| Message ID | 20210914211416.34096-13-eric.snowberg@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Enroll kernel keys thru MOK | expand |
On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote: > +/* > + * Try to load the MokListTrustedRT UEFI variable to see if we should trust > + * the mok keys within the kernel. It is not an error if this variable > + * does not exist. If it does not exist, mok keys should not be trusted > + * within the machine keyring. > + */ > +static __init bool uefi_check_trust_mok_keys(void) > +{ > + efi_status_t status; > + unsigned int mtrust = 0; > + unsigned long size = sizeof(mtrust); > + efi_guid_t guid = EFI_SHIM_LOCK_GUID; > + u32 attr; > + > + status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust); This should use efi_mokvar_entry_find("MokListTrustedRT") instead, similar to how load_moklist_certs() does. It's a *much* more reliable mechanism. We don't even need to fall back to checking for the variable, as any version of shim that populates this supports the config table method.
> On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote: > > On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote: >> +/* >> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust >> + * the mok keys within the kernel. It is not an error if this variable >> + * does not exist. If it does not exist, mok keys should not be trusted >> + * within the machine keyring. >> + */ >> +static __init bool uefi_check_trust_mok_keys(void) >> +{ >> + efi_status_t status; >> + unsigned int mtrust = 0; >> + unsigned long size = sizeof(mtrust); >> + efi_guid_t guid = EFI_SHIM_LOCK_GUID; >> + u32 attr; >> + >> + status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust); > > This should use efi_mokvar_entry_find("MokListTrustedRT") instead, > similar to how load_moklist_certs() does. It's a *much* more reliable > mechanism. We don't even need to fall back to checking for the > variable, as any version of shim that populates this supports the config > table method. I’ll change this in v7, thanks.
On Thu, Sep 16, 2021 at 08:00:54PM -0600, Eric Snowberg wrote: > > > On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote: > > > > On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote: > >> +/* > >> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust > >> + * the mok keys within the kernel. It is not an error if this variable > >> + * does not exist. If it does not exist, mok keys should not be trusted > >> + * within the machine keyring. > >> + */ > >> +static __init bool uefi_check_trust_mok_keys(void) > >> +{ > >> + efi_status_t status; > >> + unsigned int mtrust = 0; > >> + unsigned long size = sizeof(mtrust); > >> + efi_guid_t guid = EFI_SHIM_LOCK_GUID; > >> + u32 attr; > >> + > >> + status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust); > > > > This should use efi_mokvar_entry_find("MokListTrustedRT") instead, > > similar to how load_moklist_certs() does. It's a *much* more reliable > > mechanism. We don't even need to fall back to checking for the > > variable, as any version of shim that populates this supports the config > > table method. > > I’ll change this in v7, thanks. We do also need to figure out a path forward for something like Dimitri Ledkov's MokListX patch[0] from May, though it doesn't necessarily need to hold up this patch set. It looks like your patches will change the structure of the keyrings it needs to apply to, but I don't see a reason it wouldn't be conditional on the same MokListTrustedRT variable. Any thoughts? [0] https://lore.kernel.org/lkml/20210512153100.285169-1-dimitri.ledkov@canonical.com/
> On Sep 17, 2021, at 9:03 AM, Peter Jones <pjones@redhat.com> wrote: > > On Thu, Sep 16, 2021 at 08:00:54PM -0600, Eric Snowberg wrote: >> >>> On Sep 16, 2021, at 4:19 PM, Peter Jones <pjones@redhat.com> wrote: >>> >>> On Tue, Sep 14, 2021 at 05:14:15PM -0400, Eric Snowberg wrote: >>>> +/* >>>> + * Try to load the MokListTrustedRT UEFI variable to see if we should trust >>>> + * the mok keys within the kernel. It is not an error if this variable >>>> + * does not exist. If it does not exist, mok keys should not be trusted >>>> + * within the machine keyring. >>>> + */ >>>> +static __init bool uefi_check_trust_mok_keys(void) >>>> +{ >>>> + efi_status_t status; >>>> + unsigned int mtrust = 0; >>>> + unsigned long size = sizeof(mtrust); >>>> + efi_guid_t guid = EFI_SHIM_LOCK_GUID; >>>> + u32 attr; >>>> + >>>> + status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust); >>> >>> This should use efi_mokvar_entry_find("MokListTrustedRT") instead, >>> similar to how load_moklist_certs() does. It's a *much* more reliable >>> mechanism. We don't even need to fall back to checking for the >>> variable, as any version of shim that populates this supports the config >>> table method. >> >> I’ll change this in v7, thanks. > > We do also need to figure out a path forward for something like Dimitri > Ledkov's MokListX patch[0] from May, though it doesn't necessarily need > to hold up this patch set. It looks like your patches will change the > structure of the keyrings it needs to apply to, but I don't see a reason > it wouldn't be conditional on the same MokListTrustedRT variable. Any > thoughts? > > [0] https://lore.kernel.org/lkml/20210512153100.285169-1-dimitri.ledkov@canonical.com/ > I had a little different approach I was going to send for this problem, but dropped it after I saw Dimitri’s patch. Yes, we will need to figure out a way to merge the two. But I don’t see that being too difficult or them being incompatible with one another.
diff --git a/security/integrity/platform_certs/machine_keyring.c b/security/integrity/platform_certs/machine_keyring.c index ea2ac2f9f2b5..68b8f2d449dc 100644 --- a/security/integrity/platform_certs/machine_keyring.c +++ b/security/integrity/platform_certs/machine_keyring.c @@ -5,6 +5,7 @@ * Copyright (c) 2021, Oracle and/or its affiliates. */ +#include <linux/efi.h> #include "../integrity.h" static __init int machine_keyring_init(void) @@ -40,3 +41,29 @@ void __init add_to_machine_keyring(const char *source, const void *data, size_t if (rc) pr_info("Error adding keys to machine keyring %s\n", source); } + +/* + * Try to load the MokListTrustedRT UEFI variable to see if we should trust + * the mok keys within the kernel. It is not an error if this variable + * does not exist. If it does not exist, mok keys should not be trusted + * within the machine keyring. + */ +static __init bool uefi_check_trust_mok_keys(void) +{ + efi_status_t status; + unsigned int mtrust = 0; + unsigned long size = sizeof(mtrust); + efi_guid_t guid = EFI_SHIM_LOCK_GUID; + u32 attr; + + status = efi.get_variable(L"MokListTrustedRT", &guid, &attr, &size, &mtrust); + + /* + * The EFI_VARIABLE_NON_VOLATILE check is to verify MokListTrustedRT + * was set thru shim mirrioring and not by a user from the host os. + * According to the UEFI spec, once EBS is performed, SetVariable() + * will succeed only when both EFI_VARIABLE_RUNTIME_ACCESS & + * EFI_VARIABLE_NON_VOLATILE are set. + */ + return (status == EFI_SUCCESS && (!(attr & EFI_VARIABLE_NON_VOLATILE))); +}
A new Machine Owner Key (MOK) variable called MokListTrustedRT has been introduced in shim. When this UEFI variable is set, it indicates the end-user has made the decision themself that they wish to trust MOK keys within the Linux trust boundary. It is not an error if this variable does not exist. If it does not exist, the MOK keys should not be trusted within the kernel. MOK variables are mirrored from Boot Services to Runtime Services. When shim sees the new MokTML BS variable, it will create a new variable (before Exit Boot Services is called) called MokListTrustedRT without EFI_VARIABLE_NON_VOLATILE set. Following Exit Boot Services, UEFI variables can only be set and created with SetVariable if both EFI_VARIABLE_RUNTIME_ACCESS & EFI_VARIABLE_NON_VOLATILE are set. Therefore, this can not be defeated by simply creating a MokListTrustedRT variable from Linux, the existence of EFI_VARIABLE_NON_VOLATILE will cause uefi_check_trust_machine_keys to return false. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> --- v1: Initial version v2: Removed mok_keyring_trust_setup function v4: Unmodified from v2 v5: Rename to machine keyring v6: Unmodified from v5 --- .../platform_certs/machine_keyring.c | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+)