grub2/0004-diskfilter-look-up-cryptodisk-devices-first.patch

From b7e2fb6a680447b7bb7eb18bb7570afa8d2b7f09 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 10 Aug 2023 10:19:29 +0800
Subject: [PATCH 4/4] diskfilter: look up cryptodisk devices first

When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:

  tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
  cryptomount -u <PART-UUID> -P tpm2
  search --fs-uuid --set=root <FS-UUID>

Since the disk search order is based on the order of module loading, the
attacker could insert a malicious disk with the same FS-UUID root to
trick grub2 to boot into th malicious root and further dump memory to
steal the unsealed key.

To defend such attack, we can specify the hint provided by 'grub-probe'
to search the encrypted partition first:

search --fs-uuid --set=root --hint='cryptouuid/<PART-UUID>' <FS-UUID>

However, for LVM on a encrypted partition, the search hint provided by
'grub-probe' is:

  --hint='lvmid/<VG-UUID>/<LV-UUID>'

It doesn't guarantee to look up the logical volume from the encrypted
partition, so the attacker may have the chance to fool grub2 to boot
into the malicious disk.

To mininize the attack surface, this commit tweaks the disk device search
in diskfilter to look up cryptodisk devices first and then others, so
that the auto-unlocked disk will be found first, not the attacker's disk.

Signed-off-by: Gary Lin <glin@suse.com>
---
 grub-core/disk/diskfilter.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 61a311efd..94832c8dd 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -226,15 +226,32 @@ scan_devices (const char *arname)
   int need_rescan;
 
   for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)
-    for (p = grub_disk_dev_list; p; p = p->next)
-      if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
-	  && p->disk_iterate)
-	{
-	  if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
-	    return;
-	  if (arname && is_lv_readable (find_lv (arname), 1))
-	    return;
-	}
+    {
+      /* look up the crytodisk devices first */
+      for (p = grub_disk_dev_list; p; p = p->next)
+	if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID
+	    && p->disk_iterate)
+	  {
+	    if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
+	      return;
+	    if (arname && is_lv_readable (find_lv (arname), 1))
+	      return;
+	    break;
+	  }
+
+      /* check the devices other than crytodisk */
+      for (p = grub_disk_dev_list; p; p = p->next)
+	if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
+	  continue;
+	else if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
+	    && p->disk_iterate)
+	  {
+	    if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
+	      return;
+	    if (arname && is_lv_readable (find_lv (arname), 1))
+	      return;
+	  }
+    }
 
   scan_depth = 0;
   need_rescan = 1;
-- 
2.35.3
Accepting request 1105405 from home:michael-chang:grub:2.12rc1 - Implement NV index mode for TPM 2.0 key protector 0001-protectors-Implement-NV-index.patch - Fall back to passphrase mode when the key protector fails to unlock the disk 0002-cryptodisk-Fallback-to-passphrase.patch - Wipe out the cached key cleanly 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch - Make diskfiler to look up cryptodisk devices first 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Version bump to 2.12~rc1 * Added: - grub-2.12~rc1.tar.xz * Removed: - grub-2.06.tar.xz * Patch dropped merged by new version: - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-efi-chainloader-root.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch - grub2-s390x-10-keep-network-at-kexec.patch - 0001-Fix-build-error-in-binutils-2.36.patch - 0001-emu-fix-executable-stack-marking.patch - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - 0001-Filter-out-POSIX-locale-for-translation.patch OBS-URL: https://build.opensuse.org/request/show/1105405 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458 2023-08-24 05:25:56 +02:00			`From b7e2fb6a680447b7bb7eb18bb7570afa8d2b7f09 Mon Sep 17 00:00:00 2001`
			`From: Gary Lin <glin@suse.com>`
			`Date: Thu, 10 Aug 2023 10:19:29 +0800`
			`Subject: [PATCH 4/4] diskfilter: look up cryptodisk devices first`

			`When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may`
			`look like this:`

			`tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm`
			`cryptomount -u <PART-UUID> -P tpm2`
			`search --fs-uuid --set=root <FS-UUID>`

			`Since the disk search order is based on the order of module loading, the`
			`attacker could insert a malicious disk with the same FS-UUID root to`
			`trick grub2 to boot into th malicious root and further dump memory to`
			`steal the unsealed key.`

			`To defend such attack, we can specify the hint provided by 'grub-probe'`
			`to search the encrypted partition first:`

			`search --fs-uuid --set=root --hint='cryptouuid/<PART-UUID>' <FS-UUID>`

			`However, for LVM on a encrypted partition, the search hint provided by`
			`'grub-probe' is:`

			`--hint='lvmid/<VG-UUID>/<LV-UUID>'`

			`It doesn't guarantee to look up the logical volume from the encrypted`
			`partition, so the attacker may have the chance to fool grub2 to boot`
			`into the malicious disk.`

			`To mininize the attack surface, this commit tweaks the disk device search`
			`in diskfilter to look up cryptodisk devices first and then others, so`
			`that the auto-unlocked disk will be found first, not the attacker's disk.`

			`Signed-off-by: Gary Lin <glin@suse.com>`
			`---`
			`grub-core/disk/diskfilter.c \| 35 ++++++++++++++++++++++++++---------`
			`1 file changed, 26 insertions(+), 9 deletions(-)`

			`diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c`
			`index 61a311efd..94832c8dd 100644`
			`--- a/grub-core/disk/diskfilter.c`
			`+++ b/grub-core/disk/diskfilter.c`
			`@@ -226,15 +226,32 @@ scan_devices (const char *arname)`
			`int need_rescan;`

			`for (pull = 0; pull < GRUB_DISK_PULL_MAX; pull++)`
			`- for (p = grub_disk_dev_list; p; p = p->next)`
			`- if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID`
			`- && p->disk_iterate)`
			`- {`
			`- if ((p->disk_iterate) (scan_disk_hook, NULL, pull))`
			`- return;`
			`- if (arname && is_lv_readable (find_lv (arname), 1))`
			`- return;`
			`- }`
			`+ {`
			`+ /* look up the crytodisk devices first */`
			`+ for (p = grub_disk_dev_list; p; p = p->next)`
			`+ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID`
			`+ && p->disk_iterate)`
			`+ {`
			`+ if ((p->disk_iterate) (scan_disk_hook, NULL, pull))`
			`+ return;`
			`+ if (arname && is_lv_readable (find_lv (arname), 1))`
			`+ return;`
			`+ break;`
			`+ }`
			`+`
			`+ /* check the devices other than crytodisk */`
			`+ for (p = grub_disk_dev_list; p; p = p->next)`
			`+ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)`
			`+ continue;`
			`+ else if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID`
			`+ && p->disk_iterate)`
			`+ {`
			`+ if ((p->disk_iterate) (scan_disk_hook, NULL, pull))`
			`+ return;`
			`+ if (arname && is_lv_readable (find_lv (arname), 1))`
			`+ return;`
			`+ }`
			`+ }`

			`scan_depth = 0;`
			`need_rescan = 1;`
			`--`
			`2.35.3`