From 64ca9a7ff6748eed582b28aa6ff728bf69b2fe27 Mon Sep 17 00:00:00 2001 From: "Simon J. Gerraty" Date: Tue, 23 Apr 2019 20:25:25 +0000 Subject: [PATCH] Allow no_hash to appear in manifest. sbin/veriexec will ignore entries that have no hash anyway, but loader needs to be explicitly told that such files are ok to ignore (not verify). We will report as Unverified depending on verbose level, but with no reason - because we are not rejecting the file. Reviewed by: imp, mindal_semihalf Sponsored by: Juniper Networks MFC After: 1 week Differential Revision: https://reviews.freebsd.org//D20018 --- lib/libsecureboot/h/libsecureboot.h | 1 + lib/libsecureboot/vectx.c | 15 ++++++++++----- lib/libsecureboot/veopen.c | 5 ++++- lib/libsecureboot/verify_file.c | 8 ++++++-- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/lib/libsecureboot/h/libsecureboot.h b/lib/libsecureboot/h/libsecureboot.h index d0ec327b866a..6599db299aef 100644 --- a/lib/libsecureboot/h/libsecureboot.h +++ b/lib/libsecureboot/h/libsecureboot.h @@ -86,6 +86,7 @@ ssize_t ve_pcr_get(unsigned char *, size_t); #define VEF_VERBOSE 1 #define VE_FINGERPRINT_OK 1 +#define VE_FINGERPRINT_IGNORE 2 /* errors from verify_fd */ #define VE_FINGERPRINT_NONE -2 #define VE_FINGERPRINT_WRONG -3 diff --git a/lib/libsecureboot/vectx.c b/lib/libsecureboot/vectx.c index 879cecac188d..97a8d97efb88 100644 --- a/lib/libsecureboot/vectx.c +++ b/lib/libsecureboot/vectx.c @@ -120,7 +120,10 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp, int *error) ctx->vec_status = VE_FINGERPRINT_NONE; ve_error_set("%s: no entry", path); } else { - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + ctx->vec_status = VE_FINGERPRINT_IGNORE; + hashsz = 0; + } else if (strncmp(cp, "sha256=", 7) == 0) { ctx->vec_md = &br_sha256_vtable; hashsz = br_sha256_SIZE; cp += 7; @@ -150,11 +153,13 @@ vectx_open(int fd, const char *path, off_t off, struct stat *stp, int *error) *error = ctx->vec_status; ctx->vec_hashsz = hashsz; ctx->vec_want = cp; - ctx->vec_md->init(&ctx->vec_ctx.vtable); + if (hashsz > 0) { + ctx->vec_md->init(&ctx->vec_ctx.vtable); - if (hashsz > 0 && off > 0) { - lseek(fd, 0, SEEK_SET); - vectx_lseek(ctx, off, SEEK_SET); + if (off > 0) { + lseek(fd, 0, SEEK_SET); + vectx_lseek(ctx, off, SEEK_SET); + } } return (ctx); diff --git a/lib/libsecureboot/veopen.c b/lib/libsecureboot/veopen.c index b9da7e4479d8..6ecf85c44af1 100644 --- a/lib/libsecureboot/veopen.c +++ b/lib/libsecureboot/veopen.c @@ -345,7 +345,9 @@ verify_fingerprint(int fd, const char *path, const char *cp, off_t off) size_t hlen; int n; - if (strncmp(cp, "sha256=", 7) == 0) { + if (strncmp(cp, "no_hash", 7) == 0) { + return (VE_FINGERPRINT_IGNORE); + } else if (strncmp(cp, "sha256=", 7) == 0) { md = &br_sha256_vtable; hlen = br_sha256_SIZE; cp += 7; @@ -423,6 +425,7 @@ verify_fd(int fd, const char *path, off_t off, struct stat *stp) rc = verify_fingerprint(fd, path, cp, off); switch (rc) { case VE_FINGERPRINT_OK: + case VE_FINGERPRINT_IGNORE: case VE_FINGERPRINT_UNKNOWN: return (rc); default: diff --git a/lib/libsecureboot/verify_file.c b/lib/libsecureboot/verify_file.c index 369c0bb8eb37..00822aa480d5 100644 --- a/lib/libsecureboot/verify_file.c +++ b/lib/libsecureboot/verify_file.c @@ -343,10 +343,14 @@ verify_file(int fd, const char *filename, off_t off, int severity) if ((rc = verify_fd(fd, filename, off, &st)) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 - printf("Verified %s %llu,%llu\n", filename, + printf("%serified %s %llu,%llu\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename, (long long)st.st_dev, (long long)st.st_ino); #else - printf("Verified %s\n", filename); + printf("%serified %s\n", + (rc == VE_FINGERPRINT_IGNORE) ? "Unv" : "V", + filename); #endif } if (severity < VE_MUST) { /* not a kernel or module */