[Skiboot] [PATCH v2 6/6] secvar/edk2: enforce a PK update enrolled in setup mode to be signed by itself

Eric Richter erichte at linux.ibm.com
Tue Nov 2 09:05:13 AEDT 2021 

When the system is in setup mode, that is, no PK has been enrolled in the PK
variable, variable signature enforcement is disabled. Therefore, variable
update signatures do not need to be authorized by a variable already stored in
a variable.

However, variable updates must still be in the AUTH format, which still
contains a pkcs7 signature. Bare ESL files are *not* accepted as an update to
a variable. So, a variable update must still be signed, albeit with any key.

Not enforcing signature checks is intended to be a convenience feature, however
enrolling a variable into the PK carries extra weight. Once data is enrolled
into the PK variable, signatures are now required for all further variable
updates.

Due to this extra importance when enrolling a PK, the PK should most definitely
contain valid data. Therefore, as a sanity check, when enrolling a PK for the
first time (i.e. in setup mode), the PK variable update must be signed by its
own private key, which ensures ownership of the private key and validity of the
public key to be stored in the PK variable.

As it currently stands, all documentation and examples published thus far
already sign the PK variable updates by itself, this patch now makes it a
requirement.

NOTE: This does not affect PK replacement. If a PK is already enrolled, then
the PK replacement must be signed with the old PK, not with itself.

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---
 libstb/secvar/backend/edk2-compat-process.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index 4f4b7e71..79eecf84 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -752,7 +752,12 @@ int process_update(const struct secvar *update, char **newesl,
 		goto out;
 	}
 
-	if (setup_mode) {
+	/* If we're in setup_mode, signature checks are not enforced,
+	 *  so we can stop here.
+	 * Exception: enrolling a PK update in setup mode must verify the update
+	 *  signature by the proposed PK public key.
+	 *  i.e. a new PK update must be signed by itself. */
+	if (setup_mode && !key_equals(update->key, "PK")) {
 		rc = OPAL_SUCCESS;
 		goto out;
 	}
@@ -765,6 +770,17 @@ int process_update(const struct secvar *update, char **newesl,
 		goto out;
 	}
 
+	/* Special case for checking self-signed PK signature in setup mode */
+	if (setup_mode && key_equals(update->key, "PK")) {
+		rc = verify_signature(auth, hash, 32, *newesl, *new_data_size);
+		if (rc == OPAL_SUCCESS)
+			prlog(PR_INFO, "PK successfully verified by itself\n");
+		else
+			prlog(PR_ERR, "PK not able to update itself, rejecting enrollment.\n");
+
+		goto out;
+	}
+
 	/* Get the authority to verify the signature */
 	get_key_authority(key_authority, update, bank);
 
-- 
2.29.2

More information about the Skiboot mailing list