From patchwork Wed May 10 18:20:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mehmet Kayaalp X-Patchwork-Id: 9720467 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6BCE660236 for ; Wed, 10 May 2017 18:21:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E901285FE for ; Wed, 10 May 2017 18:21:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8337A28607; Wed, 10 May 2017 18:21:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C936D28622 for ; Wed, 10 May 2017 18:21:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932380AbdEJSVp (ORCPT ); Wed, 10 May 2017 14:21:45 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46711 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932338AbdEJSVo (ORCPT ); Wed, 10 May 2017 14:21:44 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v4AHwWo1079356 for ; Wed, 10 May 2017 14:21:39 -0400 Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by mx0a-001b2d01.pphosted.com with ESMTP id 2ac7md983s-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 10 May 2017 14:21:38 -0400 Received: from localhost by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 10 May 2017 12:21:38 -0600 Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17) by e34.co.us.ibm.com (192.168.1.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 10 May 2017 12:21:34 -0600 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v4AILVNR10420584; Wed, 10 May 2017 11:21:31 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4318778043; Wed, 10 May 2017 12:21:31 -0600 (MDT) Received: from dogbert.watson.ibm.com (unknown [9.2.195.28]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 8673D78038; Wed, 10 May 2017 12:21:30 -0600 (MDT) From: Mehmet Kayaalp To: David Howells Cc: David Woodhouse , keyrings , LSM , kernel , Mimi Zohar , Stefan Berger , George Wilson , Mehmet Kayaalp Subject: [PATCH v5 3/4] KEYS: Support for inserting a certificate into x86 bzImage Date: Wed, 10 May 2017 14:20:55 -0400 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> References: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17051018-0016-0000-0000-000006B6D0D5 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007043; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000210; SDB=6.00858770; UDB=6.00425549; IPR=6.00638245; BA=6.00005342; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00015399; XFM=3.00000015; UTC=2017-05-10 18:21:37 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17051018-0017-0000-0000-0000399501D0 Message-Id: <1494440456-28671-4-git-send-email-mkayaalp@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-10_14:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705100123 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The config option SYSTEM_EXTRA_CERTIFICATE (introduced in c4c361059585) reserves space in vmlinux file, which is compressed to create the self-extracting bzImage. This patch adds the capability of extracting the vmlinux, inserting the certificate, and repackaging the result into a bzImage. It only works if the resulting compressed vmlinux is smaller than the original. Otherwise re-linking would be required. To make the reserved space allocate actual space in bzImage, incompressible bytes are inserted into the vmlinux as a placeholder for the extra certificate. After receiving a bzImage that is created this way, the actual certificate can be inserted into the bzImage: scripts/insert-sys-cert -s -z -c Signed-off-by: Mehmet Kayaalp --- scripts/insert-sys-cert.c | 256 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 251 insertions(+), 5 deletions(-) diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c index 86a3d41..b9793aa 