[PATCH] efi: Do not import certificates from UEFI Secure Boot for T2 Macs

Aditya Garg gargaditya08 at live.com
Thu Feb 10 04:43:04 UTC 2022 

> ie, can you try something like this?
> 
> diff --git a/drivers/firmware/efi/runtime-wrappers.c b/drivers/firmware/efi/runtime-wrappers.c
> index f3e54f6616f0..01cbd4811d1e 100644
> --- a/drivers/firmware/efi/runtime-wrappers.c
> +++ b/drivers/firmware/efi/runtime-wrappers.c
> @@ -32,6 +32,8 @@
> #include <linux/stringify.h>
> #include <linux/workqueue.h>
> #include <linux/completion.h>
> +#include <linux/ucs2_string.h>
> +#include <linux/slab.h>
> 
> #include <asm/efi.h>
> 
> @@ -203,6 +205,21 @@ static void efi_call_rts(struct work_struct *work)
> 				       (efi_time_t *)arg2);
> 		break;
> 	case EFI_GET_VARIABLE:
> +		unsigned long utf8_name_size;
> +		char *utf8_name;
> +		char guid_str[sizeof(efi_guid_t)+1];
> +
> +		utf8_name_size = ucs2_utf8size((efi_char16_t *)arg1);
> +		utf8_name = kmalloc(utf8_name_size+1, GFP_KERNEL);
> +		if (!utf8_name) {
> +			printk(KERN_INFO "failed to allocate UTF8 buffer\n");
> +			break;
> +		}
> +
> +		ucs2_as_utf8(utf8_name, (efi_char16_t *)arg1, utf8_name_size + 1);
> +		efi_guid_to_str((efi_guid_t *)arg2, guid_str);
> +
> +		printk(KERN_INFO "Reading EFI variable %s-%s\n", utf8_name, guid_str);
> 		status = efi_call_virt(get_variable, (efi_char16_t *)arg1,
> 				       (efi_guid_t *)arg2, (u32 *)arg3,
> 				       (unsigned long *)arg4, (void *)arg5);
> 
Hi Matthew

I haven't tested this yet (Kernel is compiling) but I have found out that this part of the code is causing a crash


static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
				  unsigned long *size, efi_status_t *status)
{
	unsigned long lsize = 4;
	unsigned long tmpdb[4];
	void *db;

	*status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
	if (*status == EFI_NOT_FOUND)
		return NULL;

	if (*status != EFI_BUFFER_TOO_SMALL) {
		pr_err("Couldn't get size: 0x%lx\n", *status);
		return NULL;
	}

	db = kmalloc(lsize, GFP_KERNEL);
	if (!db)
		return NULL;

	*status = efi.get_variable(name, guid, NULL, &lsize, db);
	if (*status != EFI_SUCCESS) {
		kfree(db);
		pr_err("Error reading db var: 0x%lx\n", *status);
		return NULL;
	}

	*size = lsize;
	return db;
}

If I remove the return 0 I had added from other 3 left functions, crash doesn't occur.

When the kernel compiles with your patch, I’ll send whatever I get.

Regards
Aditya

More information about the Linux-security-module-archive mailing list