Changeset 98988 in vbox for trunk/src/VBox
- Timestamp:
- Mar 15, 2023 3:00:19 PM (23 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Frontends/VBoxManage/VBoxManageModifyNvram.cpp
r98103 r98988 90 90 91 91 /** 92 * Helper for handleModifyNvramEnrollPlatformKey() and handleModifyNvramEnrollMok(). 93 * 94 * This function reads key from file and enrolls it either as a PK (Platform Key) 95 * or as a MOK (Machine Owner Key). 96 * 97 * @returns Exit code. 98 * @param pszKey Path to a file which contains the key. 99 * @param pszOwnerUuid Owner's UUID. 100 * @param nvramStore Reference to the NVRAM store interface. 101 * @param fPk If True, a key will be enrolled as a PK, otherwise as a MOK. 102 */ 103 static RTEXITCODE handleModifyNvramEnrollPlatformKeyOrMok(const char *pszKey, const char *pszOwnerUuid, 104 ComPtr<INvramStore> &nvramStore, bool fPk) 105 { 106 RTFILE hKeyFile; 107 108 int vrc = RTFileOpen(&hKeyFile, pszKey, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE); 109 if (RT_SUCCESS(vrc)) 110 { 111 uint64_t cbSize; 112 vrc = RTFileQuerySize(hKeyFile, &cbSize); 113 if (RT_SUCCESS(vrc)) 114 { 115 if (cbSize <= _32K) 116 { 117 SafeArray<BYTE> aKey((size_t)cbSize); 118 vrc = RTFileRead(hKeyFile, aKey.raw(), (size_t)cbSize, NULL); 119 if (RT_SUCCESS(vrc)) 120 { 121 RTFileClose(hKeyFile); 122 123 ComPtr<IUefiVariableStore> uefiVarStore; 124 CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE); 125 if (fPk) 126 CHECK_ERROR2I_RET(uefiVarStore, EnrollPlatformKey(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE); 127 else 128 CHECK_ERROR2I_RET(uefiVarStore, AddSignatureToMok(ComSafeArrayAsInParam(aKey), Bstr(pszOwnerUuid).raw(), SignatureType_X509), RTEXITCODE_FAILURE); 129 130 return RTEXITCODE_SUCCESS; 131 } 132 else 133 RTMsgError(Nvram::tr("Cannot read contents of file \"%s\": %Rrc"), pszKey, vrc); 134 } 135 else 136 RTMsgError(Nvram::tr("File \"%s\" is bigger than 32KByte"), pszKey); 137 } 138 else 139 RTMsgError(Nvram::tr("Cannot get size of file \"%s\": %Rrc"), pszKey, vrc); 140 141 RTFileClose(hKeyFile); 142 } 143 else 144 RTMsgError(Nvram::tr("Cannot open file \"%s\": %Rrc"), pszKey, vrc); 145 146 return RTEXITCODE_FAILURE; 147 } 148 149 150 /** 92 151 * Handles the 'modifynvram myvm enrollpk' sub-command. 93 152 * @returns Exit code. 94 153 * @param a The handler argument package. 95 * @param nvram 154 * @param nvramStore Reference to the NVRAM store interface. 96 155 */ 97 156 static RTEXITCODE handleModifyNvramEnrollPlatformKey(HandlerArg *a, ComPtr<INvramStore> &nvramStore) … … 133 192 return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\"")); 134 193 135 RTFILE hPkFile; 136 vrc = RTFileOpen(&hPkFile, pszPlatformKey, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_WRITE); 137 if (RT_SUCCESS(vrc)) 138 { 139 uint64_t cbSize; 140 vrc = RTFileQuerySize(hPkFile, &cbSize); 141 if (RT_SUCCESS(vrc)) 142 { 143 if (cbSize <= _32K) 144 { 145 SafeArray<BYTE> aPk((size_t)cbSize); 146 vrc = RTFileRead(hPkFile, aPk.raw(), (size_t)cbSize, NULL); 147 if (RT_SUCCESS(vrc)) 148 { 149 RTFileClose(hPkFile); 150 151 ComPtr<IUefiVariableStore> uefiVarStore; 152 CHECK_ERROR2I_RET(nvramStore, COMGETTER(UefiVariableStore)(uefiVarStore.asOutParam()), RTEXITCODE_FAILURE); 153 CHECK_ERROR2I_RET(uefiVarStore, EnrollPlatformKey(ComSafeArrayAsInParam(aPk), Bstr(pszOwnerUuid).raw()), RTEXITCODE_FAILURE); 154 return RTEXITCODE_SUCCESS; 155 } 156 else 157 RTMsgError(Nvram::tr("Cannot read contents of file \"%s\": %Rrc"), pszPlatformKey, vrc); 158 } 159 else 160 RTMsgError(Nvram::tr("File \"%s\" is bigger than 32KByte"), pszPlatformKey); 161 } 162 else 163 RTMsgError(Nvram::tr("Cannot get size of file \"%s\": %Rrc"), pszPlatformKey, vrc); 164 165 RTFileClose(hPkFile); 166 } 167 else 168 RTMsgError(Nvram::tr("Cannot open file \"%s\": %Rrc"), pszPlatformKey, vrc); 169 170 return RTEXITCODE_FAILURE; 194 return handleModifyNvramEnrollPlatformKeyOrMok(pszPlatformKey, pszOwnerUuid, nvramStore, true /* fPk */); 195 } 196 197 198 /** 199 * Handles the 'modifynvram myvm enrollmok' sub-command. 200 * @returns Exit code. 201 * @param a The handler argument package. 202 * @param nvramStore Reference to the NVRAM store interface. 203 */ 204 static RTEXITCODE handleModifyNvramEnrollMok(HandlerArg *a, ComPtr<INvramStore> &nvramStore) 205 { 206 static const RTGETOPTDEF s_aOptions[] = 207 { 208 /* common options */ 209 { "--mok", 'p', RTGETOPT_REQ_STRING }, 210 { "--owner-uuid", 'f', RTGETOPT_REQ_STRING } 211 }; 212 213 const char *pszMok = NULL; 214 const char *pszOwnerUuid = NULL; 215 216 RTGETOPTSTATE GetState; 217 int vrc = RTGetOptInit(&GetState, a->argc - 2, &a->argv[2], s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0); 218 AssertRCReturn(vrc, RTEXITCODE_FAILURE); 219 220 int c; 221 RTGETOPTUNION ValueUnion; 222 while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0) 223 { 224 switch (c) 225 { 226 case 'p': 227 pszMok = ValueUnion.psz; 228 break; 229 case 'f': 230 pszOwnerUuid = ValueUnion.psz; 231 break; 232 default: 233 return errorGetOpt(c, &ValueUnion); 234 } 235 } 236 237 if (!pszMok) 238 return errorSyntax(Nvram::tr("No machine owner key file path was given to \"enrollpk\"")); 239 if (!pszOwnerUuid) 240 return errorSyntax(Nvram::tr("No owner UUID was given to \"enrollpk\"")); 241 242 return handleModifyNvramEnrollPlatformKeyOrMok(pszMok, pszOwnerUuid, nvramStore, false /* fPk */); 171 243 } 172 244 … … 466 538 hrc = handleModifyNvramEnrollPlatformKey(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL; 467 539 } 540 else if (!strcmp(a->argv[1], "enrollmok")) 541 { 542 setCurrentSubcommand(HELP_SCOPE_MODIFYNVRAM_ENROLLMOK); 543 hrc = handleModifyNvramEnrollMok(a, nvramStore) == RTEXITCODE_SUCCESS ? S_OK : E_FAIL; 544 } 468 545 else if (!strcmp(a->argv[1], "enrollorclpk")) 469 546 {
Note:
See TracChangeset
for help on using the changeset viewer.