ab02c3fec4
When deleting a non-volatile variable it was deleted from memory but the deletion was not persisted to the file system. SetVariable() may be called with attributes == 0 to delete a variable. To determine if the deletion shall be persisted we have to consider the non-volatile flag in the attributes of the deleted variable and not the value passed in the call parameter. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
525 lines
14 KiB
C
525 lines
14 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* UEFI runtime variable services
|
|
*
|
|
* Copyright (c) 2017 Rob Clark
|
|
*/
|
|
|
|
#define LOG_CATEGORY LOGC_EFI
|
|
|
|
#include <common.h>
|
|
#include <efi_loader.h>
|
|
#include <efi_variable.h>
|
|
#include <env.h>
|
|
#include <env_internal.h>
|
|
#include <hexdump.h>
|
|
#include <log.h>
|
|
#include <malloc.h>
|
|
#include <rtc.h>
|
|
#include <search.h>
|
|
#include <uuid.h>
|
|
#include <crypto/pkcs7_parser.h>
|
|
#include <linux/compat.h>
|
|
#include <u-boot/crc.h>
|
|
#include <asm/sections.h>
|
|
|
|
#ifdef CONFIG_EFI_SECURE_BOOT
|
|
static u8 pkcs7_hdr[] = {
|
|
/* SEQUENCE */
|
|
0x30, 0x82, 0x05, 0xc7,
|
|
/* OID: pkcs7-signedData */
|
|
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02,
|
|
/* Context Structured? */
|
|
0xa0, 0x82, 0x05, 0xb8,
|
|
};
|
|
|
|
/**
|
|
* efi_variable_parse_signature - parse a signature in variable
|
|
* @buf: Pointer to variable's value
|
|
* @buflen: Length of @buf
|
|
* @tmpbuf: Pointer to temporary buffer
|
|
*
|
|
* Parse a signature embedded in variable's value and instantiate
|
|
* a pkcs7_message structure. Since pkcs7_parse_message() accepts only
|
|
* pkcs7's signedData, some header needed be prepended for correctly
|
|
* parsing authentication data, particularly for variable's.
|
|
* A temporary buffer will be allocated if needed, and it should be
|
|
* kept valid during the authentication because some data in the buffer
|
|
* will be referenced by efi_signature_verify().
|
|
*
|
|
* Return: Pointer to pkcs7_message structure on success, NULL on error
|
|
*/
|
|
static struct pkcs7_message *efi_variable_parse_signature(const void *buf,
|
|
size_t buflen,
|
|
u8 **tmpbuf)
|
|
{
|
|
u8 *ebuf;
|
|
size_t ebuflen, len;
|
|
struct pkcs7_message *msg;
|
|
|
|
/*
|
|
* This is the best assumption to check if the binary is
|
|
* already in a form of pkcs7's signedData.
|
|
*/
|
|
if (buflen > sizeof(pkcs7_hdr) &&
|
|
!memcmp(&((u8 *)buf)[4], &pkcs7_hdr[4], 11)) {
|
|
msg = pkcs7_parse_message(buf, buflen);
|
|
if (IS_ERR(msg))
|
|
return NULL;
|
|
return msg;
|
|
}
|
|
|
|
/*
|
|
* Otherwise, we should add a dummy prefix sequence for pkcs7
|
|
* message parser to be able to process.
|
|
* NOTE: EDK2 also uses similar hack in WrapPkcs7Data()
|
|
* in CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
|
|
* TODO:
|
|
* The header should be composed in a more refined manner.
|
|
*/
|
|
EFI_PRINT("Makeshift prefix added to authentication data\n");
|
|
ebuflen = sizeof(pkcs7_hdr) + buflen;
|
|
if (ebuflen <= 0x7f) {
|
|
EFI_PRINT("Data is too short\n");
|
|
return NULL;
|
|
}
|
|
|
|
ebuf = malloc(ebuflen);
|
|
if (!ebuf) {
|
|
EFI_PRINT("Out of memory\n");
|
|
return NULL;
|
|
}
|
|
|
|
memcpy(ebuf, pkcs7_hdr, sizeof(pkcs7_hdr));
|
|
memcpy(ebuf + sizeof(pkcs7_hdr), buf, buflen);
|
|
len = ebuflen - 4;
|
|
ebuf[2] = (len >> 8) & 0xff;
|
|
ebuf[3] = len & 0xff;
|
|
len = ebuflen - 0x13;
|
|
ebuf[0x11] = (len >> 8) & 0xff;
|
|
ebuf[0x12] = len & 0xff;
|
|
|
|
msg = pkcs7_parse_message(ebuf, ebuflen);
|
|
|
|
if (IS_ERR(msg)) {
|
|
free(ebuf);
|
|
return NULL;
|
|
}
|
|
|
|
*tmpbuf = ebuf;
|
|
return msg;
|
|
}
|
|
|
|
/**
|
|
* efi_variable_authenticate - authenticate a variable
|
|
* @variable: Variable name in u16
|
|
* @vendor: Guid of variable
|
|
* @data_size: Size of @data
|
|
* @data: Pointer to variable's value
|
|
* @given_attr: Attributes to be given at SetVariable()
|
|
* @env_attr: Attributes that an existing variable holds
|
|
* @time: signed time that an existing variable holds
|
|
*
|
|
* Called by efi_set_variable() to verify that the input is correct.
|
|
* Will replace the given data pointer with another that points to
|
|
* the actual data to store in the internal memory.
|
|
* On success, @data and @data_size will be replaced with variable's
|
|
* actual data, excluding authentication data, and its size, and variable's
|
|
* attributes and signed time will also be returned in @env_attr and @time,
|
|
* respectively.
|
|
*
|
|
* Return: status code
|
|
*/
|
|
static efi_status_t efi_variable_authenticate(u16 *variable,
|
|
const efi_guid_t *vendor,
|
|
efi_uintn_t *data_size,
|
|
const void **data, u32 given_attr,
|
|
u32 *env_attr, u64 *time)
|
|
{
|
|
const struct efi_variable_authentication_2 *auth;
|
|
struct efi_signature_store *truststore, *truststore2;
|
|
struct pkcs7_message *var_sig;
|
|
struct efi_image_regions *regs;
|
|
struct efi_time timestamp;
|
|
struct rtc_time tm;
|
|
u64 new_time;
|
|
u8 *ebuf;
|
|
enum efi_auth_var_type var_type;
|
|
efi_status_t ret;
|
|
|
|
var_sig = NULL;
|
|
truststore = NULL;
|
|
truststore2 = NULL;
|
|
regs = NULL;
|
|
ebuf = NULL;
|
|
ret = EFI_SECURITY_VIOLATION;
|
|
|
|
if (*data_size < sizeof(struct efi_variable_authentication_2))
|
|
goto err;
|
|
|
|
/* authentication data */
|
|
auth = *data;
|
|
if (*data_size < (sizeof(auth->time_stamp)
|
|
+ auth->auth_info.hdr.dwLength))
|
|
goto err;
|
|
|
|
if (guidcmp(&auth->auth_info.cert_type, &efi_guid_cert_type_pkcs7))
|
|
goto err;
|
|
|
|
memcpy(×tamp, &auth->time_stamp, sizeof(timestamp));
|
|
if (timestamp.pad1 || timestamp.nanosecond || timestamp.timezone ||
|
|
timestamp.daylight || timestamp.pad2)
|
|
goto err;
|
|
|
|
*data += sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
|
|
*data_size -= (sizeof(auth->time_stamp)
|
|
+ auth->auth_info.hdr.dwLength);
|
|
|
|
memset(&tm, 0, sizeof(tm));
|
|
tm.tm_year = timestamp.year;
|
|
tm.tm_mon = timestamp.month;
|
|
tm.tm_mday = timestamp.day;
|
|
tm.tm_hour = timestamp.hour;
|
|
tm.tm_min = timestamp.minute;
|
|
tm.tm_sec = timestamp.second;
|
|
new_time = rtc_mktime(&tm);
|
|
|
|
if (!efi_secure_boot_enabled()) {
|
|
/* finished checking */
|
|
*time = new_time;
|
|
return EFI_SUCCESS;
|
|
}
|
|
|
|
if (new_time <= *time)
|
|
goto err;
|
|
|
|
/* data to be digested */
|
|
regs = calloc(sizeof(*regs) + sizeof(struct image_region) * 5, 1);
|
|
if (!regs)
|
|
goto err;
|
|
regs->max = 5;
|
|
efi_image_region_add(regs, (uint8_t *)variable,
|
|
(uint8_t *)variable
|
|
+ u16_strlen(variable) * sizeof(u16), 1);
|
|
efi_image_region_add(regs, (uint8_t *)vendor,
|
|
(uint8_t *)vendor + sizeof(*vendor), 1);
|
|
efi_image_region_add(regs, (uint8_t *)&given_attr,
|
|
(uint8_t *)&given_attr + sizeof(given_attr), 1);
|
|
efi_image_region_add(regs, (uint8_t *)×tamp,
|
|
(uint8_t *)×tamp + sizeof(timestamp), 1);
|
|
efi_image_region_add(regs, (uint8_t *)*data,
|
|
(uint8_t *)*data + *data_size, 1);
|
|
|
|
/* variable's signature list */
|
|
if (auth->auth_info.hdr.dwLength < sizeof(auth->auth_info))
|
|
goto err;
|
|
|
|
/* ebuf should be kept valid during the authentication */
|
|
var_sig = efi_variable_parse_signature(auth->auth_info.cert_data,
|
|
auth->auth_info.hdr.dwLength
|
|
- sizeof(auth->auth_info),
|
|
&ebuf);
|
|
if (!var_sig) {
|
|
EFI_PRINT("Parsing variable's signature failed\n");
|
|
goto err;
|
|
}
|
|
|
|
/* signature database used for authentication */
|
|
var_type = efi_auth_var_get_type(variable, vendor);
|
|
switch (var_type) {
|
|
case EFI_AUTH_VAR_PK:
|
|
case EFI_AUTH_VAR_KEK:
|
|
/* with PK */
|
|
truststore = efi_sigstore_parse_sigdb(L"PK");
|
|
if (!truststore)
|
|
goto err;
|
|
break;
|
|
case EFI_AUTH_VAR_DB:
|
|
case EFI_AUTH_VAR_DBX:
|
|
/* with PK and KEK */
|
|
truststore = efi_sigstore_parse_sigdb(L"KEK");
|
|
truststore2 = efi_sigstore_parse_sigdb(L"PK");
|
|
if (!truststore) {
|
|
if (!truststore2)
|
|
goto err;
|
|
|
|
truststore = truststore2;
|
|
truststore2 = NULL;
|
|
}
|
|
break;
|
|
default:
|
|
/* TODO: support private authenticated variables */
|
|
goto err;
|
|
}
|
|
|
|
/* verify signature */
|
|
if (efi_signature_verify(regs, var_sig, truststore, NULL)) {
|
|
EFI_PRINT("Verified\n");
|
|
} else {
|
|
if (truststore2 &&
|
|
efi_signature_verify(regs, var_sig, truststore2, NULL)) {
|
|
EFI_PRINT("Verified\n");
|
|
} else {
|
|
EFI_PRINT("Verifying variable's signature failed\n");
|
|
goto err;
|
|
}
|
|
}
|
|
|
|
/* finished checking */
|
|
*time = new_time;
|
|
ret = EFI_SUCCESS;
|
|
|
|
err:
|
|
efi_sigstore_free(truststore);
|
|
efi_sigstore_free(truststore2);
|
|
pkcs7_free_message(var_sig);
|
|
free(ebuf);
|
|
free(regs);
|
|
|
|
return ret;
|
|
}
|
|
#else
|
|
static efi_status_t efi_variable_authenticate(u16 *variable,
|
|
const efi_guid_t *vendor,
|
|
efi_uintn_t *data_size,
|
|
const void **data, u32 given_attr,
|
|
u32 *env_attr, u64 *time)
|
|
{
|
|
return EFI_SUCCESS;
|
|
}
|
|
#endif /* CONFIG_EFI_SECURE_BOOT */
|
|
|
|
efi_status_t __efi_runtime
|
|
efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor,
|
|
u32 *attributes, efi_uintn_t *data_size, void *data,
|
|
u64 *timep)
|
|
{
|
|
return efi_get_variable_mem(variable_name, vendor, attributes, data_size, data, timep);
|
|
}
|
|
|
|
efi_status_t __efi_runtime
|
|
efi_get_next_variable_name_int(efi_uintn_t *variable_name_size,
|
|
u16 *variable_name, efi_guid_t *vendor)
|
|
{
|
|
return efi_get_next_variable_name_mem(variable_name_size, variable_name, vendor);
