Blame SOURCES/0355-verifiers-provide-unsafe-module-list.patch

5975ab
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
5975ab
From: Daniel Axtens <dja@axtens.net>
5975ab
Date: Wed, 29 Jul 2020 17:46:16 +1000
5975ab
Subject: [PATCH] verifiers: provide unsafe module list
5975ab
5975ab
Other verifiers that implement secure boot may want to be able to
5975ab
use this list and behaviour.
5975ab
5975ab
Upstream, this factors the list out of the shim_lock verifier.
5975ab
However, that hasn't hit the RHEL8.4 tree yet, so instead
5975ab
of factoring it out of that we just create it.
5975ab
5975ab
Signed-off-by: Daniel Axtens <dja@axtens.net>
5975ab
---
5975ab
 grub-core/commands/verifiers.c | 46 ++++++++++++++++++++++++++++++++++++++++++
5975ab
 include/grub/verify.h          | 13 ++++++++++++
5975ab
 2 files changed, 59 insertions(+)
5975ab
5975ab
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
030dc3
index 599d79b757e..f64343ac90b 100644
5975ab
--- a/grub-core/commands/verifiers.c
5975ab
+++ b/grub-core/commands/verifiers.c
5975ab
@@ -218,6 +218,52 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
5975ab
   return GRUB_ERR_NONE;
5975ab
 }
5975ab
 
5975ab
+/* List of modules which may allow for verifcation to be bypassed. */
5975ab
+static const char *const disabled_mods[] = { "iorw", "memrw", "wrmsr", NULL };
5975ab
+
5975ab
+/*
5975ab
+ * Does the module in file `io' allow for the a verifier to be bypassed?
5975ab
+ *
5975ab
+ * Returns 1 if so, otherwise 0.
5975ab
+ */
5975ab
+char
5975ab
+grub_is_dangerous_module (grub_file_t io)
5975ab
+{
5975ab
+  char *b, *e;
5975ab
+  int i;
5975ab
+
5975ab
+  /* Establish GRUB module name. */
5975ab
+  b = grub_strrchr (io->name, '/');
5975ab
+  e = grub_strrchr (io->name, '.');
5975ab
+
5975ab
+  b = b ? (b + 1) : io->name;
5975ab
+  e = e ? e : io->name + grub_strlen (io->name);
5975ab
+  e = (e > b) ? e : io->name + grub_strlen (io->name);
5975ab
+
5975ab
+  for (i = 0; disabled_mods[i]; i++)
5975ab
+    if (!grub_strncmp (b, disabled_mods[i],
5975ab
+		       grub_strlen (b) - grub_strlen (e)))
5975ab
+      return 1;
5975ab
+  return 0;
5975ab
+}
5975ab
+
5975ab
+/*
5975ab
+ * Is there already an unsafe module in memory?
5975ab
+ * Returns the name if one is loaded, otherwise NULL.
5975ab
+ */
5975ab
+const char *
5975ab
+grub_dangerous_module_loaded (void)
5975ab
+{
5975ab
+  int i;
5975ab
+
5975ab
+  for (i = 0; disabled_mods[i]; i++)
5975ab
+    if (grub_dl_get (disabled_mods[i]))
5975ab
+      {
5975ab
+	return disabled_mods[i];
5975ab
+      }
5975ab
+  return NULL;
5975ab
+}
5975ab
+
5975ab
 GRUB_MOD_INIT(verifiers)
5975ab
 {
5975ab
   grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
5975ab
diff --git a/include/grub/verify.h b/include/grub/verify.h
030dc3
index 79022b42258..60c13e7ea8e 100644
5975ab
--- a/include/grub/verify.h
5975ab
+++ b/include/grub/verify.h
5975ab
@@ -76,3 +76,16 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
5975ab
 
5975ab
 grub_err_t
5975ab
 grub_verify_string (char *str, enum grub_verify_string_type type);
5975ab
+
5975ab
+/*
5975ab
+ * Does the module in file `io' allow for the a verifier to be bypassed?
5975ab
+ *
5975ab
+ * Returns 1 if so, otherwise 0.
5975ab
+ */
5975ab
+char grub_is_dangerous_module (grub_file_t io);
5975ab
+
5975ab
+/*
5975ab
+ * Is there already an unsafe module in memory?
5975ab
+ * Returns the name if one is loaded, otherwise NULL.
5975ab
+ */
5975ab
+const char *grub_dangerous_module_loaded (void);