s390-tools/s390-tools-sles15sp2-03-zipl-correct-secure-boot-config-handling.patch

Subject: [PATCH] [BZ 184396] zipl: correct secure boot config handling
From: Stefan Haberland <sth@linux.ibm.com>

Description:   zipl: fix secure boot config handling
Symptom:       The config file parsing for secure boot worked not as
               it was expected to be. For example a config section
               setting was not evaluated properly.
               It is not possible to specify command line option -S
               without other options.
               Additionally the man page showed an invalid example.
Problem:       The config file parsing was not implemented properly.
Solution:      The hierarchy of the secure boot settings in the config
               file is:
                    defaultboot > menu > section
               Allow that --secure or -S is specified on command line
               without the need to allow all options on the command
               line. Also ensure that the command line option
               overrules the config option and correctly ensure that
               secure boot is only set for SCSI devices.
               Fix man page example.
Reproduction:  Run zipl with a secure= setting in a configuration
               section or specify -S on command line.
Upstream-ID:   6f9337d1016e00f360cf4a81d39a42df5184b3a2
Problem-ID:    184396

Upstream-Description:

              zipl: correct secure boot config handling

              The hierarchy of the secure boot settings in the config file should be:

              defaultboot > menu > section

              This patch implements this hierarchy and adds a check if a valid option is
              specified and prints an error message otherwise.

              Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
              Reviewed-by: Philipp Rudo <prudo@linux.ibm.com>
              Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>


Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
---
 zipl/include/job.h  |    1 +
 zipl/include/zipl.h |    1 +
 zipl/src/bootmap.c  |    8 +++++++-
 zipl/src/job.c      |   29 ++++++++++++++++++++++++++---
 4 files changed, 35 insertions(+), 4 deletions(-)

--- a/zipl/include/job.h
+++ b/zipl/include/job.h
@@ -94,6 +94,7 @@ struct job_menu_entry {
 	char* name;
 	enum job_id id;
 	union job_menu_entry_data data;
+	int is_secure;
 };
 
 struct job_menu_data {
--- a/zipl/include/zipl.h
+++ b/zipl/include/zipl.h
@@ -57,6 +57,7 @@
 
 #define MAX_DUMP_VOLUMES		32
 
+#define SECURE_BOOT_UNDEFINED	       -1
 #define SECURE_BOOT_DISABLED		0
 #define SECURE_BOOT_ENABLED		1
 #define SECURE_BOOT_AUTO		2
--- a/zipl/src/bootmap.c
+++ b/zipl/src/bootmap.c
@@ -945,6 +945,7 @@ build_program_table(int fd, struct job_d
 {
 	disk_blockptr_t* table;
 	int entries, component_header;
+	int is_secure;
 	int i;
 	int rc;
 
@@ -1016,13 +1017,18 @@ build_program_table(int fd, struct job_d
 						component_header_ipl;
 					printf("\n");
 				}
+				if (job->is_secure != SECURE_BOOT_UNDEFINED)
+					is_secure = job->is_secure;
+				else
+					is_secure =
+					      job->data.menu.entry[i].is_secure;
 				rc = add_ipl_program(fd,
 					&job->data.menu.entry[i].data.ipl,
 					&table[job->data.menu.entry[i].pos],
 					verbose || job->command_line,
 					job->add_files,	component_header,
 						     info, &job->target,
-						     job->is_secure);
+						     is_secure);
 				break;
 			case job_print_usage:
 			case job_print_version:
--- a/zipl/src/job.c
+++ b/zipl/src/job.c
@@ -119,6 +119,7 @@ get_command_line(int argc, char* argv[],
 	memset((void *) &cmdline, 0, sizeof(struct command_line));
 	cmdline.type = section_invalid;
 	is_keyword = 0;
+	cmdline.is_secure = SECURE_BOOT_UNDEFINED;
 	/* Process options */
 	do {
 		opt = getopt_long(argc, argv, option_string, options, NULL);
@@ -1055,6 +1056,21 @@ check_job_mvdump_data(struct job_mvdump_
 	return 0;
 }
 
+static int
+check_secure_boot(struct job_data *job)
+{
+	switch (job->is_secure) {
+	case SECURE_BOOT_UNDEFINED:
+	case SECURE_BOOT_DISABLED:
+	case SECURE_BOOT_ENABLED:
+	case SECURE_BOOT_AUTO:
+		return 0;
+	default:
+		error_reason("Invalid secure boot setting '%d'",
+			     job->is_secure);
+		return -1;
+	}
+}
 
 static int
 check_job_data(struct job_data* job)
@@ -1099,6 +1115,8 @@ check_job_data(struct job_data* job)
 	case job_mvdump:
 		rc = check_job_mvdump_data(&job->data.mvdump, job->name);
 	}
+	if (!rc)
+		rc = check_secure_boot(job);
 	return rc;
 }
 
@@ -1594,6 +1612,7 @@ get_menu_job(struct scan_token* scan, ch
 	       sizeof(struct job_menu_entry) * job->data.menu.num);
 	/* Fill in data */
 	current = 0;
+	job->data.menu.entry->is_secure = SECURE_BOOT_UNDEFINED;
 	for (i=index+1; (scan[i].id != scan_id_empty) &&
 			(scan[i].id != scan_id_section_heading) &&
 			(scan[i].id != scan_id_menu_heading); i++) {
@@ -1625,6 +1644,7 @@ get_menu_job(struct scan_token* scan, ch
 		if (temp_job == NULL)
 			return -1;
 		memset((void *) temp_job, 0, sizeof(struct job_data));
+		temp_job->is_secure = SECURE_BOOT_UNDEFINED;
 		rc = get_job_from_section_data(data, temp_job,
 					job->data.menu.entry[current].name);
 		if (rc) {
@@ -1637,6 +1657,8 @@ get_menu_job(struct scan_token* scan, ch
 				job->data.menu.entry[current].id = job_ipl;
 				job->data.menu.entry[current].data.ipl =
 					temp_job->data.ipl;
+				job->data.menu.entry[current].is_secure =
+					temp_job->is_secure;
 				memset((void *) &temp_job->data.ipl, 0,
 				       sizeof(struct job_ipl_data));
 				break;
@@ -1874,6 +1896,7 @@ job_get(int argc, char* argv[], struct j
 	job->add_files = cmdline.add_files;
 	job->data.mvdump.force = cmdline.force;
 	job->dry_run = cmdline.dry_run;
+	job->is_secure =  SECURE_BOOT_UNDEFINED;
 	/* Get job data from user input */
 	if (cmdline.help) {
 		job->command_line = 1;
@@ -1892,10 +1915,10 @@ job_get(int argc, char* argv[], struct j
 		job_free(job);
 		return rc;
 	}
-	if (cmdline.is_secure)
+	if (cmdline.is_secure != SECURE_BOOT_UNDEFINED)
 		job->is_secure = cmdline.is_secure;
-	else
-		job->is_secure = job->is_secure ? : SECURE_BOOT_AUTO;
+	else if (job->id != job_menu && job->is_secure == SECURE_BOOT_UNDEFINED)
+		job->is_secure = SECURE_BOOT_AUTO;
 
 	/* Check job data for validity */
 	rc = check_job_data(job);