--- a/work/efi/ia32/loader/linux.c 2017-01-24 22:11:35.266806622 +0000 | |
+++ b/work/efi/ia32/loader/linux.c 2017-01-24 22:14:19.473474756 +0000 | |
@@ -401,21 +401,9 @@ | |
goto fail1; | |
} | |
- if (grub_quark_secure) | |
- { | |
- if (! grub_quark_fetch_sbh (GRUB_QUARK_ASSET_KERNEL_CSBH, kernel, &quark_sbh)) | |
- { | |
- if(ERR_FILE_NOT_FOUND == errnum | |
- && ! grub_quark_linux_spi) | |
- errnum = ERR_SGN_FILE_NOT_FOUND; | |
- goto fail1; | |
- } | |
- sbh_len = quark_sbh.security_header.header_len; | |
- } | |
- | |
if (! grub_quark_asset_open (GRUB_QUARK_ASSET_KERNEL, kernel)) | |
goto fail1; | |
- | |
+ | |
if (grub_quark_asset_read (GRUB_QUARK_ASSET_KERNEL, (grub_uint8_t *) ¶ms_buf, sizeof (params_buf)) | |
!= sizeof (params_buf)) | |
{ | |
@@ -458,24 +446,7 @@ | |
img_size = grub_quark_asset_size (GRUB_QUARK_ASSET_KERNEL); | |
real_size = 0x1000 + grub_strlen(arg); | |
- /* Grub allocates distinct memory regions for the so-called "real mode" and | |
- "protected mode" portions of bzImage. The linux entry point is located | |
- at the base address of the protected mode section | |
- (GRUB_LINUX_BZIMAGE_ADDR). | |
- In order to perform signature verification, Quark secure boot requires | |
- the whole bzImage to be allocated contiguously, with its CSBH prepended. | |
- Consequently, the signed image is placed in a contiguous region starting | |
- from GRUB_LINUX_BZIMAGE_ADDR, and the entry point offset is updated | |
- accordingly. */ | |
- if (grub_quark_secure) | |
- { | |
- prot_size = img_size + sbh_len; | |
- code32_start_offs += (setup_sects << SECTOR_BITS) + SECTOR_SIZE | |
- + sbh_len; | |
- } | |
- | |
- else | |
- prot_size = img_size - (setup_sects << SECTOR_BITS) - SECTOR_SIZE; | |
+ prot_size = img_size - (setup_sects << SECTOR_BITS) - SECTOR_SIZE; | |
if (! allocate_pages (real_size, prot_size)) | |
goto fail; | |
@@ -640,17 +611,7 @@ | |
grub_stpcpy ((char *) real_mode_mem + CMDLINE_OFFS, | |
grub_quark_linux_spi ? arg : skip_to (0, arg)); | |
- /* If Quark secure boot path, copy over CSBH + bzImage into "protected | |
- mode" section. */ | |
- if (grub_quark_secure) | |
- { | |
- grub_quark_asset_seek (0); | |
- prot_size -= sbh_len; | |
- grub_memcpy (prot_mode_mem, &quark_sbh, sizeof (quark_sbh)); | |
- prot_mode_offs += sbh_len; | |
- } | |
- else | |
- grub_quark_asset_seek ((setup_sects << SECTOR_BITS) + SECTOR_SIZE); | |
+ grub_quark_asset_seek ((setup_sects << SECTOR_BITS) + SECTOR_SIZE); | |
len = prot_size; | |
if (grub_quark_asset_read (GRUB_QUARK_ASSET_KERNEL, | |
@@ -662,13 +623,6 @@ | |
goto fail; | |
} | |
- /* Verify the kernel signature. */ | |
- if (grub_quark_secure && | |
- ! grub_quark_verify_asset_signature ((grub_uint8_t *) prot_mode_mem)) | |
- { | |
- errnum = ERR_QUARK_VERIFICATION; | |
- } | |
- | |
if (errnum == ERR_NONE) | |
{ | |
loaded = 1; | |
@@ -718,28 +672,8 @@ | |
goto fail1; | |
} | |
- | |
- if (grub_quark_secure) | |
- { | |
- if (! grub_quark_fetch_sbh (GRUB_QUARK_ASSET_INITRD_CSBH, initrd, &quark_sbh)) | |
- { | |
- if (ERR_FILE_NOT_FOUND == errnum | |
- && ! grub_quark_initrd_spi) | |
- errnum = ERR_SGN_FILE_NOT_FOUND; | |
- goto fail1; | |
- } | |
- sbh_len = quark_sbh.security_header.header_len; | |
- } | |
- | |
- if (! grub_quark_asset_open (GRUB_QUARK_ASSET_INITRD, initrd)) | |
- goto fail1; | |
- | |
size = grub_quark_asset_size (GRUB_QUARK_ASSET_INITRD); | |
- /* If Quark secure boot, make room for CSBH (dedicated page). */ | |
- if (grub_quark_secure) | |
- size += PAGE_SIZE; | |
- | |
initrd_pages = (page_align (size) >> 12); | |
params = (struct linux_kernel_params *) real_mode_mem; | |
@@ -808,26 +742,6 @@ | |
grub_fatal ("cannot allocate pages: %x@%x", (unsigned) initrd_pages, | |
(unsigned) addr); | |
- /* | |
- Quark secure boot requires the CSBH to be prepended to the Initrd. | |
- Since Linux requires the Initrd to be page-aligned, do the following: | |
- 1. copy Initrd to the 2nd allocated page | |
- 2. copy the CSBH to the 1st allocated page at an offset such that | |
- CSBH and Initrd are adjacent | |
- */ | |
- if (grub_quark_secure) | |
- { | |
- /* | |
- We're using the first page here to populate the CSBH, so subtract the | |
- previously added page, copy CSBH and offset the initrd start address. | |
- */ | |
- size -= PAGE_SIZE; | |
- grub_memcpy ((grub_uint8_t *) initrd_mem + PAGE_SIZE - sbh_len, | |
- &quark_sbh, sizeof (quark_sbh)); | |
- initrd_mem = (grub_uint8_t *) initrd_mem + PAGE_SIZE; | |
- addr += PAGE_SIZE; | |
- } | |
- | |
if (grub_quark_asset_read (GRUB_QUARK_ASSET_INITRD, initrd_mem, size) != size) | |
{ | |
errnum = ERR_EXEC_FORMAT; | |
@@ -839,21 +753,6 @@ | |
grub_quark_initrd_spi ? " SPI" : "", | |
(unsigned int) addr, (unsigned int) size); | |
- if (grub_quark_secure) | |
- { | |
- /* Verify the initrd signature. */ | |
- if (! grub_quark_verify_asset_signature ((grub_uint8_t *) | |
- initrd_mem - sbh_len)) | |
- { | |
- errnum = ERR_QUARK_VERIFICATION; | |
- goto fail; | |
- } | |
- | |
- /* Free up page allocated to CSBH. */ | |
- grub_efi_free_pages ((grub_addr_t) | |
- ((grub_uint8_t *) initrd_mem - PAGE_SIZE), 1); | |
- } | |
- | |
params->hdr.ramdisk_image = addr; | |
params->hdr.ramdisk_size = size; | |
--- a/work/efi/quark/boot_settings.c 2017-01-24 22:11:35.266806622 +0000 | |
+++ b/work/efi/quark/boot_settings.c 2017-01-24 22:17:56.046810025 +0000 | |
@@ -181,17 +181,6 @@ | |
return; | |
} | |
- if (grub_quark_secure) | |
- { | |
- sbh = (struct grub_quark_sbh *)cfg_buffer; | |
- if (! grub_quark_fetch_sbh (GRUB_QUARK_ASSET_CONFIG_CSBH, config_file, sbh)) | |
- { | |
- errnum = ERR_SGN_FILE_NOT_FOUND; | |
- return; | |
- } | |
- sbh_len = sbh->security_header.header_len; | |
- } | |
- | |
/* Reopen Grub config. (Grub supports a single file instance at a time) */ | |
if (! do_open_config(source)) | |
{ | |
@@ -223,13 +212,4 @@ | |
return; | |
} | |
- if (grub_quark_secure) | |
- { | |
- /* Validate configuration file. */ | |
- if (! grub_quark_verify_asset_signature ((grub_uint8_t *) cfg_buffer)) | |
- errnum = ERR_QUARK_VERIFICATION; | |
- | |
- /* Mask out the CSBH to the configuration file parser. */ | |
- *cfg_file_buffer += sbh_len; | |
- } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment