diff options
author | James Bottomley <JBottomley@Parallels.com> | 2013-01-09 08:50:10 +0000 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2013-01-09 08:50:10 +0000 |
commit | ad8b51aa834db1dc3c9903e0659245c2de8c8d3e (patch) | |
tree | a2295849c97d6d643e61249bccf49ffa9b618ce9 | |
parent | 1a7e8d88ba857f4e9257701120bf793683049322 (diff) | |
download | efitools-ad8b51aa834db1dc3c9903e0659245c2de8c8d3e.tar.gz |
security_policy: fix a problem with the UEFI confusion over security failure
The UEFI spec is confused (and has changed with later revisions) over whether
EFI_ACCESS_DENIED or EFI_SECURITY_VIOLATION should be returned for a signature
verification failure and subsequent refusal to execute. Originally
security_policy returned EFI_SECURITY_VIOLATION as required by the latest
Errata C. However this isn't correct on some platforms, so cache the security
failure return and return the cached value in the event that the MOK checks
fail.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r-- | lib/security_policy.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/lib/security_policy.c b/lib/security_policy.c index 31f5834..7b8380f 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -133,7 +133,7 @@ security2_policy_authentication ( BOOLEAN BootPolicy ) { - EFI_STATUS status; + EFI_STATUS status, auth; /* Chain original security policy */ @@ -144,9 +144,15 @@ security2_policy_authentication ( if (status == EFI_SUCCESS) return status; - status = security_policy_check_mok(FileBuffer, FileSize); + auth = security_policy_check_mok(FileBuffer, FileSize); - return status; + if (auth == EFI_SECURITY_VIOLATION || auth == EFI_ACCESS_DENIED) + /* return previous status, which is the correct one + * for the platform: may be either EFI_ACCESS_DENIED + * or EFI_SECURITY_VIOLATION */ + return status; + + return auth; } static __attribute__((used)) EFI_STATUS @@ -156,7 +162,7 @@ security_policy_authentication ( const EFI_DEVICE_PATH_PROTOCOL *DevicePathConst ) { - EFI_STATUS status; + EFI_STATUS status, fail_status; EFI_DEVICE_PATH *DevPath = DuplicateDevicePath((EFI_DEVICE_PATH *)DevicePathConst), *OrigDevPath = DevPath; @@ -175,6 +181,10 @@ security_policy_authentication ( if (status == EFI_SUCCESS) goto out; + /* capture failure status: may be either EFI_ACCESS_DENIED or + * EFI_SECURITY_VIOLATION */ + fail_status = status; + status = uefi_call_wrapper(BS->LocateDevicePath, 3, &SIMPLE_FS_PROTOCOL, &DevPath, &h); if (status != EFI_SUCCESS) @@ -196,6 +206,9 @@ security_policy_authentication ( status = security_policy_check_mok(FileBuffer, FileSize); FreePool(FileBuffer); + if (status == EFI_ACCESS_DENIED || status == EFI_SECURITY_VIOLATION) + /* return what the platform originally said */ + status = fail_status; out: FreePool(OrigDevPath); return status; |