Root certificate store. More...

#include <stdlib.h>
#include <ipxe/crypto.h>
#include <ipxe/sha256.h>
#include <ipxe/x509.h>
#include <ipxe/settings.h>
#include <ipxe/dhcp.h>
#include <ipxe/init.h>
#include <ipxe/rootcert.h>

Macros
#define	FINGERPRINT_LEN SHA256_DIGEST_SIZE
	Length of a root certificate fingerprint. More...

#define	ALLOW_TRUST_OVERRIDE 1

#define	TRUSTED

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)

static struct setting trust_setting	__setting (SETTING_CRYPTO, trust)
	Root certificate fingerprint setting. More...

static void	rootcert_init (void)
	Initialise root certificate. More...

struct startup_fn rootcert_startup_fn	__startup_fn (STARTUP_LATE)
	Root certificate initialiser. More...

Variables
const int	allow_trust_override = ALLOW_TRUST_OVERRIDE
	Flag indicating if root of trust may be overridden at runtime. More...

static const uint8_t	fingerprints [] = { TRUSTED }
	Root certificate fingerprints. More...

struct x509_root	root_certificates
	Root certificates. More...

Detailed Description

Root certificate store.

Definition in file rootcert.c.

Macro Definition Documentation

◆ FINGERPRINT_LEN

#define FINGERPRINT_LEN SHA256_DIGEST_SIZE

Length of a root certificate fingerprint.

Definition at line 42 of file rootcert.c.

◆ ALLOW_TRUST_OVERRIDE

#define ALLOW_TRUST_OVERRIDE 1

Definition at line 49 of file rootcert.c.

◆ TRUSTED

#define TRUSTED

Value:

/* iPXE root CA */                                              \
        0x9f, 0xaf, 0x71, 0x7b, 0x7f, 0x8c, 0xa2, 0xf9, 0x3c, 0x25,     \
        0x6c, 0x79, 0xf8, 0xac, 0x55, 0x91, 0x89, 0x5d, 0x66, 0xd1,     \
        0xff, 0x3b, 0xee, 0x63, 0x97, 0xa7, 0x0d, 0x29, 0xc6, 0x5e,     \
        0xed, 0x1a,

Definition at line 55 of file rootcert.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ __setting()

static struct setting trust_setting __setting	(	SETTING_CRYPTO	,
		trust
	)

static

Root certificate fingerprint setting.

◆ rootcert_init()

static void rootcert_init ( void )

static

Initialise root certificate.

The list of trusted root certificates can be specified at build time using the TRUST= build parameter. If no certificates are specified, then the default iPXE root CA certificate is trusted.

If no certificates were explicitly specified, then we allow the list of trusted root certificate fingerprints to be overridden using the "trust" setting, but only at the point of iPXE initialisation. This prevents untrusted sources of settings (e.g. DHCP) from subverting the chain of trust, while allowing trustworthy sources (e.g. VMware GuestInfo or non-volatile stored options) to specify the trusted root certificate without requiring a rebuild.

Definition at line 101 of file rootcert.c.

                                    {
         static int initialised;
         void *external = NULL;
         int len;
 
         /* Allow trusted root certificates to be overridden only if
          * not explicitly specified at build time.
          */
         if ( ALLOW_TRUST_OVERRIDE && ( ! initialised ) ) {
 
                 /* Fetch copy of "trust" setting, if it exists.  This
                  * memory will never be freed.
                  */
                 if ( ( len = fetch_raw_setting_copy ( NULL, &trust_setting,
                                                       &external ) ) >= 0 ) {
                         root_certificates.fingerprints = external;
                         root_certificates.count = ( len / FINGERPRINT_LEN );
                 }
 
                 /* Prevent subsequent modifications */
                 initialised = 1;
         }
 
         DBGC ( &root_certificates, "ROOTCERT using %d %s certificate(s):\n",
                root_certificates.count, ( external ? "external" : "built-in" ));
         DBGC_HDA ( &root_certificates, 0, root_certificates.fingerprints,
                    ( root_certificates.count * FINGERPRINT_LEN ) );
 }

References ALLOW_TRUST_OVERRIDE, x509_root::count, DBGC, DBGC_HDA, fetch_raw_setting_copy(), FINGERPRINT_LEN, x509_root::fingerprints, len, NULL, and root_certificates.

◆ __startup_fn()

struct startup_fn rootcert_startup_fn __startup_fn ( STARTUP_LATE )

Root certificate initialiser.

Variable Documentation

◆ allow_trust_override

const int allow_trust_override = ALLOW_TRUST_OVERRIDE

Flag indicating if root of trust may be overridden at runtime.

Definition at line 64 of file rootcert.c.

Referenced by efi_cacert().

◆ fingerprints

const uint8_t fingerprints[] = { TRUSTED }

static

Root certificate fingerprints.

Definition at line 67 of file rootcert.c.

◆ root_certificates

struct x509_root root_certificates

Initial value:

= {
        .refcnt = REF_INIT ( ref_no_free ),
        .digest = &sha256_algorithm,
        .count = ( sizeof ( fingerprints ) / FINGERPRINT_LEN ),
        .fingerprints = fingerprints,
}

Root certificates.

Definition at line 78 of file rootcert.c.

Referenced by add_tls(), efi_cacert(), ocsp_prepare_test(), rootcert_init(), x509_is_valid(), and x509_validate().

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ FINGERPRINT_LEN

◆ ALLOW_TRUST_OVERRIDE

◆ TRUSTED

Function Documentation

◆ FILE_LICENCE()

◆ __setting()

◆ rootcert_init()

◆ __startup_fn()

Variable Documentation

◆ allow_trust_override

◆ fingerprints

◆ root_certificates