Blame SOURCES/0355-verifiers-provide-unsafe-module-list.patch

80913e
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
80913e
From: Daniel Axtens <dja@axtens.net>
80913e
Date: Wed, 29 Jul 2020 17:46:16 +1000
80913e
Subject: [PATCH] verifiers: provide unsafe module list
80913e
80913e
Other verifiers that implement secure boot may want to be able to
80913e
use this list and behaviour.
80913e
80913e
Upstream, this factors the list out of the shim_lock verifier.
80913e
However, that hasn't hit the RHEL8.4 tree yet, so instead
80913e
of factoring it out of that we just create it.
80913e
80913e
Signed-off-by: Daniel Axtens <dja@axtens.net>
80913e
---
80913e
 grub-core/commands/verifiers.c | 46 ++++++++++++++++++++++++++++++++++++++++++
80913e
 include/grub/verify.h          | 13 ++++++++++++
80913e
 2 files changed, 59 insertions(+)
80913e
80913e
diff --git a/grub-core/commands/verifiers.c b/grub-core/commands/verifiers.c
80913e
index 599d79b757e..f64343ac90b 100644
80913e
--- a/grub-core/commands/verifiers.c
80913e
+++ b/grub-core/commands/verifiers.c
80913e
@@ -218,6 +218,52 @@ grub_verify_string (char *str, enum grub_verify_string_type type)
80913e
   return GRUB_ERR_NONE;
80913e
 }
80913e
 
80913e
+/* List of modules which may allow for verifcation to be bypassed. */
80913e
+static const char *const disabled_mods[] = { "iorw", "memrw", "wrmsr", NULL };
80913e
+
80913e
+/*
80913e
+ * Does the module in file `io' allow for the a verifier to be bypassed?
80913e
+ *
80913e
+ * Returns 1 if so, otherwise 0.
80913e
+ */
80913e
+char
80913e
+grub_is_dangerous_module (grub_file_t io)
80913e
+{
80913e
+  char *b, *e;
80913e
+  int i;
80913e
+
80913e
+  /* Establish GRUB module name. */
80913e
+  b = grub_strrchr (io->name, '/');
80913e
+  e = grub_strrchr (io->name, '.');
80913e
+
80913e
+  b = b ? (b + 1) : io->name;
80913e
+  e = e ? e : io->name + grub_strlen (io->name);
80913e
+  e = (e > b) ? e : io->name + grub_strlen (io->name);
80913e
+
80913e
+  for (i = 0; disabled_mods[i]; i++)
80913e
+    if (!grub_strncmp (b, disabled_mods[i],
80913e
+		       grub_strlen (b) - grub_strlen (e)))
80913e
+      return 1;
80913e
+  return 0;
80913e
+}
80913e
+
80913e
+/*
80913e
+ * Is there already an unsafe module in memory?
80913e
+ * Returns the name if one is loaded, otherwise NULL.
80913e
+ */
80913e
+const char *
80913e
+grub_dangerous_module_loaded (void)
80913e
+{
80913e
+  int i;
80913e
+
80913e
+  for (i = 0; disabled_mods[i]; i++)
80913e
+    if (grub_dl_get (disabled_mods[i]))
80913e
+      {
80913e
+	return disabled_mods[i];
80913e
+      }
80913e
+  return NULL;
80913e
+}
80913e
+
80913e
 GRUB_MOD_INIT(verifiers)
80913e
 {
80913e
   grub_file_filter_register (GRUB_FILE_FILTER_VERIFY, grub_verifiers_open);
80913e
diff --git a/include/grub/verify.h b/include/grub/verify.h
80913e
index 79022b42258..60c13e7ea8e 100644
80913e
--- a/include/grub/verify.h
80913e
+++ b/include/grub/verify.h
80913e
@@ -76,3 +76,16 @@ grub_verifier_unregister (struct grub_file_verifier *ver)
80913e
 
80913e
 grub_err_t
80913e
 grub_verify_string (char *str, enum grub_verify_string_type type);
80913e
+
80913e
+/*
80913e
+ * Does the module in file `io' allow for the a verifier to be bypassed?
80913e
+ *
80913e
+ * Returns 1 if so, otherwise 0.
80913e
+ */
80913e
+char grub_is_dangerous_module (grub_file_t io);
80913e
+
80913e
+/*
80913e
+ * Is there already an unsafe module in memory?
80913e
+ * Returns the name if one is loaded, otherwise NULL.
80913e
+ */
80913e
+const char *grub_dangerous_module_loaded (void);