|
|
}
|
|
|
|
efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor,
|
|
u32 attributes, efi_uintn_t data_size,
|
|
const void *data, bool ro_check)
|
|
{
|
|
struct efi_var_entry *var;
|
|
efi_uintn_t ret;
|
|
bool append, delete;
|
|
u64 time = 0;
|
|
enum efi_auth_var_type var_type;
|
|
|
|
if (!variable_name || !*variable_name || !vendor ||
|
|
((attributes & EFI_VARIABLE_RUNTIME_ACCESS) &&
|
|
!(attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)))
|
|
return EFI_INVALID_PARAMETER;
|
|
|
|
/* check if a variable exists */
|
|
var = efi_var_mem_find(vendor, variable_name, NULL);
|
|
append = !!(attributes & EFI_VARIABLE_APPEND_WRITE);
|
|
attributes &= ~(u32)EFI_VARIABLE_APPEND_WRITE;
|
|
delete = !append && (!data_size || !attributes);
|
|
|
|
/* check attributes */
|
|
var_type = efi_auth_var_get_type(variable_name, vendor);
|
|
if (var) {
|
|
if (ro_check && (var->attr & EFI_VARIABLE_READ_ONLY))
|
|
return EFI_WRITE_PROTECTED;
|
|
|
|
if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
|
|
if (var_type != EFI_AUTH_VAR_NONE)
|
|
return EFI_WRITE_PROTECTED;
|
|
}
|
|
|
|
/* attributes won't be changed */
|
|
if (!delete &&
|
|
((ro_check && var->attr != attributes) ||
|
|
(!ro_check && ((var->attr & ~(u32)EFI_VARIABLE_READ_ONLY)
|
|
!= (attributes & ~(u32)EFI_VARIABLE_READ_ONLY))))) {
|
|
return EFI_INVALID_PARAMETER;
|
|
}
|
|
time = var->time;
|
|
} else {
|
|
if (delete || append)
|
|
/*
|
|
* Trying to delete or to update a non-existent
|
|
* variable.
|
|
*/
|
|
return EFI_NOT_FOUND;
|
|
}
|
|
|
|
if (var_type != EFI_AUTH_VAR_NONE) {
|
|
/* authentication is mandatory */
|
|
if (!(attributes &
|
|
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
|
|
EFI_PRINT("%ls: TIME_BASED_AUTHENTICATED_WRITE_ACCESS required\n",
|
|
variable_name);
|
|
return EFI_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
/* authenticate a variable */
|
|
if (IS_ENABLED(CONFIG_EFI_SECURE_BOOT)) {
|
|
if (attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
|
|
return EFI_INVALID_PARAMETER;
|
|
if (attributes &
|
|
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
|
|
u32 env_attr;
|
|
|
|
ret = efi_variable_authenticate(variable_name, vendor,
|
|
&data_size, &data,
|
|
attributes, &env_attr,
|
|
&time);
|
|
if (ret != EFI_SUCCESS)
|
|
return ret;
|
|
|
|
/* last chance to check for delete */
|
|
if (!data_size)
|
|
delete = true;
|
|
}
|
|
} else {
|
|
if (attributes &
|
|
(EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS |
|
|
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
|
|
EFI_PRINT("Secure boot is not configured\n");
|
|
return EFI_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
if (delete) {
|
|
/* EFI_NOT_FOUND has been handled before */
|
|
attributes = var->attr;
|
|
ret = EFI_SUCCESS;
|
|
} else if (append) {
|
|
u16 *old_data = var->name;
|
|
|
|
for (; *old_data; ++old_data)
|
|
;
|
|
++old_data;
|
|
ret = efi_var_mem_ins(variable_name, vendor, attributes,
|
|
var->length, old_data, data_size, data,
|
|
time);
|
|
} else {
|
|
ret = efi_var_mem_ins(variable_name, vendor, attributes,
|
|
data_size, data, 0, NULL, time);
|
|
}
|
|
efi_var_mem_del(var);
|
|
|
|
if (ret != EFI_SUCCESS)
|
|
return ret;
|
|
|
|
if (var_type == EFI_AUTH_VAR_PK)
|
|
ret = efi_init_secure_state();
