92 lines
3.1 KiB
Diff
92 lines
3.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Date: Wed, 26 Sep 2018 13:17:52 +0200
|
|
Subject: [PATCH] verifiers: Add possibility to defer verification to other
|
|
verifiers
|
|
|
|
This way if a verifier requires verification of a given file it can defer task
|
|
to another verifier (another authority) if it is not able to do it itself. E.g.
|
|
shim_lock verifier, posted as a subsequent patch, is able to verify only PE
|
|
files. This means that it is not able to verify any of GRUB2 modules which have
|
|
to be trusted on UEFI systems with secure boot enabled. So, it can defer
|
|
verification to other verifier, e.g. PGP one.
|
|
|
|
I silently assume that other verifiers are trusted and will do good job for us.
|
|
Or at least they will not do any harm.
|
|
|
|
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
|
|
---
|
|
grub-core/commands/verifiers.c | 23 ++++++++++++++++++++---
|
|
include/grub/verify.h | 4 +++-
|
|
2 files changed, 23 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
|
|
index 59ea418a2d9..c638d5f43e0 100644
|
|
--- a/grub-core/commands/verifiers.c
|
|
+++ b/grub-core/commands/verifiers.c
|
|
@@ -83,6 +83,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
void *context;
|
|
grub_file_t ret = 0;
|
|
grub_err_t err;
|
|
+ int defer = 0;
|
|
|
|
grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
|
|
|
|
@@ -102,13 +103,27 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
err = ver->init (io, type, &context, &flags);
|
|
if (err)
|
|
goto fail_noclose;
|
|
+ if (flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
|
+ {
|
|
+ defer = 1;
|
|
+ continue;
|
|
+ }
|
|
if (!(flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION))
|
|
break;
|
|
}
|
|
|
|
if (!ver)
|
|
- /* No verifiers wanted to verify. Just return underlying file. */
|
|
- return io;
|
|
+ {
|
|
+ if (defer)
|
|
+ {
|
|
+ grub_error (GRUB_ERR_ACCESS_DENIED,
|
|
+ N_("verification requested but nobody cares: %s"), io->name);
|
|
+ goto fail_noclose;
|
|
+ }
|
|
+
|
|
+ /* No verifiers wanted to verify. Just return underlying file. */
|
|
+ return io;
|
|
+ }
|
|
|
|
ret = grub_malloc (sizeof (*ret));
|
|
if (!ret)
|
|
@@ -160,7 +175,9 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
|
|
err = ver->init (io, type, &context, &flags);
|
|
if (err)
|
|
goto fail_noclose;
|
|
- if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION)
|
|
+ if (flags & GRUB_VERIFY_FLAGS_SKIP_VERIFICATION ||
|
|
+ /* Verification done earlier. So, we are happy here. */
|
|
+ flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
|
|
continue;
|
|
err = ver->write (context, verified->buf, ret->size);
|
|
if (err)
|
|
diff --git a/include/grub/verify.h b/include/grub/verify.h
|
|
index 9f892d8fedb..79022b42258 100644
|
|
--- a/include/grub/verify.h
|
|
+++ b/include/grub/verify.h
|
|
@@ -22,7 +22,9 @@
|
|
enum grub_verify_flags
|
|
{
|
|
GRUB_VERIFY_FLAGS_SKIP_VERIFICATION = 1,
|
|
- GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2
|
|
+ GRUB_VERIFY_FLAGS_SINGLE_CHUNK = 2,
|
|
+ /* Defer verification to another authority. */
|
|
+ GRUB_VERIFY_FLAGS_DEFER_AUTH = 4
|
|
};
|
|
|
|
enum grub_verify_string_type
|