Fix race in EFI validation
The Secure Boot code currently reads the kernel from disk, validates the signature and then reads it from disk again. A sufficiently exciting storage device could modify the kernel between these two events and trigger the execution of an untrusted kernel. Avoid re-reading it in order to ensure this isn't a problem, and in the process speed up boot by not reading the kernel twice.
This commit is contained in:
parent
fcefc6bbc5
commit
76fb8e4341
1 changed files with 10 additions and 33 deletions
|
@ -193,7 +193,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
grub_file_t file = 0;
|
grub_file_t file = 0;
|
||||||
struct linux_kernel_header lh;
|
struct linux_kernel_header lh;
|
||||||
grub_ssize_t len, start, filelen;
|
grub_ssize_t len, start, filelen;
|
||||||
void *kernel;
|
void *kernel = NULL;
|
||||||
|
|
||||||
grub_dl_ref (my_mod);
|
grub_dl_ref (my_mod);
|
||||||
|
|
||||||
|
@ -230,10 +230,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
grub_file_seek (file, 0);
|
|
||||||
|
|
||||||
grub_free(kernel);
|
|
||||||
|
|
||||||
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
|
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
|
||||||
|
|
||||||
if (! params)
|
if (! params)
|
||||||
|
@ -242,15 +238,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset (params, 0, 16384);
|
grub_memset (params, 0, 16384);
|
||||||
|
|
||||||
if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
|
grub_memcpy (&lh, kernel, sizeof (lh));
|
||||||
{
|
|
||||||
if (!grub_errno)
|
|
||||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
||||||
argv[0]);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
|
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
|
||||||
{
|
{
|
||||||
|
@ -311,27 +301,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (grub_file_seek (file, start) == (grub_off_t) -1)
|
grub_memcpy (kernel_mem, (char *)kernel + start, len);
|
||||||
{
|
grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
|
||||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
loaded=1;
|
||||||
argv[0]);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (grub_file_read (file, kernel_mem, len) != len && !grub_errno)
|
lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
|
||||||
{
|
grub_memcpy (params, &lh, 2 * 512);
|
||||||
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
|
|
||||||
argv[0]);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (grub_errno == GRUB_ERR_NONE)
|
|
||||||
{
|
|
||||||
grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
|
|
||||||
loaded = 1;
|
|
||||||
lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(params, &lh, 2 * 512);
|
|
||||||
|
|
||||||
params->type_of_loader = 0x21;
|
params->type_of_loader = 0x21;
|
||||||
|
|
||||||
|
@ -340,6 +315,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||||
if (file)
|
if (file)
|
||||||
grub_file_close (file);
|
grub_file_close (file);
|
||||||
|
|
||||||
|
grub_free (kernel);
|
||||||
|
|
||||||
if (grub_errno != GRUB_ERR_NONE)
|
if (grub_errno != GRUB_ERR_NONE)
|
||||||
{
|
{
|
||||||
grub_dl_unref (my_mod);
|
grub_dl_unref (my_mod);
|
||||||
|
|
Loading…
Reference in a new issue