loader: ignore some variable settings if input unverified

libsecureboot can tell us if the most recent file opened was
verfied or not.
If it's state is VE_UNVERIFIED_OK, skip if variable
matches one of the restricted prefixes.

Reviewed by:	stevek
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D20909
This commit is contained in:
Simon J. Gerraty 2019-07-17 23:33:14 +00:00
parent 068ad27de3
commit bbac74ca3c
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=350099

View File

@ -304,6 +304,36 @@ command_set(int argc, char *argv[])
command_errmsg = "wrong number of arguments";
return (CMD_ERROR);
} else {
#ifdef LOADER_VERIEXEC
/*
* Impose restrictions if input is not verified
*/
const char *restricted[] = {
"boot",
"init",
"loader.ve.",
"rootfs",
"secur",
"vfs.",
NULL,
};
const char **cp;
int ves;
ves = ve_status_get(-1);
if (ves == VE_UNVERIFIED_OK) {
#ifdef LOADER_VERIEXEC_TESTING
printf("Checking: %s\n", argv[1]);
#endif
for (cp = restricted; *cp; cp++) {
if (strncmp(argv[1], *cp, strlen(*cp)) == 0) {
printf("Ignoring restricted variable: %s\n",
argv[1]);
return (CMD_OK);
}
}
}
#endif
if ((err = putenv(argv[1])) != 0) {
command_errmsg = strerror(err);
return (CMD_ERROR);