc < 0 && errno != ENOENT) { + fprintf(stderr, "pesigcheck: Could not add key database " + "\"%s\": %m\n", MOKX_PATH); + exit(1); + } + + if (ctx->dbx == NULL) { + fprintf(stderr, "pesigcheck: warning: " + "No key recovation database available\n"); + } } typedef db_status (*checkfn)(pesigcheck_context *ctx, SECItem *sig, @@ -187,6 +218,8 @@ check_db(db_specifier which, pesigcheck_context *ctx, checkfn check, sig.type = siBuffer; while (dbl) { + printf("Searching %s %s\n", which == DB ? "db" : "dbx", + dbl->path); EFI_SIGNATURE_LIST *certlist; EFI_SIGNATURE_DATA *cert; size_t dbsize = dbl->datalen; diff --git a/src/pesigcheck_context.c b/src/pesigcheck_context.c index b934cbe..5a355b1 100644 --- a/src/pesigcheck_context.c +++ b/src/pesigcheck_context.c @@ -87,6 +87,7 @@ pesigcheck_context_fini(pesigcheck_context *ctx) munmap(db->map, db->size); close(db->fd); ctx->db = db->next; + free(db->path); free(db); } while (ctx->dbx) { @@ -95,6 +96,7 @@ pesigcheck_context_fini(pesigcheck_context *ctx) if (db->type == DB_CERT) free(db->data); munmap(db->map, db->size); + free(db->path); close(db->fd); ctx->dbx = db->next; free(db); diff --git a/src/pesigcheck_context.h b/src/pesigcheck_context.h index 1b916e3..7b5cc89 100644 --- a/src/pesigcheck_context.h +++ b/src/pesigcheck_context.h @@ -34,6 +34,7 @@ typedef enum { struct dblist { db_f_type type; + char *path; int fd; struct dblist *next; size_t size;