From 435672e322431c14352a096e8cd3bbae56a38979 Mon Sep 17 00:00:00 2001 From: Marcin Wojtas Date: Thu, 8 Aug 2019 17:03:30 +0000 Subject: [PATCH] Verify files loaded in chain command. The chain command can be used to chain load another binary. If veriexec is enabled we should verify it first. Note that on EFI systems the verification was already done through firmware, assuming that Secure Boot was enabled there. Submitted by: Kornel Duleba Reviewed by: sjg MFC after: 1 week Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D20952 --- stand/efi/loader/main.c | 8 ++++++++ stand/i386/loader/chain.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/stand/efi/loader/main.c b/stand/efi/loader/main.c index 171a86332728..c8311daa4881 100644 --- a/stand/efi/loader/main.c +++ b/stand/efi/loader/main.c @@ -1440,6 +1440,14 @@ command_chain(int argc, char *argv[]) return (CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, name, 0, VE_MUST) < 0) { + sprintf(command_errbuf, "can't verify: %s", name); + close(fd); + return (CMD_ERROR); + } +#endif + if (fstat(fd, &st) < -1) { command_errmsg = "stat failed"; close(fd); diff --git a/stand/i386/loader/chain.c b/stand/i386/loader/chain.c index 43ba2697e938..2a4816773882 100644 --- a/stand/i386/loader/chain.c +++ b/stand/i386/loader/chain.c @@ -75,6 +75,14 @@ command_chain(int argc, char *argv[]) return (CMD_ERROR); } +#ifdef LOADER_VERIEXEC + if (verify_file(fd, argv[1], 0, VE_MUST) < 0) { + sprintf(command_errbuf, "can't verify: %s", argv[1]); + close(fd); + return (CMD_ERROR); + } +#endif + len = strlen(argv[1]); if (argv[1][len-1] != ':') { if (fstat(fd, &st) == -1) {