From patchwork Mon Feb 6 11:22:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93406 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1660993qgi; Mon, 6 Feb 2017 03:24:01 -0800 (PST) X-Received: by 10.98.138.155 with SMTP id o27mr12576193pfk.113.1486380241532; Mon, 06 Feb 2017 03:24:01 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si422082plk.2.2017.02.06.03.24.01; Mon, 06 Feb 2017 03:24:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751808AbdBFLXu (ORCPT + 2 others); Mon, 6 Feb 2017 06:23:50 -0500 Received: from mail-wr0-f171.google.com ([209.85.128.171]:32868 "EHLO mail-wr0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751795AbdBFLXt (ORCPT ); Mon, 6 Feb 2017 06:23:49 -0500 Received: by mail-wr0-f171.google.com with SMTP id i10so21673654wrb.0 for ; Mon, 06 Feb 2017 03:23:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2hgIbu/msCxC7vAQWrDLib9rUKGcPLfOg1jzXrEHHxw=; b=OdZIwQQr9AerGPHRXZP3z0OzlItWHfIR3foqkAi/STNaG2FT1sRm1snmyHVLBe1SBP vprZ19JGIt4sKzxKT3oQjBXUuD33L3eARD3+e832zQgFdfYdv1rOIsAn+o4vTAoRZObe uIuCLL/Te5Pd+FeFtaiuBg8GfJCwFayr0kOMU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2hgIbu/msCxC7vAQWrDLib9rUKGcPLfOg1jzXrEHHxw=; b=nO7Nw73zN1vvV6lbnnJewD17UR0MDQkycO9O/AyFeC9c1nq6GxY2sVGb4EyFgvDd91 67KNmjiT3oHfK6UHLcrwy+PXyy5uUrhBeF82KPXpWeRa+ce1aD+poysgGNfOAawMw8WQ pChtAN+TsxLHCdc5bmyql7WeujMGkvD7EyWG3PHAa/gp7X+UT69PV4AITTvQIEKrczWO 76bu04sEwkoD8d6HJ8d5bWMqSLpolQL0O7/lKtyNoHcYAxfO/JYJiZtr3qzaORwIRDWX BdMJBC+bFQEEu3FCsdUm+jAU64f3vE8XgZy3JwosKVsmVu9elfC6kUSGiE8qQSf5p0AO IrKg== X-Gm-Message-State: AIkVDXLDGa5PJp8CfMrU8MZfDzNvuIQaLBaebZZ4Vjs8zYra2c4ogdFOhUa5RehF6CIOP2bW X-Received: by 10.223.165.76 with SMTP id j12mr8750090wrb.17.1486380226149; Mon, 06 Feb 2017 03:23:46 -0800 (PST) Received: from localhost.localdomain ([160.169.163.122]) by smtp.gmail.com with ESMTPSA id o70sm903698wrc.20.2017.02.06.03.23.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Feb 2017 03:23:45 -0800 (PST) From: Ard Biesheuvel To: matt@codeblueprint.co.uk, Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: David Howells , Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH 4/7] efi: Get the secure boot status Date: Mon, 6 Feb 2017 11:22:43 +0000 Message-Id: <1486380166-31868-5-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> References: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: David Howells Get the firmware's secure-boot status in the kernel boot wrapper and stash it somewhere that the main kernel image can find. The efi_get_secureboot() function is extracted from the arm stub and (a) generalised so that it can be called from x86 and (b) made to use efi_call_runtime() so that it can be run in mixed-mode. For x86, it is stored in boot_params and can be overridden by the boot loader or kexec. This allows secure-boot mode to be passed on to a new kernel. Suggested-by: Lukas Wunner Signed-off-by: David Howells Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- Documentation/x86/zero-page.txt | 2 + arch/x86/boot/compressed/eboot.c | 7 ++++ arch/x86/include/uapi/asm/bootparam.h | 3 +- arch/x86/kernel/asm-offsets.c | 1 + drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/efi/libstub/arm-stub.c | 63 +++---------------------------- drivers/firmware/efi/libstub/secureboot.c | 63 +++++++++++++++++++++++++++++++ include/linux/efi.h | 8 ++++ 8 files changed, 90 insertions(+), 59 deletions(-) create