From: Sascha Hauer <s.hauer@pengutronix.de>
To: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 4/5] boot: if we are in secure boot mode
Date: Tue, 14 Mar 2017 10:48:30 +0100 [thread overview]
Message-ID: <20170314094830.3wavmpy5epqrqz5d@pengutronix.de> (raw)
In-Reply-To: <20170314080735.GD25192@mail.ovh.net>
On Tue, Mar 14, 2017 at 09:07:35AM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 08:55 Mon 13 Mar , Sascha Hauer wrote:
> > On Thu, Mar 09, 2017 at 03:34:09PM +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > request confirmation before booting an unsigned image
> > >
> > > with a default timeout
> > >
> > > Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> > > ---
> > > commands/go.c | 7 +++++++
> > > common/Kconfig | 8 ++++++++
> > > common/Makefile | 1 +
> > > common/bootm.c | 7 +++++++
> > > common/secure_boot.c | 43 +++++++++++++++++++++++++++++++++++++++++++
> > > include/bootm.h | 1 +
> > > include/secure_boot.h | 25 +++++++++++++++++++++++++
> > > 7 files changed, 92 insertions(+)
> > > create mode 100644 common/secure_boot.c
> > > create mode 100644 include/secure_boot.h
> > >
> > > diff --git a/commands/go.c b/commands/go.c
> > > index fb319b320..61c9ce43f 100644
> > > --- a/commands/go.c
> > > +++ b/commands/go.c
> > > @@ -26,6 +26,7 @@
> > > #include <fcntl.h>
> > > #include <linux/ctype.h>
> > > #include <errno.h>
> > > +#include <secure_boot.h>
> > >
> > > static int do_go(int argc, char *argv[])
> > > {
> > > @@ -37,6 +38,12 @@ static int do_go(int argc, char *argv[])
> > > if (argc < 2)
> > > return COMMAND_ERROR_USAGE;
> > >
> > > + rcode = secure_boot_start_unsigned();
> > > + if (rcode)
> > > + return rcode ? 1 : 0;
> > > +
> > > + rcode = 1;
> > > +
> > > if (!isdigit(*argv[1])) {
> > > fd = open(argv[1], O_RDONLY);
> > > if (fd < 0) {
> > > diff --git a/common/Kconfig b/common/Kconfig
> > > index f7ff04664..9e7d027a2 100644
> > > --- a/common/Kconfig
> > > +++ b/common/Kconfig
> > > @@ -21,6 +21,9 @@ config HAS_KALLSYMS
> > > config HAS_MODULES
> > > bool
> > >
> > > +config HAS_SECURE_BOOT
> > > + bool
> > > +
> > > config HAS_CACHE
> > > bool
> > > help
> > > @@ -184,6 +187,11 @@ config NVVAR
> > > while global variables can be changed during runtime without changing the
> > > default.
> > >
> > > +config SECURE_BOOT_TIMEOUT
> > > + prompt "Secure Boot unsigned boot timeout"
> > > + int
> > > + default 3
> > > +
> > > menu "memory layout"
> > >
> > > source "pbl/Kconfig"
> > > diff --git a/common/Makefile b/common/Makefile
> > > index 5f58c81d2..e57cc2c15 100644
> > > --- a/common/Makefile
> > > +++ b/common/Makefile
> > > @@ -61,6 +61,7 @@ obj-$(CONFIG_UBIFORMAT) += ubiformat.o
> > > obj-$(CONFIG_BAREBOX_UPDATE_IMX_NAND_FCB) += imx-bbu-nand-fcb.o
> > > obj-$(CONFIG_CONSOLE_RATP) += ratp.o
> > > obj-$(CONFIG_BOOT) += boot.o
> > > +obj-$(CONFIG_HAS_SECURE_BOOT) += secure_boot.o
> > >
> > > quiet_cmd_pwd_h = PWDH $@
> > > ifdef CONFIG_PASSWORD
> > > diff --git a/common/bootm.c b/common/bootm.c
> > > index 81625d915..0ebf65681 100644
> > > --- a/common/bootm.c
> > > +++ b/common/bootm.c
> > > @@ -23,6 +23,7 @@
> > > #include <environment.h>
> > > #include <linux/stat.h>
> > > #include <magicvar.h>
> > > +#include <secure_boot.h>
> > >
> > > static LIST_HEAD(handler_list);
> > >
> > > @@ -625,6 +626,12 @@ int bootm_boot(struct bootm_data *bootm_data)
> > > printf("Passing control to %s handler\n", handler->name);
> > > }
> > >
> > > + if (!handler->is_secure_supported && is_secure_mode()) {
> > > + ret = secure_boot_start_unsigned();
> > > + if (ret)
> > > + goto err_out;
> > > + }
> >
> > We already have CONFIG_BOOTM_FORCE_SIGNED_IMAGES which admittedly is not
> > the most generic implementation, but in the end we shouldn't have two
> > different ways how secure boot is integrated in the bootm code.
> Did not seen it
>
> I check it and this is only for BOOTM as we have go command too
>
> that need to call image check too
>
> and on efi this is not done at config time but runtime
>
> and this is really FIT image oriented :(
You have the handler->is_secure_supported variable. This could be
implemented by the FIT image support aswell. Also we have the decision
if we want to boot unsigned images. Right now this is done in the
data->verify variable. We can force the decision in Kconfig using
CONFIG_BOOTM_FORCE_SIGNED_IMAGES or we can fill in data->verify before
booting.
>
> Can we have one for EFI sperately first and then merge them as this will need
> a lot of testing and checking to ensure we break nothing
No. It's just too confusing to implement two different secure boot ways
in the same code and I give nothing to the promise that this will be
cleaned up later.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2017-03-14 9:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 14:31 [PATCH 0/5] EFI Secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 1/5] efi: add more security related guid for the efivars Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 2/5] efi: fix lds for secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 17:24 ` Lucas Stach
2017-03-10 10:17 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 11:05 ` Lucas Stach
2017-03-10 13:54 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 13:57 ` Lucas Stach
2017-03-10 14:13 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 3/5] efi: fix secure and setup mode report Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:34 ` Sascha Hauer
2017-03-14 8:15 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 4/5] boot: if we are in secure boot mode Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:50 ` Sascha Hauer
2017-03-14 8:14 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:55 ` Sascha Hauer
2017-03-14 8:07 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-14 9:48 ` Sascha Hauer [this message]
2017-03-09 14:34 ` [PATCH 5/5] efi: enable sercure boot support Jean-Christophe PLAGNIOL-VILLARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170314094830.3wavmpy5epqrqz5d@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=plagnioj@jcrosoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox