| Message ID | 20200318174408.77473-1-sjg@chromium.org |
|---|---|
| Headers | show |
| Series | vboot: Fix forged-configuration vulnerability | expand |
Hi, On Wed, 18 Mar 2020 at 11:44, Simon Glass <sjg at chromium.org> wrote: > > When booting a FIT, if 'bootm' is used without a specified configuration, > U-Boot will use the default one provided in the FIT. But it does not > actually check that the signature is for that configuration. > > This means that it is possible to duplicate a configuration conf-1 to > produce conf-2 (with all the signatures intact), set the default > configuration to conf-2 and then boot the image. U-Boot will verify conf-2 > (in fact since hashed-nodes specifies the conf-1 nodes it will effectively > verify conf-1). Then it will happily boot conf-2 even though it might have > a different kernel. > > This series corrects this problem and adds a test to verify it. It also > updates fit_check_sign to allow the configuration to be specified. > > This vulnerability was found by Dmitry Janushkevich and Andrea Barisani of > F-Secure, who also wrote the vboot_forge script included here. > > This is CVE-2020-10648 > > Changes in v2: > - Bring in new vboot_forge file from the authors > > Simon Glass (14): > image: Correct comment for fit_conf_get_node() > image: Be a little more verbose when checking signatures > image: Return an error message from fit_config_verify_sig() > test: vboot: Drop unnecessary parameter for fit_check_sign > test: vboot: Add a test for a forged configuration > test: vboot: Parameterise the test > image: Check hash-nodes when checking configurations > image: Load the correct configuration in fit_check_sign > fit_check_sign: Allow selecting the configuration to verify > test: vboot: Tidy up the code a little > test: vboot: Fix pylint errors > image: Use constants for 'required' and 'key-name-hint' > test: vboot: Move key creation into a function > test: vboot: Reduce fake kernel size to 500 bytes > > common/bootm.c | 6 +- > common/image-cipher.c | 2 +- > common/image-fit.c | 26 +-- > common/image-sig.c | 49 +++- > include/image.h | 24 +- > lib/rsa/rsa-sign.c | 6 +- > test/py/tests/test_vboot.py | 155 +++++++------ > test/py/tests/vboot_forge.py | 423 +++++++++++++++++++++++++++++++++++ > tools/fdt_host.h | 3 +- > tools/fit_check_sign.c | 8 +- > tools/image-host.c | 17 +- > 11 files changed, 601 insertions(+), 118 deletions(-) > create mode 100644 test/py/tests/vboot_forge.py This is applied to dm/master. Tom, shall I send a pull request? Regards, Simon
On Mon, Mar 30, 2020 at 05:11:38PM -0600, Simon Glass wrote: > Hi, > > On Wed, 18 Mar 2020 at 11:44, Simon Glass <sjg at chromium.org> wrote: > > > > When booting a FIT, if 'bootm' is used without a specified configuration, > > U-Boot will use the default one provided in the FIT. But it does not > > actually check that the signature is for that configuration. > > > > This means that it is possible to duplicate a configuration conf-1 to > > produce conf-2 (with all the signatures intact), set the default > > configuration to conf-2 and then boot the image. U-Boot will verify conf-2 > > (in fact since hashed-nodes specifies the conf-1 nodes it will effectively > > verify conf-1). Then it will happily boot conf-2 even though it might have > > a different kernel. > > > > This series corrects this problem and adds a test to verify it. It also > > updates fit_check_sign to allow the configuration to be specified. > > > > This vulnerability was found by Dmitry Janushkevich and Andrea Barisani of > > F-Secure, who also wrote the vboot_forge script included here. > > > > This is CVE-2020-10648 > > > > Changes in v2: > > - Bring in new vboot_forge file from the authors > > > > Simon Glass (14): > > image: Correct comment for fit_conf_get_node() > > image: Be a little more verbose when checking signatures > > image: Return an error message from fit_config_verify_sig() > > test: vboot: Drop unnecessary parameter for fit_check_sign > > test: vboot: Add a test for a forged configuration > > test: vboot: Parameterise the test > > image: Check hash-nodes when checking configurations > > image: Load the correct configuration in fit_check_sign > > fit_check_sign: Allow selecting the configuration to verify > > test: vboot: Tidy up the code a little > > test: vboot: Fix pylint errors > > image: Use constants for 'required' and 'key-name-hint' > > test: vboot: Move key creation into a function > > test: vboot: Reduce fake kernel size to 500 bytes > > > > common/bootm.c | 6 +- > > common/image-cipher.c | 2 +- > > common/image-fit.c | 26 +-- > > common/image-sig.c | 49 +++- > > include/image.h | 24 +- > > lib/rsa/rsa-sign.c | 6 +- > > test/py/tests/test_vboot.py | 155 +++++++------ > > test/py/tests/vboot_forge.py | 423 +++++++++++++++++++++++++++++++++++ > > tools/fdt_host.h | 3 +- > > tools/fit_check_sign.c | 8 +- > > tools/image-host.c | 17 +- > > 11 files changed, 601 insertions(+), 118 deletions(-) > > create mode 100644 test/py/tests/vboot_forge.py > > This is applied to dm/master. > > Tom, shall I send a pull request? Yes please, thanks!