diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch')
-rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch b/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch new file mode 100644 index 0000000000..12ec4e1c17 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-14372_5.patch | |||
@@ -0,0 +1,158 @@ | |||
1 | From 1ad728b08ba2a21573e5f81a565114f74ca33988 Mon Sep 17 00:00:00 2001 | ||
2 | From: Javier Martinez Canillas <javierm@redhat.com> | ||
3 | Date: Mon, 28 Sep 2020 20:08:33 +0200 | ||
4 | Subject: [PATCH] efi: Use grub_is_lockdown() instead of hardcoding a disabled | ||
5 | modules list | ||
6 | |||
7 | Now the GRUB can check if it has been locked down and this can be used to | ||
8 | prevent executing commands that can be utilized to circumvent the UEFI | ||
9 | Secure Boot mechanisms. So, instead of hardcoding a list of modules that | ||
10 | have to be disabled, prevent the usage of commands that can be dangerous. | ||
11 | |||
12 | This not only allows the commands to be disabled on other platforms, but | ||
13 | also properly separate the concerns. Since the shim_lock verifier logic | ||
14 | should be only about preventing to run untrusted binaries and not about | ||
15 | defining these kind of policies. | ||
16 | |||
17 | Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> | ||
18 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
19 | |||
20 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=8f73052885892bc0dbc01e297f79d7cf4925e491] | ||
21 | CVE: CVE-2020-14372 | ||
22 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
23 | --- | ||
24 | docs/grub.texi | 10 ++++++++++ | ||
25 | grub-core/commands/i386/wrmsr.c | 5 +++-- | ||
26 | grub-core/commands/iorw.c | 19 ++++++++++--------- | ||
27 | grub-core/commands/memrw.c | 19 ++++++++++--------- | ||
28 | 4 files changed, 33 insertions(+), 20 deletions(-) | ||
29 | |||
30 | diff --git a/docs/grub.texi b/docs/grub.texi | ||
31 | index 5e6cace..0786427 100644 | ||
32 | --- a/docs/grub.texi | ||
33 | +++ b/docs/grub.texi | ||
34 | @@ -5256,6 +5256,9 @@ only applies to the particular cpu/core/thread that runs the command. | ||
35 | Also, if you specify a reserved or unimplemented MSR address, it will | ||
36 | cause a general protection exception (which is not currently being handled) | ||
37 | and the system will reboot. | ||
38 | + | ||
39 | +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
40 | + This is done to prevent subverting various security mechanisms. | ||
41 | @end deffn | ||
42 | |||
43 | @node xen_hypervisor | ||
44 | @@ -5758,6 +5761,13 @@ security reasons. All above mentioned requirements are enforced by the | ||
45 | shim_lock module. And itself it is a persistent module which means that | ||
46 | it cannot be unloaded if it was loaded into the memory. | ||
47 | |||
48 | +All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables, | ||
49 | +Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands | ||
50 | +that can be used to subvert the UEFI secure boot mechanism, such as @command{iorw} | ||
51 | +and @command{memrw} will not be available when the UEFI secure boot is enabled. | ||
52 | +This is done for security reasons and are enforced by the GRUB Lockdown mechanism | ||
53 | +(@pxref{Lockdown}). | ||
54 | + | ||
55 | @node Measured Boot | ||
56 | @section Measuring boot components | ||
57 | |||
58 | diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c | ||
59 | index 9c5e510..56a29c2 100644 | ||
60 | --- a/grub-core/commands/i386/wrmsr.c | ||
61 | +++ b/grub-core/commands/i386/wrmsr.c | ||
62 | @@ -24,6 +24,7 @@ | ||
63 | #include <grub/env.h> | ||
64 | #include <grub/command.h> | ||
65 | #include <grub/extcmd.h> | ||
66 | +#include <grub/lockdown.h> | ||
67 | #include <grub/i18n.h> | ||
68 | #include <grub/i386/cpuid.h> | ||
69 | #include <grub/i386/wrmsr.h> | ||
70 | @@ -83,8 +84,8 @@ grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char | ||
71 | |||
72 | GRUB_MOD_INIT(wrmsr) | ||
73 | { | ||
74 | - cmd_write = grub_register_command ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), | ||
75 | - N_("Write a value to a CPU model specific register.")); | ||
76 | + cmd_write = grub_register_command_lockdown ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"), | ||
77 | + N_("Write a value to a CPU model specific register.")); | ||
78 | } | ||
79 | |||
80 | GRUB_MOD_FINI(wrmsr) | ||
81 | diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c | ||
82 | index a0c164e..584baec 100644 | ||
83 | --- a/grub-core/commands/iorw.c | ||
84 | +++ b/grub-core/commands/iorw.c | ||
85 | @@ -23,6 +23,7 @@ | ||
86 | #include <grub/env.h> | ||
87 | #include <grub/cpu/io.h> | ||
88 | #include <grub/i18n.h> | ||
89 | +#include <grub/lockdown.h> | ||
90 | |||
91 | GRUB_MOD_LICENSE ("GPLv3+"); | ||
92 | |||
93 | @@ -131,17 +132,17 @@ GRUB_MOD_INIT(memrw) | ||
94 | N_("PORT"), N_("Read 32-bit value from PORT."), | ||
95 | options); | ||
96 | cmd_write_byte = | ||
97 | - grub_register_command ("outb", grub_cmd_write, | ||
98 | - N_("PORT VALUE [MASK]"), | ||
99 | - N_("Write 8-bit VALUE to PORT.")); | ||
100 | + grub_register_command_lockdown ("outb", grub_cmd_write, | ||
101 | + N_("PORT VALUE [MASK]"), | ||
102 | + N_("Write 8-bit VALUE to PORT.")); | ||
103 | cmd_write_word = | ||
104 | - grub_register_command ("outw", grub_cmd_write, | ||
105 | - N_("PORT VALUE [MASK]"), | ||
106 | - N_("Write 16-bit VALUE to PORT.")); | ||
107 | + grub_register_command_lockdown ("outw", grub_cmd_write, | ||
108 | + N_("PORT VALUE [MASK]"), | ||
109 | + N_("Write 16-bit VALUE to PORT.")); | ||
110 | cmd_write_dword = | ||
111 | - grub_register_command ("outl", grub_cmd_write, | ||
112 | - N_("ADDR VALUE [MASK]"), | ||
113 | - N_("Write 32-bit VALUE to PORT.")); | ||
114 | + grub_register_command_lockdown ("outl", grub_cmd_write, | ||
115 | + N_("ADDR VALUE [MASK]"), | ||
116 | + N_("Write 32-bit VALUE to PORT.")); | ||
117 | } | ||
118 | |||
119 | GRUB_MOD_FINI(memrw) | ||
120 | diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c | ||
121 | index 98769ea..d401a6d 100644 | ||
122 | --- a/grub-core/commands/memrw.c | ||
123 | +++ b/grub-core/commands/memrw.c | ||
124 | @@ -22,6 +22,7 @@ | ||
125 | #include <grub/extcmd.h> | ||
126 | #include <grub/env.h> | ||
127 | #include <grub/i18n.h> | ||
128 | +#include <grub/lockdown.h> | ||
129 | |||
130 | GRUB_MOD_LICENSE ("GPLv3+"); | ||
131 | |||
132 | @@ -133,17 +134,17 @@ GRUB_MOD_INIT(memrw) | ||
133 | N_("ADDR"), N_("Read 32-bit value from ADDR."), | ||
134 | options); | ||
135 | cmd_write_byte = | ||
136 | - grub_register_command ("write_byte", grub_cmd_write, | ||
137 | - N_("ADDR VALUE [MASK]"), | ||
138 | - N_("Write 8-bit VALUE to ADDR.")); | ||
139 | + grub_register_command_lockdown ("write_byte", grub_cmd_write, | ||
140 | + N_("ADDR VALUE [MASK]"), | ||
141 | + N_("Write 8-bit VALUE to ADDR.")); | ||
142 | cmd_write_word = | ||
143 | - grub_register_command ("write_word", grub_cmd_write, | ||
144 | - N_("ADDR VALUE [MASK]"), | ||
145 | - N_("Write 16-bit VALUE to ADDR.")); | ||
146 | + grub_register_command_lockdown ("write_word", grub_cmd_write, | ||
147 | + N_("ADDR VALUE [MASK]"), | ||
148 | + N_("Write 16-bit VALUE to ADDR.")); | ||
149 | cmd_write_dword = | ||
150 | - grub_register_command ("write_dword", grub_cmd_write, | ||
151 | - N_("ADDR VALUE [MASK]"), | ||
152 | - N_("Write 32-bit VALUE to ADDR.")); | ||
153 | + grub_register_command_lockdown ("write_dword", grub_cmd_write, | ||
154 | + N_("ADDR VALUE [MASK]"), | ||
155 | + N_("Write 32-bit VALUE to ADDR.")); | ||
156 | } | ||
157 | |||
158 | GRUB_MOD_FINI(memrw) | ||