1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
4 * Copyright (c) 2019 Linaro Limited, Author: AKASHI Takahiro
9 #include <efi_loader.h>
13 #include <crypto/pkcs7.h>
14 #include <crypto/pkcs7_parser.h>
15 #include <crypto/public_key.h>
16 #include <linux/compat.h>
17 #include <linux/oid_registry.h>
18 #include <u-boot/rsa.h>
19 #include <u-boot/sha256.h>
21 const efi_guid_t efi_guid_image_security_database =
22 EFI_IMAGE_SECURITY_DATABASE_GUID;
23 const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
24 const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
25 const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
26 const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
27 const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
29 #ifdef CONFIG_EFI_SECURE_BOOT
32 * efi_hash_regions - calculate a hash value
33 * @regs: Array of regions
34 * @count: Number of regions
35 * @hash: Pointer to a pointer to buffer holding a hash value
36 * @size: Size of buffer to be returned
38 * Calculate a sha256 value of @regs and return a value in @hash.
40 * Return: true on success, false on error
42 static bool efi_hash_regions(struct image_region *regs, int count,
43 void **hash, size_t *size)
46 *hash = calloc(1, SHA256_SUM_LEN);
48 EFI_PRINT("Out of memory\n");
53 *size = SHA256_SUM_LEN;
55 hash_calculate("sha256", regs, count, *hash);
57 EFI_PRINT("hash calculated:\n");
58 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
59 *hash, SHA256_SUM_LEN, false);
66 * efi_signature_lookup_digest - search for an image's digest in sigdb
67 * @regs: List of regions to be authenticated
68 * @db: Signature database for trusted certificates
70 * A message digest of image pointed to by @regs is calculated and
71 * its hash value is compared to entries in signature database pointed
74 * Return: true if found, false if not
76 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
77 struct efi_signature_store *db)
79 struct efi_signature_store *siglist;
80 struct efi_sig_data *sig_data;
85 EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db);
87 if (!regs || !db || !db->sig_data_list)
90 for (siglist = db; siglist; siglist = siglist->next) {
91 /* TODO: support other hash algorithms */
92 if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) {
93 EFI_PRINT("Digest algorithm is not supported: %pUl\n",
98 if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
99 EFI_PRINT("Digesting an image failed\n");
103 for (sig_data = siglist->sig_data_list; sig_data;
104 sig_data = sig_data->next) {
106 EFI_PRINT("Msg digest in database:\n");
107 print_hex_dump(" ", DUMP_PREFIX_OFFSET, 16, 1,
108 sig_data->data, sig_data->size, false);
110 if (sig_data->size == size &&
111 !memcmp(sig_data->data, hash, size)) {
123 EFI_PRINT("%s: Exit, found: %d\n", __func__, found);
128 * efi_lookup_certificate - find a certificate within db
130 * @db: Signature database
132 * Search signature database pointed to by @db and find a certificate
133 * pointed to by @cert.
135 * Return: true if found, false otherwise.
137 static bool efi_lookup_certificate(struct x509_certificate *cert,
138 struct efi_signature_store *db)
140 struct efi_signature_store *siglist;
141 struct efi_sig_data *sig_data;
142 struct image_region reg[1];
143 void *hash = NULL, *hash_tmp = NULL;
147 EFI_PRINT("%s: Enter, %p, %p\n", __func__, cert, db);
149 if (!cert || !db || !db->sig_data_list)
153 * TODO: identify a certificate using sha256 digest
154 * Is there any better way?
156 /* calculate hash of TBSCertificate */
157 reg[0].data = cert->tbs;
158 reg[0].size = cert->tbs_size;
159 if (!efi_hash_regions(reg, 1, &hash, &size))
162 EFI_PRINT("%s: searching for %s\n", __func__, cert->subject);
163 for (siglist = db; siglist; siglist = siglist->next) {
164 /* only with x509 certificate */
165 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509))
168 for (sig_data = siglist->sig_data_list; sig_data;
169 sig_data = sig_data->next) {
170 struct x509_certificate *cert_tmp;
172 cert_tmp = x509_cert_parse(sig_data->data,
174 if (IS_ERR_OR_NULL(cert_tmp))
177 reg[0].data = cert_tmp->tbs;
178 reg[0].size = cert_tmp->tbs_size;
179 if (!efi_hash_regions(reg, 1, &hash_tmp, NULL))
182 x509_free_certificate(cert_tmp);
184 if (!memcmp(hash, hash_tmp, size)) {
194 EFI_PRINT("%s: Exit, found: %d\n", __func__, found);
199 * efi_verify_certificate - verify certificate's signature with database
200 * @signer: Certificate
201 * @db: Signature database
202 * @root: Certificate to verify @signer
204 * Determine if certificate pointed to by @signer may be verified
205 * by one of certificates in signature database pointed to by @db.
207 * Return: true if certificate is verified, false otherwise.
209 static bool efi_verify_certificate(struct x509_certificate *signer,
210 struct efi_signature_store *db,
211 struct x509_certificate **root)
213 struct efi_signature_store *siglist;
214 struct efi_sig_data *sig_data;
215 struct x509_certificate *cert;
216 bool verified = false;
219 EFI_PRINT("%s: Enter, %p, %p\n", __func__, signer, db);
221 if (!signer || !db || !db->sig_data_list)
224 for (siglist = db; siglist; siglist = siglist->next) {
225 /* only with x509 certificate */
226 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509))
229 for (sig_data = siglist->sig_data_list; sig_data;
230 sig_data = sig_data->next) {
231 cert = x509_cert_parse(sig_data->data, sig_data->size);
232 if (IS_ERR_OR_NULL(cert)) {
233 EFI_PRINT("Cannot parse x509 certificate\n");
237 ret = public_key_verify_signature(cert->pub,
244 x509_free_certificate(cert);
247 x509_free_certificate(cert);
252 EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
257 * efi_signature_check_revocation - check revocation with dbx
258 * @sinfo: Signer's info
259 * @cert: x509 certificate
260 * @dbx: Revocation signature database
262 * Search revocation signature database pointed to by @dbx and find
263 * an entry matching to certificate pointed to by @cert.
265 * While this entry contains revocation time, we don't support timestamp
266 * protocol at this time and any image will be unconditionally revoked
267 * when this match occurs.
269 * Return: true if check passed, false otherwise.
271 static bool efi_signature_check_revocation(struct pkcs7_signed_info *sinfo,
272 struct x509_certificate *cert,
273 struct efi_signature_store *dbx)
275 struct efi_signature_store *siglist;
276 struct efi_sig_data *sig_data;
277 struct image_region reg[1];
281 bool revoked = false;
283 EFI_PRINT("%s: Enter, %p, %p, %p\n", __func__, sinfo, cert, dbx);
285 if (!sinfo || !cert || !dbx || !dbx->sig_data_list)
288 EFI_PRINT("Checking revocation against %s\n", cert->subject);
289 for (siglist = dbx; siglist; siglist = siglist->next) {
290 if (guidcmp(&siglist->sig_type, &efi_guid_cert_x509_sha256))
293 /* calculate hash of TBSCertificate */
294 reg[0].data = cert->tbs;
295 reg[0].size = cert->tbs_size;
296 if (!efi_hash_regions(reg, 1, &hash, &size))
299 for (sig_data = siglist->sig_data_list; sig_data;
300 sig_data = sig_data->next) {
302 * struct efi_cert_x509_sha256 {
303 * u8 tbs_hash[256/8];
304 * time64_t revocation_time;
308 if (sig_data->size >= size) {
309 EFI_PRINT("hash in db:\n");
310 print_hex_dump(" ", DUMP_PREFIX_OFFSET,
312 sig_data->data, size, false);
315 if ((sig_data->size < size + sizeof(time64_t)) ||
316 memcmp(sig_data->data, hash, size))
319 memcpy(&revoc_time, sig_data->data + size,
321 EFI_PRINT("revocation time: 0x%llx\n", revoc_time);
323 * TODO: compare signing timestamp in sinfo
324 * with revocation time
335 EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked);
340 * efi_signature_verify_one - verify signatures with database
341 * @regs: List of regions to be authenticated
343 * @db: Signature database
345 * All the signature pointed to by @msg against image pointed to by @regs
346 * will be verified by signature database pointed to by @db.
348 * Return: true if verification for one of signatures passed, false
351 bool efi_signature_verify_one(struct efi_image_regions *regs,
352 struct pkcs7_message *msg,
353 struct efi_signature_store *db)
355 struct pkcs7_signed_info *sinfo;
356 struct x509_certificate *signer;
357 bool verified = false;
360 EFI_PRINT("%s: Enter, %p, %p, %p\n", __func__, regs, msg, db);
365 if (!db->sig_data_list)
368 EFI_PRINT("%s: Verify signed image with db\n", __func__);
369 for (sinfo = msg->signed_infos; sinfo; sinfo = sinfo->next) {
370 EFI_PRINT("Signed Info: digest algo: %s, pkey algo: %s\n",
371 sinfo->sig->hash_algo, sinfo->sig->pkey_algo);
373 EFI_PRINT("Verifying certificate chain\n");
375 ret = pkcs7_verify_one(msg, sinfo, &signer);
379 if (ret < 0 || !signer)
382 if (sinfo->blacklisted)
385 EFI_PRINT("Verifying last certificate in chain\n");
386 if (signer->self_signed) {
387 if (efi_lookup_certificate(signer, db)) {
391 } else if (efi_verify_certificate(signer, db, NULL)) {
395 EFI_PRINT("Valid certificate not in db\n");
399 EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
404 * efi_signature_verify - verify signatures with db and dbx
405 * @regs: List of regions to be authenticated
407 * @db: Signature database for trusted certificates
408 * @dbx: Revocation signature database
410 * All the signature pointed to by @msg against image pointed to by @regs
411 * will be verified by signature database pointed to by @db and @dbx.
413 * Return: true if verification for all signatures passed, false otherwise
415 bool efi_signature_verify(struct efi_image_regions *regs,
416 struct pkcs7_message *msg,
417 struct efi_signature_store *db,
418 struct efi_signature_store *dbx)
420 struct pkcs7_signed_info *sinfo;
421 struct x509_certificate *signer, *root;
422 bool verified = false;
425 EFI_PRINT("%s: Enter, %p, %p, %p, %p\n", __func__, regs, msg, db, dbx);
427 if (!regs || !msg || !db || !db->sig_data_list)
430 for (sinfo = msg->signed_infos; sinfo; sinfo = sinfo->next) {
431 EFI_PRINT("Signed Info: digest algo: %s, pkey algo: %s\n",
432 sinfo->sig->hash_algo, sinfo->sig->pkey_algo);
435 * only for authenticated variable.
437 * If this function is called for image,
438 * hash calculation will be done in
439 * pkcs7_verify_one().
442 !efi_hash_regions(regs->reg, regs->num,
443 (void **)&sinfo->sig->digest, NULL)) {
444 EFI_PRINT("Digesting an image failed\n");
448 EFI_PRINT("Verifying certificate chain\n");
450 ret = pkcs7_verify_one(msg, sinfo, &signer);
454 if (ret < 0 || !signer)
457 if (sinfo->blacklisted)
460 EFI_PRINT("Verifying last certificate in chain\n");
461 if (signer->self_signed) {
462 if (efi_lookup_certificate(signer, db))
463 if (efi_signature_check_revocation(sinfo,
466 } else if (efi_verify_certificate(signer, db, &root)) {
469 check = efi_signature_check_revocation(sinfo, root,
471 x509_free_certificate(root);
476 EFI_PRINT("Certificate chain didn't reach trusted CA\n");
481 EFI_PRINT("%s: Exit, verified: %d\n", __func__, verified);
486 * efi_signature_check_signers - check revocation against all signers with dbx
488 * @dbx: Revocation signature database
490 * Determine if none of signers' certificates in @msg are revoked
491 * by signature database pointed to by @dbx.
493 * Return: true if all signers passed, false otherwise.
495 bool efi_signature_check_signers(struct pkcs7_message *msg,
496 struct efi_signature_store *dbx)
498 struct pkcs7_signed_info *sinfo;
499 bool revoked = false;
501 EFI_PRINT("%s: Enter, %p, %p\n", __func__, msg, dbx);
506 for (sinfo = msg->signed_infos; sinfo; sinfo = sinfo->next) {
508 !efi_signature_check_revocation(sinfo, sinfo->signer,
515 EFI_PRINT("%s: Exit, revoked: %d\n", __func__, revoked);
520 * efi_image_region_add() - add an entry of region
521 * @regs: Pointer to array of regions
522 * @start: Start address of region (included)
523 * @end: End address of region (excluded)
524 * @nocheck: flag against overlapped regions
526 * Take one entry of region [@start, @end[ and insert it into the list.
528 * * If @nocheck is false, the list will be sorted ascending by address.
529 * Overlapping entries will not be allowed.
531 * * If @nocheck is true, the list will be sorted ascending by sequence
532 * of adding the entries. Overlapping is allowed.
534 * Return: status code
536 efi_status_t efi_image_region_add(struct efi_image_regions *regs,
537 const void *start, const void *end,
540 struct image_region *reg;
543 if (regs->num >= regs->max) {
544 EFI_PRINT("%s: no more room for regions\n", __func__);
545 return EFI_OUT_OF_RESOURCES;
549 return EFI_INVALID_PARAMETER;
551 for (i = 0; i < regs->num; i++) {
556 /* new data after registered region */
557 if (start >= reg->data + reg->size)
560 /* new data preceding registered region */
561 if (end <= reg->data) {
562 for (j = regs->num - 1; j >= i; j--)
563 memcpy(®s->reg[j + 1], ®s->reg[j],
568 /* new data overlapping registered region */
569 EFI_PRINT("%s: new region already part of another\n", __func__);
570 return EFI_INVALID_PARAMETER;
575 reg->size = end - start;
582 * efi_sigstore_free - free signature store
583 * @sigstore: Pointer to signature store structure
585 * Feee all the memories held in signature store and itself,
586 * which were allocated by efi_sigstore_parse_sigdb().
588 void efi_sigstore_free(struct efi_signature_store *sigstore)
590 struct efi_signature_store *sigstore_next;
591 struct efi_sig_data *sig_data, *sig_data_next;
594 sigstore_next = sigstore->next;
596 sig_data = sigstore->sig_data_list;
598 sig_data_next = sig_data->next;
599 free(sig_data->data);
601 sig_data = sig_data_next;
605 sigstore = sigstore_next;
610 * efi_sigstore_parse_siglist - parse a signature list
611 * @name: Pointer to signature list
613 * Parse signature list and instantiate a signature store structure.
614 * Signature database is a simple concatenation of one or more
617 * Return: Pointer to signature store on success, NULL on error
619 static struct efi_signature_store *
620 efi_sigstore_parse_siglist(struct efi_signature_list *esl)
622 struct efi_signature_store *siglist = NULL;
623 struct efi_sig_data *sig_data, *sig_data_next;
624 struct efi_signature_data *esd;
628 * UEFI specification defines certificate types:
629 * for non-signed images,
630 * EFI_CERT_SHA256_GUID
631 * EFI_CERT_RSA2048_GUID
632 * EFI_CERT_RSA2048_SHA256_GUID
634 * EFI_CERT_RSA2048_SHA_GUID
635 * EFI_CERT_SHA224_GUID
636 * EFI_CERT_SHA384_GUID
637 * EFI_CERT_SHA512_GUID
641 * NOTE: Each certificate will normally be in a separate
642 * EFI_SIGNATURE_LIST as the size may vary depending on
645 * for timestamp revocation of certificate,
646 * EFI_CERT_X509_SHA512_GUID
647 * EFI_CERT_X509_SHA256_GUID
648 * EFI_CERT_X509_SHA384_GUID
651 if (esl->signature_list_size
652 <= (sizeof(*esl) + esl->signature_header_size)) {
653 EFI_PRINT("Siglist in wrong format\n");
658 siglist = calloc(sizeof(*siglist), 1);
660 EFI_PRINT("Out of memory\n");
663 memcpy(&siglist->sig_type, &esl->signature_type, sizeof(efi_guid_t));
665 /* Go through the list */
666 sig_data_next = NULL;
667 left = esl->signature_list_size
668 - (sizeof(*esl) + esl->signature_header_size);
669 esd = (struct efi_signature_data *)
670 ((u8 *)esl + sizeof(*esl) + esl->signature_header_size);
673 /* Signature must exist if there is remaining data. */
674 if (left < esl->signature_size) {
675 EFI_PRINT("Certificate is too small\n");
679 sig_data = calloc(esl->signature_size
680 - sizeof(esd->signature_owner), 1);
682 EFI_PRINT("Out of memory\n");
686 /* Append signature data */
687 memcpy(&sig_data->owner, &esd->signature_owner,
689 sig_data->size = esl->signature_size
690 - sizeof(esd->signature_owner);
691 sig_data->data = malloc(sig_data->size);
692 if (!sig_data->data) {
693 EFI_PRINT("Out of memory\n");
696 memcpy(sig_data->data, esd->signature_data, sig_data->size);
698 sig_data->next = sig_data_next;
699 sig_data_next = sig_data;
702 esd = (struct efi_signature_data *)
703 ((u8 *)esd + esl->signature_size);
704 left -= esl->signature_size;
706 siglist->sig_data_list = sig_data_next;
711 efi_sigstore_free(siglist);
717 * efi_sigstore_parse_sigdb - parse a signature database variable
718 * @name: Variable's name
720 * Read in a value of signature database variable pointed to by
721 * @name, parse it and instantiate a signature store structure.
723 * Return: Pointer to signature store on success, NULL on error
725 struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
727 struct efi_signature_store *sigstore = NULL, *siglist;
728 struct efi_signature_list *esl;
729 const efi_guid_t *vendor;
734 if (!u16_strcmp(name, L"PK") || !u16_strcmp(name, L"KEK")) {
735 vendor = &efi_global_variable_guid;
736 } else if (!u16_strcmp(name, L"db") || !u16_strcmp(name, L"dbx")) {
737 vendor = &efi_guid_image_security_database;
739 EFI_PRINT("unknown signature database, %ls\n", name);
743 /* retrieve variable data */
745 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, NULL));
746 if (ret == EFI_NOT_FOUND) {
747 EFI_PRINT("variable, %ls, not found\n", name);
748 sigstore = calloc(sizeof(*sigstore), 1);
750 } else if (ret != EFI_BUFFER_TOO_SMALL) {
751 EFI_PRINT("Getting variable, %ls, failed\n", name);
755 db = malloc(db_size);
757 EFI_PRINT("Out of memory\n");
761 ret = EFI_CALL(efi_get_variable(name, vendor, NULL, &db_size, db));
762 if (ret != EFI_SUCCESS) {
763 EFI_PRINT("Getting variable, %ls, failed\n", name);
767 /* Parse siglist list */
769 while (db_size > 0) {
770 /* List must exist if there is remaining data. */
771 if (db_size < sizeof(*esl)) {
772 EFI_PRINT("variable, %ls, in wrong format\n", name);
776 if (db_size < esl->signature_list_size) {
777 EFI_PRINT("variable, %ls, in wrong format\n", name);
781 /* Parse a single siglist. */
782 siglist = efi_sigstore_parse_siglist(esl);
784 EFI_PRINT("Parsing signature list of %ls failed\n",
790 siglist->next = sigstore;
794 db_size -= esl->signature_list_size;
795 esl = (void *)esl + esl->signature_list_size;
802 efi_sigstore_free(sigstore);
807 #endif /* CONFIG_EFI_SECURE_BOOT */