* [PATCH v1 0/2] Fix kexec of pesigned images @ 2023-02-17 20:14 Robbie Harwood 2023-02-17 20:14 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check Robbie Harwood ` (3 more replies) 0 siblings, 4 replies; 7+ messages in thread From: Robbie Harwood @ 2023-02-17 20:14 UTC (permalink / raw) To: keyrings, David Howells; +Cc: Robbie Harwood Hello, In order to comply with the PE specification, recent versions of pesign do not include 8-byte padding in the dwLength field. kexec of signed images has therefore not worked in Fedora (which uses pesign) for some time. The first commit relaxes the check in order to fix this issue. The second upgrades several pe_debug() messages to pe_info() in order to make this more debuggable on systems with secureboot lockdown in place. Be well, --Robbie Robbie Harwood (2): verify_pefile: relax wrapper length check asymmetric_keys: log on fatal failures in PE/pkcs7 crypto/asymmetric_keys/pkcs7_verify.c | 10 ++++---- crypto/asymmetric_keys/verify_pefile.c | 32 +++++++++++++++----------- 2 files changed, 23 insertions(+), 19 deletions(-) -- 2.39.1 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v1 1/2] verify_pefile: relax wrapper length check 2023-02-17 20:14 [PATCH v1 0/2] Fix kexec of pesigned images Robbie Harwood @ 2023-02-17 20:14 ` Robbie Harwood 2023-02-17 21:11 ` Jarkko Sakkinen 2023-02-17 20:14 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 Robbie Harwood ` (2 subsequent siblings) 3 siblings, 1 reply; 7+ messages in thread From: Robbie Harwood @ 2023-02-17 20:14 UTC (permalink / raw) To: keyrings, David Howells; +Cc: Robbie Harwood The PE Format Specification (section "The Attribute Certificate Table (Image Only)") states that `dwLength` is to be rounded up to 8-byte alignment when used for traversal. Therefore, the field is not required to be an 8-byte multiple in the first place. Accordingly, pesign has not performed this alignment since version 0.110. This causes kexec failure on pesign'd binaries with "PEFILE: Signature wrapper len wrong". Update the comment and relax the check. See-also: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only See-also: https://github.com/rhboot/pesign Signed-off-by: Robbie Harwood <rharwood@redhat.com> --- crypto/asymmetric_keys/verify_pefile.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c index 7553ab18db89..fe1bb374239d 100644 --- a/crypto/asymmetric_keys/verify_pefile.c +++ b/crypto/asymmetric_keys/verify_pefile.c @@ -135,11 +135,15 @@ static int pefile_strip_sig_wrapper(const void *pebuf, pr_debug("sig wrapper = { %x, %x, %x }\n", wrapper.length, wrapper.revision, wrapper.cert_type); - /* Both pesign and sbsign round up the length of certificate table - * (in optional header data directories) to 8 byte alignment. + /* sbsign rounds up the length of certificate table (in optional + * header data directories) to 8 byte alignment. However, the PE + * specification states that while entries are 8-byte aligned, this is + * not included in their length, and as a result, pesign has not + * rounded up since 0.110. */ - if (round_up(wrapper.length, 8) != ctx->sig_len) { - pr_debug("Signature wrapper len wrong\n"); + if (wrapper.length > ctx->sig_len) { + pr_debug("Signature wrapper bigger than sig len (%x > %x)\n", + ctx->sig_len, wrapper.length); return -ELIBBAD; } if (wrapper.revision != WIN_CERT_REVISION_2_0) { -- 2.39.