From: Bobby Eshleman <bobbyeshleman@gmail.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
Cc: "Daniel Kiper" <daniel.kiper@oracle.com>,
"Bobby Eshleman" <bobbyeshleman@gmail.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>, "Wei Liu" <wl@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH v3 5/5] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2()
Date: Thu, 21 Jan 2021 16:51:44 -0800 [thread overview]
Message-ID: <44cb9567aa17d6255beadaa48defccd246b35669.1611273359.git.bobbyeshleman@gmail.com> (raw)
In-Reply-To: <cover.1611273359.git.bobbyeshleman@gmail.com>
From: Daniel Kiper <daniel.kiper@oracle.com>
This splits out efi_shim_lock() into common code and uses it to verify
the dom0 kernel in efi_multiboot2().
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Bobby Eshleman <bobbyeshleman@gmail.com>
---
xen/arch/x86/boot/head.S | 20 ++++++++++++++++++--
xen/arch/x86/efi/efi-boot.h | 6 ++++++
xen/arch/x86/efi/stub.c | 5 ++++-
xen/common/efi/boot.c | 19 +++++++++++++------
4 files changed, 41 insertions(+), 9 deletions(-)
diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
index f2edd182a5..943792eb43 100644
--- a/xen/arch/x86/boot/head.S
+++ b/xen/arch/x86/boot/head.S
@@ -244,9 +244,13 @@ __efi64_mb2_start:
jmp x86_32_switch
.Lefi_multiboot2_proto:
- /* Zero EFI SystemTable and EFI ImageHandle addresses. */
+ /*
+ * Zero EFI SystemTable, EFI ImageHandle and
+ * dom0 kernel module struct addresses.
+ */
xor %esi,%esi
xor %edi,%edi
+ xor %r14d, %r14d
/* Skip Multiboot2 information fixed part. */
lea (MB2_fixed_sizeof+MULTIBOOT2_TAG_ALIGN-1)(%rbx),%ecx
@@ -284,6 +288,15 @@ __efi64_mb2_start:
cmove MB2_efi64_ih(%rcx),%rdi
je .Lefi_mb2_next_tag
+ /* Get Dom0 kernel module struct address from Multiboot2 information. */
+ cmpl $MULTIBOOT2_TAG_TYPE_MODULE,MB2_tag_type(%rcx)
+ jne .Lefi_mb2_end
+
+ test %r14d, %r14d
+ cmovz %ecx, %r14d
+ jmp .Lefi_mb2_next_tag
+
+.Lefi_mb2_end:
/* Is it the end of Multiboot2 information? */
cmpl $MULTIBOOT2_TAG_TYPE_END,MB2_tag_type(%rcx)
je .Lrun_bs
@@ -345,9 +358,12 @@ __efi64_mb2_start:
/* Keep the stack aligned. Do not pop a single item off it. */
mov (%rsp),%rdi
+ mov %r14d, %edx
+
/*
* efi_multiboot2() is called according to System V AMD64 ABI:
- * - IN: %rdi - EFI ImageHandle, %rsi - EFI SystemTable.
+ * - IN: %rdi - EFI ImageHandle, %rsi - EFI SystemTable,
+ * %rdx - Dom0 kernel module struct address.
*/
call efi_multiboot2
diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h
index f694a069c9..0d025ad9a5 100644
--- a/xen/arch/x86/efi/efi-boot.h
+++ b/xen/arch/x86/efi/efi-boot.h
@@ -3,6 +3,8 @@
* is intended to be included by common/efi/boot.c _only_, and
* therefore can define arch specific global variables.
*/
+#include <xen/types.h>
+#include <xen/multiboot2.h>
#include <xen/vga.h>
#include <asm/e820.h>
#include <asm/edd.h>
@@ -762,6 +764,10 @@ void __init efi_multiboot2(EFI_HANDLE ImageHandle,
gop = efi_get_gop();
+ if ( dom0_kernel && dom0_kernel->mod_end > dom0_kernel->mod_start )
+ efi_shim_lock((VOID *)(unsigned long)dom0_kernel->mod_start,
+ dom0_kernel->mod_end - dom0_kernel->mod_start);
+
if ( gop )
gop_mode = efi_find_gop_mode(gop, 0, 0, 0);
diff --git a/xen/arch/x86/efi/stub.c b/xen/arch/x86/efi/stub.c
index 9bd6355ec3..7d459905fa 100644
--- a/xen/arch/x86/efi/stub.c
+++ b/xen/arch/x86/efi/stub.c
@@ -1,7 +1,9 @@
+#include <xen/types.h>
#include <xen/efi.h>
#include <xen/errno.h>
#include <xen/init.h>
#include <xen/lib.h>
+#include <xen/multiboot2.h>
#include <asm/asm_defns.h>
#include <asm/efibind.h>
#include <asm/page.h>
@@ -29,7 +31,8 @@ asm (
);
void __init noreturn efi_multiboot2(EFI_HANDLE ImageHandle,
- EFI_SYSTEM_TABLE *SystemTable)
+ EFI_SYSTEM_TABLE *SystemTable,
+ multiboot2_tag_module_t *dom0_kernel)
{
static const CHAR16 __initconst err[] =
L"Xen does not have EFI code build in!\r\nSystem halted!\r\n";
diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c
