mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH 2/2] bootm: add support for dynamically forcing signature verification
Date: Mon, 23 Oct 2023 18:27:48 +0200	[thread overview]
Message-ID: <20231023162748.533468-2-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20231023162748.533468-1-a.fatoum@pengutronix.de>

So far, secure bootint g systems statically configured
CONFIG_BOOTM_FORCE_SIGNED_IMAGES=y to restrict bootm to signed images.

This remains the recommended way, but some systems require the ability
to decide at runtime whether to enforce secure boot or to disable it,
e.g. after verifying a JSON web token with the appropriate claim.

For such systems, provide a bootm_force_signed_images() function.
There's intentionally no unforce counterpart as this is meant to be
non-reversible.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 common/bootm.c  | 16 ++++++++++++++++
 include/bootm.h |  1 +
 2 files changed, 17 insertions(+)

diff --git a/common/bootm.c b/common/bootm.c
index dd5f26dd83e2..f7e1ff335181 100644
--- a/common/bootm.c
+++ b/common/bootm.c
@@ -87,6 +87,22 @@ static const char * const bootm_verify_names[] = {
 
 static bool force_signed_images = IS_ENABLED(CONFIG_BOOTM_FORCE_SIGNED_IMAGES);
 
+void bootm_force_signed_images(void)
+{
+	static unsigned int verify_mode = 0;
+
+	if (force_signed_images)
+		return;
+
+	/* recreate bootm.verify with a single enumeration as option */
+	globalvar_remove("bootm.verify");
+	globalvar_add_simple_enum("bootm.verify", &verify_mode,
+				  &bootm_verify_names[BOOTM_VERIFY_SIGNATURE], 1);
+
+	bootm_verify_mode = BOOTM_VERIFY_SIGNATURE;
+	force_signed_images = true;
+}
+
 bool bootm_signed_images_are_forced(void)
 {
 	return force_signed_images;
diff --git a/include/bootm.h b/include/bootm.h
index 25308d43a30e..d20f82b8f5a7 100644
--- a/include/bootm.h
+++ b/include/bootm.h
@@ -148,6 +148,7 @@ enum bootm_verify bootm_get_verify_mode(void);
 void bootm_set_verify_mode(enum bootm_verify mode);
 
 bool bootm_signed_images_are_forced(void);
+void bootm_force_signed_images(void);
 
 #define UIMAGE_SOME_ADDRESS (UIMAGE_INVALID_ADDRESS - 1)
 
-- 
2.39.2




      reply	other threads:[~2023-10-23 16:29 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-23 16:27 [PATCH 1/2] bootm: replace CONFIG_BOOTM_FORCE_SIGNED_IMAGES with helper Ahmad Fatoum
2023-10-23 16:27 ` Ahmad Fatoum [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231023162748.533468-2-a.fatoum@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox