From patchwork Wed Jul 8 05:01:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 241007 List-Id: U-Boot discussion From: takahiro.akashi at linaro.org (AKASHI Takahiro) Date: Wed, 8 Jul 2020 14:01:50 +0900 Subject: [PATCH v3 00/13] efi_loader: rework/improve UEFI secure boot code Message-ID: <20200708050203.15230-1-takahiro.akashi@linaro.org> Summary ======= I'm currently working on reworking UEFI secure boot, aiming to add "intermediate certificates" support. In this effort, I found a couple of issues that should immediately be fixed or useful improvements even without intermediate certificates support. Each commit in this patch series has self-explained description of the issue to be addressed. While they are independent in terms of functionality, they are compiled in a set since the one may depend on the other in terms of code change overlap. All the changes can and should be merged at once for best convenience. Patch structure =============== Patch#1,#5: rather preparatory patches Patch#2-#4,#6-#7: main commits Patch#8-#13: pytests Patch#11-#12 for Patch#6 Patch#13 for Patch#7 Prerequisite ============ The version of "sbsign" command must be 0.7 or higher to sign an image with multiple signatures. It is required here for testing. Test ==== - The added new pytests in test_signed.py passed locally. - Travis CI passed, except Test Case 5 for signed image (test_efi_signed_image_auth5) because the version of "sbsign" command is old and it doesn't support multiple signatures. v3 (Jul 8, 2020) * rebased to Heinrich's (current) efi-2020-10-rc1 * removed already-merged commits * include pylint fixes (patch#8, #9 and #10-#13) * print time64_t in "0x%llx" format (patch#4) * make a small change on a description about efi_hash_regions() (patch#5) v2 (Jun 9, 2020) * on top of v2020.07-rc4 * add patch#1,#2 to remove unnecessary hacks in pytest * use EFI_PRINT() instead of debug() everywhere (patch#3-#5) * fix a verification logic so that we should reject an image if, at least, one of signaures be verified by dbx. New efi_signature_verify_one() has a main role. (patch#10) * use "llu" format instead of "llx" to print out the revocation time (patch#10) * add some description about verification logic against multiple signatures (patch#11) v1 (May 29, 2020) * initial release AKASHI Takahiro (13): lib/crypto, efi_loader: avoid multiple inclusions of header files efi_loader: image_loader: add a check against certificate type of authenticode efi_loader: image_loader: retrieve authenticode only if it exists efi_loader: signature: fix a size check against revocation list efi_loader: signature: make efi_hash_regions more generic efi_loader: image_loader: verification for all signatures should pass efi_loader: image_loader: add digest-based verification for signed image test/py: efi_secboot: apply autopep8 test/py: efi_secboot: more fixes against pylint test/py: efi_secboot: split "signed image" test case-1 into two cases test/py: efi_secboot: add a test against certificate revocation test/py: efi_secboot: add a test for multiple signatures test/py: efi_secboot: add a test for verifying with digest of signed image include/efi_loader.h | 15 +- lib/efi_loader/efi_image_loader.c | 163 +++++-- lib/efi_loader/efi_signature.c | 436 +++++++++--------- test/py/tests/test_efi_secboot/conftest.py | 104 +++-- test/py/tests/test_efi_secboot/defs.py | 14 +- .../py/tests/test_efi_secboot/test_authvar.py | 92 ++-- test/py/tests/test_efi_secboot/test_signed.py | 206 +++++++-- .../tests/test_efi_secboot/test_unsigned.py | 66 +-- 8 files changed, 679 insertions(+), 417 deletions(-)