index 63e289ab85..8ce6715b59 100644
--- a/xen/common/efi/boot.c
+++ b/xen/common/efi/boot.c
@@ -133,6 +133,7 @@ static void efi_console_set_mode(void);
static EFI_GRAPHICS_OUTPUT_PROTOCOL *efi_get_gop(void);
static UINTN efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
UINTN cols, UINTN rows, UINTN depth);
+static void efi_shim_lock(const VOID *Buffer, UINT32 Size);
static void efi_tables(void);
static void setup_efi_pci(void);
static void efi_variables(void);
@@ -830,6 +831,17 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop,
return gop_mode;
}
+static void __init efi_shim_lock(const VOID *Buffer, UINT32 Size)
+{
+ static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID;
+ EFI_SHIM_LOCK_PROTOCOL *shim_lock;
+ EFI_STATUS status;
+
+ if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL, (void **)&shim_lock)) &&
+ (status = shim_lock->Verify(Buffer, Size)) != EFI_SUCCESS )
+ PrintErrMesg(L"Dom0 kernel image could not be verified", status);
+}
+
static void __init efi_tables(void)
{
unsigned int i;
@@ -1123,13 +1135,11 @@ void EFIAPI __init noreturn
efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
{
static EFI_GUID __initdata loaded_image_guid = LOADED_IMAGE_PROTOCOL;
- static EFI_GUID __initdata shim_lock_guid = SHIM_LOCK_PROTOCOL_GUID;
EFI_LOADED_IMAGE *loaded_image;
EFI_STATUS status;
unsigned int i, argc;
CHAR16 **argv, *file_name, *cfg_file_name = NULL, *options = NULL;
UINTN gop_mode = ~0;
- EFI_SHIM_LOCK_PROTOCOL *shim_lock;
EFI_GRAPHICS_OUTPUT_PROTOCOL *gop = NULL;
union string section = { NULL }, name;
bool base_video = false;
@@ -1296,10 +1306,7 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
read_file(dir_handle, s2w(&name), &kernel, option_str);
efi_bs->FreePool(name.w);
- if ( !EFI_ERROR(efi_bs->LocateProtocol(&shim_lock_guid, NULL,
- (void **)&shim_lock)) &&
- (status = shim_lock->Verify(kernel.ptr, kernel.size)) != EFI_SUCCESS )
- PrintErrMesg(L"Dom0 kernel image could not be verified", status);
+ efi_shim_lock(kernel.ptr, kernel.size);
}
if ( !read_section(loaded_image, L"ramdisk", &ramdisk, NULL) )
--
2.30.0
next prev parent reply other threads:[~2021-01-22 0:56 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-22 0:51 [PATCH v3 0/5] Support Secure Boot for multiboot2 Xen Bobby Eshleman
2021-01-22 0:51 ` [PATCH v3 1/5] xen: add XEN_BUILD_POSIX_TIME Bobby Eshleman
2021-01-22 11:27 ` Jan Beulich
2021-01-22 21:57 ` Bobby Eshleman
2021-01-25 8:58 ` Jan Beulich
2021-01-22 0:51 ` [PATCH v3 2/5] xen/x86: manually build xen.mb.efi binary Bobby Eshleman
2021-03-15 13:36 ` Jan Beulich
2021-05-07 20:26 ` Bob Eshleman
2021-05-17 6:48 ` Jan Beulich
2021-05-17 13:20 ` Daniel Kiper
2021-05-17 13:24 ` Jan Beulich
2021-05-18 17:46 ` Daniel Kiper
2021-05-19 9:29 ` Jan Beulich
2021-05-19 12:48 ` Daniel Kiper
2021-05-19 14:35 ` Jan Beulich
2021-06-09 13:18 ` Daniel Kiper
2021-06-09 13:45 ` Jan Beulich
2021-01-22 0:51 ` [PATCH v3 3/5] xen/x86: add some addresses to the Multiboot header Bobby Eshleman
2021-03-15 15:05 ` Jan Beulich
2021-01-22 0:51 ` [PATCH v3 4/5] xen/x86: add some addresses to the Multiboot2 header Bobby Eshleman
2021-02-23 9:04 ` Roger Pau Monné
2021-02-23 18:07 ` Bob Eshleman
2021-01-22 0:51 ` Bobby Eshleman [this message]
2021-03-16 15:08 ` [PATCH v3 5/5] xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in efi_multiboot2() Jan Beulich
2021-01-22 9:39 ` [PATCH v3 0/5] Support Secure Boot for multiboot2 Xen Jan Beulich
2021-01-22 21:18 ` Bobby Eshleman
2021-01-25 8:52 ` Jan Beulich
2021-02-22 18:04 ` Bobby Eshleman
2021-02-23 7:16 ` Jan Beulich
2021-02-23 18:00 ` Bob Eshleman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44cb9567aa17d6255beadaa48defccd246b35669.1611273359.git.bobbyeshleman@gmail.com \
--to=bobbyeshleman@gmail.com \
--cc=andrew.cooper3@citrix.com \
--cc=daniel.kiper@oracle.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).