diff options
author | Brett Grandbois <brett.grandbois@opengear.com> | 2018-06-11 07:36:58 +1000 |
---|---|---|
committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-06-12 14:43:33 +1000 |
commit | 18a47a31b46d916c58a31e8784a7c3a3abcae446 (patch) | |
tree | 188d558019c4bde1e3f2e849d025d417bb4f393c /ui/ncurses | |
parent | 32952937bc5c3753ff2f8f4612da5ba51bf69759 (diff) | |
download | talos-petitboot-18a47a31b46d916c58a31e8784a7c3a3abcae446.tar.gz talos-petitboot-18a47a31b46d916c58a31e8784a7c3a3abcae446.zip |
lib/security: hard_lockdown flag to stop runtime disable of signed boot
Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification. In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'ui/ncurses')
-rw-r--r-- | ui/ncurses/nc-boot-editor.c | 2 | ||||
-rw-r--r-- | ui/ncurses/nc-cui.c | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/ui/ncurses/nc-boot-editor.c b/ui/ncurses/nc-boot-editor.c index 2e5749b..3f7c5e5 100644 --- a/ui/ncurses/nc-boot-editor.c +++ b/ui/ncurses/nc-boot-editor.c @@ -637,9 +637,11 @@ struct boot_editor *boot_editor_init(struct cui *cui, return NULL; #if defined(SIGNED_BOOT) +#if !defined(HARD_LOCKDOWN) if (access(LOCKDOWN_FILE, F_OK) == -1) boot_editor->use_signature_files = false; else +#endif boot_editor->use_signature_files = true; #else boot_editor->use_signature_files = false; diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c index 20a9048..8a3f97d 100644 --- a/ui/ncurses/nc-cui.c +++ b/ui/ncurses/nc-cui.c @@ -61,10 +61,14 @@ static void cui_cancel_autoboot_on_exit(struct cui *cui); static bool lockdown_active(void) { +#if defined(SIGNED_BOOT) && defined(HARD_LOCKDOWN) + return true; +#else bool lockdown = false; if (access(LOCKDOWN_FILE, F_OK) != -1) lockdown = true; return lockdown; +#endif } static void cui_start(void) |