| Age | Commit message (Collapse) | Author |
|---|
|
start is a UCS-2 character pointer and loader_len is a number of bytes.
Adjust loader_len to count characters before adding to the start pointer.
|
|
When I added 4990d3f I inadvertantly made .data.ident and .rela.got
sections appear in the top-level section headers at file offsets not
aligned with PE->OptionalHeader.FileAlignment. This results in a
section table that looks like:
Sections:
Idx Name Size VMA LMA File off Algn
0 .eh_frame 00018648 0000000000005000 0000000000005000 00000400 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .text 00093f45 000000000001e000 000000000001e000 00018c00 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
2 .reloc 0000000a 00000000000b2000 00000000000b2000 000acc00 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .data.ident 000000e4 00000000000b3040 00000000000b3040 000ace40 2**5
CONTENTS, ALLOC, LOAD, DATA
4 .data 000291e8 00000000000b4000 00000000000b4000 000ad200 2**5
CONTENTS, ALLOC, LOAD, DATA
5 .vendor_cert 000003e2 00000000000de000 00000000000de000 000d6400 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .dynamic 000000f0 00000000000df000 00000000000df000 000d6800 2**3
CONTENTS, ALLOC, LOAD, DATA
7 .rela 0001aef8 00000000000e0000 00000000000e0000 000d6a00 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rela.got 00000060 00000000000faef8 00000000000faef8 000f1af8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .dynsym 0000ecd0 00000000000fb000 00000000000fb000 000f1e00 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
rather than:
Sections:
Idx Name Size VMA LMA File off Algn
0 .eh_frame 00018118 0000000000005000 0000000000005000 00000400 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .text 00091898 000000000001e000 000000000001e000 00018600 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
2 .reloc 0000000a 00000000000b0000 00000000000b0000 000aa000 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .data 00028848 00000000000b1000 00000000000b1000 000aa200 2**5
CONTENTS, ALLOC, LOAD, DATA
4 .vendor_cert 00000449 00000000000da000 00000000000da000 000d2c00 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynamic 00000100 00000000000db000 00000000000db000 000d3200 2**3
CONTENTS, ALLOC, LOAD, DATA
6 .rela 0001ae50 00000000000dc000 00000000000dc000 000d3400 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .dynsym 0000ea78 00000000000f7000 00000000000f7000 000ee400 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
(Note "File off" on sections #3 and #8 on the top one.)
This seems to work fine with edk2's loader and shim's loader, as well as
their Authenticode implementation, and pesign's as well.
While PE loaders seem to be fine with sections with alignments smaller
than PE->OptionalHeader.FileAlignment, MS's signtool.exe does ...
something else with them. I'm not sure what. What it definitely does
*not* do is extend the digest based on their file offset and size.
So just don't allow anything that small, and don't allow anything
smaller than SectionAlignment either, just to be on the safe side.
Since most of our stuff gets stripped into the debuginfo anyway, and
shim has relatively few sections, this should not be a very large
burden.
So just to be clear:
If you have a binary with a section that's not aligned on
PE->OptionalHeader.FileAlignment:
- pesign hashes it to A
- tiano hashes it to A
- shim hashes it to A
- signtool.exe hashes it to B
Because that makes sense.
This patch works around the bug in signtool.exe .
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
CryptPem only provides one function: RsaGetPrivateKeyFromPem(). Since we
don't need to retrieve any private key, it's safe to disable the
function.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Disable DES completely since it's already old and insecure.
This makes MokManager not support the DES based password hash but
probably no one is using it.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
MD4 is known to be insecure and shim never uses it.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
strcmp() and strcasecmp() are widely used in openssl. Implement those
two functions to eliminate the gcc warnings and the potential crash.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
X509_get_notBefore -> X509_getm_notBefore
X509_get_notAfter -> X509_getm_notAfter
Signed-off-by: Gary Lin <glin@suse.com>
|
|
- Declare some functions in the proper headers
+ We missed them for a long time...
- Cast offsetof to UINTN
+ The original casting triggers the gcc warning since int can not
present the offset for the 64bit machines.