100644 --- a/scripts/insert-sys-cert.c +++ b/scripts/insert-sys-cert.c @@ -7,7 +7,8 @@ * This software may be used and distributed according to the terms * of the GNU General Public License, incorporated herein by reference. * - * Usage: insert-sys-cert [-s -b -c + * Usage: insert-sys-cert [-s ] -b -c + * [-s ] -z -c */ #define _GNU_SOURCE @@ -230,6 +231,228 @@ static char *read_file(char *file_name, int *size) return buf; } +#define BOOT_FLAG 0xAA55 +#define MAGIC 0x53726448 + +#define BOOT_FLAG_O 0x1FE +#define MAGIC_O 0x202 +#define VERSION_O 0x206 +#define SETUP_SECTS_O 0x1F1 +#define PAYLOAD_OFFSET_O 0x248 +#define PAYLOAD_LENGTH_O 0x24C + +static int image_supported(char *bzimage, int bzimage_size) +{ + u16 boot_flag; + u32 magic; + u16 version; + + if (bzimage_size < 1024) { + err("Invalid bzImage: File is too small\n"); + return 0; + } + + boot_flag = *((u16 *)&bzimage[BOOT_FLAG_O]); + magic = *((u32 *)&bzimage[MAGIC_O]); + version = *((u16 *)&bzimage[VERSION_O]); + + if (boot_flag != BOOT_FLAG || magic != MAGIC) { + err("Invalid bzImage: Magic mismatch\n"); + return 0; + } + + if (version < 0x208) { + err("Invalid bzImage: Boot version <2.08 not supported\n"); + return 0; + } + + return 1; +} + +static void get_payload_info(char *bzimage, int *offset, int *size) +{ + unsigned int system_offset; + unsigned char setup_sectors; + + setup_sectors = bzimage[SETUP_SECTS_O] + 1; + system_offset = setup_sectors * 512; + *offset = system_offset + *((int *)&bzimage[PAYLOAD_OFFSET_O]); + *size = *((int *)&bzimage[PAYLOAD_LENGTH_O]); +} + +static void update_payload_info(char *bzimage, int new_size) +{ + int offset, size; + + get_payload_info(bzimage, &offset, &size); + *((int *)&bzimage[PAYLOAD_LENGTH_O]) = new_size; + if (new_size < size) + memset(bzimage + offset + new_size, 0, size - new_size); +} + +struct zipper { + unsigned char pattern[10]; + int length; + char *command; + char *compress; +}; + +struct zipper zippers[] = { + {{0x7F, 'E', 'L', 'F'}, + 4, "cat", "cat"}, + {{0x1F, 0x8B}, + 2, "gunzip", "gzip -n -f -9"}, + {{0xFD, '7', 'z', 'X', 'Z', 0}, + 6, "unxz", "xz"}, + {{'B', 'Z', 'h'}, + 3, "bunzip2", "bzip2 -9"}, + {{0xFF, 'L', 'Z', 'M', 'A', 0}, + 6, "unlzma", "lzma -9"}, + {{0xD3, 'L', 'Z', 'O', 0, '\r', '\n', 0x20, '\n'}, + 9, "lzop -d", "lzop -9"} +}; + +static struct zipper *get_zipper(char *p) +{ + int i; + + for (i = 0; i < sizeof(zippers) / sizeof(struct zipper); i++) { + if (memcmp(p, zippers[i].pattern, zippers[i].length) == 0) + return &zippers[i]; + } + return NULL; +} + +static u32 crc32(u32 seed, const char *buffer, int size) +{ + int i, j; + u32 byte, crc, mask; + + crc = seed; + for (i = 0; i < size; i++) { + byte = buffer[i]; + crc = crc ^ byte; + for (j = 7; j >= 0; j--) { + mask = -(crc & 1); + crc = (crc >> 1) ^ (0xEDB88320 & mask); + } + } + return crc; +} + +/* + * This only works for x86 bzImage + */ +static void extract_vmlinux(char *bzimage, int bzimage_size, + char **file, struct zipper **zipper) +{ + int r; + char src[15] = "vmlinux-XXXXXX"; + char dest[15] = "vmlinux-XXXXXX"; + char cmd[100]; + int src_fd, dest_fd; + int offset, size; + struct zipper *z; + + if (!image_supported(bzimage, bzimage_size)) + return; + + get_payload_info(bzimage, &offset, &size); + z = get_zipper(bzimage + offset); + if (!z) { + err("Unable to determine the compression of vmlinux\n"); + return; + } + + src_fd = mkstemp(src); + if (src_fd == -1) { + perror("Could not create temp file"); + return; + } + + r = write(src_fd, bzimage + offset, size); + if (r != size) { + perror("Could not write vmlinux"); + return; + } + dest_fd = mkstemp(dest); + if (dest_fd == -1) { + perror("Could not create temp file"); + return; + } + + snprintf(cmd, sizeof(cmd), "%s <%s >%s", z->command, src, dest); + info("Executing: %s\n", cmd); + r = system(cmd); + if (r != 0) + warn("Possible errors when extracting\n"); + + r = remove(src); + if (r != 0) + perror(src); + + *file = strdup(dest); + *zipper = z; +} + +static void repack_image(char *bzimage, int bzimage_size, + char *vmlinux_file, struct zipper *z) +{ + char tmp[15] = "vmlinux-XXXXXX"; + char cmd[100]; + int fd; + struct stat st; + int new_size; + int r; + int offset, size; + u32 *crc; + + get_payload_info(bzimage, &offset, &size); + + fd = mkstemp(tmp); + if (fd == -1) { + perror("Could not create temp file"); + return; + } + snprintf(cmd, sizeof(cmd), "%s <%s >%s", + z->compress, vmlinux_file, tmp); + + info("Executing: %s\n", cmd); + r = system(cmd); + if (r != 0) + warn("Possible errors when compressing\n"); + + r = remove(vmlinux_file); + if (r != 0) + perror(vmlinux_file); + + if (fstat(fd, &st)) { + perror("Could not determine file size"); + close(fd); + } + new_size = st.st_size; + if (new_size > size) { + err("Increase in compressed size is not supported.\n"); + err("Old size was %d, new size is %d\n", size, new_size); + exit(EXIT_FAILURE); + } + + r = read(fd, bzimage + offset, new_size); + if (r != new_size) + perror(tmp); + + r = remove(tmp); + if (r != 0) + perror(tmp); + + /* x86 specific patching of bzimage */ + update_payload_info(bzimage, new_size); + + /* update CRC */ + crc = (u32 *)(bzimage + bzimage_size - 4); + *crc = crc32(~0, bzimage, bzimage_size); +} + static void print_sym(struct sym *s) { info("sym: %s\n", s->name); @@ -240,18 +463,23 @@ static void print_sym(struct sym *s) static void print_usage(char *e) { - printf("Usage %s [-s ] -b -c \n", e); + printf("Usage: %s [-s ] -b -c \n", e); + printf(" %s [-s ] -z -c \n", e); } int main(int argc, char **argv) { char *system_map_file = NULL; char *vmlinux_file = NULL; + char *bzimage_file = NULL; char *cert_file = NULL; int vmlinux_size; + int bzimage_size; int cert_size; char *vmlinux; char *cert; + char *bzimage = NULL; + struct zipper *z = NULL; FILE *system_map; int *used; int opt; @@ -260,7 +488,7 @@ int main(int argc, char **argv) GElf_Ehdr hdr_s, *hdr; Elf_Scn *symtab = NULL; - while ((opt = getopt(argc, argv, "b:c:s:")) != -1) { + while ((opt = getopt(argc, argv, "b:z:c:s:")) != -1) { switch (opt) { case 's': system_map_file = optarg; @@ -268,6 +496,9 @@ int main(int argc, char **argv) case 'b': vmlinux_file = optarg; break; + case 'z': + bzimage_file = optarg; + break; case 'c': cert_file = optarg; break; @@ -276,7 +507,9 @@ int main(int argc, char **argv) } } - if (!vmlinux_file || !cert_file) { + if (!cert_file || + (!vmlinux_file && !bzimage_file) || + (vmlinux_file && bzimage_file)) { print_usage(argv[0]); exit(EXIT_FAILURE); } @@ -285,6 +518,16 @@ int main(int argc, char **argv) if (!cert) exit(EXIT_FAILURE); + if (bzimage_file) { + bzimage = map_file(bzimage_file, &bzimage_size); + if (!bzimage) + exit(EXIT_FAILURE); + + extract_vmlinux(bzimage, bzimage_size, &vmlinux_file, &z); + if (!vmlinux_file) + exit(EXIT_FAILURE); + } + vmlinux = map_file(vmlinux_file, &vmlinux_size); if (!vmlinux) exit(EXIT_FAILURE); @@ -372,7 +615,7 @@ int main(int argc, char **argv) } /* If the existing cert is the same, don't overwrite */ - if (cert_size == *used && + if (cert_size > 0 && cert_size == *used && strncmp(cert_sym.content, cert, cert_size) == 0) { warn("Certificate was already inserted.\n"); exit(EXIT_SUCCESS); @@ -407,5 +650,8 @@ int main(int argc, char **argv) exit(EXIT_FAILURE); } + if (bzimage) + repack_image(bzimage, bzimage_size, vmlinux_file, z); + exit(EXIT_SUCCESS); }