From patchwork Fri Apr  4 18:45:13 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leif Lindholm <leif.lindholm@linaro.org>
X-Patchwork-Id: 27859
Return-Path: <patchwork-forward+bncBDT5PUNIR4DBBCP47OMQKGQEYCOVVVA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-ob0-f197.google.com (mail-ob0-f197.google.com
 [209.85.214.197])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 08ABD20369
 for <linaro@patches.linaro.org>; Fri,  4 Apr 2014 18:46:33 +0000 (UTC)
Received: by mail-ob0-f197.google.com with SMTP id wp18sf12090799obc.0
 for <linaro@patches.linaro.org>; Fri, 04 Apr 2014 11:46:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:sender:precedence:list-id
 :x-original-sender:x-original-authentication-results:mailing-list
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=kLL4Fl+cv+g8ICp12buBfJJjeSdE8bHBrDIqMx44Y+o=;
 b=IHyD7XhrLQc2I9T3ZDpE5L+unNkwSzLUwX2W6yWHE5Cy5ZvH/TjHydasJugniJhhse
 nTtiIhbM1TjBW4H3oTviJYvyHk1uEdRZIQz6ARheBJOpfpcPzxe7MqnxHOFpptdsc3CZ
 r5N5bBYllh3Y78VQo/SUEBiXLHVV+Qssee9cpXSEUqb41BQBP7o4A3mr5P6BZuAv4eWJ
 caim/r+nE44CN17CNZb1NbP/WPd68qdLXk46zOZNhDUYY6nMh745b4hHJEW0FtDLCpSG
 jyIyr76pUuEFvwe29OwyzU1brWbDH8zngXtOujAW6wOLosJMHBXlgK8GoS5N7hrjWYns
 7jYw==
X-Gm-Message-State: ALoCoQmsdcLBTpeuFsUqrPFN1dRTxxu2LqTlHN91/xa6bwQ3/NnSKUgIAckfCbzbYjD7YpFOlefN
X-Received: by 10.42.20.144 with SMTP id g16mr983171icb.29.1396637193346;
 Fri, 04 Apr 2014 11:46:33 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.23.234 with SMTP id 97ls1167313qgp.68.gmail; Fri, 04 Apr
 2014 11:46:33 -0700 (PDT)
X-Received: by 10.52.165.105 with SMTP id yx9mr12129406vdb.22.1396637193099; 
 Fri, 04 Apr 2014 11:46:33 -0700 (PDT)
Received: from mail-vc0-f170.google.com (mail-vc0-f170.google.com
 [209.85.220.170]) by mx.google.com with ESMTPS id
 cb3si1884866vdc.23.2014.04.04.11.46.33
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 04 Apr 2014 11:46:33 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.220.170 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.170; 
Received: by mail-vc0-f170.google.com with SMTP id hu19so3526804vcb.1
 for <patchwork-forward@linaro.org>;
 Fri, 04 Apr 2014 11:46:32 -0700 (PDT)
X-Received: by 10.52.141.105 with SMTP id rn9mr648609vdb.44.1396637192930;
 Fri, 04 Apr 2014 11:46:32 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.220.12.8 with SMTP id v8csp136324vcv;
 Fri, 4 Apr 2014 11:46:31 -0700 (PDT)
X-Received: by 10.67.1.106 with SMTP id bf10mr6377475pad.78.1396637191316;
 Fri, 04 Apr 2014 11:46:31 -0700 (PDT)
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 wt1si4916870pbc.376.2014.04.04.11.46.30; 
 Fri, 04 Apr 2014 11:46:30 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1754221AbaDDSqT (ORCPT <rfc822;markus.mayer@linaro.org>
 + 27 others); Fri, 4 Apr 2014 14:46:19 -0400
Received: from mail-we0-f169.google.com ([74.125.82.169]:61451 "EHLO
 mail-we0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1754189AbaDDSqI (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 4 Apr 2014 14:46:08 -0400
Received: by mail-we0-f169.google.com with SMTP id w62so3929460wes.14
 for <linux-kernel@vger.kernel.org>;
 Fri, 04 Apr 2014 11:46:07 -0700 (PDT)
X-Received: by 10.180.149.240 with SMTP id ud16mr6677603wib.23.1396637167816; 
 Fri, 04 Apr 2014 11:46:07 -0700 (PDT)
Received: from mohikan.mushroom.smurfnet.nu
 (cpc4-cmbg17-2-0-cust71.5-4.cable.virginm.net. [86.14.224.72])
 by mx.google.com with ESMTPSA id
 cu6sm3899626wjb.8.2014.04.04.11.46.06 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 04 Apr 2014 11:46:07 -0700 (PDT)
From: Leif Lindholm <leif.lindholm@linaro.org>
To: linux-arm-kernel@lists.infradead.org, linux-efi@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>, 
