From patchwork Wed Feb  5 17:04:12 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leif Lindholm <leif.lindholm@linaro.org>
X-Patchwork-Id: 24211
Return-Path: <patchwork-forward+bncBDT5PUNIR4DBBAW7ZGLQKGQE73OUVBI@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-oa0-f69.google.com (mail-oa0-f69.google.com
 [209.85.219.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id D273220675
 for <linaro@patches.linaro.org>; Wed,  5 Feb 2014 17:06:11 +0000 (UTC)
Received: by mail-oa0-f69.google.com with SMTP id h16sf3555633oag.4
 for <linaro@patches.linaro.org>; Wed, 05 Feb 2014 09:06:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=4jFuX23Qkffw42FRFu/Fhvud5znWKVg8wUcdR57/ex8=;
 b=MfXp99zcmwm/b7+sTZHPdIB9V+u+jpH2VRejehRrIkL+ZT9zF5SHmrbQjAdqb8Aaso
 LLQChRkvEOezsvwmlXyDo9VmBz+gWRpCNzBk+n4t3UDSSCyWd9cII3IwbxXUe1/ioPPr
 K8WsatcNCpS0auKEu7Sh+43kl934T1iqVA+r2iF7M+R0LXj6AtV5VDUm69wvWtT2Xb/V
 KjsRQE/WFELO7tRVxGozI5jcJfcGygK44aXPw6Kn/xIboRgCWYFSMeT1udUrjwHBfud7
 gVdEGFG6+bS59z/m5R5cczdcYzOyfMhmXld0huP8TsSkqqSIazcRnsZ+UDrzDFYTVF5U
 V2sw==
X-Gm-Message-State: ALoCoQm4QmDwNkVCwyEyuwO/fv7FaxvCd0/Qaee6o7kzCKd/snvituWC+28ZnUEz5yt0zjA+eycp
X-Received: by 10.43.158.9 with SMTP id ls9mr960215icc.18.1391619970675;
 Wed, 05 Feb 2014 09:06:10 -0800 (PST)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.20.100 with SMTP id 91ls224049qgi.18.gmail; Wed, 05 Feb
 2014 09:06:10 -0800 (PST)
X-Received: by 10.52.251.232 with SMTP id zn8mr776639vdc.41.1391619970563;
 Wed, 05 Feb 2014 09:06:10 -0800 (PST)
Received: from mail-vb0-f43.google.com (mail-vb0-f43.google.com
 [209.85.212.43])
 by mx.google.com with ESMTPS id a5si2036251vez.6.2014.02.05.09.06.10
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 05 Feb 2014 09:06:10 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.212.43 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.212.43; 
Received: by mail-vb0-f43.google.com with SMTP id p5so500305vbn.2
 for <patchwork-forward@linaro.org>;
 Wed, 05 Feb 2014 09:06:10 -0800 (PST)
X-Received: by 10.58.186.132 with SMTP id fk4mr1710896vec.9.1391619970395;
 Wed, 05 Feb 2014 09:06:10 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.220.174.196 with SMTP id u4csp64693vcz;
 Wed, 5 Feb 2014 09:06:09 -0800 (PST)
X-Received: by 10.180.11.233 with SMTP id t9mr20831030wib.1.1391619939502;
 Wed, 05 Feb 2014 09:05:39 -0800 (PST)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com
 [74.125.82.172])
 by mx.google.com with ESMTPS id w3si9093931wij.4.2014.02.05.09.05.38
 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 05 Feb 2014 09:05:39 -0800 (PST)
Received-SPF: neutral (google.com: 74.125.82.172 is neither permitted nor
 denied by best guess record for domain of
 leif.lindholm@linaro.org) client-ip=74.125.82.172; 
Received: by mail-we0-f172.google.com with SMTP id p61so515521wes.3
 for <patches@linaro.org>; Wed, 05 Feb 2014 09:05:38 -0800 (PST)
X-Received: by 10.194.60.37 with SMTP id e5mr2208581wjr.32.1391619938772;
 Wed, 05 Feb 2014 09:05:38 -0800 (PST)
Received: from mohikan.mushroom.smurfnet.nu
 (cpc4-cmbg17-2-0-cust71.5-4.cable.virginm.net. [86.14.224.72])
 by mx.google.com with ESMTPSA id
 p1sm47427211wie.1.2014.02.05.09.05.37 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 05 Feb 2014 09:05:38 -0800 (PST)
From: Leif Lindholm <leif.lindholm@linaro.org>
To: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
 linux-efi@vger.kernel.org
Cc: patches@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Leif Lindholm <leif.lindholm@linaro.org>
Subject: [PATCH 21/22] arm: efistub: ignore dtb= when UEFI SecureBoot is
 enabled
Date: Wed,  5 Feb 2014 17:04:12 +0000
Message-Id: <1391619853-10601-22-git-send-email-leif.lindholm@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1391619853-10601-1-git-send-email-leif.lindholm@linaro.org>
References: <1391619853-10601-1-git-send-email-leif.lindholm@linaro.org>
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: leif.lindholm@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.212.43 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Loading unauthenticated FDT blobs directly from storage is a security hazard,
so this should only be allowed when running with UEFI Secure Boot disabled.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 drivers/firmware/efi/arm-stub.c        |    4 +++-
 drivers/firmware/efi/efi-stub-helper.c |   24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/arm-stub.c b/drivers/firmware/efi/arm-stub.c
index b505fde..c651082 100644
--- a/drivers/firmware/efi/arm-stub.c
+++ b/drivers/firmware/efi/arm-stub.c
@@ -95,7 +95,9 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,
 
 	/* Load a device tree from the configuration table, if present. */
 	fdt_addr = (uintptr_t)get_fdt(sys_table);
-	if (!fdt_addr) {
+	if (efi_secureboot_enabled(sys_table))
+		pr_efi(sys_table, "UEFI Secure Boot is enabled, ignoring dtb= commandline option.\n");
+	else if (!fdt_addr) {
 		status = handle_cmdline_files(sys_table, image, cmdline_ptr,
 					      "dtb=",
 					      ~0UL, (unsigned long *)&fdt_addr,
diff --git a/drivers/firmware/efi/efi-stub-helper.c b/drivers/firmware/efi/efi-stub-helper.c
index 2ee69ea..6221be7 100644
--- a/drivers/firmware/efi/efi-stub-helper.c
+++ b/drivers/firmware/efi/efi-stub-helper.c
@@ -721,3 +721,27 @@ static char *efi_convert_cmdline(efi_system_table_t *sys_table_arg,
 	*cmd_line_len = options_bytes;
 	return (char *)cmdline_addr;
 }
+
+static int __init efi_secureboot_enabled(efi_system_table_t *sys_table_arg)
+{
+	static efi_guid_t const var_guid __initconst = EFI_GLOBAL_VARIABLE_GUID;
+	static efi_char16_t const var_name[] __initconst = {
+		'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
+
+	efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable;
+	unsigned long size = sizeof(u8);
+	efi_status_t status;
+	u8 val;
+
+	status = efi_call_phys5(f_getvar, (efi_char16_t *)var_name,
+				(efi_guid_t *)&var_guid, NULL, &size, &val);
+
+	switch (status) {
+	case EFI_SUCCESS:
+		return val;
+	case EFI_NOT_FOUND:
+		return 0;
+	default:
+		return 1;
+	}
+}