The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.
This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.
Signed-off-by: Masahisa Kojima <masahisa.koj...@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
---
Changes in v2:
- s/size == 0/!size/
cmd/eficonfig_sbkey.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/cmd/eficonfig_sbkey.c b/cmd/eficonfig_sbkey.c
index 6e0bebf1d4..7fb0467543 100644
--- a/cmd/eficonfig_sbkey.c
+++ b/cmd/eficonfig_sbkey.c
@@ -72,6 +72,30 @@ static bool file_have_auth_header(void *buf, efi_uintn_t
size)
return true;
}
+/**
+ * file_is_null_key() - check the file is an authenticated and signed null key
+ * @auth: pointer to the file
+ * @size: file size
+ * @null_key: pointer to store the result
+ * Return: status code
+ */
+static efi_status_t file_is_null_key(struct efi_variable_authentication_2
*auth,
+ efi_uintn_t size, bool *null_key)
+{
+ efi_status_t ret = EFI_SUCCESS;
+
+ if (size < (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength))
+ return EFI_INVALID_PARAMETER;
+
+ size -= (sizeof(auth->time_stamp) + auth->auth_info.hdr.dwLength);
+ if (!size) /* No payload */
+ *null_key = true;
+ else
+ *null_key = false;
+
+ return ret;
+}
+
/**
* eficonfig_process_enroll_key() - enroll key into signature database
*
@@ -84,6 +108,7 @@ static efi_status_t eficonfig_process_enroll_key(void *data)
char *buf = NULL;
efi_uintn_t size;
efi_status_t ret;
+ bool null_key = false;
struct efi_file_handle *f = NULL;
struct efi_device_path *full_dp = NULL;
struct eficonfig_select_file_info file_info;
@@ -149,13 +174,24 @@ static efi_status_t eficonfig_process_enroll_key(void
*data)
goto out;
}
+ ret = file_is_null_key((struct efi_variable_authentication_2 *)buf,
+ size, &null_key);
+ if (ret != EFI_SUCCESS) {
+ eficonfig_print_msg("ERROR! Invalid file format.");
+ goto out;
+ }
+
attr = EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS |
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
- /* PK can enroll only one certificate */
- if (u16_strcmp(data, u"PK")) {
+ /*
+ * PK can enroll only one certificate.
+ * The signed null key is used to clear KEK, db and dbx.
+ * EFI_VARIABLE_APPEND_WRITE attribute must not be set in these cases.
+ */
+ if (u16_strcmp(data, u"PK") && !null_key) {
efi_uintn_t db_size = 0;
/* check the variable exists. If exists, add APPEND_WRITE
attribute */
--
2.17.1
