[thirdparty/systemd.git] / src / boot / efi / shim.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/*
 * Port to systemd-boot
 * Copyright © 2017 Max Resch <resch.max@gmail.com>
 *
 * Security Policy Handling
 * Copyright © 2012 <James.Bottomley@HansenPartnership.com>
 * https://github.com/mjg59/efitools
 */

#include <efi.h>
#include <efilib.h>

#include "util.h"
#include "shim.h"

/* well known shim lock guid */
#define SHIM_LOCK_GUID

struct ShimLock {
        EFI_STATUS __attribute__((sysv_abi)) (*shim_verify) (VOID *buffer, UINT32 size);

        /* context is actually a struct for the PE header, but it isn't needed so void is sufficient just do define the interface
         * see shim.c/shim.h and PeHeader.h in the github shim repo */
        EFI_STATUS __attribute__((sysv_abi)) (*generate_hash) (VOID *data, UINT32 datasize, VOID *context, UINT8 *sha256hash, UINT8 *sha1hash);

        EFI_STATUS __attribute__((sysv_abi)) (*read_header) (VOID *data, UINT32 datasize, VOID *context);
};

static const EFI_GUID simple_fs_guid = SIMPLE_FILE_SYSTEM_PROTOCOL;
static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;

static const EFI_GUID security_protocol_guid = { 0xa46423e3, 0x4617, 0x49f1, {0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } };
static const EFI_GUID security2_protocol_guid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } };
static const EFI_GUID shim_lock_guid = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };

BOOLEAN shim_loaded(void) {
        struct ShimLock *shim_lock;

        return uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) == EFI_SUCCESS;
}

static BOOLEAN shim_validate(VOID *data, UINT32 size) {
        struct ShimLock *shim_lock;

        if (!data)
                return FALSE;

        if (uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &shim_lock_guid, NULL, (VOID**) &shim_lock) != EFI_SUCCESS)
                return FALSE;

        if (!shim_lock)
                return FALSE;

        return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
}

BOOLEAN secure_boot_enabled(void) {
        _cleanup_freepool_ CHAR8 *b = NULL;
        UINTN size;

        if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
                return *b > 0;

        return FALSE;
}

/*
 * See the UEFI Platform Initialization manual (Vol2: DXE) for this
 */
struct _EFI_SECURITY2_PROTOCOL;
struct _EFI_SECURITY_PROTOCOL;
struct _EFI_DEVICE_PATH_PROTOCOL;

typedef struct _EFI_SECURITY2_PROTOCOL EFI_SECURITY2_PROTOCOL;
typedef struct _EFI_SECURITY_PROTOCOL EFI_SECURITY_PROTOCOL;
typedef struct _EFI_DEVICE_PATH_PROTOCOL EFI_DEVICE_PATH_PROTOCOL;

typedef EFI_STATUS (EFIAPI *EFI_SECURITY_FILE_AUTHENTICATION_STATE) (
        const EFI_SECURITY_PROTOCOL *This,
        UINT32 AuthenticationStatus,
        const EFI_DEVICE_PATH_PROTOCOL *File
);

typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
        const EFI_SECURITY2_PROTOCOL *This,
        const EFI_DEVICE_PATH_PROTOCOL *DevicePath,
        VOID *FileBuffer,
        UINTN FileSize,
        BOOLEAN  BootPolicy
);

struct _EFI_SECURITY2_PROTOCOL {
        EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
};

struct _EFI_SECURITY_PROTOCOL {
        EFI_SECURITY_FILE_AUTHENTICATION_STATE  FileAuthenticationState;
};

/* Handle to the original authenticator for security1 protocol */
static EFI_SECURITY_FILE_AUTHENTICATION_STATE esfas = NULL;

/* Handle to the original authenticator for security2 protocol */
static EFI_SECURITY2_FILE_AUTHENTICATION es2fa = NULL;

/*
 * Perform shim/MOK and Secure Boot authentication on a binary that's already been
 * loaded into memory. This function does the platform SB authentication first
 * but preserves its return value in case of its failure, so that it can be
 * returned in case of a shim/MOK authentication failure. This is done because
 * the SB failure code seems to vary from one implementation to another, and I
 * don't want to interfere with that at this time.
 */
static EFIAPI EFI_STATUS security2_policy_authentication (const EFI_SECURITY2_PROTOCOL *this,
                                                          const EFI_DEVICE_PATH_PROTOCOL *device_path,
                                                          VOID *file_buffer, UINTN file_size, BOOLEAN boot_policy) {
        EFI_STATUS status;

        /* Chain original security policy */
        status = uefi_call_wrapper(es2fa, 5, this, device_path, file_buffer, file_size, boot_policy);

        /* if OK, don't bother with MOK check */
        if (status == EFI_SUCCESS)
                return status;

        if (shim_validate(file_buffer, file_size))
                return EFI_SUCCESS;

        return status;
}

/*
 * Perform both shim/MOK and platform Secure Boot authentication. This function loads
 * the file and performs shim/MOK authentication first simply to avoid double loads
 * of Linux kernels, which are much more likely to be shim/MOK-signed than platform-signed,
 * since kernels are big and can take several seconds to load on some computers and
 * filesystems. This also has the effect of returning whatever the platform code is for
 * authentication failure, be it EFI_ACCESS_DENIED, EFI_SECURITY_VIOLATION, or something
 * else. (This seems to vary between implementations.)
 */
static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROTOCOL *this, UINT32 authentication_status,
                                                         const EFI_DEVICE_PATH_PROTOCOL *device_path_const) {
        EFI_STATUS status;
        _cleanup_freepool_ EFI_DEVICE_PATH *dev_path = NULL;
        _cleanup_freepool_ CHAR16 *dev_path_str = NULL;
        EFI_HANDLE h;
        EFI_FILE *root;
        _cleanup_freepool_ CHAR8 *file_buffer = NULL;
        UINTN file_size;

        if (!device_path_const)
                return EFI_INVALID_PARAMETER;

        dev_path = DuplicateDevicePath((EFI_DEVICE_PATH*) device_path_const);

        status = uefi_call_wrapper(BS->LocateDevicePath, 3, (EFI_GUID*) &simple_fs_guid, &dev_path, &h);
        if (status != EFI_SUCCESS)
                return status;

        /* No need to check return value, this already happened in efi_main() */
        root = LibOpenRoot(h);
        dev_path_str = DevicePathToStr(dev_path);

        status = file_read(root, dev_path_str, 0, 0, &file_buffer, &file_size);
        if (EFI_ERROR(status))
                return status;
        uefi_call_wrapper(root->Close, 1, root);

        if (shim_validate(file_buffer, file_size))
                return EFI_SUCCESS;

        /* Try using the platform's native policy.... */
        return uefi_call_wrapper(esfas, 3, this, authentication_status, device_path_const);
}

EFI_STATUS security_policy_install(void) {
        EFI_SECURITY_PROTOCOL *security_protocol;
        EFI_SECURITY2_PROTOCOL *security2_protocol = NULL;
        EFI_STATUS status;

        /* Already Installed */
        if (esfas)
                return EFI_ALREADY_STARTED;

        /*
         * Don't bother with status here. The call is allowed
         * to fail, since SECURITY2 was introduced in PI 1.2.1.
         * Use security2_protocol == NULL as indicator.
         */
        uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security2_protocol_guid, NULL, (VOID**) &security2_protocol);

        status = uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID*) &security_protocol_guid, NULL, (VOID**) &security_protocol);
         /* This one is mandatory, so there's a serious problem */
        if (status != EFI_SUCCESS)
                return status;

        esfas = security_protocol->FileAuthenticationState;
        security_protocol->FileAuthenticationState = security_policy_authentication;

        if (security2_protocol) {
                es2fa = security2_protocol->FileAuthentication;
                security2_protocol->FileAuthentication = security2_policy_authentication;
        }

        return EFI_SUCCESS;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
b2bb40ce	2	/*
b2bb40ce	3	* Port to systemd-boot
96b2fb93	4	* Copyright © 2017 Max Resch <resch.max@gmail.com>
b2bb40ce MR	5	*
b2bb40ce MR	6	* Security Policy Handling
96b2fb93	7	* Copyright © 2012 <James.Bottomley@HansenPartnership.com>
b2bb40ce MR	8	* https://github.com/mjg59/efitools
	9	*/
	10
	11	#include <efi.h>
	12	#include <efilib.h>
	13
	14	#include "util.h"
	15	#include "shim.h"
	16
	17	/* well known shim lock guid */
	18	#define SHIM_LOCK_GUID
	19
	20	struct ShimLock {
	21	EFI_STATUS __attribute__((sysv_abi)) (shim_verify) (VOID buffer, UINT32 size);
	22
	23	/* context is actually a struct for the PE header, but it isn't needed so void is sufficient just do define the interface
	24	* see shim.c/shim.h and PeHeader.h in the github shim repo */
	25	EFI_STATUS __attribute__((sysv_abi)) (generate_hash) (VOID data, UINT32 datasize, VOID context, UINT8 sha256hash, UINT8 *sha1hash);
	26
	27	EFI_STATUS __attribute__((sysv_abi)) (read_header) (VOID data, UINT32 datasize, VOID *context);
	28	};
	29
	30	static const EFI_GUID simple_fs_guid = SIMPLE_FILE_SYSTEM_PROTOCOL;
	31	static const EFI_GUID global_guid = EFI_GLOBAL_VARIABLE;
	32
	33	static const EFI_GUID security_protocol_guid = { 0xa46423e3, 0x4617, 0x49f1, {0xb9, 0xff, 0xd1, 0xbf, 0xa9, 0x11, 0x58, 0x39 } };
	34	static const EFI_GUID security2_protocol_guid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } };
	35	static const EFI_GUID shim_lock_guid = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
	36
	37	BOOLEAN shim_loaded(void) {
	38	struct ShimLock *shim_lock;
	39
	40	return uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID) &shim_lock_guid, NULL, (VOID*) &shim_lock) == EFI_SUCCESS;
	41	}
	42
	43	static BOOLEAN shim_validate(VOID *data, UINT32 size) {
	44	struct ShimLock *shim_lock;
	45
	46	if (!data)
	47	return FALSE;
	48
	49	if (uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID) &shim_lock_guid, NULL, (VOID*) &shim_lock) != EFI_SUCCESS)
	50	return FALSE;
	51
	52	if (!shim_lock)
	53	return FALSE;
	54
8d44f5a6	55	return shim_lock->shim_verify(data, size) == EFI_SUCCESS;
b2bb40ce MR	56	}
	57
	58	BOOLEAN secure_boot_enabled(void) {
a42d7cf1	59	_cleanup_freepool_ CHAR8 *b = NULL;
b2bb40ce	60	UINTN size;
b2bb40ce	61
a42d7cf1 ZJS	62	if (efivar_get_raw(&global_guid, L"SecureBoot", &b, &size) == EFI_SUCCESS)
a42d7cf1 ZJS	63	return *b > 0;
b2bb40ce MR	64
	65	return FALSE;
	66	}
	67
	68	/*
	69	* See the UEFI Platform Initialization manual (Vol2: DXE) for this
	70	*/
	71	struct _EFI_SECURITY2_PROTOCOL;
	72	struct _EFI_SECURITY_PROTOCOL;
	73	struct _EFI_DEVICE_PATH_PROTOCOL;
	74
	75	typedef struct _EFI_SECURITY2_PROTOCOL EFI_SECURITY2_PROTOCOL;
	76	typedef struct _EFI_SECURITY_PROTOCOL EFI_SECURITY_PROTOCOL;
	77	typedef struct _EFI_DEVICE_PATH_PROTOCOL EFI_DEVICE_PATH_PROTOCOL;
	78
	79	typedef EFI_STATUS (EFIAPI *EFI_SECURITY_FILE_AUTHENTICATION_STATE) (
	80	const EFI_SECURITY_PROTOCOL *This,
	81	UINT32 AuthenticationStatus,
	82	const EFI_DEVICE_PATH_PROTOCOL *File
	83	);
	84
	85	typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
	86	const EFI_SECURITY2_PROTOCOL *This,
	87	const EFI_DEVICE_PATH_PROTOCOL *DevicePath,
	88	VOID *FileBuffer,
	89	UINTN FileSize,
	90	BOOLEAN BootPolicy
	91	);
	92
	93	struct _EFI_SECURITY2_PROTOCOL {
	94	EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
	95	};
	96
	97	struct _EFI_SECURITY_PROTOCOL {
	98	EFI_SECURITY_FILE_AUTHENTICATION_STATE FileAuthenticationState;
	99	};
	100
	101	/* Handle to the original authenticator for security1 protocol */
	102	static EFI_SECURITY_FILE_AUTHENTICATION_STATE esfas = NULL;
	103
	104	/* Handle to the original authenticator for security2 protocol */
	105	static EFI_SECURITY2_FILE_AUTHENTICATION es2fa = NULL;
	106
	107	/*
	108	* Perform shim/MOK and Secure Boot authentication on a binary that's already been
	109	* loaded into memory. This function does the platform SB authentication first
	110	* but preserves its return value in case of its failure, so that it can be
	111	* returned in case of a shim/MOK authentication failure. This is done because
	112	* the SB failure code seems to vary from one implementation to another, and I
	113	* don't want to interfere with that at this time.
	114	*/
	115	static EFIAPI EFI_STATUS security2_policy_authentication (const EFI_SECURITY2_PROTOCOL *this,
	116	const EFI_DEVICE_PATH_PROTOCOL *device_path,
	117	VOID *file_buffer, UINTN file_size, BOOLEAN boot_policy) {
	118	EFI_STATUS status;
	119
	120	/* Chain original security policy */
	121	status = uefi_call_wrapper(es2fa, 5, this, device_path, file_buffer, file_size, boot_policy);
	122
	123	/* if OK, don't bother with MOK check */
	124	if (status == EFI_SUCCESS)
	125	return status;
	126
	127	if (shim_validate(file_buffer, file_size))
128	return EFI_SUCCESS;
129
130	return status;
131	}
132
133	/*
134	* Perform both shim/MOK and platform Secure Boot authentication. This function loads
135	* the file and performs shim/MOK authentication first simply to avoid double loads
136	* of Linux kernels, which are much more likely to be shim/MOK-signed than platform-signed,
137	* since kernels are big and can take several seconds to load on some computers and
138	* filesystems. This also has the effect of returning whatever the platform code is for
139	* authentication failure, be it EFI_ACCESS_DENIED, EFI_SECURITY_VIOLATION, or something
140	* else. (This seems to vary between implementations.)
141	*/
142	static EFIAPI EFI_STATUS security_policy_authentication (const EFI_SECURITY_PROTOCOL *this, UINT32 authentication_status,
143	const EFI_DEVICE_PATH_PROTOCOL *device_path_const) {
144	EFI_STATUS status;
a42d7cf1 ZJS	145	_cleanup_freepool_ EFI_DEVICE_PATH *dev_path = NULL;
a42d7cf1 ZJS	146	_cleanup_freepool_ CHAR16 *dev_path_str = NULL;
b2bb40ce MR	147	EFI_HANDLE h;
b2bb40ce MR	148	EFI_FILE *root;
a42d7cf1	149	_cleanup_freepool_ CHAR8 *file_buffer = NULL;
b2bb40ce	150	UINTN file_size;
b2bb40ce MR	151
	152	if (!device_path_const)
	153	return EFI_INVALID_PARAMETER;
	154
	155	dev_path = DuplicateDevicePath((EFI_DEVICE_PATH*) device_path_const);
	156
	157	status = uefi_call_wrapper(BS->LocateDevicePath, 3, (EFI_GUID*) &simple_fs_guid, &dev_path, &h);
a42d7cf1	158	if (status != EFI_SUCCESS)
b2bb40ce	159	return status;
b2bb40ce	160
5238e957	161	/* No need to check return value, this already happened in efi_main() */
b2bb40ce MR	162	root = LibOpenRoot(h);
b2bb40ce MR	163	dev_path_str = DevicePathToStr(dev_path);
b2bb40ce	164
33d4ba32 JJ	165	status = file_read(root, dev_path_str, 0, 0, &file_buffer, &file_size);
	166	if (EFI_ERROR(status))
	167	return status;
b2bb40ce MR	168	uefi_call_wrapper(root->Close, 1, root);
	169
	170	if (shim_validate(file_buffer, file_size))
a42d7cf1	171	return EFI_SUCCESS;
b2bb40ce	172
a42d7cf1 ZJS	173	/* Try using the platform's native policy.... */
a42d7cf1 ZJS	174	return uefi_call_wrapper(esfas, 3, this, authentication_status, device_path_const);
b2bb40ce MR	175	}
	176
	177	EFI_STATUS security_policy_install(void) {
	178	EFI_SECURITY_PROTOCOL *security_protocol;
	179	EFI_SECURITY2_PROTOCOL *security2_protocol = NULL;
	180	EFI_STATUS status;
	181
	182	/* Already Installed */
	183	if (esfas)
	184	return EFI_ALREADY_STARTED;
	185
	186	/*
bceda88b ZJS	187	* Don't bother with status here. The call is allowed
	188	* to fail, since SECURITY2 was introduced in PI 1.2.1.
	189	* Use security2_protocol == NULL as indicator.
b2bb40ce MR	190	*/
	191	uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID) &security2_protocol_guid, NULL, (VOID*) &security2_protocol);
	192
	193	status = uefi_call_wrapper(BS->LocateProtocol, 3, (EFI_GUID) &security_protocol_guid, NULL, (VOID*) &security_protocol);
	194	/* This one is mandatory, so there's a serious problem */
	195	if (status != EFI_SUCCESS)
	196	return status;
	197
bceda88b ZJS	198	esfas = security_protocol->FileAuthenticationState;
	199	security_protocol->FileAuthenticationState = security_policy_authentication;
	200
	201	if (security2_protocol) {
b2bb40ce MR	202	es2fa = security2_protocol->FileAuthentication;
	203	security2_protocol->FileAuthentication = security2_policy_authentication;
	204	}
	205
b2bb40ce MR	206	return EFI_SUCCESS;
b2bb40ce MR	207	}