[ipxe-devel] [RESEND PATCH 2/5] [image] Make initrd, cmdline, and embedded images trusted

Ladi Prosek lprosek at redhat.com
Fri Mar 3 12:37:04 UTC 2017


There is a difference in the implicit level of trust granted to images
coming from the same source as iPXE, compared to ones downloaded later
from network. An attacker who is able to replace initrd, kernel command
line, or an embedded image may as well replace the iPXE binary itself.

This commit makes initrd, kernel command line, and images embedded in
the iPXE binary trusted in terms of the IMAGE_TRUSTED flag.

Signed-off-by: Ladi Prosek <lprosek at redhat.com>
---
 src/arch/x86/core/runtime.c | 4 ++++
 src/image/embedded.c        | 1 +
 2 files changed, 5 insertions(+)

diff --git a/src/arch/x86/core/runtime.c b/src/arch/x86/core/runtime.c
index d160fee..3739055 100644
--- a/src/arch/x86/core/runtime.c
+++ b/src/arch/x86/core/runtime.c
@@ -78,6 +78,7 @@ static struct image cmdline_image = {
 	.refcnt = REF_INIT ( cmdline_image_free ),
 	.name = "<CMDLINE>",
 	.type = &script_image_type,
+	.flags = IMAGE_TRUSTED,
 };
 
 /** Colour for debug messages */
@@ -208,6 +209,9 @@ static int initrd_init ( void ) {
 		goto err_set_name;
 	}
 
+	/* Initrd is trusted by default */
+	image->flags |= IMAGE_TRUSTED;
+
 	/* Allocate and copy initrd content */
 	image->data = umalloc ( initrd_len );
 	if ( ! image->data ) {
diff --git a/src/image/embedded.c b/src/image/embedded.c
index 376e5d2..6a2ed36 100644
--- a/src/image/embedded.c
+++ b/src/image/embedded.c
@@ -35,6 +35,7 @@ EMBED_ALL
 	.name = _name,							\
 	.data = ( userptr_t ) ( embedded_image_ ## _index ## _data ),	\
 	.len = ( size_t ) embedded_image_ ## _index ## _len,		\
+	.flags = IMAGE_TRUSTED,						\
 },
 static struct image embedded_images[] = {
 	EMBED_ALL
-- 
2.7.4




More information about the ipxe-devel mailing list