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v1 1/2] verify_pefile: relax wrapper length check 2023-02-17 20:14 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check Robbie Harwood @ 2023-02-17 21:11 ` Jarkko Sakkinen 0 siblings, 0 replies; 7+ messages in thread From: Jarkko Sakkinen @ 2023-02-17 21:11 UTC (permalink / raw) To: Robbie Harwood; +Cc: keyrings, David Howells On Fri, Feb 17, 2023 at 03:14:34PM -0500, Robbie Harwood wrote: > The PE Format Specification (section "The Attribute Certificate Table > (Image Only)") states that `dwLength` is to be rounded up to 8-byte > alignment when used for traversal. Therefore, the field is not required > to be an 8-byte multiple in the first place. > > Accordingly, pesign has not performed this alignment since version > 0.110. This causes kexec failure on pesign'd binaries with "PEFILE: > Signature wrapper len wrong". Update the comment and relax the check. > > See-also: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only > See-also: https://github.com/rhboot/pesign > Signed-off-by: Robbie Harwood <rharwood@redhat.com> OK, makes sense but what does relaxing this bring up to the table? I.e. I do get the argument but do not see the motivation. > --- > crypto/asymmetric_keys/verify_pefile.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c > index 7553ab18db89..fe1bb374239d 100644 > --- a/crypto/asymmetric_keys/verify_pefile.c > +++ b/crypto/asymmetric_keys/verify_pefile.c > @@ -135,11 +135,15 @@ static int pefile_strip_sig_wrapper(const void *pebuf, > pr_debug("sig wrapper = { %x, %x, %x }\n", > wrapper.length, wrapper.revision, wrapper.cert_type); > > - /* Both pesign and sbsign round up the length of certificate table > - * (in optional header data directories) to 8 byte alignment. > + /* sbsign rounds up the length of certificate table (in optional > + * header data directories) to 8 byte alignment. However, the PE > + * specification states that while entries are 8-byte aligned, this is > + * not included in their length, and as a result, pesign has not > + * rounded up since 0.110. > */ > - if (round_up(wrapper.length, 8) != ctx->sig_len) { > - pr_debug("Signature wrapper len wrong\n"); > + if (wrapper.length > ctx->sig_len) { > + pr_debug("Signature wrapper bigger than sig len (%x > %x)\n", > + ctx->sig_len, wrapper.length); > return -ELIBBAD; > } > if (wrapper.revision != WIN_CERT_REVISION_2_0) { > -- > 2.39.1 > BR, Jarkko ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 2023-02-17 20:14 [PATCH v1 0/2] Fix kexec of pesigned images Robbie Harwood 2023-02-17 20:14 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check Robbie Harwood @ 2023-02-17 20:14 ` Robbie Harwood 2023-02-17 21:14 ` Jarkko Sakkinen 2023-02-17 20:36 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check David Howells 2023-02-17 20:37 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 David Howells 3 siblings, 1 reply; 7+ messages in thread From: Robbie Harwood @ 2023-02-17 20:14 UTC (permalink / raw) To: keyrings, David Howells; +Cc: Robbie Harwood These particular errors can be encountered while trying to kexec when secureboot lockdown is in place. Without this change, even with a signed debug build, one still needs to reboot the machine to add the appropriate dyndbg parameters (since lockdown blocks debugfs). Accordingly, upgrade all pr_debug() before fatal error into pr_info(). Signed-off-by: Robbie Harwood <rharwood@redhat.com> --- crypto/asymmetric_keys/pkcs7_verify.c | 10 +++++----- crypto/asymmetric_keys/verify_pefile.c | 24 ++++++++++++------------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index f6321c785714..da425d142720 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -79,16 +79,16 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7, } if (sinfo->msgdigest_len != sig->digest_size) { - pr_debug("Sig %u: Invalid digest size (%u)\n", - sinfo->index, sinfo->msgdigest_len); + pr_info("Sig %u: Invalid digest size (%u)\n", + sinfo->index, sinfo->msgdigest_len); ret = -EBADMSG; goto error; } if (memcmp(sig->digest, sinfo->msgdigest, sinfo->msgdigest_len) != 0) { - pr_debug("Sig %u: Message digest doesn't match\n", - sinfo->index); + pr_info("Sig %u: Message digest doesn't match\n", + sinfo->index); ret = -EKEYREJECTED; goto error; } @@ -478,7 +478,7 @@ int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7, const void *data, size_t datalen) { if (pkcs7->data) { - pr_debug("Data already supplied\n"); + pr_info("Data already supplied\n"); return -EINVAL; } pkcs7->data = data; diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c index fe1bb374239d..c30e6610db26 100644 --- a/crypto/asymmetric_keys/verify_pefile.c +++ b/crypto/asymmetric_keys/verify_pefile.c @@ -74,7 +74,7 @@ static int pefile_parse_binary(const void *pebuf, unsigned int pelen, break; default: - pr_debug("Unknown PEOPT magic = %04hx\n", pe32->magic); + pr_info("Unknown PEOPT magic = %04hx\n", pe32->magic); return -ELIBBAD; } @@ -95,7 +95,7 @@ static int pefile_parse_binary(const void *pebuf, unsigned int pelen, ctx->certs_size = ddir->certs.size; if (!ddir->certs.virtual_address || !ddir->certs.size) { - pr_debug("Unsigned PE binary\n"); + pr_info("Unsigned PE binary\n"); return -ENODATA; } @@ -127,7 +127,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, unsigned len; if (ctx->sig_len < sizeof(wrapper)) { - pr_debug("Signature wrapper too short\n"); + pr_info("Signature wrapper too short\n"); return -ELIBBAD; } @@ -142,16 +142,16 @@ static int pefile_strip_sig_wrapper(const void *pebuf, * rounded up since 0.110. */ if (wrapper.length > ctx->sig_len) { - pr_debug("Signature wrapper bigger than sig len (%x > %x)\n", - ctx->sig_len, wrapper.length); + pr_info("Signature wrapper bigger than sig len (%x > %x)\n", + ctx->sig_len, wrapper.length); return -ELIBBAD; } if (wrapper.revision != WIN_CERT_REVISION_2_0) { - pr_debug("Signature is not revision 2.0\n"); + pr_info("Signature is not revision 2.0\n"); return -ENOTSUPP; } if (wrapper.cert_type != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { - pr_debug("Signature certificate type is not PKCS\n"); + pr_info("Signature certificate type is not PKCS\n"); return -ENOTSUPP; } @@ -164,7 +164,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, ctx->sig_offset += sizeof(wrapper); ctx->sig_len -= sizeof(wrapper); if (ctx->sig_len < 4) { - pr_debug("Signature data missing\n"); + pr_info("Signature data missing\n"); return -EKEYREJECTED; } @@ -198,7 +198,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, return 0; } not_pkcs7: - pr_debug("Signature data not PKCS#7\n"); + pr_info("Signature data not PKCS#7\n"); return -ELIBBAD; } @@ -341,8 +341,8 @@ static int pefile_digest_pe(const void *pebuf, unsigned int pelen, digest_size = crypto_shash_digestsize(tfm); if (digest_size != ctx->digest_len) { - pr_debug("Digest size mismatch (%zx != %x)\n", - digest_size, ctx->digest_len); + pr_info("Digest size mismatch (%zx != %x)\n", + digest_size, ctx->digest_len); ret = -EBADMSG; goto error_no_desc; } @@ -373,7 +373,7 @@ static int pefile_digest_pe(const void *pebuf, unsigned int pelen, * PKCS#7 certificate. */ if (memcmp(digest, ctx->digest, ctx->digest_len) != 0) { - pr_debug("Digest mismatch\n"); + pr_info("Digest mismatch\n"); ret = -EKEYREJECTED; } else { pr_debug("The digests match!\n"); -- 2.39.