Keep FS_* constants which aren't listed in the package, and leave
SetAttr there, even though it's currently not used.
Leave a comment about this implementation not working on 64-bit big
endian systems. Chances of this software being run on such a platform
are very low, since at the moment, to my knowledge, Secure Boot on
64-bit big endian can only happen with aarch64_be, which is quite rare.
Weird efivarfs quirk is that sometimes empty vars have no file. This
means they are not immutable and we can write to them.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Should probably try include some documentation to this, but this changes
the default from /proc/cmdline to /etc/kernel/cmdline.
This is partially a standard and a bit more flexible for everyday use
for most people.
https://www.freedesktop.org/software/systemd/man/kernel-install.htmlFixes#39
Signed-off-by: Morten Linderud <morten@linderud.pw>
We can always stat files, but it's enough to figure out if we can
actually check the signature. Instead we try to open the file.
This patch also moves us to the new errors package
$ sbctl verify
==> Verifying file database and EFI images in /efi...
-> WARNING: /boot/EFI/BOOT/BOOTX64.EFI is not signed
-> WARNING: /boot/EFI/arch/fwupdx64.efi is not signed
-> WARNING: /boot/EFI/systemd/systemd-bootx64.efi is not signed
-> ERROR: /tmp/vmlinuz-linux does not exist
-> ERROR: /tmp/vmlinuz-linuz-test permission denied. Can't read file
Fixes#46
Signed-off-by: Morten Linderud <morten@linderud.pw>
This allows us to give a sensible error for `enroll-keys` if the files
are set as immutable.
$ sbctl enroll-keys
==> ERROR: File is immutable: /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
==> ERROR: File is immutable: /sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
==> ERROR: File is immutable: /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
==> ERROR: You need to chattr -i files in efivarfs
Signed-off-by: Morten Linderud <morten@linderud.pw>
Using the function also removed code that had hardcoded globals for the
location of some files instead of using the dbpath parameter.
Add error checking around the function where appropriate.
Also fail early when creating a new bundle if it isn't possible to
access the bundle database.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
This function will try to read a file into a byte buffer, and, if the
file doesn't exist, create its containing directory and the file itself.
If any of those actions fail due to permissions, the function will print
a warning about running the tool as root.
Reading from the file and bundle databases works like this, so the error
checking should be implemented in a single place.
Also, use the new function in ReadFileDatabase().
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
- Introduces dependency on sys/unix for unix.Access. This is necessary
only in keys.go, since we run 'sbsign' as a command and can't check if
it failed due to permissions.
- Allows removing special casing in main.go for commands that don't
require root permissions.
- ReadFileDatabase() can now return errors due to the multiple ways in
which it can fail; it also warns the user about possibly requiring root.
- ReadFileDatabase() was using the global DBPath instead of its dbpath
parameter in multiple places. This has been fixed.
- VerifyESP() can now run without root.
- SignFile() checks if it can read the DB key before running sbsign.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
If ReadFile errors out, the error would only be checked after the
function attempts to read the buffer into the hasher. This commit fixes
that, checking the error as soon as possible.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>
This allows err to be used anywhere as the error variable, instead of
having to use "e", for example. This commit also fixes a bug where the
PrintGenerateError() calls in CombineFiles() were using "err" as the
argument for error, when it should have been "e" - since "err" was the
logger and could be used in that way, the compiler didn't complain.
Signed-off-by: Érico Rolim <erico.erc@gmail.com>