From patchwork Mon Nov 1 22:05:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1549359 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Xf53ehDf; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=2404:9400:2:0:216:3eff:fee1:b9f1; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2404:9400:2:0:216:3eff:fee1:b9f1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HjnD256s7z9sVc for ; Tue, 2 Nov 2021 09:05:54 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4HjnD2424jz2yJP for ; Tue, 2 Nov 2021 09:05:54 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Xf53ehDf; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=Xf53ehDf; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4HjnCW0gQVz2xy3 for ; Tue, 2 Nov 2021 09:05:26 +1100 (AEDT) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1A1Igcw8018040 for ; Mon, 1 Nov 2021 22:05:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=GHU17JxhEwVblptPHLMWLIiW63J0zqUG+k7sq65LLCk=; b=Xf53ehDfcP6vAk1KaizBJAxBr3RG5RlLEvlsOXj/81rlba/mtl2QAnNFDTc4oq92/T6k XNZxQAD5Fj1/MQmlSMv8eTWZVMMlf7ShuV6pe50GNGNSaBE6RGk93LTcLHQzSmd9GmaU fgI4z2SvqZkiqF1upMnAd2wVNpKeWmEM25mqhX1pZ/isluvDVxW7nR+N6q16dCqOPGtN WDpUhKI1NrZipk1KYP6C3Lmm9mJTZ1rGoAUTIqq6QGhFo6udAETPY1geR6tUU9PdwRTp QqD20BxzSOCdfxjRokRhEN8uAGI/9wrtyY6gt8UEuVW3D5xP8hTIUnG0UKNx3FWSD/Q3 4w== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 3c2nrnbjmj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 01 Nov 2021 22:05:24 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1A1M3OOX006598 for ; Mon, 1 Nov 2021 22:05:22 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma03ams.nl.ibm.com with ESMTP id 3c0wp9ds5h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 01 Nov 2021 22:05:22 +0000 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1A1M5JmO61997424 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 1 Nov 2021 22:05:19 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B223AE055; Mon, 1 Nov 2021 22:05:19 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 460A4AE056; Mon, 1 Nov 2021 22:05:18 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.65.245.33]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 1 Nov 2021 22:05:18 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Mon, 1 Nov 2021 17:05:10 -0500 Message-Id: <20211101220513.835940-4-erichte@linux.ibm.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20211101220513.835940-1-erichte@linux.ibm.com> References: <20211101220513.835940-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 2YAEBt5Zhhrez-zDe2cvgwR4YWR4XT9_ X-Proofpoint-ORIG-GUID: 2YAEBt5Zhhrez-zDe2cvgwR4YWR4XT9_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-01_07,2021-11-01_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 suspectscore=0 lowpriorityscore=0 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 adultscore=0 impostorscore=0 mlxlogscore=557 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111010115 Subject: [Skiboot] [PATCH v2 3/6] secvar/edk2: store timestamp variable in protected storage X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nick.child@ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" Each signed variable update contains a timestamp -- this timestamp is checked against the previous timestamp seen for that particular variable (if any), and the update is rejected if the timestamp is not a later time than the previous. This timestamp check is intended to prevent re-use of signed update files. Currently, the code stores the timestamps in the TS variable, which is then stored in regular variable storage (typically PNOR). This patch promotes the variable to "protected storage" (typically TPM NV), so avoid this variable being accidentally cleared. This change should only come into effect when either: - initializing secvar for the first time (i.e. first boot, or after a key-clear-request) - processing any variable update Systems that already have a TS variable in PNOR will not be affected until either of the above actions are taken. Signed-off-by: Eric Richter Reviewed-by: Daniel Axtens --- libstb/secvar/backend/edk2-compat-process.c | 4 +++- libstb/secvar/backend/edk2-compat.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c index 770c3706..d69e066f 100644 --- a/libstb/secvar/backend/edk2-compat-process.c +++ b/libstb/secvar/backend/edk2-compat-process.c @@ -45,7 +45,9 @@ int update_variable_in_bank(struct secvar *update_var, const char *data, else var->flags |= SECVAR_FLAG_VOLATILE; - if (key_equals(update_var->key, "PK") || key_equals(update_var->key, "HWKH")) + if (key_equals(update_var->key, "PK") + || key_equals(update_var->key, "HWKH") + || key_equals(update_var->key, "TS")) var->flags |= SECVAR_FLAG_PROTECTED; return 0; diff --git a/libstb/secvar/backend/edk2-compat.c b/libstb/secvar/backend/edk2-compat.c index 9e61fbc6..d7975fa2 100644 --- a/libstb/secvar/backend/edk2-compat.c +++ b/libstb/secvar/backend/edk2-compat.c @@ -89,6 +89,7 @@ static int edk2_compat_pre_process(struct list_head *variable_bank, memcpy(tsvar->key, "TS", 3); tsvar->key_len = 3; tsvar->data_size = sizeof(struct efi_time) * 4; + tsvar->flags = SECVAR_FLAG_PROTECTED; memset(tsvar->data, 0, tsvar->data_size); list_add_tail(variable_bank, &tsvar->link); }