|
|
else
|
|
ret = EFI_SUCCESS;
|
|
|
|
/* Write non-volatile EFI variables to file */
|
|
if (attributes & EFI_VARIABLE_NON_VOLATILE &&
|
|
ret == EFI_SUCCESS && efi_obj_list_initialized == EFI_SUCCESS)
|
|
efi_var_to_file();
|
|
|
|
return EFI_SUCCESS;
|
|
}
|
|
|
|
efi_status_t efi_query_variable_info_int(u32 attributes,
|
|
u64 *maximum_variable_storage_size,
|
|
u64 *remaining_variable_storage_size,
|
|
u64 *maximum_variable_size)
|
|
{
|
|
*maximum_variable_storage_size = EFI_VAR_BUF_SIZE -
|
|
sizeof(struct efi_var_file);
|
|
*remaining_variable_storage_size = efi_var_mem_free();
|
|
*maximum_variable_size = EFI_VAR_BUF_SIZE -
|
|
sizeof(struct efi_var_file) -
|
|
sizeof(struct efi_var_entry);
|
|
return EFI_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
* efi_query_variable_info_runtime() - runtime implementation of
|
|
* QueryVariableInfo()
|
|
*
|
|
* @attributes: bitmask to select variables to be
|
|
* queried
|
|
* @maximum_variable_storage_size: maximum size of storage area for the
|
|
* selected variable types
|
|
* @remaining_variable_storage_size: remaining size of storage are for the
|
|
* selected variable types
|
|
* @maximum_variable_size: maximum size of a variable of the
|
|
* selected type
|
|
* Returns: status code
|
|
*/
|
|
efi_status_t __efi_runtime EFIAPI efi_query_variable_info_runtime(
|
|
u32 attributes,
|
|
u64 *maximum_variable_storage_size,
|
|
u64 *remaining_variable_storage_size,
|
|
u64 *maximum_variable_size)
|
|
{
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
* efi_set_variable_runtime() - runtime implementation of SetVariable()
|
|
*
|
|
* @variable_name: name of the variable
|
|
* @vendor: vendor GUID
|
|
* @attributes: attributes of the variable
|
|
* @data_size: size of the buffer with the variable value
|
|
* @data: buffer with the variable value
|
|
* Return: status code
|
|
*/
|
|
static efi_status_t __efi_runtime EFIAPI
|
|
efi_set_variable_runtime(u16 *variable_name, const efi_guid_t *vendor,
|
|
u32 attributes, efi_uintn_t data_size,
|
|
const void *data)
|
|
{
|
|
return EFI_UNSUPPORTED;
|
|
}
|
|
|
|
/**
|
|
* efi_variables_boot_exit_notify() - notify ExitBootServices() is called
|
|
*/
|
|
void efi_variables_boot_exit_notify(void)
|
|
{
|
|
/* Switch variable services functions to runtime version */
|
|
efi_runtime_services.get_variable = efi_get_variable_runtime;
|
|
efi_runtime_services.get_next_variable_name =
|
|
efi_get_next_variable_name_runtime;
|
|
efi_runtime_services.set_variable = efi_set_variable_runtime;
|
|
efi_runtime_services.query_variable_info =
|
|
efi_query_variable_info_runtime;
|
|
efi_update_table_header_crc32(&efi_runtime_services.hdr);
|
|
}
|
|
|
|
/**
|
|
* efi_init_variables() - initialize variable services
|
|
*
|
|
* Return: status code
|
|
*/
|
|
efi_status_t efi_init_variables(void)
|
|
{
|
|
efi_status_t ret;
|
|
|
|
ret = efi_var_mem_init();
|
|
if (ret != EFI_SUCCESS)
|
|
return ret;
|
|
|
|
if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
|
|
ret = efi_var_restore((struct efi_var_file *)
|
|
__efi_var_file_begin);
|
|
if (ret != EFI_SUCCESS)
|
|
log_err("Invalid EFI variable seed\n");
|
|
}
|
|
|
|
ret = efi_var_from_file();
|
|
if (ret != EFI_SUCCESS)
|
|
return ret;
|
|
|
|
return efi_init_secure_state();
|
|
}
|