Don't verify SBAT on binaries bootable directly via "db".

- These binaries could run via firmware directly anyways, so this isn't a meaningful increase in attack surface. - This is needed to allow chainloading things like Windows.
rhboot · Apr 18, 2024 · d748616 · d748616
1 parent b997ca7
commit d748616
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/shim.c b/shim.c
@@ -344,12 +344,16 @@ static void update_verification_method(verification_method_t method)
  * Check whether the binary signature or hash are present in db or MokList
  */
 static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
-				   UINT8 *sha256hash, UINT8 *sha1hash)
+				   UINT8 *sha256hash, UINT8 *sha1hash,
+				   BOOLEAN *fw_allow)
 {
+	*fw_allow = FALSE;
+
 	if (!ignore_db) {
 		if (check_db_hash(L"db", EFI_SECURE_BOOT_DB_GUID, sha256hash, SHA256_DIGEST_SIZE,
 					EFI_CERT_SHA256_GUID) == DATA_FOUND) {
 			update_verification_method(VERIFIED_BY_HASH);
+			*fw_allow = TRUE;
 			return EFI_SUCCESS;
 		} else {
 			LogError(L"check_db_hash(db, sha256hash) != DATA_FOUND\n");
@@ -358,6 +362,7 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
 					EFI_CERT_SHA1_GUID) == DATA_FOUND) {
 			verification_method = VERIFIED_BY_HASH;
 			update_verification_method(VERIFIED_BY_HASH);
+			*fw_allow = TRUE;
 			return EFI_SUCCESS;
 		} else {
 			LogError(L"check_db_hash(db, sha1hash) != DATA_FOUND\n");
@@ -366,6 +371,7 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
 					== DATA_FOUND) {
 			verification_method = VERIFIED_BY_CERT;
 			update_verification_method(VERIFIED_BY_CERT);
+			*fw_allow = TRUE;
 			return EFI_SUCCESS;
 		} else if (cert) {
 			LogError(L"check_db_cert(db, sha256hash) != DATA_FOUND\n");
@@ -460,7 +466,7 @@ BOOLEAN secure_mode (void)
 
 static EFI_STATUS
 verify_one_signature(WIN_CERTIFICATE_EFI_PKCS *sig,
-		     UINT8 *sha256hash, UINT8 *sha1hash)
+		     UINT8 *sha256hash, UINT8 *sha1hash, BOOLEAN *fw_allow)
 {
 	EFI_STATUS efi_status;
 
@@ -482,7 +488,7 @@ verify_one_signature(WIN_CERTIFICATE_EFI_PKCS *sig,
 	 * databases
 	 */
 	drain_openssl_errors();
-	efi_status = check_allowlist(sig, sha256hash, sha1hash);
+	efi_status = check_allowlist(sig, sha256hash, sha1hash, fw_allow);
 	if (EFI_ERROR(efi_status)) {
 		if (efi_status != EFI_NOT_FOUND) {
 			dprint(L"check_allowlist(): %r\n", efi_status);
@@ -561,7 +567,8 @@ verify_one_signature(WIN_CERTIFICATE_EFI_PKCS *sig,
 EFI_STATUS
 verify_buffer_authenticode (char *data, int datasize,
 			    PE_COFF_LOADER_IMAGE_CONTEXT *context,
-			    UINT8 *sha256hash, UINT8 *sha1hash)
+			    UINT8 *sha256hash, UINT8 *sha1hash,
+			    BOOLEAN *fw_allow)
 {
 	EFI_STATUS ret_efi_status;
 	size_t size = datasize;
@@ -606,7 +613,7 @@ verify_buffer_authenticode (char *data, int datasize,
 	 * firmware databases
 	 */
 	drain_openssl_errors();
-	ret_efi_status = check_allowlist(NULL, sha256hash, sha1hash);
+	ret_efi_status = check_allowlist(NULL, sha256hash, sha1hash, fw_allow);
 	if (EFI_ERROR(ret_efi_status)) {
 		LogError(L"check_allowlist(): %r\n", ret_efi_status);
 		dprint(L"check_allowlist: %r\n", ret_efi_status);
@@ -673,7 +680,7 @@ verify_buffer_authenticode (char *data, int datasize,
 
 			dprint(L"Attempting to verify signature %d:\n", i++);
 
-			efi_status = verify_one_signature(sig, sha256hash, sha1hash);
+			efi_status = verify_one_signature(sig, sha256hash, sha1hash, fw_allow);
 
 			/*
 			 * If we didn't get EFI_SECURITY_VIOLATION from
@@ -772,11 +779,16 @@ verify_buffer (char *data, int datasize,
 	       UINT8 *sha256hash, UINT8 *sha1hash)
 {
 	EFI_STATUS efi_status;
+	BOOLEAN fw_allow;
 
-	efi_status = verify_buffer_authenticode(data, datasize, context, sha256hash, sha1hash);
+	efi_status = verify_buffer_authenticode(data, datasize, context, sha256hash, sha1hash, &fw_allow);
 	if (EFI_ERROR(efi_status))
 		return efi_status;
 
+	// Don't need to verify SBAT if the firmware would allow booting binary anyways
+	if (fw_allow)
+		return EFI_SUCCESS;
+
 	return verify_buffer_sbat(data, datasize, context);
 }