From patchwork Fri Apr 25 16:09:14 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leif Lindholm <leif.lindholm@linaro.org>
X-Patchwork-Id: 4064411
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
X-Original-To: patchwork-linux-arm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 251139F1F4
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 25 Apr 2014 16:14:17 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 4E2192021A
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 25 Apr 2014 16:14:16 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 7D8382034A
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Fri, 25 Apr 2014 16:14:15 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1WdijP-0001sa-Ia; Fri, 25 Apr 2014 16:12:07 +0000
Received: from mail-wi0-f180.google.com ([209.85.212.180])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1WdiiI-0000WE-W8
	for linux-arm-kernel@lists.infradead.org;
	Fri, 25 Apr 2014 16:10:59 +0000
Received: by mail-wi0-f180.google.com with SMTP id q5so2906931wiv.1
	for <linux-arm-kernel@lists.infradead.org>;
	Fri, 25 Apr 2014 09:10:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=aEpmKMPGF3mHW5W481frWzzFW98jn5CuIND+q3b9uYc=;
	b=Mv75VxhEA+/UGUWQlsjK0rgzDX4A8P3CqaAr5eJglL71vYHnDSxlYoxCxiLMcq3S6A
	QhHX+HENpw0wKW7hPTYF72+jt9vxHg6ARFikyuxfEH08TSWFMrEajxDVEP05ik8teTlx
	Efx/uBJqWmJpM0Dol//RuwOMjMMZ1AXknQ7Yt2pdu6qL1NMBITZqB3f8gWzPn0ljCMEM
	7poHRyrq13d8yVfWwp7antes7LTSWDXsQmZiHMGH6yNohIcJfj4pHXTU2zrqtjSUQ2Xj
	ivtB9D8tnvLc1dJ26TCWbRAZteaysHoE4MtZlOcG6vnpE+2XaXdAvGAxUPlE/HBd6Hwr
	6Blw==
X-Gm-Message-State: 
 ALoCoQnttPeAf84h7Iy5UrC13CSi3ZRnqU0Ds9oBlOtUzfucpLOlsoOtk9SY6NgaBufUKpHykVdV
X-Received: by 10.194.161.168 with SMTP id xt8mr7464164wjb.35.1398442241842;
	Fri, 25 Apr 2014 09:10:41 -0700 (PDT)
Received: from mohikan.mushroom.smurfnet.nu
	(cpc4-cmbg17-2-0-cust71.5-4.cable.virginm.net. [86.14.224.72])
	by mx.google.com with ESMTPSA id
	uy4sm11813046wjc.8.2014.04.25.09.10.37 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 25 Apr 2014 09:10:40 -0700 (PDT)
From: Leif Lindholm <leif.lindholm@linaro.org>
To: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 10/10] efi/arm64: ignore dtb= when UEFI SecureBoot is
	enabled
Date: Fri, 25 Apr 2014 17:09:14 +0100
Message-Id: <1398442154-19974-11-git-send-email-leif.lindholm@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1398442154-19974-1-git-send-email-leif.lindholm@linaro.org>
References: <1398442154-19974-1-git-send-email-leif.lindholm@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20140425_091059_223357_FB65AC9E 
X-CRM114-Status: GOOD (  15.65  )
X-Spam-Score: -0.7 (/)
Cc: mark.rutland@arm.com, matt.fleming@intel.com, ard.biesheuvel@linaro.org,
	catalin.marinas@arm.com, linux-doc@vger.kernel.org, roy.franz@linaro.org,
	msalter@redhat.com, grant.likely@linaro.org
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Loading unauthenticated FDT blobs directly from storage is a security hazard,
so this should only be allowed when running with UEFI Secure Boot disabled.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Acked-by: Matt Fleming <matt.fleming@intel.com>
---
 drivers/firmware/efi/arm-stub.c |   39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/efi/arm-stub.c b/drivers/firmware/efi/arm-stub.c
index 19239a9..41114ce 100644
--- a/drivers/firmware/efi/arm-stub.c
+++ b/drivers/firmware/efi/arm-stub.c
@@ -12,6 +12,30 @@
  *
  */
 
+static int __init efi_secureboot_enabled(efi_system_table_t *sys_table_arg)
+{
+	static efi_guid_t const var_guid __initconst = EFI_GLOBAL_VARIABLE_GUID;
+	static efi_char16_t const var_name[] __initconst = {
+		'S', 'e', 'c', 'u', 'r', 'e', 'B', 'o', 'o', 't', 0 };
+
+	efi_get_variable_t *f_getvar = sys_table_arg->runtime->get_variable;
+	unsigned long size = sizeof(u8);
+	efi_status_t status;
+	u8 val;
+
+	status = f_getvar((efi_char16_t *)var_name, (efi_guid_t *)&var_guid,
+			  NULL, &size, &val);
+
+	switch (status) {
+	case EFI_SUCCESS:
+		return val;
+	case EFI_NOT_FOUND:
+		return 0;
+	default:
+		return 1;
+	}
+}
+
 static efi_status_t efi_open_volume(efi_system_table_t *sys_table_arg,
 				    void *__image, void **__fh)
 {
@@ -144,7 +168,7 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 	/* addr/point and size pairs for memory management*/
 	unsigned long initrd_addr;
 	u64 initrd_size = 0;
-	unsigned long fdt_addr;  /* Original DTB */
+	unsigned long fdt_addr = 0;  /* Original DTB */
 	u64 fdt_size = 0;  /* We don't get size from configuration table */
 	char *cmdline_ptr = NULL;
 	int cmdline_size = 0;
@@ -196,9 +220,13 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 		goto fail_free_image;
 	}
 
-	/* Load a device tree from the configuration table, if present. */
-	fdt_addr = (uintptr_t)get_fdt(sys_table);
-	if (!fdt_addr) {
+	/*
+	 * Unauthenticated device tree data is a security hazard, so
+	 * ignore 'dtb=' unless UEFI Secure Boot is disabled.
+	 */
+	if (efi_secureboot_enabled(sys_table)) {
+		pr_efi(sys_table, "UEFI Secure Boot is enabled.\n");
+	} else {
 		status = handle_cmdline_files(sys_table, image, cmdline_ptr,
 					      "dtb=",
 					      ~0UL, (unsigned long *)&fdt_addr,
@@ -209,6 +237,9 @@ unsigned long __init efi_entry(void *handle, efi_system_table_t *sys_table,
 			goto fail_free_cmdline;
 		}
 	}
+	if (!fdt_addr)
+		/* Look for a device tree configuration table entry. */
+		fdt_addr = (uintptr_t)get_fdt(sys_table);
 
 	status = handle_cmdline_files(sys_table, image, cmdline_ptr,
 				      "initrd=", dram_base + SZ_512M,