[PATCH v3 3/4] efi_loader: simplify efi_sigstore_parse_sigdb()

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Thu Oct 7 07:54:51 CEST 2021



On 10/6/21 16:05, Ilias Apalodimas wrote:
> On Wed, 6 Oct 2021 at 16:15, Heinrich Schuchardt
> <heinrich.schuchardt at canonical.com> wrote:
>>
>> On 10/6/21 10:02, Ilias Apalodimas wrote:
>>> On Wed, 6 Oct 2021 at 10:21, Heinrich Schuchardt
>>> <heinrich.schuchardt at canonical.com> wrote:
>>>>
>>>>
>>>>
>>>> On 10/6/21 08:29, Ilias Apalodimas wrote:
>>>>> On Sun, Oct 03, 2021 at 11:23:19AM +0200, Heinrich Schuchardt wrote:
>>>>>> Simplify efi_sigstore_parse_sigdb() by using existing functions.
>>>>>>
>>>>>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
>>>>>> ---
>>>>>> v3:
>>>>>>        Keep error handling in efi_sigstore_parse_sigdb()
>>>>>> v2:
>>>>>>        remove a superfluous check
>>>>>> ---
>>>>>>     lib/efi_loader/efi_signature.c | 11 ++---------
>>>>>>     1 file changed, 2 insertions(+), 9 deletions(-)
>>>>>>
>>>>>> diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
>>>>>> index bdd09881fc..97f6dfacd9 100644
>>>>>> --- a/lib/efi_loader/efi_signature.c
>>>>>> +++ b/lib/efi_loader/efi_signature.c
>>>>>> @@ -746,18 +746,11 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
>>>>>>        efi_uintn_t db_size;
>>>>>>        efi_status_t ret;
>>>>>>
>>>>>> -    if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
>>>>>> -            vendor = &efi_global_variable_guid;
>>>>>> -    } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
>>>>>> -            vendor = &efi_guid_image_security_database;
>>>>>> -    } else {
>>>>>> -            EFI_PRINT("unknown signature database, %ls\n", name);
>>>>>> -            return NULL;
>>>>>> -    }
>>>>>> +    vendor = efi_auth_var_get_guid(name);
>>>>>
>>>>> Should we return NULL if we get back the default guid?
>>>>
>>>> efi_sigstore_parse_sigdb() is only called with fixed values of 'name'.
>>>> So how should this occur?
>>>
>>> Bugs that slip through maybe?  I generally prefer being more pedantic
>>> with security related code
>>
>> PK and KEK use efi_global_variable_guid and will be used as argument for
>> efi_sigstore_parse_sigdb(). Your proposed check would break the code.
> 
> Yea that's the reason I was asking about efi_auth_var_get_guid().  I
> would prefer if that returned NULL if the variable is not found
> instead of the default GUID

As discussed the functions is only called for hardcoded arguments.

Function efi_auth_var_get_guid() parses a list contains dbx, AuditMode, 
DeployedMode. So the check that you propose cannot safeguard against a 
developer misusing efi_sigstore_parse_sigdb().

Best regards

Heinrich

> 
> Regards
> /Ilias
>>
>> Best regards
>>
>> Heinrich
>>
>>>
>>> Regards
>>> /Ilias
>>>>
>>>> Best regards
>>>>
>>>> Heinrich
>>>>
>>>>>
>>>>>>
>>>>>>        /* retrieve variable data */
>>>>>>        db_size = 0;
>>>>>> -    ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
>>>>>> +    ret = efi_get_variable_int(name, vendor, NULL, &db_size, NULL);
>>>>>>        if (ret == EFI_NOT_FOUND) {
>>>>>>                EFI_PRINT("variable, %ls, not found\n", name);
>>>>>>                sigstore = calloc(sizeof(*sigstore), 1);
>>>>>> --
>>>>>> 2.32.0
>>>>>>
>>>>>
>>>>> Regards
>>>>> /Ilias
>>>>>
>>


More information about the U-Boot mailing list