File 0012-require-signed-binary-if-32bit-and-secureboot.patch of Package qemu

From dff5f9e4a9d5e9016b0b5e3966fe183a20c06bc1 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Wed, 7 Oct 2020 23:02:13 +1100
Subject: [PATCH 12/12] require signed binary if 32bit and secureboot

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 board-qemu/llfw/stage2.c     |  6 +++++-
 lib/libcrypto/appended_sig.c | 20 +++++++++++++-------
 lib/libcrypto/libcrypto.h    |  2 ++
 lib/libelf/elf32.c           |  8 ++++++++
 4 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/roms/SLOF/board-qemu/llfw/stage2.c b/roms/SLOF/board-qemu/llfw/stage2.c
index 47cfbbe..39043c2 100644
--- a/roms/SLOF/board-qemu/llfw/stage2.c
+++ b/roms/SLOF/board-qemu/llfw/stage2.c
@@ -206,4 +206,8 @@ void early_c_entry(uint64_t start_addr, uint64_t fdt_addr)
 
 int verify_appended_signature(void * ptr, size_t s) {
 	return 1;
-}
\ No newline at end of file
+}
+
+int is_secureboot() {
+	return 0;
+}
diff --git a/roms/SLOF/lib/libcrypto/appended_sig.c b/roms/SLOF/lib/libcrypto/appended_sig.c
index 8a76457..6b7c0cd 100644
--- a/roms/SLOF/lib/libcrypto/appended_sig.c
+++ b/roms/SLOF/lib/libcrypto/appended_sig.c
@@ -20,6 +20,18 @@ struct module_signature {
 	uint32_t	sig_len;	/* Length of signature data */
 };
 
+int is_secureboot() {
+	// only verify if in secure-boot mode.
+	// todo - oh so much, especially error handling
+	forth_eval("s\" /\" find-device s\" ibm,secure-boot\" get-node get-property");
+	if (forth_pop() == -1)
+		return 0;
+	forth_pop();
+	if (*(int32_t *)forth_pop() < 2)
+		return 0;
+	return 1;
+}
+
 int verify_appended_signature(void *blob, size_t len) {
 	void *ptr;
 	mbedtls_pkcs7 *pkcs7;
@@ -27,13 +39,7 @@ int verify_appended_signature(void *blob, size_t len) {
 	int rc = 0;
 	struct module_signature *modsig;
 
-	// only verify if in secure-boot mode.
-	// todo - oh so much, especially error handling
-	forth_eval("s\" /\" find-device s\" ibm,secure-boot\" get-node get-property");
-	if (forth_pop() == -1)
-		return 1;
-	forth_pop();
-	if (*(int32_t *)forth_pop() < 2)
+	if (!is_secureboot())
 		return 1;
 
 	// go to start of magic
diff --git a/roms/SLOF/lib/libcrypto/libcrypto.h b/roms/SLOF/lib/libcrypto/libcrypto.h
index 2980ca0..002123a 100644
--- a/roms/SLOF/lib/libcrypto/libcrypto.h
+++ b/roms/SLOF/lib/libcrypto/libcrypto.h
@@ -2,4 +2,6 @@
 
 #include <stddef.h>
 
+int is_secureboot(void);
+
 int verify_appended_signature(void *blob, size_t len);
\ No newline at end of file
diff --git a/roms/SLOF/lib/libelf/elf32.c b/roms/SLOF/lib/libelf/elf32.c
index 6896e64..aea89eb 100644
--- a/roms/SLOF/lib/libelf/elf32.c
+++ b/roms/SLOF/lib/libelf/elf32.c
@@ -118,6 +118,7 @@ elf_load_segments32(void *file_addr, signed long offset,
 	/* Calculate program header address */
 	struct phdr32 *phdr = get_phdr32(file_addr);
 	int i;
+	int seen_appsig = 0;
 
 	/* loop e_phnum times */
 	for (i = 0; i <= ehdr->e_phnum; i++) {
@@ -154,12 +155,19 @@ elf_load_segments32(void *file_addr, signed long offset,
 				if (!verify_appended_signature(file_addr, size)) {
 					return 0;
 				}
+
+				seen_appsig = 1;
 			}
 		}
 		/* step to next header */
 		phdr = (struct phdr32 *)(((uint8_t *)phdr) + ehdr->e_phentsize);
 	}
 
+	if (is_secureboot() && !seen_appsig) {
+		printf("Booted in secure-boot mode but no appended signature found, aborting.\n");
+		return 0;
+	}
+
 	/* Entry point is always a virtual address, so translate it
 	 * to physical before returning it */
 	return ehdr->e_entry;
-- 
2.33.1

openSUSE Build Service is sponsored by