From patchwork Wed Feb 19 17:19:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 11392065 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 271E014E3 for ; Wed, 19 Feb 2020 17:20:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 086BF20801 for ; Wed, 19 Feb 2020 17:20:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582132800; bh=E/PcfT9bzCiG6jJeBiaKC/Y8ja54FFFZo6IyIkCdiZ0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=mOjYCibLoIVrHx4WJANOqc4VFbJJPRndCEzxwwIdDR539L157Y9+oQTxJ0gQcmPra +Hs9STgmaerKGP/ctpiXoPGyl/pOpuMidQXD4R/h5HGMdHbHZ22/RuHfqfxyIUa25M 47bjlojyJRIbS9ALyFVXgH3btEd0lySoVkHZCgQg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726771AbgBSRT7 (ORCPT ); Wed, 19 Feb 2020 12:19:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:43308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726707AbgBSRT7 (ORCPT ); Wed, 19 Feb 2020 12:19:59 -0500 Received: from cam-smtp0.cambridge.arm.com (fw-tnat.cambridge.arm.com [217.140.96.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1B4122467B; Wed, 19 Feb 2020 17:19:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582132798; bh=E/PcfT9bzCiG6jJeBiaKC/Y8ja54FFFZo6IyIkCdiZ0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q+p/U9s3H8PIHXnElTWRGV9ZE0R4iH6d+ZOZEXFVT87vtgtzTWV68AJaXj9gzkgup uElLFK4WvwZbbbxeaDO9YUq2FQeS44FCrzulsHzJbSMz2dwCiPA7Qr0vHfdKgOEjZT pDJaLq2It30lH9rzpFCUReGlWPANGyfzN/7aboKI= From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: Ard Biesheuvel , Leif Lindholm , Peter Jones , Alexander Graf , Heinrich Schuchardt , Jeff Brasen , Atish Patra , x86@kernel.org, James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org Subject: [PATCH 9/9] integrity: check properly whether EFI GetVariable() is available Date: Wed, 19 Feb 2020 18:19:07 +0100 Message-Id: <20200219171907.11894-10-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200219171907.11894-1-ardb@kernel.org> References: <20200219171907.11894-1-ardb@kernel.org> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Testing the value of the efi.get_variable function pointer is not the right way to establish whether the platform supports EFI variables at runtime. Instead, use the newly added granular check that can test for the presence of each EFI runtime service individually. Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Signed-off-by: Ard Biesheuvel Acked-by: Serge Hallyn --- security/integrity/platform_certs/load_uefi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c index 111898aad56e..e2fe1bd3abb9 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -76,7 +76,7 @@ static int __init load_uefi_certs(void) unsigned long dbsize = 0, dbxsize = 0, moksize = 0; int rc = 0; - if (!efi.get_variable) + if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) return false; /* Get db, MokListRT, and dbx. They might not exist, so it isn't