VirtualBox

Changeset 98988 in vbox for trunk/src/VBox


Ignore:
Timestamp:
Mar 15, 2023 3:00:19 PM (23 months ago)
Author:
vboxsync
Message:

VBoxManage: Introduce modifynvram enrollmok sub-command, bugref:10287.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Frontends/VBoxManage/VBoxManageModifyNvram.cpp

    r98103 r98988  
    9090
    9191/**
     92 * Helper for handleModifyNvramEnrollPlatformKey() and handleModifyNvramEnrollMok().
     93 *
     94 * This function reads key from file and enrolls it either as a PK (Platform Key)
     95 * or as a MOK (Machine Owner Key).
     96 *
     97 * @returns Exit code.
     98 * @param   pszKey          Path to a file which contains the key.
     99 * @param   pszOwnerUuid    Owner's UUID.
     100 * @param   nvramStore      Reference to the NVRAM store interface.
     101 * @param   fPk             If True, a key will be enrolled as a PK, otherwise as a MOK.
     102 */
     103static RTEXITCODE handleModifyNvramEnrollPlatformKeyOrMok(const char *pszKey, const char *pszOwnerUuid,
     104                                                          ComPtr<INvramStore> &nvramStore, bool fPk)
     105{
     106    RTFILE hKeyFile;
     107
     108    int vrc = RTFileOpen(&hKeyFile, pszKey, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
     109    if (RT_SUCCESS(vrc))
     110    {
     111        uint64_t cbSize;
     112        vrc = RTFileQuerySize(hKeyFile, &cbSize);
     113        if (RT_SUCCESS(vrc))
     114        {
     115            if (cbSize <= _32K)
     116            {
     117                SafeArray<BYTE> aKey((size_t)cbSize);
     118                vrc = RTFileRead(hKeyFile, aKey.raw(), (size_t)cbSize, NULL);
     119                if (RT_SUCCESS(vrc))
     120                {
     121                    RTFileClose(hKeyFile);
     122
     123                    ComPtr<IUefiVariableStore> uefiVarStore;
     124                    CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
     125                    if (fPk)
     126                        CHECK_ERROR2I_RET(uefiVarStore, EnrollPlatformKey(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE);
     127                    else
     128                        CHECK_ERROR2I_RET(uefiVarStore, AddSignatureToMok(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw(), SignatureType_X509), RTEXITCODE_FAILURE);
     129
     130                    return RTEXITCODE_SUCCESS;
     131                }
     132                else
     133                    RTMsgError(Nvram::tr("Cannot read contents of file \"%s\": %Rrc"), pszKey, vrc);
     134            }
     135            else
     136                RTMsgError(Nvram::tr("File \"%s\" is bigger than 32KByte"), pszKey);
     137        }
     138        else
     139            RTMsgError(Nvram::tr("Cannot get size of file \"%s\": %Rrc"), pszKey, vrc);
     140
     141        RTFileClose(hKeyFile);
     142    }
     143    else
     144        RTMsgError(Nvram::tr("Cannot open file \"%s\": %Rrc"), pszKey, vrc);
     145
     146    return RTEXITCODE_FAILURE;
     147}
     148
     149
     150/**
    92151 * Handles the 'modifynvram myvm enrollpk' sub-command.
    93152 * @returns Exit code.
    94153 * @param   a               The handler argument package.
    95  * @param   nvram           Reference to the NVRAM store interface.
     154 * @param   nvramStore      Reference to the NVRAM store interface.
    96155 */
    97156static RTEXITCODE handleModifyNvramEnrollPlatformKey(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
     
    133192        return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\""));
    134193
    135     RTFILE hPkFile;
    136     vrc = RTFileOpen(&hPkFile, pszPlatformKey, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE);
    137     if (RT_SUCCESS(vrc))
    138     {
    139         uint64_t cbSize;
    140         vrc = RTFileQuerySize(hPkFile, &cbSize);
    141         if (RT_SUCCESS(vrc))
    142         {
    143             if (cbSize <= _32K)
    144             {
    145                 SafeArray<BYTE> aPk((size_t)cbSize);
    146                 vrc = RTFileRead(hPkFile, aPk.raw(), (size_t)cbSize, NULL);
    147                 if (RT_SUCCESS(vrc))
    148                 {
    149                     RTFileClose(hPkFile);
    150 
    151                     ComPtr<IUefiVariableStore> uefiVarStore;
    152                     CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE);
    153                     CHECK_ERROR2I_RET(uefiVarStore, EnrollPlatformKey(ComSafeArrayAsInParam(aPk), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE);
    154                     return RTEXITCODE_SUCCESS;
    155                 }
    156                 else
    157                     RTMsgError(Nvram::tr("Cannot read contents of file \"%s\": %Rrc"), pszPlatformKey, vrc);
    158             }
    159             else
    160                 RTMsgError(Nvram::tr("File \"%s\" is bigger than 32KByte"), pszPlatformKey);
    161         }
    162         else
    163             RTMsgError(Nvram::tr("Cannot get size of file \"%s\": %Rrc"), pszPlatformKey, vrc);
    164 
    165         RTFileClose(hPkFile);
    166     }
    167     else
    168         RTMsgError(Nvram::tr("Cannot open file \"%s\": %Rrc"), pszPlatformKey, vrc);
    169 
    170     return RTEXITCODE_FAILURE;
     194    return handleModifyNvramEnrollPlatformKeyOrMok(pszPlatformKey, pszOwnerUuid, nvramStore, true /* fPk */);
     195}
     196
     197
     198/**
     199 * Handles the 'modifynvram myvm enrollmok' sub-command.
     200 * @returns Exit code.
     201 * @param   a               The handler argument package.
     202 * @param   nvramStore      Reference to the NVRAM store interface.
     203 */
     204static RTEXITCODE handleModifyNvramEnrollMok(HandlerArg *a, ComPtr<INvramStore> &nvramStore)
     205{
     206    static const RTGETOPTDEF s_aOptions[] =
     207    {
     208        /* common options */
     209        { "--mok",          'p', RTGETOPT_REQ_STRING },
     210        { "--owner-uuid",   'f', RTGETOPT_REQ_STRING }
     211    };
     212
     213    const char *pszMok = NULL;
     214    const char *pszOwnerUuid = NULL;
     215
     216    RTGETOPTSTATE GetState;
     217    int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0);
     218    AssertRCReturn(vrc, RTEXITCODE_FAILURE);
     219
     220    int c;
     221    RTGETOPTUNION ValueUnion;
     222    while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0)
     223    {
     224        switch (c)
     225        {
     226            case 'p':
     227                pszMok = ValueUnion.psz;
     228                break;
     229            case 'f':
     230                pszOwnerUuid = ValueUnion.psz;
     231                break;
     232            default:
     233                return errorGetOpt(c, &ValueUnion);
     234        }
     235    }
     236
     237    if (!pszMok)
     238        return errorSyntax(Nvram::tr("No machine owner key file path was given to \"enrollpk\""));
     239    if (!pszOwnerUuid)
     240        return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\""));
     241
     242    return handleModifyNvramEnrollPlatformKeyOrMok(pszMok, pszOwnerUuid, nvramStore, false /* fPk */);
    171243}
    172244
     
    466538        hrc = handleModifyNvramEnrollPlatformKey(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
    467539    }
     540    else if (!strcmp(a->argv[1], "enrollmok"))
     541    {
     542        setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLMOK);
     543        hrc = handleModifyNvramEnrollMok(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL;
     544    }
    468545    else if (!strcmp(a->argv[1], "enrollorclpk"))
    469546    {
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette