Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa^! / .
commitad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa[log] [tgz]
authorMasahisa Kojima <masahisa.kojima@linaro.org>Tue Dec 20 19:38:52 2022 +0900
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Tue Dec 20 16:06:48 2022 +0100
tree510ccb784f87ee699520789b06858cbd7dc5db44
parent9ba35e64fad0fe205b403da7e30656015979a235 [diff]
eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key

The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.

This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c
index 6e0bebf..ed39aab 100644
--- a/cmd/eficonfig_sbkey.c
+++ b/cmd/eficonfig_sbkey.c

@@ -73,6 +73,28 @@
 }
 
 /**
+ * file_is_null_key() - check the file is an authenticated and signed null key
+ *
+ * @auth:	pointer to the file
+ * @size:	file size
+ * @null_key:	pointer to store the result
+ * Return:	status code
+ */
+static efi_status_t file_is_null_key(struct efi_variable_authentication_2 *auth,
+				     efi_uintn_t size, bool *null_key)
+{
+	efi_uintn_t auth_size =
+		sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength;
+
+	if (size < auth_size)
+		return EFI_INVALID_PARAMETER;
+
+	*null_key = (size == auth_size);
+
+	return EFI_SUCCESS;
+}
+
+/**
  * eficonfig_process_enroll_key() - enroll key into signature database
  *
  * @data:	pointer to the data for each entry
@@ -84,6 +106,7 @@
 	char *buf = NULL;
 	efi_uintn_t size;
 	efi_status_t ret;
+	bool null_key = false;
 	struct efi_file_handle *f = NULL;
 	struct efi_device_path *full_dp = NULL;
 	struct eficonfig_select_file_info file_info;
@@ -149,13 +172,24 @@
 		goto out;
 	}
 
+	ret = file_is_null_key((struct efi_variable_authentication_2 *)buf,
+			       size, &null_key);
+	if (ret != EFI_SUCCESS) {
+		eficonfig_print_msg("ERROR! Invalid file format.");
+		goto out;
+	}
+
 	attr = EFI_VARIABLE_NON_VOLATILE |
 	       EFI_VARIABLE_BOOTSERVICE_ACCESS |
 	       EFI_VARIABLE_RUNTIME_ACCESS |
 	       EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
 
-	/* PK can enroll only one certificate */
-	if (u16_strcmp(data, u"PK")) {
+	/*
+	 * PK can enroll only one certificate.
+	 * The signed null key is used to clear KEK, db and dbx.
+	 * EFI_VARIABLE_APPEND_WRITE attribute must not be set in these cases.
+	 */
+	if (u16_strcmp(data, u"PK") && !null_key) {
 		efi_uintn_t db_size = 0;
 
 		/* check the variable exists. If exists, add APPEND_WRITE attribute */