 Leif Lindholm <leif.lindholm@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Matt Fleming <matt.fleming@intel.com>
Subject: [PATCH v3 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is
 enabled
Date: Fri,  4 Apr 2014 19:45:13 +0100
Message-Id: <1396637113-22790-11-git-send-email-leif.lindholm@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1396637113-22790-1-git-send-email-leif.lindholm@linaro.org>
References: <1396637113-22790-1-git-send-email-leif.lindholm@linaro.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: list
List-ID: <patchwork-forward.linaro.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: leif.lindholm@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.170 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Loading unauthenticated FDT blobs directly from storage is a security hazard,
so this should only be allowed when running with UEFI Secure Boot disabled.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Matt Fleming <matt.fleming@intel.com>
---
 drivers/firmware/efi/arm-stub.c        |   15 +++++++++++----
 drivers/firmware/efi/efi-stub-helper.c |   24 ++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/efi/arm-stub.c b/drivers/firmware/efi/arm-stub.c
index b9b7c00..c8988b2 100644
--- a/drivers/firmware/efi/arm-stub.c
+++ b/drivers/firmware/efi/arm-stub.c
@@ -145,7 +145,7 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 	/* addr/point and size pairs for memory management*/
 	unsigned long initrd_addr;
 	u64 initrd_size = 0;
-	unsigned long fdt_addr;  /* Original DTB */
+	unsigned long fdt_addr = 0;  /* Original DTB */
 	u64 fdt_size = 0;  /* We don't get size from configuration table */
 	char *cmdline_ptr = NULL;
 	int cmdline_size = 0;
@@ -197,9 +197,13 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 		goto fail_free_image;
 	}
 
-	/* Load a device tree from the configuration table, if present. */
-	fdt_addr = (uintptr_t)get_fdt(sys_table);
-	if (!fdt_addr) {
+	/*
+	 * Unauthenticated device tree data is a security hazard, so
+	 * ignore 'dtb=' unless UEFI Secure Boot is disabled.
+	 */
+	if (efi_secureboot_enabled(sys_table)) {
+		pr_efi(sys_table, "UEFI Secure Boot is enabled.\n");
+	} else {
 		status = handle_cmdline_files(sys_table, image, cmdline_ptr,
 					      "dtb=",
 					      ~0UL, (unsigned long *)&fdt_addr,
@@ -210,6 +214,9 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 			goto fail_free_cmdline;
 		}
 	}
+	if (!fdt_addr)
+		/* Look for a device tree configuration table entry. */
+		fdt_addr = (uintptr_t)get_fdt(sys_table);
 
 	status = handle_cmdline_files(sys_table, image, cmdline_ptr,
 				      "initrd=", dram_base + SZ_512M,
diff --git a/drivers/firmware/efi/efi-stub-helper.c b/drivers/firmware/efi/efi-stub-helper.c
index 998b884..8f8b538 100644
--- a/drivers/firmware/efi/efi-stub-helper.c
+++ b/drivers/firmware/efi/efi-stub-helper.c
@@ -632,3 +632,27 @@ static char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,
 	*cmd_line_len = options_bytes;
 	return (char *)cmdline_addr;
 }
+
+static int __init efi_secureboot_enabled(efi_system_table_t *sys_table_arg)
+{
+	static efi_guid_t const var_guid __initconst = EFI_GLOBAL_VARIABLE_GUID;
+	static efi_char16_t const var_name[] __initconst = {
+		'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
+
+	efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable;
+	unsigned long size = sizeof(u8);
+	efi_status_t status;
+	u8 val;
+
+	status = efi_call_phys5(f_getvar, (efi_char16_t *)var_name,
+				(efi_guid_t *)&var_guid, NULL, &size, &val);
+
+	switch (status) {
+	case EFI_SUCCESS:
+		return val;
+	case EFI_NOT_FOUND:
+		return 0;
+	default:
+		return 1;
+	}
+}