Re: [PATCH v2 0/7] Add LoadFile2 and riscv Linux loader

On Tue, 29 Jun 2021 at 21:13, Atish Patra wrote: > > On Mon, Jun 28, 2021 at 2:24 PM Heinrich Schuchardt > wrote: > > > > > > +cc Ard Biesheuvel > > > > Ard, please see question for you below. > > > > On 6/27/21 11:01 PM, Heinrich Schuchardt wrote: > > > On 6/26/21 8:07 PM, Andreas Schwab wrote

[PATCH v2 00/22] appended signature secure boot support

This patch set contains v2 of the consolidated version of the patch sets sent for secure boot using appended signatures on powerpc, rebased on top of git HEAD. The series consists of 4 main parts: 0) Patches 1-3: powerpc-ieee1275 memory enablement. These patches have already been posted to the

[PATCH v2 01/22] ieee1275: drop HEAP_MAX_ADDR, HEAP_MIN_SIZE

HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except on ieee1275 on x86, where it is 64MB. There is a comment which purports to explain it: /* If possible, we will avoid claiming heap above this address, because it seems to cause relocation problems with OSes that link at 4 MiB */

[PATCH v2 02/22] ieee1275: claim more memory

On powerpc-ieee1275, we are running out of memory trying to verify anything. This is because: - we have to load an entire file into memory to verify it. This is extremely difficult to change with appended signatures. - We only have 32MB of heap. - Distro kernels are now often around 30MB. S

[PATCH v2 09/22] crypto: move storage for grub_crypto_pk_* to crypto.c

The way gcry_rsa and friends (the asymmetric ciphers) are loaded for the pgp module is a bit quirky. include/grub/crypto.h contains: extern struct gcry_pk_spec *grub_crypto_pk_rsa; commands/pgp.c contains the actual storage: struct gcry_pk_spec *grub_crypto_pk_rsa; And the module itself save

[PATCH v2 03/22] ieee1275: request memory with ibm, client-architecture-support

On PowerVM, the first time we boot a Linux partition, we may only get 256MB of real memory area, even if the partition has more memory. This isn't really enough. Fortunately, the Power Architecture Platform Reference (PAPR) defines a method we can call to ask for more memory. This is part of the b

[PATCH v2 07/22] dl: provide a fake grub_dl_set_persistent for the emu target

Trying to start grub-emu with a module that calls grub_dl_set_persistent will crash because grub-emu fakes modules and passes NULL to the module init function. Provide an empty function for the emu case. Fixes: ee7808e2197c (dl: Add support for persistent modules) Signed-off-by: Daniel Axtens --

[PATCH v2 04/22] Add suport for signing grub with an appended signature

From: Rashmica Gupta Add infrastructure to allow firmware to verify the integrity of grub by use of a Linux-kernel-module-style appended signature. We initially target powerpc-ieee1275, but the code should be extensible to other platforms. Usually these signatures are appended to a file without

[PATCH v2 12/22] libtasn1: disable code not needed in grub

We don't expect to be able to write ASN.1, only read it, so we can disable some code. Do that with #if 0/#endif, rather than deletion. This means that the difference between upstream and grub is smaller, which should make updating libtasn1 easier in the future. With these exclusions we also avoid

[PATCH v2 05/22] docs/grub: Document signing grub under UEFI

Before adding information about how grub is signed with an appended signature scheme, it's worth adding some information about how it can currently be signed for UEFI. Signed-off-by: Daniel Axtens --- docs/grub.texi | 22 +- 1 file changed, 21 insertions(+), 1 deletion(-) di

[PATCH v2 08/22] pgp: factor out rsa_pad

rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme. We want to use it in other RSA signature verification applications. I considered and rejected putting it in lib/crypto.c. That file doesn't currently require any MPI functions, but rsa_pad does. That's not so much of a problem for

[PATCH v2 06/22] docs/grub: Document signing grub with an appended signature

Signing grub for firmware that verifies an appended signature is a bit fiddly. I don't want people to have to figure it out from scratch so document it here. Signed-off-by: Daniel Axtens --- docs/grub.texi | 42 ++ 1 file changed, 42 insertions(+) diff --

[PATCH v2 10/22] posix_wrap: tweaks in preparation for libtasn1

- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as SIZEOF_UNSIGNED_LONG. - Define WORD_BIT, the size in bits of an int. This is a defined in the Single Unix Specification and in gnulib's limits.h. gnulib assumes it's 32 bits on all our platforms, including 64 bit platforms, so we al

[PATCH v2 20/22] appended signatures: verification tests

These tests are run through all_functional_test and test a range of commands and behaviours. Signed-off-by: Daniel Axtens --- v2 changes: - add a test for EKU - add tests for files signed with multiple signers - add a test of padded PKCS#7 messages - use macros to reduce duplication fo

[PATCH v2 16/22] grub-install: support embedding x509 certificates

From: Alastair D'Silva To support verification of appended signatures, we need a way to embed the necessary public keys. Existing appended signature schemes in the Linux kernel use X.509 certificates, so allow certificates to be embedded in the grub core image in the same way as PGP keys. Signed

[PATCH v2 13/22] libtasn1: changes for grub compatibility

Do a few things to make libtasn1 compile as part of grub: - redefine _asn1_strcat. grub removed strcat so replace it with the appropriate calls to memcpy and strlen. Use this internally where strcat was used. - replace c_isdigit with grub_isdigit (and don't import c-ctype from gnulib)

[PATCH v2 17/22] appended signatures: import GNUTLS's ASN.1 description files

In order to parse PKCS#7 messages and X.509 certificates with libtasn1, we need some information about how they are encoded. We get these from GNUTLS, which has the benefit that they support the features we need and are well tested. The GNUTLS license is LGPLv2.1+, which is GPLv3 compatible, allo

[PATCH v2 14/22] libtasn1: compile into asn1 module

Create a wrapper file that specifies the module license. Set up the makefile so it is built. Signed-off-by: Daniel Axtens --- grub-core/Makefile.core.def| 15 +++ grub-core/lib/libtasn1_wrap/wrap.c | 26 ++ 2 files changed, 41 insertions(+) create mod

[PATCH v2 18/22] appended signatures: parse PKCS#7 signedData and X.509 certificates

This code allows us to parse: - PKCS#7 signedData messages. Only a single signerInfo is supported, which is all that the Linux sign-file utility supports creating out-of-the-box. Only RSA, SHA-256 and SHA-512 are supported. Any certificate embedded in the PKCS#7 message will be ignored.

[PATCH v2 22/22] ieee1275: enter lockdown based on /ibm,secure-boot

If the 'ibm,secure-boot' property of the root node is 2 or greater, enter lockdown. Signed-off-by: Daniel Axtens --- docs/grub.texi | 4 ++-- grub-core/Makefile.core.def| 1 + grub-core/kern/ieee1275/init.c | 27 +++ include/grub/lockdown.h|

[PATCH v2 19/22] appended signatures: support verifying appended signatures

Building on the parsers and the ability to embed x509 certificates, as well as the existing gcrypt functionality, add a module for verifying appended signatures. This includes a verifier that requires that Linux kernels and grub modules have appended signatures, and commands to manage the list of

[PATCH v2 21/22] appended signatures: documentation

This explains how appended signatures can be used to form part of a secure boot chain, and documents the commands and variables introduced. Signed-off-by: Daniel Axtens --- v2: fix a grammar issue, thanks Stefan Berger. --- docs/grub.texi | 193 -