Initialize UEFI secure boot state during dom0 boot. Otherwise the kernel
may not even know that it runs on secure boot enabled platform.
Signed-off-by: Daniel Kiper <[email protected]>
---
arch/x86/xen/efi.c | 57 +++++++++++++++++++++++++++++
drivers/firmware/efi/libstub/secureboot.c | 3 ++
2 files changed, 60 insertions(+)
diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
index a18703b..1804b27 100644
--- a/arch/x86/xen/efi.c
+++ b/arch/x86/xen/efi.c
@@ -115,6 +115,61 @@ static efi_system_table_t __init *xen_efi_probe(void)
return &efi_systab_xen;
}
+/*
+ * Determine whether we're in secure boot mode.
+ *
+ * Please keep the logic in sync with
+ * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
+ */
+static enum efi_secureboot_mode xen_efi_get_secureboot(void)
+{
+ static efi_guid_t efi_variable_guid = EFI_GLOBAL_VARIABLE_GUID;
+ static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
+ efi_status_t status;
+ u8 moksbstate, secboot, setupmode;
+ unsigned long size;
+
+ size = sizeof(secboot);
+ status = efi.get_variable(L"SecureBoot", &efi_variable_guid,
+ NULL, &size, &secboot);
+
+ if (status == EFI_NOT_FOUND)
+ return efi_secureboot_mode_disabled;
+
+ if (status != EFI_SUCCESS)
+ goto out_efi_err;
+
+ size = sizeof(setupmode);
+ status = efi.get_variable(L"SetupMode", &efi_variable_guid,
+ NULL, &size, &setupmode);
+
+ if (status != EFI_SUCCESS)
+ goto out_efi_err;
+
+ if (secboot == 0 || setupmode == 1)
+ return efi_secureboot_mode_disabled;
+
+ /* See if a user has put the shim into insecure mode. */
+ size = sizeof(moksbstate);
+ status = efi.get_variable(L"MokSBStateRT", &shim_guid,
+ NULL, &size, &moksbstate);
+
+ /* If it fails, we don't care why. Default to secure. */
+ if (status != EFI_SUCCESS)
+ goto secure_boot_enabled;
+
+ if (moksbstate == 1)
+ return efi_secureboot_mode_disabled;
+
+ secure_boot_enabled:
+ pr_info("UEFI Secure Boot is enabled.\n");
+ return efi_secureboot_mode_enabled;
+
+ out_efi_err:
+ pr_err("Could not determine UEFI Secure Boot status.\n");
+ return efi_secureboot_mode_unknown;
+}
+
void __init xen_efi_init(void)
{
efi_system_table_t *efi_systab_xen;
@@ -129,6 +184,8 @@ void __init xen_efi_init(void)
boot_params.efi_info.efi_systab = (__u32)__pa(efi_systab_xen);
boot_params.efi_info.efi_systab_hi = (__u32)(__pa(efi_systab_xen) >> 32);
+ boot_params.secure_boot = xen_efi_get_secureboot();
+
set_bit(EFI_BOOT, &efi.flags);
set_bit(EFI_PARAVIRT, &efi.flags);
set_bit(EFI_64BIT, &efi.flags);
diff --git a/drivers/firmware/efi/libstub/secureboot.c b/drivers/firmware/efi/libstub/secureboot.c
index 8f07eb4..72d9dfb 100644
--- a/drivers/firmware/efi/libstub/secureboot.c
+++ b/drivers/firmware/efi/libstub/secureboot.c
@@ -30,6 +30,9 @@
/*
* Determine whether we're in secure boot mode.
+ *
+ * Please keep the logic in sync with
+ * arch/x86/xen/efi.c:xen_efi_get_secureboot().
*/
enum efi_secureboot_mode efi_get_secureboot(efi_system_table_t *sys_table_arg)
{
--
1.7.10.4
On Tue, 2018-04-03 at 16:39 +0200, Daniel Kiper wrote:
> Initialize UEFI secure boot state during dom0 boot. Otherwise the
> kernel
> may not even know that it runs on secure boot enabled platform.
