File 0012-require-signed-binary-if-32bit-and-secureboot.patch of Package qemu
From dff5f9e4a9d5e9016b0b5e3966fe183a20c06bc1 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 7 Oct 2020 23:02:13 +1100
Subject: [PATCH 12/12] require signed binary if 32bit and secureboot
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
board-qemu/llfw/stage2.c | 6 +++++-
lib/libcrypto/appended_sig.c | 20 +++++++++++++-------
lib/libcrypto/libcrypto.h | 2 ++
lib/libelf/elf32.c | 8 ++++++++
4 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/roms/SLOF/board-qemu/llfw/stage2.c b/roms/SLOF/board-qemu/llfw/stage2.c
index 47cfbbe..39043c2 100644
--- a/roms/SLOF/board-qemu/llfw/stage2.c
+++ b/roms/SLOF/board-qemu/llfw/stage2.c
@@ -206,4 +206,8 @@ void early_c_entry(uint64_t start_addr, uint64_t fdt_addr)
int verify_appended_signature(void * ptr, size_t s) {
return 1;
-}
\ No newline at end of file
+}
+
+int is_secureboot() {
+ return 0;
+}
diff --git a/roms/SLOF/lib/libcrypto/appended_sig.c b/roms/SLOF/lib/libcrypto/appended_sig.c
index 8a76457..6b7c0cd 100644
--- a/roms/SLOF/lib/libcrypto/appended_sig.c
+++ b/roms/SLOF/lib/libcrypto/appended_sig.c
@@ -20,6 +20,18 @@ struct module_signature {
uint32_t sig_len; /* Length of signature data */
};
+int is_secureboot() {
+ // only verify if in secure-boot mode.
+ // todo - oh so much, especially error handling
+ forth_eval("s\" /\" find-device s\" ibm,secure-boot\" get-node get-property");
+ if (forth_pop() == -1)
+ return 0;
+ forth_pop();
+ if (*(int32_t *)forth_pop() < 2)
+ return 0;
+ return 1;
+}
+
int verify_appended_signature(void *blob, size_t len) {
void *ptr;
mbedtls_pkcs7 *pkcs7;
@@ -27,13 +39,7 @@ int verify_appended_signature(void *blob, size_t len) {
int rc = 0;
struct module_signature *modsig;
- // only verify if in secure-boot mode.
- // todo - oh so much, especially error handling
- forth_eval("s\" /\" find-device s\" ibm,secure-boot\" get-node get-property");
- if (forth_pop() == -1)
- return 1;
- forth_pop();
- if (*(int32_t *)forth_pop() < 2)
+ if (!is_secureboot())
return 1;
// go to start of magic
diff --git a/roms/SLOF/lib/libcrypto/libcrypto.h b/roms/SLOF/lib/libcrypto/libcrypto.h
index 2980ca0..002123a 100644
--- a/roms/SLOF/lib/libcrypto/libcrypto.h
+++ b/roms/SLOF/lib/libcrypto/libcrypto.h
@@ -2,4 +2,6 @@
#include <stddef.h>
+int is_secureboot(void);
+
int verify_appended_signature(void *blob, size_t len);
\ No newline at end of file
diff --git a/roms/SLOF/lib/libelf/elf32.c b/roms/SLOF/lib/libelf/elf32.c
index 6896e64..aea89eb 100644
--- a/roms/SLOF/lib/libelf/elf32.c
+++ b/roms/SLOF/lib/libelf/elf32.c
@@ -118,6 +118,7 @@ elf_load_segments32(void *file_addr, signed long offset,
/* Calculate program header address */
struct phdr32 *phdr = get_phdr32(file_addr);
int i;
+ int seen_appsig = 0;
/* loop e_phnum times */
for (i = 0; i <= ehdr->e_phnum; i++) {
@@ -154,12 +155,19 @@ elf_load_segments32(void *file_addr, signed long offset,
if (!verify_appended_signature(file_addr, size)) {
return 0;
}
+
+ seen_appsig = 1;
}
}
/* step to next header */
phdr = (struct phdr32 *)(((uint8_t *)phdr) + ehdr->e_phentsize);
}
+ if (is_secureboot() && !seen_appsig) {
+ printf("Booted in secure-boot mode but no appended signature found, aborting.\n");
+ return 0;
+ }
+
/* Entry point is always a virtual address, so translate it
* to physical before returning it */
return ehdr->e_entry;
--
2.33.1