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 2023-02-17 20:14 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 Robbie Harwood @ 2023-02-17 21:14 ` Jarkko Sakkinen 0 siblings, 0 replies; 7+ messages in thread From: Jarkko Sakkinen @ 2023-02-17 21:14 UTC (permalink / raw) To: Robbie Harwood; +Cc: keyrings, David Howells On Fri, Feb 17, 2023 at 03:14:35PM -0500, Robbie Harwood wrote: > These particular errors can be encountered while trying to kexec when > secureboot lockdown is in place. Without this change, even with a > signed debug build, one still needs to reboot the machine to add the > appropriate dyndbg parameters (since lockdown blocks debugfs). > > Accordingly, upgrade all pr_debug() before fatal error into pr_info(). > > Signed-off-by: Robbie Harwood <rharwood@redhat.com> Eessentially this changes configuration to hard coded implementation. No gain IMHO. If you are ready to patch the kernel you could live with boot time dyndbg parameters. > --- > crypto/asymmetric_keys/pkcs7_verify.c | 10 +++++----- > crypto/asymmetric_keys/verify_pefile.c | 24 ++++++++++++------------ > 2 files changed, 17 insertions(+), 17 deletions(-) > > diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c > index f6321c785714..da425d142720 100644 > --- a/crypto/asymmetric_keys/pkcs7_verify.c > +++ b/crypto/asymmetric_keys/pkcs7_verify.c > @@ -79,16 +79,16 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7, > } > > if (sinfo->msgdigest_len != sig->digest_size) { > - pr_debug("Sig %u: Invalid digest size (%u)\n", > - sinfo->index, sinfo->msgdigest_len); > + pr_info("Sig %u: Invalid digest size (%u)\n", > + sinfo->index, sinfo->msgdigest_len); > ret = -EBADMSG; > goto error; > } > > if (memcmp(sig->digest, sinfo->msgdigest, > sinfo->msgdigest_len) != 0) { > - pr_debug("Sig %u: Message digest doesn't match\n", > - sinfo->index); > + pr_info("Sig %u: Message digest doesn't match\n", > + sinfo->index); > ret = -EKEYREJECTED; > goto error; > } > @@ -478,7 +478,7 @@ int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7, > const void *data, size_t datalen) > { > if (pkcs7->data) { > - pr_debug("Data already supplied\n"); > + pr_info("Data already supplied\n"); > return -EINVAL; > } > pkcs7->data = data; > diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c > index fe1bb374239d..c30e6610db26 100644 > --- a/crypto/asymmetric_keys/verify_pefile.c > +++ b/crypto/asymmetric_keys/verify_pefile.c > @@ -74,7 +74,7 @@ static int pefile_parse_binary(const void *pebuf, unsigned int pelen, > break; > > default: > - pr_debug("Unknown PEOPT magic = %04hx\n", pe32->magic); > + pr_info("Unknown PEOPT magic = %04hx\n", pe32->magic); > return -ELIBBAD; > } > > @@ -95,7 +95,7 @@ static int pefile_parse_binary(const void *pebuf, unsigned int pelen, > ctx->certs_size = ddir->certs.size; > > if (!ddir->certs.virtual_address || !ddir->certs.size) { > - pr_debug("Unsigned PE binary\n"); > + pr_info("Unsigned PE binary\n"); > return -ENODATA; > } > > @@ -127,7 +127,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, > unsigned len; > > if (ctx->sig_len < sizeof(wrapper)) { > - pr_debug("Signature wrapper too short\n"); > + pr_info("Signature wrapper too short\n"); > return -ELIBBAD; > } > > @@ -142,16 +142,16 @@ static int pefile_strip_sig_wrapper(const void *pebuf, > * rounded up since 0.110. > */ > if (wrapper.length > ctx->sig_len) { > - pr_debug("Signature wrapper bigger than sig len (%x > %x)\n", > - ctx->sig_len, wrapper.length); > + pr_info("Signature wrapper bigger than sig len (%x > %x)\n", > + ctx->sig_len, wrapper.length); > return -ELIBBAD; > } > if (wrapper.revision != WIN_CERT_REVISION_2_0) { > - pr_debug("Signature is not revision 2.0\n"); > + pr_info("Signature is not revision 2.0\n"); > return -ENOTSUPP; > } > if (wrapper.cert_type != WIN_CERT_TYPE_PKCS_SIGNED_DATA) { > - pr_debug("Signature certificate type is not PKCS\n"); > + pr_info("Signature certificate type is not PKCS\n"); > return -ENOTSUPP; > } > > @@ -164,7 +164,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, > ctx->sig_offset += sizeof(wrapper); > ctx->sig_len -= sizeof(wrapper); > if (ctx->sig_len < 4) { > - pr_debug("Signature data missing\n"); > + pr_info("Signature data missing\n"); > return -EKEYREJECTED; > } > > @@ -198,7 +198,7 @@ static int pefile_strip_sig_wrapper(const void *pebuf, > return 0; > } > not_pkcs7: > - pr_debug("Signature data not PKCS#7\n"); > + pr_info("Signature data not PKCS#7\n"); > return -ELIBBAD; > } > > @@ -341,8 +341,8 @@ static int pefile_digest_pe(const void *pebuf, unsigned int pelen, > digest_size = crypto_shash_digestsize(tfm); > > if (digest_size != ctx->digest_len) { > - pr_debug("Digest size mismatch (%zx != %x)\n", > - digest_size, ctx->digest_len); > + pr_info("Digest size mismatch (%zx != %x)\n", > + digest_size, ctx->digest_len); > ret = -EBADMSG; > goto error_no_desc; > } > @@ -373,7 +373,7 @@ static int pefile_digest_pe(const void *pebuf, unsigned int pelen, > * PKCS#7 certificate. > */ > if (memcmp(digest, ctx->digest, ctx->digest_len) != 0) { > - pr_debug("Digest mismatch\n"); > + pr_info("Digest mismatch\n"); > ret = -EKEYREJECTED; > } else { > pr_debug("The digests match!\n"); > -- > 2.39.1 > BR, Jarkko ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v1 1/2] verify_pefile: relax wrapper length check 2023-02-17 20:14 [PATCH v1 0/2] Fix kexec of pesigned images Robbie Harwood 2023-02-17 20:14 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check Robbie Harwood 2023-02-17 20:14 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 Robbie Harwood @ 2023-02-17 20:36 ` David Howells 2023-02-17 20:37 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 David Howells 3 siblings, 0 replies; 7+ messages in thread From: David Howells @ 2023-02-17 20:36 UTC (permalink / raw) To: Robbie Harwood; +Cc: dhowells, keyrings Robbie Harwood <rharwood@redhat.com> wrote: > See-also: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only > See-also: https://github.com/rhboot/pesign These should be "Link:" I think. Apart from that: Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 2023-02-17 20:14 [PATCH v1 0/2] Fix kexec of pesigned images Robbie Harwood ` (2 preceding siblings ...) 2023-02-17 20:36 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check David Howells @ 2023-02-17 20:37 ` David Howells 3 siblings, 0 replies; 7+ messages in thread From: David Howells @ 2023-02-17 20:37 UTC (permalink / raw) To: Robbie Harwood; +Cc: dhowells, keyrings Robbie Harwood <rharwood@redhat.com> wrote: > These particular errors can be encountered while trying to kexec when > secureboot lockdown is in place. Without this change, even with a > signed debug build, one still needs to reboot the machine to add the > appropriate dyndbg parameters (since lockdown blocks debugfs). > > Accordingly, upgrade all pr_debug() before fatal error into pr_info(). I wonder if they should then be pr_warn() instead. > Signed-off-by: Robbie Harwood <rharwood@redhat.com> Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-02-17 21:14 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-02-17 20:14 [PATCH v1 0/2] Fix kexec of pesigned images Robbie Harwood 2023-02-17 20:14 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check Robbie Harwood 2023-02-17 21:11 ` Jarkko Sakkinen 2023-02-17 20:14 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 Robbie Harwood 2023-02-17 21:14 ` Jarkko Sakkinen 2023-02-17 20:36 ` [PATCH v1 1/2] verify_pefile: relax wrapper length check David Howells 2023-02-17 20:37 ` [PATCH v1 2/2] asymmetric_keys: log on fatal failures in PE/pkcs7 David Howells
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).