>
> Signed-off-by: Daniel Kiper <[email protected]>
> ---
> arch/x86/xen/efi.c | 57
> +++++++++++++++++++++++++++++
> drivers/firmware/efi/libstub/secureboot.c | 3 ++
> 2 files changed, 60 insertions(+)
>
> diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
> index a18703b..1804b27 100644
> --- a/arch/x86/xen/efi.c
> +++ b/arch/x86/xen/efi.c
> @@ -115,6 +115,61 @@ static efi_system_table_t __init
> *xen_efi_probe(void)
> return &efi_systab_xen;
> }
>
> +/*
> + * Determine whether we're in secure boot mode.
> + *
> + * Please keep the logic in sync with
> + * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
> + */
> +static enum efi_secureboot_mode xen_efi_get_secureboot(void)
> +{
> + static efi_guid_t efi_variable_guid =
> EFI_GLOBAL_VARIABLE_GUID;
> + static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
> + efi_status_t status;
> + u8 moksbstate, secboot, setupmode;
> + unsigned long size;
> +
> + size = sizeof(secboot);
> + status = efi.get_variable(L"SecureBoot", &efi_variable_guid,
> + NULL, &size, &secboot);
> +
> + if (status == EFI_NOT_FOUND)
> + return efi_secureboot_mode_disabled;
> +
> + if (status != EFI_SUCCESS)
> + goto out_efi_err;
> +
> + size = sizeof(setupmode);
> + status = efi.get_variable(L"SetupMode", &efi_variable_guid,
> + NULL, &size, &setupmode);
> +
> + if (status != EFI_SUCCESS)
> + goto out_efi_err;
> +
> + if (secboot == 0 || setupmode == 1)
> + return efi_secureboot_mode_disabled;
> +
> + /* See if a user has put the shim into insecure mode. */
> + size = sizeof(moksbstate);
> + status = efi.get_variable(L"MokSBStateRT", &shim_guid,
> + NULL, &size, &moksbstate);
> +
> + /* If it fails, we don't care why. Default to secure. */
> + if (status != EFI_SUCCESS)
> + goto secure_boot_enabled;
> +
> + if (moksbstate == 1)
> + return efi_secureboot_mode_disabled;
> +
> + secure_boot_enabled:
> + pr_info("UEFI Secure Boot is enabled.\n");
> + return efi_secureboot_mode_enabled;
> +
> + out_efi_err:
> + pr_err("Could not determine UEFI Secure Boot status.\n");
> + return efi_secureboot_mode_unknown;
> +}
> +
This looks like a bad idea: you're duplicating the secure boot check in
drivers/firmware/efi/libstub/secureboot.c
Which is an implementation of policy. If we have to have policy in the
kernel, it should really only be in one place to prevent drift; why
can't you simply use the libstub efi_get_secureboot() so we're not
duplicating the implementation of policy?
James
On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
> On Tue, 2018-04-03 at 16:39 +0200, Daniel Kiper wrote:
> > Initialize UEFI secure boot state during dom0 boot. Otherwise the
> > kernel
> > may not even know that it runs on secure boot enabled platform.
> >
> > Signed-off-by: Daniel Kiper <[email protected]>
> > ---
> > ?arch/x86/xen/efi.c????????????????????????|???57
> > +++++++++++++++++++++++++++++
> > ?drivers/firmware/efi/libstub/secureboot.c |????3 ++
> > ?2 files changed, 60 insertions(+)
> >
> > diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
> > index a18703b..1804b27 100644
> > --- a/arch/x86/xen/efi.c
> > +++ b/arch/x86/xen/efi.c
> > @@ -115,6 +115,61 @@ static efi_system_table_t __init
> > *xen_efi_probe(void)
> > ? return &efi_systab_xen;
> > ?}
> > ?
> > +/*
> > + * Determine whether we're in secure boot mode.
> > + *
> > + * Please keep the logic in sync with
> > + * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
> > + */
> > +static enum efi_secureboot_mode xen_efi_get_secureboot(void)
> > +{
> > + static efi_guid_t efi_variable_guid =
> > EFI_GLOBAL_VARIABLE_GUID;
> > + static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
> > + efi_status_t status;
> > + u8 moksbstate, secboot, setupmode;
> > + unsigned long size;
> > +
> > + size = sizeof(secboot);
> > + status = efi.get_variable(L"SecureBoot", &efi_variable_guid,
> > + ??NULL, &size, &secboot);
> > +
> > + if (status == EFI_NOT_FOUND)
> > + return efi_secureboot_mode_disabled;
> > +
> > + if (status != EFI_SUCCESS)
> > + goto out_efi_err;
> > +
> > + size = sizeof(setupmode);
> > + status = efi.get_variable(L"SetupMode", &efi_variable_guid,
> > + ??NULL, &size, &setupmode);
> > +
> > + if (status != EFI_SUCCESS)
> > + goto out_efi_err;
> > +
> > + if (secboot == 0 || setupmode == 1)
> > + return efi_secureboot_mode_disabled;
> > +
> > + /* See if a user has put the shim into insecure mode. */
> > + size = sizeof(moksbstate);
> > + status = efi.get_variable(L"MokSBStateRT", &shim_guid,
> > + ??NULL, &size, &moksbstate);
> > +
> > + /* If it fails, we don't care why. Default to secure. */
> > + if (status != EFI_SUCCESS)
> > + goto secure_boot_enabled;
> > +
> > + if (moksbstate == 1)
> > + return efi_secureboot_mode_disabled;
> > +
> > + secure_boot_enabled:
> > + pr_info("UEFI Secure Boot is enabled.\n");
> > + return efi_secureboot_mode_enabled;
> > +
> > + out_efi_err:
> > + pr_err("Could not determine UEFI Secure Boot status.\n");
> > + return efi_secureboot_mode_unknown;
> > +}
> > +
>
> This looks like a bad idea: you're duplicating the secure boot check in
>
> drivers/firmware/efi/libstub/secureboot.c
>
> Which is an implementation of policy. ?If we have to have policy in the
> kernel, it should really only be in one place to prevent drift; why
> can't you simply use the libstub efi_get_secureboot() so we're not
> duplicating the implementation of policy?
Well, here is the first version of this patch: https://lkml.org/lkml/2018/1/9/496
Ard did not like it. I was not happy too. In general both approaches are not perfect.
More you can find in the discussion around this patchset. If you have better idea
how to do that I am happy to implement it.
Daniel
On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote:
> On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
> >
> > On Tue, 2018-04-03 at 16:39 +0200, Daniel Kiper wrote:
> > >
> > > Initialize UEFI secure boot state during dom0 boot. Otherwise the
> > > kernel may not even know that it runs on secure boot enabled
> > > platform.
> > >
> > > Signed-off-by: Daniel Kiper <[email protected]>
> > > ---
> > > arch/x86/xen/efi.c | 57
> > > +++++++++++++++++++++++++++++
> > > drivers/firmware/efi/libstub/secureboot.c | 3 ++
> > > 2 files changed, 60 insertions(+)
> > >
> > > diff --git a/arch/x86/xen/efi.c b/arch/x86/xen/efi.c
> > > index a18703b..1804b27 100644
> > > --- a/arch/x86/xen/efi.c
> > > +++ b/arch/x86/xen/efi.c
> > > @@ -115,6 +115,61 @@ static efi_system_table_t __init
> > > *xen_efi_probe(void)
> > > return &efi_systab_xen;
> > > }
> > >
> > > +/*
> > > + * Determine whether we're in secure boot mode.
> > > + *
> > > + * Please keep the logic in sync with
> > > + *
> > > drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
> > > + */
> > > +static enum efi_secureboot_mode xen_efi_get_secureboot(void)
> > > +{
> > > + static efi_guid_t efi_variable_guid =
> > > EFI_GLOBAL_VARIABLE_GUID;
> > > + static efi_guid_t shim_guid = EFI_SHIM_LOCK_GUID;
> > > + efi_status_t status;
> > > + u8 moksbstate, secboot, setupmode;
> > > + unsigned long size;
> > > +
> > > + size = sizeof(secboot);
> > > + status = efi.get_variable(L"SecureBoot",
> > > &efi_variable_guid,
> > > + NULL, &size, &secboot);
> > > +
> > > + if (status == EFI_NOT_FOUND)
> > > + return efi_secureboot_mode_disabled;
> > > +
> > > + if (status != EFI_SUCCESS)
> > > + goto out_efi_err;
> > > +
> > > + size = sizeof(setupmode);
> > > + status = efi.get_variable(L"SetupMode",
> > > &efi_variable_guid,
> > > + NULL, &size, &setupmode);
> > > +
> > > + if (status != EFI_SUCCESS)
> > > + goto out_efi_err;
> > > +
> > > + if (secboot == 0 || setupmode == 1)
> > > + return efi_secureboot_mode_disabled;
> > > +
> > > + /* See if a user has put the shim into insecure mode. */
> > > + size = sizeof(moksbstate);
> > > + status = efi.get_variable(L"MokSBStateRT", &shim_guid,
> > > + NULL, &size, &moksbstate);
> > > +
> > > + /* If it fails, we don't care why. Default to secure. */
> > > + if (status != EFI_SUCCESS)
> > > + goto secure_boot_enabled;
> > > +
> > > + if (moksbstate == 1)
> > > + return efi_secureboot_mode_disabled;
> > > +
> > > + secure_boot_enabled:
> > > + pr_info("UEFI Secure Boot is enabled.\n");
> > > + return efi_secureboot_mode_enabled;
> > > +
> > > + out_efi_err:
> > > + pr_err("Could not determine UEFI Secure Boot
> > > status.\n");
> > > + return efi_secureboot_mode_unknown;
> > > +}
> > > +
> >
> > This looks like a bad idea: you're duplicating the secure boot
> > check in
> >
> > drivers/firmware/efi/libstub/secureboot.c
> >
> > Which is an implementation of policy. If we have to have policy in
> > the kernel, it should really only be in one place to prevent drift;
> > why can't you simply use the libstub efi_get_secureboot() so we're
> > not duplicating the implementation of policy?
