verifiers: Add possibility to defer verification to other verifiers
This way if a verifier requires verification of a given file it can defer task to another verifier (another authority) if it is not able to do it itself. E.g. shim_lock verifier, posted as a subsequent patch, is able to verify only PE files. This means that it is not able to verify any of GRUB2 modules which have to be trusted on UEFI systems with secure boot enabled. So, it can defer verification to other verifier, e.g. PGP one. I silently assume that other verifiers are trusted and will do good job for us. Or at least they will not do any harm. Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
This commit is contained in:
parent
0f20a51812
commit
708ae9f524
2 changed files with 23 additions and 4 deletions
|
@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||||||
void *context;
|
void *context;
|
||||||
grub_file_t ret = 0;
|
grub_file_t ret = 0;
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
|
int defer = 0;
|
||||||
|
|
||||||
grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
|
grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
|
||||||
|
|
||||||
|
@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||||||
err = ver->init (io, type, &context, &flags);
|
err = ver->init (io, type, &context, &flags);
|
||||||
if (err)
|
if (err)
|
||||||
goto fail_noclose;
|
goto fail_noclose;
|
||||||
|
if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
||||||
|
{
|
||||||
|
defer = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
|
if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ver)
|
if (!ver)
|
||||||
/* No verifiers wanted to verify. Just return underlying file. */
|
{
|
||||||
return io;
|
if (defer)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_ACCESS_DENIED,
|
||||||
|
N_("verification requested but nobody cares: %s"), io->name);
|
||||||
|
goto fail_noclose;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* No verifiers wanted to verify. Just return underlying file. */
|
||||||
|
return io;
|
||||||
|
}
|
||||||
|
|
||||||
ret = grub_malloc (sizeof (*ret));
|
ret = grub_malloc (sizeof (*ret));
|
||||||
if (!ret)
|
if (!ret)
|
||||||
|
@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
||||||
err = ver->init (io, type, &context, &flags);
|
err = ver->init (io, type, &context, &flags);
|
||||||
if (err)
|
if (err)
|
||||||
goto fail_noclose;
|
goto fail_noclose;
|
||||||
if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
|
if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
|
||||||
|
/* Verification done earlier. So, we are happy here. */
|
||||||
|
flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
||||||
continue;
|
continue;
|
||||||
err = ver->write (context, verified->buf, ret->size);
|
err = ver->write (context, verified->buf, ret->size);
|
||||||
if (err)
|
if (err)
|
||||||
|
|
|
@ -22,7 +22,9 @@
|
||||||
enum grub_verify_flags
|
enum grub_verify_flags
|
||||||
{
|
{
|
||||||
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
|
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
|
||||||
GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2
|
GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
|
||||||
|
/* Defer verification to another authority. */
|
||||||
|
GRUB_VERIFY_FLAGS_DEFER_AUTH = 4
|
||||||
};
|
};
|
||||||
|
|
||||||
enum grub_verify_string_type
|
enum grub_verify_string_type
|
||||||
|
|
Loading…
Reference in a new issue