In the commit 4540dabdcaca ("efi_loader: image_loader: support image authentication"), U-Boot implementation of UEFI secure boot was introduced. It was reported by a Siemens engineer, however, that the verification process is not fully compliant with MicroSoft's authenticode specification and it is possible to exploit the code in a signed PE image without deep knowledge.
This patch series fixes this security issue and, in addition, adds a test case.
patch#1-3: preparatory patches patch#4: add a missing step in signature verification process patch#5: a new test case under pytest
AKASHI Takahiro (5): lib: crypto: add mscode_parser efi_loader: signature: export efi_hash_regions() efi_loader: image_loader: replace EFI_PRINT with log macros efi_loader: image_loader: add a missing digest verification for signed PE image test/py: efi_secboot: add a test for a forged signed image
include/crypto/mscode.h | 43 ++++++ include/efi_loader.h | 2 + lib/crypto/Kconfig | 9 ++ lib/crypto/Makefile | 12 ++ lib/crypto/mscode.asn1 | 28 ++++ lib/crypto/mscode_parser.c | 135 ++++++++++++++++++ lib/efi_loader/Kconfig | 1 + lib/efi_loader/efi_image_loader.c | 114 +++++++++++---- lib/efi_loader/efi_signature.c | 4 +- test/py/tests/test_efi_secboot/conftest.py | 3 + test/py/tests/test_efi_secboot/forge_image.sh | 5 + test/py/tests/test_efi_secboot/test_signed.py | 35 +++++ 12 files changed, 361 insertions(+), 30 deletions(-) create mode 100644 include/crypto/mscode.h create mode 100644 lib/crypto/mscode.asn1 create mode 100644 lib/crypto/mscode_parser.c create mode 100644 test/py/tests/test_efi_secboot/forge_image.sh