>
> Well, here is the first version of this patch:
> https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not
> happy too. In general both approaches are not perfect. More you can
> find in the discussion around this patchset. If you have better idea
> how to do that I am happy to implement it.
One way might be simply to have the pre exit-boot-services code lay
down a variable containing the state which you pick up, rather than you
calling efi code separately and trying to use the insecure RT
variables. That way there's a uniform view of the internal kernel
secure boot state that everyone can use.
James
On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote:
> On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote:
> > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
[...]
> > > This looks like a bad idea: you're duplicating the secure boot
> > > check in
> > >
> > > drivers/firmware/efi/libstub/secureboot.c
> > >
> > > Which is an implementation of policy. ?If we have to have policy in
> > > the kernel, it should really only be in one place to prevent drift;
> > > why can't you simply use the libstub efi_get_secureboot() so we're
> > > not duplicating the implementation of policy?
> >
> > Well, here is the first version of this patch:
> > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not
> > happy too. In general both approaches are not perfect. More you can
> > find in the discussion around this patchset. If you have better idea
> > how to do that I am happy to implement it.
>
> One way might be simply to have the pre exit-boot-services code lay
> down a variable containing the state which you pick up, rather than you
Do you mean variable in kernel proper or something like that? If yes this
is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI
infrastructure is owned and operated by Xen. Dom0 kernel can access some
stuff in UEFI, including variables, via hypercall. However, when dom0
runs only UEFI runtime services are available.
> calling efi code separately and trying to use the insecure RT
I am not sure why they are insecure.
> variables. ?That way there's a uniform view of the internal kernel
> secure boot state that everyone can use.
That would be perfect but I have a feeling that in form proposed above
it is not possible.
Daniel
On Wed, Apr 04, 2018 at 12:38:24PM +0200, Daniel Kiper wrote:
> On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote:
> > On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote:
> > > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
>
> [...]
>
> > > > This looks like a bad idea: you're duplicating the secure boot
> > > > check in
> > > >
> > > > drivers/firmware/efi/libstub/secureboot.c
> > > >
> > > > Which is an implementation of policy. ?If we have to have policy in
> > > > the kernel, it should really only be in one place to prevent drift;
> > > > why can't you simply use the libstub efi_get_secureboot() so we're
> > > > not duplicating the implementation of policy?
> > >
> > > Well, here is the first version of this patch:
> > > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not
> > > happy too. In general both approaches are not perfect. More you can
> > > find in the discussion around this patchset. If you have better idea
> > > how to do that I am happy to implement it.
> >
> > One way might be simply to have the pre exit-boot-services code lay
> > down a variable containing the state which you pick up, rather than you
>
> Do you mean variable in kernel proper or something like that? If yes this
> is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI
> infrastructure is owned and operated by Xen. Dom0 kernel can access some
> stuff in UEFI, including variables, via hypercall. However, when dom0
> runs only UEFI runtime services are available.
>
> > calling efi code separately and trying to use the insecure RT
>
> I am not sure why they are insecure.
>
> > variables. ?That way there's a uniform view of the internal kernel
> > secure boot state that everyone can use.
>
> That would be perfect but I have a feeling that in form proposed above
> it is not possible.
