From patchwork Mon May 10 08:20:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 433054 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp2624009jao; Mon, 10 May 2021 01:20:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxgh+VIqPYy3Atizpdk/jpK+tTMZdqmUt3x0Ide3ht4uLohNQ/8ODsqrEWHo5OXpHd4UnMq X-Received: by 2002:a17:907:2628:: with SMTP id aq8mr24241663ejc.64.1620634852849; Mon, 10 May 2021 01:20:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620634852; cv=none; d=google.com; s=arc-20160816; b=CyDIe/7QBN2iQV7rdszJLJsPlJd6SuGLX22DQJ39oT4R07e29MDgS5MyUws1l8wikG LqoaFVRMu33fai76V6ug4foXQALJyMFnl+n6vAlemd2FksPes127dT/5Ul+E/y2GxC+F lhLB1fgCYWkFLhoMD0jqNSpX019uoAjBNAiapS2UBljP2F1GGSYqJjkC9jJsehDZD9HS KUmxqXW27IEgccvle4sitqXr8rIQBxua/0sRVCl/BKEHi8GErdq/jsLtrLlIswx/mizX lZnwsxc473STT19vcAvUtRHrtUcYodPA311Ynq6BGBFJhrtuvQBZ4H/pMAkcpiNfkcoJ HHJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=k30O3/5TBhnhtkBAYxN8pzZdAfQNOD9725Fz4XMVHh0=; b=05YnVSk4qiQmMtpXeKxLw/k6friOfLDRNnUa21QSV1m02FTFBY9XoGB+KO0Ap54dpv Ly3iddwL+ndhBBXRzYR1z2CH4ff6EkFIg7ADJ4dF2RgXsOhRhJzkV6ad7ul2skSz2TLK nYKh/0UeB95vIK3j//pIfXvIc1zEUCHToORWja7zNYX3idXUwYkqTqTm9wNmZ/Unx56z QLRZQL8OIz7a6XU+oLjImL60foOvksW9XNbS4wBlqc9Rt+JSijYkGBViQP36ojHMDqTs +ewiyZPTp2fDFO73eYYDnDtH4j4fqZauQN1xC1bI73tTymjSCuJ9URA12IksT/rChHdt T65Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QhM6iBoc; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id y3si12894377ejo.374.2021.05.10.01.20.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 May 2021 01:20:52 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QhM6iBoc; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 15B9182EDC; Mon, 10 May 2021 10:20:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="QhM6iBoc"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id AF7BF82EDE; Mon, 10 May 2021 10:20:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A8FFD82EB6 for ; Mon, 10 May 2021 10:20:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pf1-x434.google.com with SMTP id b15so13110720pfl.4 for ; Mon, 10 May 2021 01:20:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=k30O3/5TBhnhtkBAYxN8pzZdAfQNOD9725Fz4XMVHh0=; b=QhM6iBocgn/AFyRZ0Eo5q6/qdWD7221aA76tvYZJUu/5+tKRiD1AOpYLoqaw2HLN57 kwCFvRWoEzxNB2ySZujSGOrdj+JrLOFiHaBMFIn9Te6pUq65dqjPs5qUbzYpoHYnMT6m QZ6hPwwF/0TpwMQoepzpr3nN+3yp9kdBRAwzmQn0mA65vSh5dcB+IDS1T7rs9y2XY5a+ WOBJ9UFIBkNu1tb9MnWX9Uz8Y0VJPcjbkqrHfjOR5R6v8nHTNANAgqvX3WPygrvCdWou IP/0edsDh6F8RKk2d9bGlC7TdROW2FFy78WUvX39Ps6kaKAAGVu8h2vuq3COSSpGmFoA 0daA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=k30O3/5TBhnhtkBAYxN8pzZdAfQNOD9725Fz4XMVHh0=; b=LgMu7M2QOcBvWNBoy8MF3fnpGukdMSJvvYUSKibWX9mCXjRAuxb6IKlXpochHOQWgS BCDy8Kjt08SmN0qc9UJRbchWEMVMjz6CDbXsjNL1+kGmyvWHNb9AHIAoT8Rx18Cxte3M aawDXD23qCc1duc9MT7fHXuD77exlsu6ZZGuDo26t0HN9SsaYsWZWWiRizlRGzLRB9hu av65Xd4sO7rokM7c0NqCDBx4Sq4c3diU8qaszoYVcdmOCsr9BQ2IBUi2nnBPoStFLku/ z25Y1+LUO5bNB7qjoWsbdcrTEGxsG8a6Ekbc6hXsMU8vxNDEt+19/9o2XG+UGAxk8Ow2 eSiQ== X-Gm-Message-State: AOAM533zOKcf6JirmZgGbTl34FXs0AwFebuZm4rRKexWoxtcQuy86Y1T p/C+c5ikPiD+oFhW1L4d0jMWPTIi8DMPWQ== X-Received: by 2002:a62:6491:0:b029:28e:8c90:6b16 with SMTP id y139-20020a6264910000b029028e8c906b16mr23600589pfb.24.1620634846164; Mon, 10 May 2021 01:20:46 -0700 (PDT) Received: from localhost.localdomain (p3dd30534.tkyea130.ap.so-net.ne.jp. [61.211.5.52]) by smtp.gmail.com with ESMTPSA id x19sm7670498pgk.88.2021.05.10.01.20.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 May 2021 01:20:45 -0700 (PDT) From: AKASHI Takahiro To: xypron.glpk@gmx.de, agraf@csgraf.de Cc: sughosh.ganu@linaro.org, u-boot@lists.denx.de, AKASHI Takahiro Subject: [PATCH] efi_loader: capsule: remove authentication data Date: Mon, 10 May 2021 17:20:34 +0900 Message-Id: <20210510082034.44102-1-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.31.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean If capsule authentication is disabled and yet a capsule file is signed, its signature must be removed from image data to flush. Otherwise, the firmware will be corrupted after update. Fixes: 04be98bd6bcf ("efi: capsule: Add support for uefi capsule authentication") Signed-off-by: AKASHI Takahiro --- lib/efi_loader/efi_capsule.c | 70 +++++++++++++++++++++++++++++------- 1 file changed, 57 insertions(+), 13 deletions(-) -- 2.31.0 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index b0dffd3ac9ce..5d156c730faa 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -206,6 +206,39 @@ skip: return NULL; } +/** + * efi_remove_auth_hdr - remove authentication data from image + * @image: Pointer to pointer to Image + * @image_size: Pointer to Image size + * + * Remove the authentication data from image if possible. + * Update @image and @image_size. + * + * Return: status code + */ +static efi_status_t efi_remove_auth_hdr(void **image, efi_uintn_t *image_size) +{ + struct efi_firmware_image_authentication *auth_hdr; + efi_status_t ret = EFI_INVALID_PARAMETER; + + auth_hdr = (struct efi_firmware_image_authentication *)*image; + if (*image_size < sizeof(*auth_hdr)) + goto out; + + if (auth_hdr->auth_info.hdr.dwLength <= + offsetof(struct win_certificate_uefi_guid, cert_data)) + goto out; + + *image = (uint8_t *)*image + sizeof(auth_hdr->monotonic_count) + + auth_hdr->auth_info.hdr.dwLength; + *image_size = *image_size - auth_hdr->auth_info.hdr.dwLength - + sizeof(auth_hdr->monotonic_count); + + ret = EFI_SUCCESS; +out: + return ret; +} + #if defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) #if defined(CONFIG_EFI_PKEY_DTB_EMBED) @@ -271,21 +304,15 @@ efi_status_t efi_capsule_authenticate(const void *capsule, efi_uintn_t capsule_s if (capsule == NULL || capsule_size == 0) goto out; - auth_hdr = (struct efi_firmware_image_authentication *)capsule; - if (capsule_size < sizeof(*auth_hdr)) - goto out; - - if (auth_hdr->auth_info.hdr.dwLength <= - offsetof(struct win_certificate_uefi_guid, cert_data)) + *image = (uint8_t *)capsule; + *image_size = capsule_size; + if (efi_remove_auth_hdr(image, image_size) != EFI_SUCCESS) goto out; + auth_hdr = (struct efi_firmware_image_authentication *)capsule; if (guidcmp(&auth_hdr->auth_info.cert_type, &efi_guid_cert_type_pkcs7)) goto out; - *image = (uint8_t *)capsule + sizeof(auth_hdr->monotonic_count) + - auth_hdr->auth_info.hdr.dwLength; - *image_size = capsule_size - auth_hdr->auth_info.hdr.dwLength - - sizeof(auth_hdr->monotonic_count); memcpy(&monotonic_count, &auth_hdr->monotonic_count, sizeof(monotonic_count)); @@ -367,7 +394,7 @@ static efi_status_t efi_capsule_update_firmware( { struct efi_firmware_management_capsule_header *capsule; struct efi_firmware_management_capsule_image_header *image; - size_t capsule_size; + size_t capsule_size, image_binary_size; void *image_binary, *vendor_code; efi_handle_t *handles; efi_uintn_t no_handles; @@ -429,13 +456,30 @@ static efi_status_t efi_capsule_update_firmware( } /* do update */ + if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) && + !(image->image_capsule_support & + CAPSULE_SUPPORT_AUTHENTICATION)) { + /* no signature */ + ret = EFI_SECURITY_VIOLATION; + goto out; + } + image_binary = (void *)image + sizeof(*image); - vendor_code = image_binary + image->update_image_size; + image_binary_size = image->update_image_size; + vendor_code = image_binary + image_binary_size; + if (!IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) && + (image->image_capsule_support & + CAPSULE_SUPPORT_AUTHENTICATION)) { + ret = efi_remove_auth_hdr(&image_binary, + &image_binary_size); + if (ret != EFI_SUCCESS) + goto out; + } abort_reason = NULL; ret = EFI_CALL(fmp->set_image(fmp, image->update_image_index, image_binary, - image->update_image_size, + image_binary_size, vendor_code, NULL, &abort_reason)); if (ret != EFI_SUCCESS) {