From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Heinrich Schuchardt <heinrich.schuchardt@canonical.com>,
Alexander Graf <agraf@csgraf.de>,
u-boot@lists.denx.de
Subject: Re: [PATCH v2 6/6] efi_loader: always initialize the secure boot state
Date: Fri, 27 Aug 2021 06:34:30 +0200 [thread overview]
Message-ID: <a8e95e69-b76f-997d-3f6f-84b282543f8d@gmx.de> (raw)
In-Reply-To: <20210827035336.GC52912@laputa>
On 8/27/21 5:53 AM, AKASHI Takahiro wrote:
> On Thu, Aug 26, 2021 at 03:48:05PM +0200, Heinrich Schuchardt wrote:
>> Even if we cannot read the variable store from disk we still need to
>> initialize the secure boot state.
>>
>> Don't continue to boot if the variable preseed is invalid as this indicates
>> that the variable store has been tampered.
>>
>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
>> ---
>> v2:
>> no change
>> ---
>> lib/efi_loader/efi_variable.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
>> index 80996d0f47..6d92229e2a 100644
>> --- a/lib/efi_loader/efi_variable.c
>> +++ b/lib/efi_loader/efi_variable.c
>> @@ -427,13 +427,17 @@ efi_status_t efi_init_variables(void)
>> if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
>> ret = efi_var_restore((struct efi_var_file *)
>> __efi_var_file_begin, true);
>> - if (ret != EFI_SUCCESS)
>> + if (ret != EFI_SUCCESS) {
>> log_err("Invalid EFI variable seed\n");
>> + return ret;
>> + }
>> }
>> -
>> - ret = efi_var_from_file();
>> + ret = efi_init_secure_state();
>> if (ret != EFI_SUCCESS)
>> return ret;
>>
>> - return efi_init_secure_state();
>> + /* Don't stop booting if variable store is not available */
>> + efi_var_from_file();
>
> I think we have to think about two different cases:
> 1) there is no "variable store" file available.
> 2) it does exists, but reading from it (efi_var_restore()) failed
>
> For (2), we should return with an error as in the case of
> CONFIG_EFI_VARIABLES_PRESEED.
> Otherwise, the behavior is inconsistent.
The preseed store is used for secure boot related variables. If this
store is inconsistent, failing is required to ensure secure boot.
With my patches applied the file store can not contain any secure boot
related variables but it may contain boot options.
Your suggestion could mean that if the file store is corrupted the board
is bricked.
If the boot options cannot be read either because the file does not
exist or because the file is corrupt, I still want the user to have a
chance to load shim, GRUB, or the kernel and boot via the bootefi command.
I cannot see any inconsistency here.
Best regards
Heinrich
next prev parent reply other threads:[~2021-08-27 4:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 13:47 [PATCH v2 0/6] efi_loader: fix secure boot mode transitions Heinrich Schuchardt
2021-08-26 13:48 ` [PATCH v2 1/6] efi_loader: stop recursion in efi_init_secure_state Heinrich Schuchardt
2021-08-27 2:26 ` AKASHI Takahiro
2021-08-26 13:48 ` [PATCH v2 2/6] efi_loader: correct determination of secure boot state Heinrich Schuchardt
2021-08-26 13:48 ` [PATCH v2 3/6] efi_loader: don't load signature database from file Heinrich Schuchardt
2021-08-27 4:12 ` AKASHI Takahiro
2021-08-27 4:42 ` Heinrich Schuchardt
2021-08-27 4:49 ` AKASHI Takahiro
2021-08-27 4:51 ` AKASHI Takahiro
2021-08-27 5:22 ` Heinrich Schuchardt
2021-08-26 13:48 ` [PATCH v2 4/6] efi_loader: correct secure boot state transition Heinrich Schuchardt
2021-08-26 13:48 ` [PATCH v2 5/6] efi_loader: writing AuditMode, DeployedMode Heinrich Schuchardt
2021-08-27 3:05 ` AKASHI Takahiro
2021-08-27 4:09 ` Heinrich Schuchardt
2021-08-27 9:23 ` Ilias Apalodimas
2021-08-26 13:48 ` [PATCH v2 6/6] efi_loader: always initialize the secure boot state Heinrich Schuchardt
2021-08-27 3:53 ` AKASHI Takahiro
2021-08-27 4:34 ` Heinrich Schuchardt [this message]
2021-08-27 4:47 ` AKASHI Takahiro
2021-08-27 4:53 ` Heinrich Schuchardt
2021-08-27 3:59 ` [PATCH v2 0/6] efi_loader: fix secure boot mode transitions AKASHI Takahiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a8e95e69-b76f-997d-3f6f-84b282543f8d@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=agraf@csgraf.de \
--cc=heinrich.schuchardt@canonical.com \
--cc=ilias.apalodimas@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.