Ping?
Daniel
On Mon, Apr 16, 2018 at 10:15:15AM +0200, Ard Biesheuvel wrote:
> On 11 April 2018 at 10:56, Daniel Kiper <[email protected]> wrote:
> > On Wed, Apr 04, 2018 at 12:38:24PM +0200, Daniel Kiper wrote:
> >> On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote:
> >> > On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote:
> >> > > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
> >>
> >> [...]
> >>
> >> > > > This looks like a bad idea: you're duplicating the secure boot
> >> > > > check in
> >> > > >
> >> > > > drivers/firmware/efi/libstub/secureboot.c
> >> > > >
> >> > > > Which is an implementation of policy. If we have to have policy in
> >> > > > the kernel, it should really only be in one place to prevent drift;
> >> > > > why can't you simply use the libstub efi_get_secureboot() so we're
> >> > > > not duplicating the implementation of policy?
> >> > >
> >> > > Well, here is the first version of this patch:
> >> > > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not
> >> > > happy too. In general both approaches are not perfect. More you can
> >> > > find in the discussion around this patchset. If you have better idea
> >> > > how to do that I am happy to implement it.
> >> >
> >> > One way might be simply to have the pre exit-boot-services code lay
> >> > down a variable containing the state which you pick up, rather than you
> >>
> >> Do you mean variable in kernel proper or something like that? If yes this
> >> is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI
> >> infrastructure is owned and operated by Xen. Dom0 kernel can access some
> >> stuff in UEFI, including variables, via hypercall. However, when dom0
> >> runs only UEFI runtime services are available.
> >>
> >> > calling efi code separately and trying to use the insecure RT
> >>
> >> I am not sure why they are insecure.
> >>
> >> > variables. That way there's a uniform view of the internal kernel
> >> > secure boot state that everyone can use.
> >>
> >> That would be perfect but I have a feeling that in form proposed above
> >> it is not possible.
> >
> > Ping?
> >
>
> (apologies if this is a duplicate email - I thought I had replied
> already but I don't see it in my sent folder)
>
> Queued in efi/next - thanks.
Thanks a lot!
Daniel
On 11 April 2018 at 10:56, Daniel Kiper <[email protected]> wrote:
> On Wed, Apr 04, 2018 at 12:38:24PM +0200, Daniel Kiper wrote:
>> On Tue, Apr 03, 2018 at 10:00:52AM -0700, James Bottomley wrote:
>> > On Tue, 2018-04-03 at 18:07 +0200, Daniel Kiper wrote:
>> > > On Tue, Apr 03, 2018 at 08:44:41AM -0700, James Bottomley wrote:
>>
>> [...]
>>
>> > > > This looks like a bad idea: you're duplicating the secure boot
>> > > > check in
>> > > >
>> > > > drivers/firmware/efi/libstub/secureboot.c
>> > > >
>> > > > Which is an implementation of policy. If we have to have policy in
>> > > > the kernel, it should really only be in one place to prevent drift;
>> > > > why can't you simply use the libstub efi_get_secureboot() so we're
>> > > > not duplicating the implementation of policy?
>> > >
>> > > Well, here is the first version of this patch:
>> > > https://lkml.org/lkml/2018/1/9/496 Ard did not like it. I was not
>> > > happy too. In general both approaches are not perfect. More you can
>> > > find in the discussion around this patchset. If you have better idea
>> > > how to do that I am happy to implement it.
>> >
>> > One way might be simply to have the pre exit-boot-services code lay
>> > down a variable containing the state which you pick up, rather than you
>>
>> Do you mean variable in kernel proper or something like that? If yes this
>> is not possible. EFI Linux stub is not executed in Xen dom0. All UEFI
>> infrastructure is owned and operated by Xen. Dom0 kernel can access some
>> stuff in UEFI, including variables, via hypercall. However, when dom0
>> runs only UEFI runtime services are available.
>>
>> > calling efi code separately and trying to use the insecure RT
>>
>> I am not sure why they are insecure.
>>
>> > variables. That way there's a uniform view of the internal kernel
>> > secure boot state that everyone can use.
>>
>> That would be perfect but I have a feeling that in form proposed above
>> it is not possible.
>
> Ping?
>
(apologies if this is a duplicate email - I thought I had replied
already but I don't see it in my sent folder)
Queued in efi/next - thanks.