* [PATCH 1/2] bootm: replace CONFIG_BOOTM_FORCE_SIGNED_IMAGES with helper
@ 2023-10-23 16:27 Ahmad Fatoum
2023-10-23 16:27 ` [PATCH 2/2] bootm: add support for dynamically forcing signature verification Ahmad Fatoum
0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2023-10-23 16:27 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
In preparation for allowing even CONFIG_BOOTM_FORCE_SIGNED_IMAGES=n
configurations to force boot of only signed images, replace direct
use of IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES) with a helper that
queries a static variable that can be forced at runtime in a follow-up
commit.
No functional change.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
arch/arm/lib32/bootm.c | 2 +-
common/bootm.c | 11 +++++++++--
include/bootm.h | 2 ++
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/arch/arm/lib32/bootm.c b/arch/arm/lib32/bootm.c
index e814593dce43..aeb873a3a723 100644
--- a/arch/arm/lib32/bootm.c
+++ b/arch/arm/lib32/bootm.c
@@ -294,7 +294,7 @@ static int __do_bootm_linux(struct image_data *data, unsigned long free_mem,
}
if (IS_ENABLED(CONFIG_BOOTM_OPTEE)) {
- if (data->tee_file && !IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
+ if (data->tee_file && !bootm_signed_images_are_forced()) {
ret = bootm_load_tee_from_file(data);
if (ret)
return ret;
diff --git a/common/bootm.c b/common/bootm.c
index 2469d4344188..dd5f26dd83e2 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -85,6 +85,13 @@ static const char * const bootm_verify_names[] = {
[BOOTM_VERIFY_SIGNATURE] = "signature",
};
+static bool force_signed_images = IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES);
+
+bool bootm_signed_images_are_forced(void)
+{
+ return force_signed_images;
+}
+
static int uimage_part_num(const char *partname)
{
if (!partname)
@@ -690,7 +697,7 @@ int bootm_boot(struct bootm_data *bootm_data)
goto err_out;
}
- if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES)) {
+ if (bootm_signed_images_are_forced()) {
data->verify = BOOTM_VERIFY_SIGNATURE;
/*
@@ -953,7 +960,7 @@ static int bootm_init(void)
globalvar_add_simple("bootm.initrd.loadaddr", NULL);
}
- if (IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES))
+ if (bootm_signed_images_are_forced())
bootm_verify_mode = BOOTM_VERIFY_SIGNATURE;
globalvar_add_simple_int("bootm.verbose", &bootm_verbosity, "%u");
diff --git a/include/bootm.h b/include/bootm.h
index ee2b574521db..25308d43a30e 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -147,6 +147,8 @@ int bootm_get_os_size(struct image_data *data);
enum bootm_verify bootm_get_verify_mode(void);
void bootm_set_verify_mode(enum bootm_verify mode);
+bool bootm_signed_images_are_forced(void);
+
#define UIMAGE_SOME_ADDRESS (UIMAGE_INVALID_ADDRESS - 1)
void *booti_load_image(struct image_data *data, phys_addr_t *oftree);
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 2/2] bootm: add support for dynamically forcing signature verification
2023-10-23 16:27 [PATCH 1/2] bootm: replace CONFIG_BOOTM_FORCE_SIGNED_IMAGES with helper Ahmad Fatoum
@ 2023-10-23 16:27 ` Ahmad Fatoum
0 siblings, 0 replies; 2+ messages in thread
From: Ahmad Fatoum @ 2023-10-23 16:27 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
So far, secure bootint g systems statically configured
CONFIG_BOOTM_FORCE_SIGNED_IMAGES=y to restrict bootm to signed images.
This remains the recommended way, but some systems require the ability
to decide at runtime whether to enforce secure boot or to disable it,
e.g. after verifying a JSON web token with the appropriate claim.
For such systems, provide a bootm_force_signed_images() function.
There's intentionally no unforce counterpart as this is meant to be
non-reversible.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
common/bootm.c | 16 ++++++++++++++++
include/bootm.h | 1 +
2 files changed, 17 insertions(+)
diff --git a/common/bootm.c b/common/bootm.c
index dd5f26dd83e2..f7e1ff335181 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -87,6 +87,22 @@ static const char * const bootm_verify_names[] = {
static bool force_signed_images = IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES);
+void bootm_force_signed_images(void)
+{
+ static unsigned int verify_mode = 0;
+
+ if (force_signed_images)
+ return;
+
+ /* recreate bootm.verify with a single enumeration as option */
+ globalvar_remove("bootm.verify");
+ globalvar_add_simple_enum("bootm.verify", &verify_mode,
+ &bootm_verify_names[BOOTM_VERIFY_SIGNATURE], 1);
+
+ bootm_verify_mode = BOOTM_VERIFY_SIGNATURE;
+ force_signed_images = true;
+}
+
bool bootm_signed_images_are_forced(void)
{
return force_signed_images;
diff --git a/include/bootm.h b/include/bootm.h
index 25308d43a30e..d20f82b8f5a7 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -148,6 +148,7 @@ enum bootm_verify bootm_get_verify_mode(void);
void bootm_set_verify_mode(enum bootm_verify mode);
bool bootm_signed_images_are_forced(void);
+void bootm_force_signed_images(void);
#define UIMAGE_SOME_ADDRESS (UIMAGE_INVALID_ADDRESS - 1)
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-23 16:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-23 16:27 [PATCH 1/2] bootm: replace CONFIG_BOOTM_FORCE_SIGNED_IMAGES with helper Ahmad Fatoum
2023-10-23 16:27 ` [PATCH 2/2] bootm: add support for dynamically forcing signature verification Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox