[RFC PATCH 2/3] keys: Trust platform keyring if MokTrustPlatform found

From: Eric Snowberg <eric.snowberg@oracle.com>
To: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
	dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com,
	jmorris@namei.org, jarkko@kernel.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, zohar@linux.ibm.com,
	torvalds@linux-foundation.org, serge@hallyn.com,
	James.Bottomley@HansenPartnership.com, pjones@redhat.com,
	glin@suse.com
Subject: [RFC PATCH 2/3] keys: Trust platform keyring if MokTrustPlatform found
Date: Mon, 17 May 2021 18:57:13 -0400	[thread overview]
Message-ID: <20210517225714.498032-3-eric.snowberg@oracle.com> (raw)
In-Reply-To: <20210517225714.498032-1-eric.snowberg@oracle.com>

A new MOK variable called MokTrustPlatform has been introduced in shim.
When this UEFI variable is set, it indicates the end-user has made the
decision themself that they wish to trust both UEFI Secure Boot
DB and MOK keys within the Linux trust boundary. It is not an error
if this variable does not exist.  If it does not exist, the platform
keyring should not be trusted within the kernel.

MOK variables are mirrored from Boot Services to Runtime Services. When
shim sees the new MokTPKState BS variable, it will create a variable
called MokTrustPlatform without EFI_VARIABLE_NON_VOLATILE set. Following
Exit Boot Services, UEFI variables can only be set and created
with SetVariable if both EFI_VARIABLE_RUNTIME_ACCESS &
EFI_VARIABLE_NON_VOLATILE are set.  Therefore, this can not be defeated
by simply creating a MokTrustPlatform variable from Linux, since
the existence of EFI_VARIABLE_NON_VOLATILE will cause
uefi_check_trust_platform to return false.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
---
 .../platform_certs/platform_keyring.c         | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/security/integrity/platform_certs/platform_keyring.c b/security/integrity/platform_certs/platform_keyring.c
index bcafd7387729..d2731182e511 100644
--- a/security/integrity/platform_certs/platform_keyring.c
+++ b/security/integrity/platform_certs/platform_keyring.c
@@ -13,6 +13,8 @@
 #include <linux/err.h>
 #include <linux/slab.h>
 #include "../integrity.h"
+#include <linux/efi.h>
+#include <keys/system_keyring.h>
 
 /**
  * add_to_platform_keyring - Add to platform keyring without validation.
@@ -37,6 +39,43 @@ void __init add_to_platform_keyring(const char *source, const void *data,
 		pr_info("Error adding keys to platform keyring %s\n", source);
 }
 
+/*
+ * Try to load the MokTrustPlatform UEFI variable to see if we should trust
+ * the platform keyring within the kernel. It is not an error if this variable
+ * does not exist.  If it does not exist, the platform keyring should not
+ * be trusted within the kernel.
+ */
+static __init bool uefi_check_trust_platform(void)
+{
+	efi_status_t status;
+	unsigned int ptrust = 0;
+	unsigned long size = sizeof(ptrust);
+	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
+	u32 attr;
+
+	status = efi.get_variable(L"MokTrustPlatform", &guid, &attr, &size, &ptrust);
+
+	/*
+	 * The EFI_VARIABLE_NON_VOLATILE check is to verify MokTrustPlatform
+	 * was set thru the shim mirrioring and not by a user from the host os.
+	 * According to the UEFI spec, once EBS is performed, only variables
+	 * that have EFI_VARIABLE_RUNTIME_ACCESS & EFI_VARIABLE_NON_VOLATILE
+	 * set can be set with SetVariable().
+	 */
+	return (status == EFI_SUCCESS && (!(attr & EFI_VARIABLE_NON_VOLATILE)));
+}
+
+/*
+ * Check if the platform keyring should be trusted
+ */
+static __init void platform_keyring_trust_setup(void)
+{
+	if (uefi_check_trust_platform())
+		set_trust_platform_keys();
+}
+
+late_initcall(platform_keyring_trust_setup);
+
 /*
  * Create the trusted keyrings.
  */
-- 
2.18.4