- Cast the "char" array to "CHAR8 *" to avoid the gcc warnings
- Implement atoi correctly
Signed-off-by: Gary Lin <glin@suse.com>
|
|
The changes in the openssl headers cause the inclusion of
CrtLibSupport.h eariler than the inclusion of stddef.h, so "offsetof"
was defined twice and this caused the followling build error:
In file included from Cryptlib/Include/openssl/buffer.h:23:0,
from Cryptlib/Include/openssl/x509.h:22,
from shim.c:56:
/usr/lib64/gcc/x86_64-suse-linux/6/include/stddef.h:417:0: error: "offsetof" redefined [-Werror]
#define offsetof(TYPE, MEMBER) __builtin_offsetof (TYPE, MEMBER)
In file included from Cryptlib/Include/limits.h:15:0,
from Cryptlib/Include/openssl/ossl_typ.h:13,
from Cryptlib/Include/openssl/x509.h:20,
from shim.c:56:
Cryptlib/Include/CrtLibSupport.h:192:0: note: this is the location of the previous definition
#define offsetof(type, member) ( (int) & ((type*)0) -> member )
We can lower the priority of the gcc include path or just remove the
path, but this might cause problem since the path was introduced on
purpose(*). Instead, including stddef.h first is more feasible.
(*) https://github.com/rhinstaller/shim/commit/d51739a416400ad348d8a1c7e3886abce11fff1b
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
- Delete the old openssl files and use the script to copy the new files
- Add "-DNO_SYSLOG" to CFLAGS and add crypto/include to the include path
Signed-off-by: Gary Lin <glin@suse.com>
|
|
- Update update.sh to copy the openssl 1.1.0 source files
- Refresh the supplemental patch to reflect the change
Signed-off-by: Gary Lin <glin@suse.com>
|
|
- Update to edk2 commit 7c410b3d4180087020c7734bf67cdc4ad9fdb136
CryptoPkg/BaseCryptLib: Adding NULL checking in time() wrapper.
- Update headers in Cryptlib/Include/openssl/ to 1.1.0e
+ Also copy the openssl internal headers
Signed-off-by: Gary Lin <glin@suse.com>
|
|
- Remove the openssl version from update.sh since edk2 doesn't use the
version number in the directory name anymore.
- Refresh Cryptlib.diff to reflect the change
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Edk2 renamed OpenSslSupport.h, so we have to follow the change.
Also merge some changes from edk2 CrtLibSupport.h
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The commit 03b9f800 introduces an issue in case the gap between
SumOfBytesHashed and context->SecDir->VirtualAddress exists.
This would be a typo because a formal PE image always meet
SumOfBytesHashed + hashsize == context->SecDir->VirtualAddress either
the gap exists or not.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
Sometimes we get our own path in LoadOptions for no clear reason. Don't
execute it, just ignore it.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Update to edk2 commit 6e4489d8129d233ef0fe85eeb6eebfecafe9ea6e
(CryptoPkg: Refine type cast for pointer subtraction)
Also replaced CryptAes.c, CryptArc4.c, CryptTdes.c, CryptMd4.c,
CryptHmacMd5.c, and CryptHmacSha1.c with the Null version since
we don't really need those functions.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
This commit adds the check for "https://" in the uri to support HTTPs
Boot.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Under a strict memory protection policy, UEFI may give out EfiLoaderData
memory with the XN attribute set. So use EfiLoaderCode explicitly.
At the same time, use a page based allocation rather than a pool
allocation, which is more appropriate when loading PE/COFF images.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This makes it so two builds of the same .deb on different hosts won't
have wildly different file offsets.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Previously we were returning EFI_ACCESS_DENIED at some places and
EFI_SECURITY_VIOLATION at others. When we're checking whether to run
MokManager, we're checking EFI_SECURITY_VIOLATION, which is more or less
analogous with what the spec says StartImage() returns. So we should
always have that as the return code.
I believe this will fix github issue #44.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
According to TCG EFI Protocol Specification, this structure is not packed.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
EFI TrEE Protocol uses the same protocol GUID as EFI TCG2 protocol, and
defines the capability structure version 1.0. Hence, the structure and
name are all align the EFI TrEE Protocol.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
Some machines have already embedded MokSBStateRT varaible with
EFI_VARIABLE_NON_VOLATILE attribute, and some users might disable shim
vailidation manually by creating MokSBStateRT. It causes mirroring MokSBState
fail because the variable cannot be set with different attribute again, and gets
error massage every time when booting.
Fix it with checking the MokSBStateRT existence and deleting it before
mirroring it.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
|
|
Currently generate_hash() attempts to include any trailing data at the
end of the binary in the resulting digest, but it won't include such
data if the size computed is wrong because context->SecDir->Size is
invalid. In this case the return code is EFI_SUCCESS, and the hash will
match any a binary as if the Attribute Certificate Table and anything
after it are missing. This is wrong.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Update to the edk2 commit dab62c5ec8a88def3ee99c04d644720cb201de08
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Although the prototype of memset() is already defined in OpenSslSupport.h,
the function was never implemented. It was fine since a macro was
designed to replace all memset() with SetMem() after including
OpenSslSupport.h. However, since openssl 1.0.2j, a new function pointer
in crypto/mem_clr.c requires the "real" memset() or the program would
crash due to the NULL function pointer access. This commit implements
memset() (just a wrapper of SetMem()) to avoid the potential crash.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Certain AMI BIOS (Intel NUC5i3MYBE BIOS version 0037) may make the strict
check on the last 3 arguments passed to get_event_log() and don't expect
NULL pointers are passed. In order to work around this failure
(EFI_INVALID_PARAMETER), pass them even though we really don't use it.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
According to TCG EFI Protocol Specification for TPM 2.0 family,
all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
internal switch through calling get_event_log() in order to allow
to retrieve the logs from OS runtime.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
For starters; don't allow the "module signing" OID; which ought to
only ever be used for signing kernel modules, not signing EFI binaries.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
|
|
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
|
|
new_data in write_db() wasn't freed after SetVariable.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Try to append the MOK/MOKX list first and then fallback to the normal
SetVariable if the firmware doesn't support EFI_VARIABLE_APPEND_WRITE.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
We got the bug report about the usage of APPEND_WRITE that may cause the
failure when writing a variable in Lenovo machines. Although
EFI_VARIABLE_APPEND_WRITE already exists in the UEFI spec for years,
unfortunately, some vendors just ignore it and never implement the
attribute. This commit removes the usage of EFI_VARIABLE_APPEND_WRITE to
make MokManager work on those machines.
https://github.com/rhinstaller/shim/issues/55
Signed-off-by: Gary Lin <glin@suse.com>
|
|
In the branch I wrote the code on, "size" was a thing. On this branch
it isn't.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Authenticode Certificate length is available in Certificate Table
(inside PE header) and also in signature header(WIN_CERTIFICATE) itself.
Code in 'check_backlist()' method uses length from signature header,
whereas, AuthenticodeVerify() call inside 'verify_buffer()' method uses
the length in signature header. This causes a security vulnerability issue :
Good Scenario : Assume shim1.crt is used for signing grub.efi and
shim1.crt is embedded inside shim.efi. Also, assume shim1.crt got
compromised and therefore it was added in 'dbx' database. Now, when
shim.efi will attempt to load grub.efi, it will fail loading with
log message "Binary is blacklisted" because 'check_blacklist' call
will detect the presence of 'shim1.crt' in 'dbx'.
Vulnerable Scenario : Similar as above. Add 'shim1.crt' in dbx database.
Also, tamper the earlier signed grub.efi file by placing 0x0000 in the
WIN_CERTIFICATE.dwLength.
(Open grub.efi/vmlinuz signed binary with hex editor.
Go to 0x128 address and read out the address from 0x128 until
0x12B in little Indian order from right to left.
Jump to the address from 0x128 address area.
First 8bytes are the signature header area which consist of
signature size(4bytes), revision(2bytes) and type(2bytes).
So tamper the first 4 bytes for signature size and save the binary.
)
With this tampered grub.efi, shim.efi loads it successfully because
'check_blacklist()' call fails to detect the presence of shim1.crt in 'dbx'
database.
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
|
