A dm-verity protected filesystem image is not hashed by U-Boot when it is loaded; its integrity is delegated to the kernel, which validates the filesystem on the fly against the roothash taken from the FIT dm-verity subnode. The roothash is therefore the sole integrity anchor for the filesystem, yet fit_config_add_hash() only added the image node, its hash subnodes and its cipher subnode to the signed region, leaving the dm-verity subnode (roothash, salt and block parameters) unsigned.
An attacker able to rewrite the boot medium could then replace both the filesystem and the roothash, recompute a matching dm-verity tree and keep the configuration signature valid, defeating verified boot for the root filesystem. Add the dm-verity subnode to the list of nodes covered by the configuration signature, both when signing (tools/image-host.c) and when verifying (boot/image-fit-sig.c), so the roothash and salt are authenticated together with the rest of the configuration. Signed-off-by: Daniel Golle <[email protected]> --- boot/image-fit-sig.c | 23 +++++++++++++++++++---- tools/image-host.c | 22 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/boot/image-fit-sig.c b/boot/image-fit-sig.c index 513ee9cc16a..c2f09885492 100644 --- a/boot/image-fit-sig.c +++ b/boot/image-fit-sig.c @@ -264,8 +264,8 @@ static int fit_config_add_node(const void *fit, int noffset, char **node_inc, /** * fit_config_add_hash() - Add hash nodes for one image to the node list * - * Adds the image path, all its hash-* subnode paths, and its cipher - * subnode path (if present) to the packed buffer. + * Adds the image path, all its hash-* subnode paths, and its cipher and + * dm-verity subnode paths (each if present) to the packed buffer. * * @fit: FIT blob * @image_noffset: Image node offset (e.g. /images/kernel-1) @@ -322,6 +322,21 @@ static int fit_config_add_hash(const void *fit, int image_noffset, return ret; } + /* + * Add this image's dm-verity node if present. Its roothash is the + * only integrity anchor for a dm-verity filesystem image, so it must + * be covered by the configuration signature. + */ + noffset = fdt_subnode_offset(fit, image_noffset, FIT_VERITY_NODENAME); + if (noffset != -FDT_ERR_NOTFOUND) { + if (noffset < 0) + return -EIO; + ret = fit_config_add_node(fit, noffset, node_inc, count, + max_nodes, buf, buf_used, buf_len); + if (ret) + return ret; + } + return 0; } @@ -329,8 +344,8 @@ static int fit_config_add_hash(const void *fit, int image_noffset, * fit_config_get_hash_list() - Build the list of nodes to hash * * Works through every image referenced by the configuration and collects the - * node paths: root + config + all referenced images with their hash and - * cipher subnodes. + * node paths: root + config + all referenced images with their hash, + * cipher and dm-verity subnodes. * * Properties known not to be image references (description, compatible, * default, load-only) are skipped, so any new image type is covered by default. diff --git a/tools/image-host.c b/tools/image-host.c index 8f1e7be4066..235f7643d08 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -1256,6 +1256,28 @@ static int fit_config_add_hash(const void *fit, int image_noffset, goto err_mem; } + /* + * Add this image's dm-verity node if present. Its roothash is the + * only integrity anchor for a dm-verity filesystem image, so it must + * be covered by the configuration signature. + */ + noffset = fdt_subnode_offset(fit, image_noffset, + FIT_VERITY_NODENAME); + if (noffset != -FDT_ERR_NOTFOUND) { + if (noffset < 0) { + fprintf(stderr, + "Failed to get dm-verity node in configuration '%s/%s' image '%s': %s\n", + conf_name, sig_name, iname, + fdt_strerror(noffset)); + return -EIO; + } + ret = fdt_get_path(fit, noffset, path, sizeof(path)); + if (ret < 0) + goto err_path; + if (strlist_add(node_inc, path)) + goto err_mem; + } + return 0; err_mem: -- 2.55.0

