[PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs
Aditya Garg
gargaditya08 at live.com
Thu Feb 10 04:43:04 UTC 2022
> ie, can you try something like this?
>
> diff --git a/drivers/firmware/efi/runtime-wrappers.c b/drivers/firmware/efi/runtime-wrappers.c
> index f3e54f6616f0..01cbd4811d1e 100644
> --- a/drivers/firmware/efi/runtime-wrappers.c
> +++ b/drivers/firmware/efi/runtime-wrappers.c
> @@ -32,6 +32,8 @@
> #include <linux/stringify.h>
> #include <linux/workqueue.h>
> #include <linux/completion.h>
> +#include <linux/ucs2_string.h>
> +#include <linux/slab.h>
>
> #include <asm/efi.h>
>
> @@ -203,6 +205,21 @@ static void efi_call_rts(struct work_struct *work)
> (efi_time_t *)arg2);
> break;
> case EFI_GET_VARIABLE:
> + unsigned long utf8_name_size;
> + char *utf8_name;
> + char guid_str[sizeof(efi_guid_t)+1];
> +
> + utf8_name_size = ucs2_utf8size((efi_char16_t *)arg1);
> + utf8_name = kmalloc(utf8_name_size+1, GFP_KERNEL);
> + if (!utf8_name) {
> + printk(KERN_INFO "failed to allocate UTF8 buffer\n");
> + break;
> + }
> +
> + ucs2_as_utf8(utf8_name, (efi_char16_t *)arg1, utf8_name_size + 1);
> + efi_guid_to_str((efi_guid_t *)arg2, guid_str);
> +
> + printk(KERN_INFO "Reading EFI variable %s-%s\n", utf8_name, guid_str);
> status = efi_call_virt(get_variable, (efi_char16_t *)arg1,
> (efi_guid_t *)arg2, (u32 *)arg3,
> (unsigned long *)arg4, (void *)arg5);
>
Hi Matthew
I haven't tested this yet (Kernel is compiling) but I have found out that this part of the code is causing a crash
static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
unsigned long *size, efi_status_t *status)
{
unsigned long lsize = 4;
unsigned long tmpdb[4];
void *db;
*status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
if (*status == EFI_NOT_FOUND)
return NULL;
if (*status != EFI_BUFFER_TOO_SMALL) {
pr_err("Couldn't get size: 0x%lx\n", *status);
return NULL;
}
db = kmalloc(lsize, GFP_KERNEL);
if (!db)
return NULL;
*status = efi.get_variable(name, guid, NULL, &lsize, db);
if (*status != EFI_SUCCESS) {
kfree(db);
pr_err("Error reading db var: 0x%lx\n", *status);
return NULL;
}
*size = lsize;
return db;
}
If I remove the return 0 I had added from other 3 left functions, crash doesn't occur.
When the kernel compiles with your patch, I’ll send whatever I get.
Regards
Aditya
More information about the Linux-security-module-archive
mailing list