[PATCH RFC v11 17/19] scripts: add boot policy generation program

Thu Nov 2 23:09:59 UTC 2023

On 10/23/2023 8:52 PM, Paul Moore wrote:
> On Oct  4, 2023 Fan Wu <wufan at linux.microsoft.com> wrote:
>>
>> Enables an IPE policy to be enforced from kernel start, enabling access
>> control based on trust from kernel startup. This is accomplished by
>> transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
>> c-string literal that is parsed at kernel startup as an unsigned policy.
>>
>> Signed-off-by: Deven Bowers <deven.desai at linux.microsoft.com>
>> Signed-off-by: Fan Wu <wufan at linux.microsoft.com>
>> ---
>> v2:
>>    + No Changes
>>
>> v3:
>>    + No Changes
>>
>> v4:
>>    + No Changes
>>
>> v5:
>>    + No Changes
>>
>> v6:
>>    + No Changes
>>
>> v7:
>>    + Move from 01/11 to 14/16
>>    + Don't return errno directly.
>>    + Make output of script more user-friendly
>>    + Add escaping for tab and '?'
>>    + Mark argv pointer const
>>    + Invert return code check in the boot policy parsing code path.
>>
>> v8:
>>    + No significant changes.
>>
>> v9:
>>    + No changes
>>
>> v10:
>>    + Update the init part code for rcu changes in the eval loop patch
>>
>> v11:
>>    + Fix code style issues
>> ---
>>   MAINTAINERS                   |   1 +
>>   scripts/Makefile              |   1 +
>>   scripts/ipe/Makefile          |   2 +
>>   scripts/ipe/polgen/.gitignore |   1 +
>>   scripts/ipe/polgen/Makefile   |   6 ++
>>   scripts/ipe/polgen/polgen.c   | 145 ++++++++++++++++++++++++++++++++++
>>   security/ipe/.gitignore       |   1 +
>>   security/ipe/Kconfig          |  10 +++
>>   security/ipe/Makefile         |  11 +++
>>   security/ipe/fs.c             |   8 ++
>>   security/ipe/ipe.c            |  12 +++
>>   11 files changed, 198 insertions(+)
>>   create mode 100644 scripts/ipe/Makefile
>>   create mode 100644 scripts/ipe/polgen/.gitignore
>>   create mode 100644 scripts/ipe/polgen/Makefile
>>   create mode 100644 scripts/ipe/polgen/polgen.c
>>   create mode 100644 security/ipe/.gitignore
> 
> ...
> 
>> diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c
>> new file mode 100644
>> index 000000000000..40b6fe07f47b
>> --- /dev/null
>> +++ b/scripts/ipe/polgen/polgen.c
>> @@ -0,0 +1,145 @@
> 
> ...
> 
>> +static int write_boot_policy(const char *pathname, const char *buf, size_t size)
>> +{
>> +	int rc = 0;
>> +	FILE *fd;
>> +	size_t i;
>> +
>> +	fd = fopen(pathname, "w");
>> +	if (!fd) {
>> +		rc = errno;
>> +		goto err;
>> +	}
>> +
>> +	fprintf(fd, "/* This file is automatically generated.");
>> +	fprintf(fd, " Do not edit. */\n");
>> +	fprintf(fd, "#include <linux/stddef.h>\n");
>> +	fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n");
>> +	fprintf(fd, "const char *const ipe_boot_policy =\n");
>> +
>> +	if (!buf || size == 0) {
>> +		fprintf(fd, "\tNULL;\n");
>> +		fclose(fd);
>> +		return 0;
>> +	}
>> +
>> +	fprintf(fd, "\t\"");
>> +
>> +	for (i = 0; i < size; ++i) {
>> +		switch (buf[i]) {
>> +		case '"':
>> +			fprintf(fd, "\\\"");
>> +			break;
>> +		case '\'':
>> +			fprintf(fd, "'");
>> +			break;
> 
> The revision of IPE proposed in this patchset doesn't support parsing
> single or double quotes, yes? >
Actually all characters can be used in the policy. The previous revision 
was removing the quote syntax, which supports having space in the policy 
name like policy_name="example policy". But that is not related to the 
boot policy generation code here.

The code here is to generate a C source code that will be linked into 
IPE. Thus we have to escape these characters to conform with the C 
language string literal standard.

-Fan
>> +		case '\n':
>> +			fprintf(fd, "\\n\"\n\t\"");
>> +			break;
>> +		case '\\':
>> +			fprintf(fd, "\\\\");
>> +			break;
>> +		case '\t':
>> +			fprintf(fd, "\\t");
>> +			break;
>> +		case '\?':
>> +			fprintf(fd, "\\?");
>> +			break;
> 
> Similar, are question marks supported by the parser?
> 
>> +		default:
>> +			fprintf(fd, "%c", buf[i]);
>> +		}
>> +	}
>> +	fprintf(fd, "\";\n");
>> +	fclose(fd);
>> +
>> +	return 0;
>> +
>> +err:
>> +	if (fd)
>> +		fclose(fd);
>> +	return rc;
>> +}
> 
> ...
> 
>> diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore
>> new file mode 100644
>> index 000000000000..eca22ad5ed22
>> --- /dev/null
>> +++ b/security/ipe/.gitignore
>> @@ -0,0 +1 @@
>> +boot-policy.c
>> \ No newline at end of file
> 
> Add a newline please.
> 
> --
> paul-moore.com