Commit graph

173 commits

Author SHA1 Message Date
Jeremy Kerr
274d4df0ff image: Allow variable sized data directories
The PE/COFF spec allows variable-sized data directories, which reduce
the size of the optional header. While GNU ld always produces
maximum-sized headers, the kernel's EFI_STUB code generates a smaller
header size, which causes the image parsing code to abort.

This change allows variable-sized optional headers, but checks for at
least enough of an optional header to contain a CERT_TABLE data
directory entry.

We also rename struct image's aouthdr to opthdr, as it contains more
than just the a.out fields.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-09-28 09:56:48 +08:00
Jeremy Kerr
cf747fcca3 sbvarsign: fix incorrect pointer in add_auth_descriptor
Brown paper bag time: we want to hash the variable data, not the stack.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-09-05 11:19:05 +08:00
Jeremy Kerr
c933b5e8fd sbvarsign: auth descriptor hash does not cover the \0 in the varname
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-09-05 11:16:42 +08:00
Jeremy Kerr
15354eaa4e sbkeysync: fix siglist iteration
We were updating siglist before incrementing i, and so aborting the
siglist iteration earlier than necessary.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 23:03:49 +08:00
Jeremy Kerr
41c8bb9ea2 sbvarsign: Improve default GUID choice
For db and dbx, we want EFI_IMAGE_SECURITY_DATABASE.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:57:00 +08:00
Jeremy Kerr
03e6a4e2b3 skkeysync: Add PK-handing code
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:04:14 +08:00
Jeremy Kerr
74153741c4 sbkeysync: Refactor signature database data structures
Rather than having three sets of (firmware, filesystem) key databases,
refactor into two sets of (kdk, db, dbx) databases. This allows us to
add the PK later.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:04:13 +08:00
Jeremy Kerr
b4773c902a sbkeysync: fix invalid free in keystore_read_entry
We want to free path, not ke. We can also unify the error path.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:56 +08:00
Jeremy Kerr
41c741fe13 sbkeysync: Improve error handling in read_firmware_key_database
We should free filename, and buf on error.

Also, check for the length of the file's data; we may be passed empty
files, and end up with a negative len.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:54 +08:00
Jeremy Kerr
16c09d22a6 sbkeysync: insert new keys
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
ae1523673e sbkeysync: print keystore before key databases
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
37d838a43d sbkeysync: Find keys missing from firmware key databases
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
60586e122f sbkeysync: Rename struct keystore_entry->list to keystore_list
We want to collect keystore entries on a separate list, so rename the
'list' member to something more specific.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
ae3344f5eb sbkeysync: Generate and print key descriptions
.. rather than printing the raw IDs.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
7dc407e311 sbkeysync: add comment to sigdb_iterate
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
bd9de8eadd sbkeysync: Change key_id to key_parse
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
22450d8c40 sbkeysync: Print filesystem key databases
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
54e1fbed30 sbkeysync: read keystore into kdb->filesystem_keys
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:32 +08:00
Jeremy Kerr
5527ef2db4 sbkeysync: Unify key_database
Use key_database as a generic container for both firmware & filesystem
keys.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:03:29 +08:00
Jeremy Kerr
1bdfb9acb8 sbkeysync: Add key_database->filesystem_keys
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
bdeb14370d sbkeysync: keystore -> fs_keystore
To make it clear that these are key files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
98911a7f4c sbkeysync: pass data buffer (instead of EFI_SIGNATURE_DATA) to key_id
We want to call key_id on file buffers too, which don't have the
EFI_SIGNATURE_DATA encapsulation.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
1a431a5a2d sbkeysync: add keystore_entry->root
Helps to show where the keys are loaded from.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
add8d00f31 sbkeysync: Add --keystore and --no-default-keystores options
Add a couple of options to configure the location we read keys from

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
a151ffdb9d sbkeysync: Add --verbose option and conditionally print debug output
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:02:15 +08:00
Jeremy Kerr
d5ce9e3f36 sbkeysync: Add keystore parsing functions
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:01:31 +08:00
Jeremy Kerr
2f82c545c2 sbkeysync: Add --efivars-dir option to specific different locations for var files
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:01:31 +08:00
Jeremy Kerr
5757f27812 sbkeysync: Add X509 key parsing
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:01:30 +08:00
Jeremy Kerr
c03ca4f73f sbkeysync: Add key ID data to print_key_database()
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:01:30 +08:00
Jeremy Kerr
72ec025d79 sbkeysync: read & print signature databases
Add some initial code to parse the EFI signature databases.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:00:52 +08:00
Jeremy Kerr
f8024a6a3b Move EFI_CERT types to efivars.h
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 20:00:15 +08:00
Jeremy Kerr
f9eed9cc42 fileio: Add fileio_read_file_noerror()
We may want to read files which can be absent. In this case, we don't
want to print an error.

