diff options
| author | Masahisa Kojima <masahisa.kojima@linaro.org> | 2022-12-20 19:38:52 +0900 |
|---|---|---|
| committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-12-20 16:06:48 +0100 |
| commit | ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa (patch) | |
| tree | 510ccb784f87ee699520789b06858cbd7dc5db44 | |
| parent | 9ba35e64fad0fe205b403da7e30656015979a235 (diff) | |
| download | u-boot-ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa.zip u-boot-ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa.tar.gz u-boot-ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa.tar.bz2 | |
eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key
The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.
This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| -rw-r--r-- | cmd/eficonfig_sbkey.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c index 6e0bebf..ed39aab 100644 --- a/cmd/eficonfig_sbkey.c +++ b/cmd/eficonfig_sbkey.c @@ -73,6 +73,28 @@ static bool file_have_auth_header(void *buf, efi_uintn_t size) } /** + * file_is_null_key() - check the file is an authenticated and signed null key + * + * @auth: pointer to the file + * @size: file size + * @null_key: pointer to store the result + * Return: status code + */ +static efi_status_t file_is_null_key(struct efi_variable_authentication_2 *auth, + efi_uintn_t size, bool *null_key) +{ + efi_uintn_t auth_size = + sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength; + + if (size < auth_size) + return EFI_INVALID_PARAMETER; + + *null_key = (size == auth_size); + + return EFI_SUCCESS; +} + +/** * eficonfig_process_enroll_key() - enroll key into signature database * * @data: pointer to the data for each entry @@ -84,6 +106,7 @@ static efi_status_t eficonfig_process_enroll_key(void *data) char *buf = NULL; efi_uintn_t size; efi_status_t ret; + bool null_key = false; struct efi_file_handle *f = NULL; struct efi_device_path *full_dp = NULL; struct eficonfig_select_file_info file_info; @@ -149,13 +172,24 @@ static efi_status_t eficonfig_process_enroll_key(void *data) goto out; } + ret = file_is_null_key((struct efi_variable_authentication_2 *)buf, + size, &null_key); + if (ret != EFI_SUCCESS) { + eficonfig_print_msg("ERROR! Invalid file format."); + goto out; + } + attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - /* PK can enroll only one certificate */ - if (u16_strcmp(data, u"PK")) { + /* + * PK can enroll only one certificate. + * The signed null key is used to clear KEK, db and dbx. + * EFI_VARIABLE_APPEND_WRITE attribute must not be set in these cases. + */ + if (u16_strcmp(data, u"PK") && !null_key) { efi_uintn_t db_size = 0; /* check the variable exists. If exists, add APPEND_WRITE attribute */ |