85 lines
2.4 KiB
Diff
85 lines
2.4 KiB
Diff
From 159151b6649008793d6204a34d7b9c41221fb4b0 Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Tue, 3 May 2022 17:05:20 -0400
|
|
Subject: [PATCH 6/6] Also avoid CVE-2022-28737 in verify_image()
|
|
|
|
PR 446 ("Add verify_image") duplicates some of the code affected by
|
|
Chris Coulson's defense in depth patch against CVE-2022-28737 ("pe:
|
|
Perform image verification earlier when loading grub").
|
|
|
|
This patch makes the same change to the new function.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
---
|
|
pe.c | 46 +++++++++++++++++++++++++++-------------------
|
|
1 file changed, 27 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/pe.c b/pe.c
|
|
index 1d120f2d78d..ba3e2bbc444 100644
|
|
--- a/pe.c
|
|
+++ b/pe.c
|
|
@@ -1038,26 +1038,9 @@ EFI_STATUS verify_image(void *data, unsigned int datasize,
|
|
}
|
|
|
|
/*
|
|
- * We only need to verify the binary if we're in secure mode
|
|
+ * Perform the image verification before we start copying data around
|
|
+ * in order to load it.
|
|
*/
|
|
- efi_status = generate_hash(data, datasize, context, sha256hash,
|
|
- sha1hash);
|
|
- if (EFI_ERROR(efi_status))
|
|
- return efi_status;
|
|
-
|
|
- /* Measure the binary into the TPM */
|
|
-#ifdef REQUIRE_TPM
|
|
- efi_status =
|
|
-#endif
|
|
- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize,
|
|
- (EFI_PHYSICAL_ADDRESS)(UINTN)context->ImageAddress,
|
|
- li->FilePath, sha1hash, 4);
|
|
-#ifdef REQUIRE_TPM
|
|
- if (efi_status != EFI_SUCCESS) {
|
|
- return efi_status;
|
|
- }
|
|
-#endif
|
|
-
|
|
if (secure_mode()) {
|
|
efi_status = verify_buffer(data, datasize,
|
|
context, sha256hash, sha1hash);
|
|
@@ -1071,6 +1054,31 @@ EFI_STATUS verify_image(void *data, unsigned int datasize,
|
|
console_print(L"Verification succeeded\n");
|
|
}
|
|
|
|
+ /*
|
|
+ * Calculate the hash for the TPM measurement.
|
|
+ * XXX: We're computing these twice in secure boot mode when the
|
|
+ * buffers already contain the previously computed hashes. Also,
|
|
+ * this is only useful for the TPM1.2 case. We should try to fix
|
|
+ * this in a follow-up.
|
|
+ */
|
|
+ efi_status = generate_hash(data, datasize, context, sha256hash,
|
|
+ sha1hash);
|
|
+ if (EFI_ERROR(efi_status))
|
|
+ return efi_status;
|
|
+
|
|
+ /* Measure the binary into the TPM */
|
|
+#ifdef REQUIRE_TPM
|
|
+ efi_status =
|
|
+#endif
|
|
+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize,
|
|
+ (EFI_PHYSICAL_ADDRESS)(UINTN)context->ImageAddress,
|
|
+ li->FilePath, sha1hash, 4);
|
|
+#ifdef REQUIRE_TPM
|
|
+ if (efi_status != EFI_SUCCESS) {
|
|
+ return efi_status;
|
|
+ }
|
|
+#endif
|
|
+
|
|
return EFI_SUCCESS;
|
|
}
|
|
|
|
--
|
|
2.35.1
|
|
|