mode 100644 drivers/firmware/efi/libstub/secureboot.c -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt index 95a4d34af3fd..b8527c6b7646 100644 --- a/Documentation/x86/zero-page.txt +++ b/Documentation/x86/zero-page.txt @@ -31,6 +31,8 @@ Offset Proto Name Meaning 1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below) 1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer (below) +1EB/001 ALL kbd_status Numlock is enabled +1EC/001 ALL secure_boot Secure boot is enabled in the firmware 1EF/001 ALL sentinel Used to detect broken bootloaders 290/040 ALL edd_mbr_sig_buffer EDD MBR signatures 2D0/A00 ALL e820_map E820 memory map table diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index f99978db6b6f..801c7a158e55 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -988,6 +988,13 @@ struct boot_params *efi_main(struct efi_config *c, else setup_boot_services32(efi_early); + /* + * If the boot loader gave us a value for secure_boot then we use that, + * otherwise we ask the BIOS. + */ + if (boot_params->secure_boot == efi_secureboot_mode_unset) + boot_params->secure_boot = efi_get_secureboot(sys_table); + setup_graphics(boot_params); setup_efi_pci(boot_params); diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h index b10bf319ed20..5138dacf8bb8 100644 --- a/arch/x86/include/uapi/asm/bootparam.h +++ b/arch/x86/include/uapi/asm/bootparam.h @@ -135,7 +135,8 @@ struct boot_params { __u8 eddbuf_entries; /* 0x1e9 */ __u8 edd_mbr_sig_buf_entries; /* 0x1ea */ __u8 kbd_status; /* 0x1eb */ - __u8 _pad5[3]; /* 0x1ec */ + __u8 secure_boot; /* 0x1ec */ + __u8 _pad5[2]; /* 0x1ed */ /* * The sentinel is set to a nonzero value (0xff) in header.S. * diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c index c62e015b126c..de827d6ac8c2 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -81,6 +81,7 @@ void common(void) { BLANK(); OFFSET(BP_scratch, boot_params, scratch); + OFFSET(BP_secure_boot, boot_params, secure_boot); OFFSET(BP_loadflags, boot_params, hdr.loadflags); OFFSET(BP_hardware_subarch, boot_params, hdr.hardware_subarch); OFFSET(BP_version, boot_params, hdr.version); diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 33e0e2f1a730..f7425960f6a5 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -28,7 +28,7 @@ OBJECT_FILES_NON_STANDARD := y # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. KCOV_INSTRUMENT := n -lib-y := efi-stub-helper.o gop.o +lib-y := efi-stub-helper.o gop.o secureboot.o # include the stub's generic dependencies from lib/ when building for ARM/arm64 arm-deps := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c sort.c diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c index 6fca48c9e054..d4056c6be1ec 100644 --- a/drivers/firmware/efi/libstub/arm-stub.c +++ b/drivers/firmware/efi/libstub/arm-stub.c @@ -20,52 +20,6 @@ bool __nokaslr; -static int efi_get_secureboot(efi_system_table_t *sys_table_arg) -{ - static efi_char16_t const sb_var_name[] = { - 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 }; - static efi_char16_t const sm_var_name[] = { - 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 }; - - efi_guid_t var_guid = EFI_GLOBAL_VARIABLE_GUID; - efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable; - u8 val; - unsigned long size = sizeof(val); - efi_status_t status; - - status = f_getvar((efi_char16_t *)sb_var_name, (efi_guid_t *)&var_guid, - NULL, &size, &val); - - if (status != EFI_SUCCESS) - goto out_efi_err; - - if (val == 0) - return 0; - - status = f_getvar((efi_char16_t *)sm_var_name, (efi_guid_t *)&var_guid, - NULL, &size, &val); - - if (status != EFI_SUCCESS) - goto out_efi_err; - - if (val == 1) - return 0; - - return 1; - -out_efi_err: - switch (status) { - case EFI_NOT_FOUND: - return 0; - case EFI_DEVICE_ERROR: - return -EIO; - case EFI_SECURITY_VIOLATION: - return -EACCES; - default: - return -EINVAL; - } -} - efi_status_t efi_open_volume(efi_system_table_t *sys_table_arg, void *__image, void **__fh) { @@ -157,7 +111,7 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table, efi_guid_t loaded_image_proto = LOADED_IMAGE_PROTOCOL_GUID; unsigned long reserve_addr = 0; unsigned long reserve_size = 0; - int secure_boot = 0; + enum efi_secureboot_mode secure_boot; struct screen_info *si; /* Check if we were booted by the EFI firmware */ @@ -227,19 +181,14 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table, pr_efi_err(sys_table, "Failed to parse EFI cmdline options\n"); secure_boot = efi_get_secureboot(sys_table); - if (secure_boot > 0) - pr_efi(sys_table, "UEFI Secure Boot is enabled.\n"); - - if (secure_boot < 0) { - pr_efi_err(sys_table, - "could not determine UEFI Secure Boot status.\n"); - } /* - * Unauthenticated device tree data is a security hazard, so - * ignore 'dtb=' unless UEFI Secure Boot is disabled. + * Unauthenticated device tree data is a security hazard, so ignore + * 'dtb=' unless UEFI Secure Boot is disabled. We assume that secure + * boot is enabled if we can't determine its state. */ - if (secure_boot != 0 && strstr(cmdline_ptr, "dtb=")) { + if (secure_boot != efi_secureboot_mode_disabled && + strstr(cmdline_ptr, "dtb=")) { pr_efi(sys_table, "Ignoring DTB from command line.\n"); } else { status = handle_cmdline_files(sys_table, image, cmdline_ptr, diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c new file mode 100644 index 000000000000..62d6904da800 --- /dev/null +++ b/drivers/firmware/efi/libstub/secureboot.c @@ -0,0 +1,63 @@ +/* + * Secure boot handling. + * + * Copyright (C) 2013,2014 Linaro Limited + * Roy Franz + * + * This file is part of the Linux kernel, and is made available under the + * terms of the GNU General Public License version 2. + * + */ + +#include +#include + +/* BIOS variables */ +static const efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID; +static const efi_char16_t const efi_SecureBoot_name[] = { + 'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 +}; +static const efi_char16_t const efi_SetupMode_name[] = { + 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 +}; + +#define get_efi_var(name, vendor, ...) \ + efi_call_runtime(get_variable, \ + (efi_char16_t *)(name), (efi_guid_t *)(vendor), \ + __VA_ARGS__); + +/* + * Determine whether we're in secure boot mode. + */ +enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) +{ + u8 secboot, setupmode; + unsigned long size; + efi_status_t status; + + size = sizeof(secboot); + status = get_efi_var(efi_SecureBoot_name, &efi_variable_guid, + NULL, &size, &secboot); + if (status != EFI_SUCCESS) + goto out_efi_err; + + size = sizeof(setupmode); + status = get_efi_var(efi_SetupMode_name, &efi_variable_guid, + NULL, &size, &setupmode); + if (status != EFI_SUCCESS) + goto out_efi_err; + + if (secboot == 0 || setupmode == 1) + return efi_secureboot_mode_disabled; + + pr_efi(sys_table_arg, "UEFI Secure Boot is enabled.\n"); + return efi_secureboot_mode_enabled; + +out_efi_err: + pr_efi_err(sys_table_arg, "Could not determine UEFI Secure Boot status.\n"); + if (status == EFI_NOT_FOUND) + return efi_secureboot_mode_disabled; + return efi_secureboot_mode_unknown; +} diff --git a/include/linux/efi.h b/include/linux/efi.h index 52c87de3e50d..729ee6a2579b 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1480,6 +1480,14 @@ efi_status_t efi_setup_gop(efi_system_table_t *sys_table_arg, bool efi_runtime_disabled(void); extern void efi_call_virt_check_flags(unsigned long flags, const char *call); +enum efi_secureboot_mode { + efi_secureboot_mode_unset, + efi_secureboot_mode_unknown, + efi_secureboot_mode_disabled, + efi_secureboot_mode_enabled, +}; +enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table); + /* * Arch code can implement the following three template macros, avoiding * reptition for the void/non-void return cases of {__,}efi_call_virt(): From patchwork Mon Feb 6 11:22:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93407 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1660995qgi; Mon, 6 Feb 2017 03:24:01 -0800 (PST) X-Received: by 10.99.217.17 with SMTP id r17mr12820064pgg.140.1486380241731; Mon, 06 Feb 2017 03:24:01 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si422082plk.2.2017.02.06.03.24.01; Mon, 06 Feb 2017 03:24:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751795AbdBFLXv (ORCPT + 2 others); Mon, 6 Feb 2017 06:23:51 -0500 Received: from mail-wm0-f50.google.com ([74.125.82.50]:38035 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751807AbdBFLXu (ORCPT ); Mon, 6 Feb 2017 06:23:50 -0500 Received: by mail-wm0-f50.google.com with SMTP id r141so109555018wmg.1 for ; Mon, 06 Feb 2017 03:23:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lDQ2OaigcAMTMQ5VbkvX/iwztMxUUK1a1KJQ6rOZmPI=; b=iJJ3dKOr2eA75VL1FqT8mu8Okhzg6ImFWKbwXXMPStWVsSTi7ia0twaoYySZt/bya4 BlL1gW+JeGRxmfBdw7CTZoPF4bZzOu0P6HNMsHCP3AKtECmV72owWSFiKZ8iM2ZpDYGf rxfB3Ga1odTNIc1mOX8q1xFDW4RsfsrnjuYSo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lDQ2OaigcAMTMQ5VbkvX/iwztMxUUK1a1KJQ6rOZmPI=; b=A6ms0nCrG0ZhfPSIapdNhVGkktkvwCaCAGQiMyueCgCmwPEegprBWtOivXibuRbOZZ J0BzdFIC0CFHLR0fiiaPJX+JNEbh3i7qw55ocmc6QzEech9CcpAr76ruqkWYutT9v73G XXMzGr4BiCPLX/gw8Lh/pvf80RUCpu6O28zNdT/hlXhTzSIk5rpXtA8KDkz87FNoI9Px cClG3WXo4ttz1nGVSYa8nb8GS7/OI+t/eheFhXoVeYaA5TnY6FbjDFFKlQbyJWMh/EA8 1wjD89EdKv9kMf5WMvPE3wF54iwvbav2eqHI8HXx/EbfZakbIQq4EwskYaJ44n6kvdBS COHg== X-Gm-Message-State: AMke39ljSto9AD48FAHigs+l06zitt0LxGXewWLed5L8cdCS0RSHlTgxsnPY4T3vZK/cPsJH X-Received: by 10.28.148.76 with SMTP id w73mr8467246wmd.43.1486380228776; Mon, 06 Feb 2017 03:23:48 -0800 (PST) Received: from localhost.localdomain ([160.169.163.122]) by smtp.gmail.com with ESMTPSA id o70sm903698wrc.20.2017.02.06.03.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Feb 2017 03:23:48 -0800 (PST) From: Ard Biesheuvel To: matt@codeblueprint.co.uk, Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Josh Boyer , Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, David Howells Subject: [PATCH 5/7] efi: Disable secure boot if shim is in insecure mode Date: Mon, 6 Feb 2017 11:22:44 +0000 Message-Id: <1486380166-31868-6-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> References: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Josh Boyer A user can manually tell the shim boot loader to disable validation of images it loads. When a user does this, it creates a UEFI variable called MokSBState that does not have the runtime attribute set. Given that the user explicitly disabled validation, we can honor that and not enable secure boot mode if that variable is set. Signed-off-by: Josh Boyer Signed-off-by: David Howells Cc: Matt Fleming Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/secureboot.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c index 62d6904da800..766ac06dac84 100644 --- a/drivers/firmware/efi/libstub/secureboot.c +++ b/drivers/firmware/efi/libstub/secureboot.c @@ -23,6 +23,12 @@ static const efi_char16_t const efi_SetupMode_name[] = { 'S', 'e', 't', 'u', 'p', 'M', 'o', 'd', 'e', 0 }; +/* SHIM variables */ +static const efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID; +static efi_char16_t const shim_MokSBState_name[] = { + 'M', 'o', 'k', 'S', 'B', 'S', 't', 'a', 't', 'e', 0 +}; + #define get_efi_var(name, vendor, ...) \ efi_call_runtime(get_variable, \ (efi_char16_t *)(name), (efi_guid_t *)(vendor), \ @@ -33,7 +39,8 @@ static const efi_char16_t const efi_SetupMode_name[] = { */ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) { - u8 secboot, setupmode; + u32 attr; + u8 secboot, setupmode, moksbstate; unsigned long size; efi_status_t status; @@ -52,6 +59,22 @@ enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg) if (secboot == 0 || setupmode == 1) return efi_secureboot_mode_disabled; + /* + * See if a user has put shim into insecure mode. If so, and if the + * variable doesn't have the runtime attribute set, we might as well + * honor that. + */ + size = sizeof(moksbstate); + status = get_efi_var(shim_MokSBState_name, &shim_guid, + &attr, &size, &moksbstate); + + /* If it fails, we don't care why. Default to secure */ + if (status != EFI_SUCCESS) + goto secure_boot_enabled; + if (!(attr & EFI_VARIABLE_RUNTIME_ACCESS) && moksbstate == 1) + return efi_secureboot_mode_disabled; + +secure_boot_enabled: pr_efi(sys_table_arg, "UEFI Secure Boot is enabled.\n"); return efi_secureboot_mode_enabled; From patchwork Mon Feb 6 11:22:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93409 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1661044qgi; Mon, 6 Feb 2017 03:24:10 -0800 (PST) X-Received: by 10.99.48.68 with SMTP id w65mr12724095pgw.107.1486380249978; Mon, 06 Feb 2017 03:24:09 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l33si421891pld.26.2017.02.06.03.24.09; Mon, 06 Feb 2017 03:24:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751887AbdBFLYB (ORCPT + 2 others); Mon, 6 Feb 2017 06:24:01 -0500 Received: from mail-wr0-f179.google.com ([209.85.128.179]:34281 "EHLO mail-wr0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751473AbdBFLYA (ORCPT ); Mon, 6 Feb 2017 06:24:00 -0500 Received: by mail-wr0-f179.google.com with SMTP id o16so21721306wra.1 for ; Mon, 06 Feb 2017 03:23:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ROKcIhM4fG3zwMNC6zOqiTeytdqVa8CunxyL9zVRgDA=; b=TSi3u9u+HUrv62M/tsLxYWhQ1fCWtM+RRCE508KCgpATP+WS6Ix2k4ihBjx9OXIUMT dmgndMl8onSNwXHYYzJund/fPJfeMG/0RUx2DlxYg43jyv1/lokbWFaFBQu0KPhnAJz2 kJBVi6zHT4kth3wbecj+rq2lReLj3ymtUAjHA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ROKcIhM4fG3zwMNC6zOqiTeytdqVa8CunxyL9zVRgDA=; b=DOykqo2kzPDEKUnNv0rx9o0ZIeZZ4TuSn+Tqvd/R+vgNFteVpmHFNdGfHzuoZWZIQe xkOhaiGaEGKoXBSsRpMWimiQZLn0UDd+AyKqChO3VeqkFD73VdDnA15w6qXs6/NRyUav 4vqU08kwxcDY26Rmsf1a8UMkMWxPbks8YkI9vBSvxp2pog3wIw1VvZHqgAPOecpqcyaB ihbFaDnbF/gNol7+yBFyoarpYlsdb0WomVpqx1pTi5sG+/9jwbaYFEIMPqomDSppulLN 3B4Gb7KgZImJefp+OX7Q23bi3i+VPKdF5GNTqMUqeUS1ehz6o2D42f38yKvfTRsoxoab RS2A== X-Gm-Message-State: AIkVDXJRcVHBLsP3q4jloDRi3JH7sP+B18qfcoCL4yz4RMNebVDsI+auxXsXMSvDNbJ+k/aW X-Received: by 10.223.160.132 with SMTP id m4mr10449431wrm.116.1486380233990; Mon, 06 Feb 2017 03:23:53 -0800 (PST) Received: from localhost.localdomain ([160.169.163.122]) by smtp.gmail.com with ESMTPSA id o70sm903698wrc.20.2017.02.06.03.23.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Feb 2017 03:23:53 -0800 (PST) From: Ard Biesheuvel To: matt@codeblueprint.co.uk, Ingo Molnar , Thomas Gleixner , "H . Peter Anvin" Cc: Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH 7/7] efi: libstub: Make file I/O chunking x86-specific Date: Mon, 6 Feb 2017 11:22:46 +0000 Message-Id: <1486380166-31868-8-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> References: <1486380166-31868-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org The ARM decompressor is finicky when it comes to uninitialized variables with local linkage, the reason being that it may relocate .text and .bss independently when executing from ROM. This is only possible if all references into .bss from .text are absolute, and this happens to be the case for references emitted under -fpic to symbols with external linkage, and so all .bss references must involve symbols with external linkage. When building the ARM stub using clang, the initialized local variable __chunk_size is optimized into a zero-initialized flag that indicates whether chunking is in effect or not. This flag is therefore emitted into .bss, which triggers the ARM decompressor's diagnostics, resulting in a failed build. Under UEFI, we never execute the decompressor from ROM, so the diagnostic makes little sense here. But we can easily work around the issue by making __chunk_size global instead. However, given that the file I/O chunking that is controlled by the __chunk_size variable is intended to work around known bugs on various x86 implementations of UEFI, we can simply make the chunking an x86 specific feature. This is an improvement by itself, and also removes the need to parse the efi= options in the stub entirely. Signed-off-by: Ard Biesheuvel Tested-by: Arnd Bergmann Reviewed-by: Matt Fleming --- drivers/firmware/efi/libstub/efi-stub-helper.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 6ee9164251a9..2a07b867bec7 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -414,6 +414,14 @@ efi_status_t efi_parse_options(char *cmdline) char *str; /* + * Currently, the only efi= option we look for is 'nochunk', which + * is intended to work around known issues on certain x86 UEFI + * versions. So ignore for now on other architectures. + */ + if (!IS_ENABLED(CONFIG_X86)) + return EFI_SUCCESS; + + /* * If no EFI parameters were specified on the cmdline we've got * nothing to do. */ @@ -586,7 +594,9 @@ efi_status_t handle_cmdline_files(efi_system_table_t *sys_table_arg, size = files[j].size; while (size) { unsigned long chunksize; - if (size > __chunk_size) + + if (IS_ENABLED(CONFIG_X86) && + size > __chunk_size) chunksize = __chunk_size; else chunksize = size;