This change adds fileio_read_file_noerror(), which suppresses error
output.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-24 19:58:21 +08:00
Jeremy Kerr
07328d85c3 sbvarsign: Start with a default set of variable attributes
We're almost always going to want the attributes set to
NON_VOLATILE | BOOTSERVICE_ACCESS | RUNTIME_ACCES | APPEND_WRITE,
and TIME_BASED_AUTHENTICATED_WRITE is required. So, provide this
as the default if no --attrs argument is specified.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-23 19:39:32 +08:00
Jeremy Kerr
88625a586c efivars: Move EFI_VARIABLE_* attributes to efivars.h
Rather than making these private to sbvarsign, move the EFI_VARIABLE
attribute defintions to efivars.h

Since some of these are defined by gnu-efi, we need to protect the
definitions with an #ifdef.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-23 19:11:34 +08:00
Jeremy Kerr
a7228c8307 sbsiglist: fix signature size check
Rather than checking the size with the EFI_SIGNATURE_DATA header, just
check the data len.

Also, fix the definition for the SHA256 size.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-22 18:16:49 +08:00
Jeremy Kerr
fd553e841a sbvarsign: WIN_CERTIFICATE.dwLength should include the header size
Despite what the Authenticode spec says ("dwLength is set to the length
of bCertificate"), the MS var sign tool and EDK2 sources include the
header in the dwLength size.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-22 16:53:49 +08:00
Jeremy Kerr
feddcb4f4f sbvarsign: Fix invalid sizeof() for zeroing timestamp data
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-22 14:58:13 +08:00
Jeremy Kerr
030d5ef321 sbsiglist: check for owner and type arguments
..rather than segfaulting.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-22 14:58:07 +08:00
Jeremy Kerr
541beab7ce sbsiglist: Fix SignatureSize
We need to allow for the GUID in EFI_SIGNATURE_DATA too.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-14 14:32:16 +08:00
Jeremy Kerr
9389752741 image: use fileio_write_file
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:14:11 +08:00
Jeremy Kerr
dcae99eca5 Remove unused gen-keyfiles source
gen-keyfiles isn't built, and has been replaced by sbsiglist.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:13:35 +08:00
Jeremy Kerr
15fb9d37c2 docs: Create man pages for sbvarsign & sbsiglist
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
c7ee585439 Move sources to src/ subdirectory
We have a number of source files now, so move them from the top level to
src/

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
5466f381dd image: Use size of image data when writing images
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.

When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
8a55df5e96 image: always parse image regions
Rather than only calling image_find_regions when we want to sign or
verify image, call it when the image is loaded. We'll want to use the
parse data later, which will require it to be present on all instances
of an image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:05:12 +08:00
Jeremy Kerr
36a14ed978 Include efivars.h in automake infrastructure
make distcheck was failing due to a missing efivars.h in the dist
tarball. Add it to common_SOURCES to include it.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 13:16:42 +08:00
Jeremy Kerr
1187df3459 tests: run tests for each arch
Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.

We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 13:14:09 +08:00
Jeremy Kerr
e1b58d6ccb image: Allow manipulation of i386 PE/COFF files
Replace struct image->aouthdr with a union of the 32- and 64-bit a.out
header definitions, and abstract the relevant parsing code into the
image_pecoff_parse_{32,64} functions.

We also move all references of data in the a.out header to these
functions, so we don't need to lookup the machine types elsewhere.

Based on a patch by Maxim Kammerer <mk@dee.su>.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 11:27:39 +08:00
Jeremy Kerr
e027b87cff Remove arch-specific coff headers
If we use IMAGE_FILE_MACHINE_AMD64 instead of AMD64MAGIC, we can avoid
including the arch-specific coff/x86_64 header.

Based on a patch from Maxim Kammerer <mk@dee.su>.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-10 17:12:54 +08:00
Maxim Kammerer
1c8fac1fbe image: Prevent an uninitialized variable warning
padlen variable in image_write() cannot be used uninitialized,
but compiler is unable to determine that.

Signed-off-by: Maxim Kammerer <mk@dee.su>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-10 16:37:25 +08:00