From patchwork Fri Feb 4 07:32:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 539860 Delivered-To: patch@linaro.org Received: by 2002:ac0:f7d2:0:0:0:0:0 with SMTP id i18csp3035721imr; Thu, 3 Feb 2022 23:32:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJy3Y1N2egrebNOwwaRE3oCniPWTzJotr7JJQfbRUHwwjaTfg0ci/KAez0vN3vcG22XARd85 X-Received: by 2002:a17:907:a422:: with SMTP id sg34mr1396288ejc.221.1643959937782; Thu, 03 Feb 2022 23:32:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643959937; cv=none; d=google.com; s=arc-20160816; b=0TTh2Ne4Kb4bclqvYQDXPTTJLuH0eTZZSoQ9SnfrzQrDBWaoL9tE4CJx7HyfsL8x6k P+EZalz86DUMYkQ4Whc97ioT4usf+ae3zQ6tQJKuELAPiZSdbRjyBuA6wFj+KR3A3U04 yzuBpJrTxBE4sZ83AmHmL+hOpFhb7oXnfi/b40huek2emgRjyADhumdqH+Q868WSBL1w oitw2lz0541Ixn8p5xdAU/L6JRO3GhGDNHZrf0m6vhsDHaEkrMcqCeb6ze9K2gn5JidR ZbqAk6mNsE+U/w1wTmcEnAobyjA0V92JJ4knlXUHz09oZh7e6jgGd9qOibapWJgajZmG MAfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=v2dwXLOTo49w8L/BtXHABdAAuLkyD8bI6NjAYzZA1u0=; b=vrpmJN+DJJ85zrBL9V5AdmMQ1UGmjJIEr8+zGCauJliEgtnIkNxdwAP0gf0a/Mb2CO OLXc1C+UhKZPF10x1XKtMd4sBoE2Y8I91lG6ljCmc2HVRnPQ71QAcJed2+gPE/QKakOF WgrSaRWShxLCGEyS2RbbUUMNU9WsBCoe7W5k3RDaYsQxwlbf4EvYT4piWHaCvVMGceoT yVXXpRjZLXbw/jMncKf0D9eWsDmk7uEPs5es96xXkaQA7EYjp6mJowR7fLRXlewzKRKy ysCSAdGsJVpUSzRalbw04k4zSMXJehX60D7GahnhkLc6lOX7tFj2npg0F1WqbnHBGXuo 4zfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cbWkngCB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id dd7si817635ejc.993.2022.02.03.23.32.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:32:17 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=cbWkngCB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7830483A49; Fri, 4 Feb 2022 08:32:15 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="cbWkngCB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B8E1783A51; Fri, 4 Feb 2022 08:32:09 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4122882A6C for ; Fri, 4 Feb 2022 08:32:06 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x535.google.com with SMTP id p12so11335348edq.9 for ; Thu, 03 Feb 2022 23:32:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=v2dwXLOTo49w8L/BtXHABdAAuLkyD8bI6NjAYzZA1u0=; b=cbWkngCBFKxwYMSZNgrF/6ng1UlgV7uhTwUAenoCX6NLDMteq86aOBwdsNOkUb1PCU lL7KW1i6p+WXkqxdsFGBzR7Fp+SIANVOpwCZ5gL2r0pcy3RslnBxIEh7838z20hMa5M2 hWWvjJvbgKN91oZLpNcorzbX5q4BlNYgfsRI4VoIe/bjR1l808X42+qJld373yJb3h4v U1idsBfH7ntBG6xbDDAL5dCMKGGJhio/nY0D3DvHr9BfvG7YA5NFop15bHiOB8N7oEvq IsBcpW1V7ipdhT9lgrK6dvD0e70iP3Z1bvBFc0ENgzNZFV0lXbR24qaaCNk6KwK9g6Rn +pxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=v2dwXLOTo49w8L/BtXHABdAAuLkyD8bI6NjAYzZA1u0=; b=Rjv3u6eE0UOnZeR4vz7sVjYy/qlmiix8cUrG1L7Fevf2BLtEQ/OCgAX04aFU9SzBSi wBd/RSMASOn6J6PKMBJ6mCQf5VMPICDO3MjTJ0iAArbY+gLpxR2VagVPbF/7M3WwIEBJ L6kvoa0//MyK/1Nli6WsMEhFKWyrd5ACjO2XAX0Nd0nsAFKwjjJ4S53zoo8W9ZzkiqR1 0hdFtrfIY1sIg8RjkC+v9CjG9ez9WPyGWHoJQ/lDoCWh887er9YBIH3xLe94uhlShcsE 3FVZhQ3U4kv3JXbugsAzsUA9wnxfkKHvvQJMleIfopvM7L+s1DmTDBvlA49EVQyqNz7Y hV3A== X-Gm-Message-State: AOAM531PvF0jjUu8Ae386mqKVLiUm8wsQgP1BVDTK4SbdRi7dcxLcrTy lyy+NJL8Yfs3PX13Vm2vVnNRcg== X-Received: by 2002:a05:6402:d0d:: with SMTP id eb13mr1789851edb.186.1643959925415; Thu, 03 Feb 2022 23:32:05 -0800 (PST) Received: from hades.. ([2a02:587:46a6:e776:3efd:feff:fe6b:c5cb]) by smtp.gmail.com with ESMTPSA id lt12sm359904ejb.166.2022.02.03.23.32.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 23:32:04 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de, takahiro.akashi@linaro.org Cc: Ilias Apalodimas , u-boot@lists.denx.de Subject: [RFC PATCH 1/2] efi_loader: fix dual signed image certification Date: Fri, 4 Feb 2022 09:32:01 +0200 Message-Id: <20220204073202.4141198-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The EFI spec allows for images to carry multiple signatures. Currently we don't adhere to the verification process for such images. The spec says: "Multiple signatures are allowed to exist in the binary's certificate table (as per PE/COFF Section "Attribute Certificate Table"). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx." With our current implementation signing the image with two certificates and inserting both of them in db and one of them dbx doesn't always reject the image. The rejection depends on the order that the image was signed and the order the certificates are read (and checked) in db. While at it move the sha256 hash verification outside the signature checking loop, since it only needs to run once per image and get simplify the logic for authenticating an unsigned imahe using sha256 hashes. Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_image_loader.c | 88 +++++++------------------------ 1 file changed, 18 insertions(+), 70 deletions(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index f41cfa4fccd5..5df35939f702 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -516,53 +516,6 @@ err: } #ifdef CONFIG_EFI_SECURE_BOOT -/** - * efi_image_unsigned_authenticate() - authenticate unsigned image with - * SHA256 hash - * @regs: List of regions to be verified - * - * If an image is not signed, it doesn't have a signature. In this case, - * its message digest is calculated and it will be compared with one of - * hash values stored in signature databases. - * - * Return: true if authenticated, false if not - */ -static bool efi_image_unsigned_authenticate(struct efi_image_regions *regs) -{ - struct efi_signature_store *db = NULL, *dbx = NULL; - bool ret = false; - - dbx = efi_sigstore_parse_sigdb(u"dbx"); - if (!dbx) { - EFI_PRINT("Getting signature database(dbx) failed\n"); - goto out; - } - - db = efi_sigstore_parse_sigdb(u"db"); - if (!db) { - EFI_PRINT("Getting signature database(db) failed\n"); - goto out; - } - - /* try black-list first */ - if (efi_signature_lookup_digest(regs, dbx, true)) { - EFI_PRINT("Image is not signed and its digest found in \"dbx\"\n"); - goto out; - } - - /* try white-list */ - if (efi_signature_lookup_digest(regs, db, false)) - ret = true; - else - EFI_PRINT("Image is not signed and its digest not found in \"db\" or \"dbx\"\n"); - -out: - efi_sigstore_free(db); - efi_sigstore_free(dbx); - - return ret; -} - /** * efi_image_authenticate() - verify a signature of signed image * @efi: Pointer to image @@ -608,14 +561,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts, &wincerts_len)) { EFI_PRINT("Parsing PE executable image failed\n"); - goto err; - } - - if (!wincerts) { - /* The image is not signed */ - ret = efi_image_unsigned_authenticate(regs); - - goto err; + goto out; } /* @@ -624,18 +570,18 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) db = efi_sigstore_parse_sigdb(u"db"); if (!db) { EFI_PRINT("Getting signature database(db) failed\n"); - goto err; + goto out; } dbx = efi_sigstore_parse_sigdb(u"dbx"); if (!dbx) { EFI_PRINT("Getting signature database(dbx) failed\n"); - goto err; + goto out; } if (efi_signature_lookup_digest(regs, dbx, true)) { EFI_PRINT("Image's digest was found in \"dbx\"\n"); - goto err; + goto out; } /* @@ -678,7 +624,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) if (guidcmp(auth, &efi_guid_cert_type_pkcs7)) { EFI_PRINT("Certificate type not supported: %pUs\n", auth); - continue; + ret = false; + goto out; } auth += sizeof(efi_guid_t); @@ -686,7 +633,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) } else if (wincert->wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { EFI_PRINT("Certificate type not supported\n"); - continue; + ret = false; + goto out; } msg = pkcs7_parse_message(auth, auth_size); @@ -717,32 +665,32 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) */ /* try black-list first */ if (efi_signature_verify_one(regs, msg, dbx)) { + ret = false; EFI_PRINT("Signature was rejected by \"dbx\"\n"); - continue; + goto out; } if (!efi_signature_check_signers(msg, dbx)) { + ret = false; EFI_PRINT("Signer(s) in \"dbx\"\n"); - continue; + goto out; } /* try white-list */ if (efi_signature_verify(regs, msg, db, dbx)) { ret = true; - break; + continue; } EFI_PRINT("Signature was not verified by \"db\"\n"); + } - if (efi_signature_lookup_digest(regs, db, false)) { - ret = true; - break; - } - EFI_PRINT("Image's digest was not found in \"db\" or \"dbx\"\n"); - } + /* last resort try the image sha256 hash in db */ + if (!ret && efi_signature_lookup_digest(regs, db, false)) + ret = true; -err: +out: efi_sigstore_free(db); efi_sigstore_free(dbx); pkcs7_free_message(msg);