From: Michael Olbrich <m.olbrich@pengutronix.de>
To: barebox@lists.infradead.org
Subject: Re: [PATCH 06/13] boot_verify: make it modifiable at start time
Date: Sun, 26 Mar 2017 10:16:23 +0200 [thread overview]
Message-ID: <20170326081623.v4xvqw67x6nvx2wf@pengutronix.de> (raw)
In-Reply-To: <1490496304-30850-6-git-send-email-plagnioj@jcrosoft.com>
On Sun, Mar 26, 2017 at 04:44:57AM +0200, Jean-Christophe PLAGNIOL-VILLARD wrote:
> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> ---
> commands/bootm.c | 2 +-
> common/boot_verify.c | 39 +++++++++++++++++++++++++++++++++------
> common/bootm.c | 2 +-
> include/boot_verify.h | 15 ++++++++++++---
> 4 files changed, 47 insertions(+), 11 deletions(-)
>
> diff --git a/commands/bootm.c b/commands/bootm.c
> index b35aaa914..cb520a1ba 100644
> --- a/commands/bootm.c
> +++ b/commands/bootm.c
> @@ -64,7 +64,7 @@ static int do_bootm(int argc, char *argv[])
> while ((opt = getopt(argc, argv, BOOTM_OPTS)) > 0) {
> switch(opt) {
> case 'c':
> - if (data.verify < BOOT_VERIFY_HASH)
> + if (data.verify > BOOT_VERIFY_HASH)
This is very confusing without a comment. It took me a while to figure out
that this does not actually change anything.
I think you could change the order in the array without modifying the enum.
Or at least comment on it in the commit message.
Regards,
Michael
> data.verify = BOOT_VERIFY_HASH;
> break;
> case 's':
> diff --git a/common/boot_verify.c b/common/boot_verify.c
> index afe929e68..9cbeb7a65 100644
> --- a/common/boot_verify.c
> +++ b/common/boot_verify.c
> @@ -11,22 +11,49 @@ enum boot_verify boot_get_verify_mode(void)
> return boot_verify_mode;
> }
>
> +/* keep it for the most secure to the less */
> static const char * const boot_verify_names[] = {
> -#ifndef CONFIG_BOOT_FORCE_SIGNED_IMAGES
> - [BOOT_VERIFY_NONE] = "none",
> - [BOOT_VERIFY_HASH] = "hash",
> - [BOOT_VERIFY_AVAILABLE] = "available",
> -#endif
> [BOOT_VERIFY_SIGNATURE] = "signature",
> + [BOOT_VERIFY_AVAILABLE] = "available",
> + [BOOT_VERIFY_HASH] = "hash",
> + [BOOT_VERIFY_NONE] = "none",
> };
>
> +/* allow architecture to overwrite it such as EFI */
> +static int default_is_secure_mode(void)
> +{
> + if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
> + return 1;
> +
> + return 0;
> +}
> +
> +static int (*__is_secure_mode)(void) = default_is_secure_mode;
> +
> +int is_secure_mode(void)
> +{
> + return __is_secure_mode();
> +}
> +
> +void boot_set_is_secure_mode(int (*fn)(void))
> +{
> + __is_secure_mode = fn;
> +}
> +
> static int init_boot_verify(void)
> {
> + int size;
> +
> if (IS_ENABLED(CONFIG_BOOT_FORCE_SIGNED_IMAGES))
> boot_verify_mode = BOOT_VERIFY_SIGNATURE;
>
> + if (is_secure_mode())
> + size = 1;
> + else
> + size = ARRAY_SIZE(boot_verify_names);
> +
> globalvar_add_simple_enum("boot.verify", (unsigned int *)&boot_verify_mode,
> - boot_verify_names, ARRAY_SIZE(boot_verify_names));
> + boot_verify_names, size);
>
> return 0;
> }
> diff --git a/common/bootm.c b/common/bootm.c
> index 74202a829..1558f3c5d 100644
> --- a/common/bootm.c
> +++ b/common/bootm.c
> @@ -159,7 +159,7 @@ static int bootm_open_initrd_uimage(struct image_data *data)
> if (!data->initrd)
> return -EINVAL;
>
> - if (boot_get_verify_mode() > BOOT_VERIFY_NONE) {
> + if (boot_get_verify_mode() != BOOT_VERIFY_NONE) {
> ret = uimage_verify(data->initrd);
> if (ret) {
> printf("Checking data crc failed with %s\n",
> diff --git a/include/boot_verify.h b/include/boot_verify.h
> index 3a4436584..ee830bf5c 100644
> --- a/include/boot_verify.h
> +++ b/include/boot_verify.h
> @@ -2,10 +2,10 @@
> #define __BOOT_VERIFY_H__
>
> enum boot_verify {
> - BOOT_VERIFY_NONE,
> - BOOT_VERIFY_HASH,
> - BOOT_VERIFY_AVAILABLE,
> BOOT_VERIFY_SIGNATURE,
> + BOOT_VERIFY_AVAILABLE,
> + BOOT_VERIFY_HASH,
> + BOOT_VERIFY_NONE,
> };
>
> #ifndef CONFIG_BOOT_VERIFY
> @@ -13,8 +13,17 @@ static inline enum boot_verify boot_get_verify_mode(void)
> {
> return BOOT_VERIFY_NONE;
> }
> +
> +static int inline is_secure_mode(void)
> +{
> + return 0;
> +}
> +
> +static void inline boot_set_is_secure_mode(int (*fn)(void)) {}
> #else
> enum boot_verify boot_get_verify_mode(void);
> +int is_secure_mode(void);
> +void boot_set_is_secure_mode(int (*fn)(void));
> #endif
>
> #endif /* __BOOT_VERIFY_H__ */
> --
> 2.11.0
>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2017-03-26 8:16 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-25 8:31 [PATCH 00/13] add efi secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 01/13] bootm: move open to image_handler Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 02/13] boot_verify: use a new error ESECVIOLATION Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 7:59 ` Michael Olbrich
2017-03-26 2:44 ` [PATCH 03/13] bootm: make security generic Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 04/13] boot: invert the secure boot forcing support Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 05/13] move boot verify to generic code Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 06/13] boot_verify: make it modifiable at start time Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 8:16 ` Michael Olbrich [this message]
2017-03-26 2:44 ` [PATCH 07/13] go: only use it if boot signature is not required Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 8:23 ` Michael Olbrich
2017-03-27 11:50 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:44 ` [PATCH 08/13] boot_verify: allow to force unsigned image to boot Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 8:25 ` Michael Olbrich
2017-03-26 2:45 ` [PATCH 09/13] boot_verify: add password request support Jean-Christophe PLAGNIOL-VILLARD
2017-03-27 6:11 ` Sascha Hauer
2017-03-26 2:45 ` [PATCH 10/13] efi: add more security related guid for the efivars Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:45 ` [PATCH 11/13] efi: fix lds for secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 8:30 ` Michael Olbrich
2017-03-26 2:45 ` [PATCH 12/13] efi: fix secure and setup mode report Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 2:45 ` [PATCH 13/13] efi: enable sercure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-26 7:57 ` [PATCH 01/13] bootm: move open to image_handler Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170326081623.v4xvqw67x6nvx2wf@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox