From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DD94A21193599 for ; Tue, 20 Nov 2018 07:14:53 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6B4E930026B5; Tue, 20 Nov 2018 15:14:52 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-171.rdu2.redhat.com [10.10.120.171]) by smtp.corp.redhat.com (Postfix) with ESMTP id F336F5C57B; Tue, 20 Nov 2018 15:14:48 +0000 (UTC) To: Ard Biesheuvel , Ming Huang Cc: Leif Lindholm , linaro-uefi , "edk2-devel@lists.01.org" , Graeme Gregory , "Kinney, Michael D" , wanghuiqiang , huangming , Jason Zhang , huangdaode@hisilicon.com, John Garry , Xinliang Liu , zhangfeng56@huawei.com References: <20181120090150.1102-1-ming.huang@linaro.org> <20181120090150.1102-2-ming.huang@linaro.org> <20181120121309.mwsoxljgjwy4yv7i@bivouac.eciton.net> <20181120125805.jn6xfxbg47izxwo2@bivouac.eciton.net> <1e4db632-9c2c-79e0-2bbe-cdc7913aa0c5@linaro.org> From: Laszlo Ersek Message-ID: Date: Tue, 20 Nov 2018 16:14:47 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Tue, 20 Nov 2018 15:14:52 +0000 (UTC) Subject: Re: [PATCH edk2-platforms v3 1/5] Hisilicon/D0x: Fix secure boot bug in FlashFvbDxe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 15:14:54 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 11/20/18 15:40, Ard Biesheuvel wrote: > On Tue, 20 Nov 2018 at 15:30, Ming Huang wrote: >> >> >> >> On 11/20/2018 8:58 PM, Leif Lindholm wrote: >>> On Tue, Nov 20, 2018 at 08:40:28PM +0800, Ming Huang wrote: >>>> >>>> >>>> On 11/20/2018 8:13 PM, Leif Lindholm wrote: >>>>> On Tue, Nov 20, 2018 at 05:01:46PM +0800, Ming Huang wrote: >>>>>> Now that the generic Variable Runtime DXE code no longer >>>>>> distinguishes between gEfiVariableGuid and >>>>>> gEfiAuthenticatedVariableGuid in the varstore FV header. >>>>>> We can relax the check in the flashFvb driver to accept >>>>>> either GUID regardless of whether we are running a secure >>>>>> boot capable build or not. >>>>> >>>>> We are still in a situation where D06 is not buildable with Secure >>>>> Boot enabled though. >>>>> >>>>> If you build with -D SECURE_BOOT_ENABLE=TRUE, you still end up with >>>>> /work/git/edk2-platforms/Platform/Hisilicon/D06/D06.dsc(...): error >>>>> 4000: Instance of library class [PlatformSecureLib] is not found >>>>> in [/work/git/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf] [AARCH64] >>>>> consumed by module [/work/git/edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf] >>>>> >>>>> And all Hisilicon platforms still use >>>>> AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf >>>>> regardless of Secure Boot setting. >>>>> >>>>> So what problem does this patch solve? A runtime one? >>>> >>>> This patch solve bug in FlashFvbDxe. >>> >>> Yes, but what bug? What is the symptom? What _specific_ problem goes >>> away by adding this patch? That information should have been in the >>> original commit message. I have no information available to me as I >>> now build -rc1 to suggest that this patch should be included. >> >> The bug is that gEfiAuthenticatedVariableGuid should be used in FlashFvbDxe, >> not gEfiVariableGuid when enable secure boot. >> >>> >>>> Should I add a patch before this patch >>>> to solve build error with -D SECURE_BOOT_ENABLE=TRUE in v4? >>> >>> That would require a sane implementation of PlatformSecureLib, >>> implementing a real UserPhysicalPresent(). >>> Can you turn that around within the next few hours? >> >> My original idea is using OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib. >> There is not enough time to implement a real UserPhysicalPresent. >> This patch will add when we implement real secure boot in future. >> > > I think it is a terrible idea to enable secure boot now in an insecure > manner, and enable 'real' secure boot later. > > Note that it is impossible to implement secure boot in a secure manner > using the generic VariableRuntimeDxe. The crypto routines that perform > the authentication are located in EfiRuntimeServicesCode memory > regions, which are writable by the OS, and so any exploit on the OS > side can modify that code to defeat the checks. Also, the SPI flash > that backs the variable store is accessible by the OS directly. > > That means a proper secure boot implementation will not be based on > any of the components in use currently, and so enabling it does > nothing except confuse people or give them a false sense of security. > If this is based on OS or firmware test results, please disregard > those - this is a tick the box mentality that is wholly incompatible > with building secure systems. > Yup. Thanks, Laszlo