rootcert.c File Reference

Root certificate store. More...

#include <stdlib.h>
#include <ipxe/crypto.h>
#include <ipxe/sha256.h>
#include <ipxe/x509.h>
#include <ipxe/settings.h>
#include <ipxe/dhcp.h>
#include <ipxe/init.h>
#include <ipxe/rootcert.h>

Go to the source code of this file.

Macros
#define	FINGERPRINT_LEN   SHA256_DIGEST_SIZE
	Length of a root certificate fingerprint.
#define	ALLOW_TRUST_OVERRIDE   1
#define	TRUSTED

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
	FILE_SECBOOT (PERMITTED)
static struct setting trust_setting	__setting (SETTING_CRYPTO, trust)
	Root certificate fingerprint setting.
static void	rootcert_init (void)
	Initialise root certificate.
struct startup_fn rootcert_startup_fn	__startup_fn (STARTUP_LATE)
	Root certificate initialiser.

Variables
const int	allow_trust_override = ALLOW_TRUST_OVERRIDE
	Flag indicating if root of trust may be overridden at runtime.
static const uint8_t	fingerprints [] = { TRUSTED }
	Root certificate fingerprints.
struct x509_root	root_certificates
	Root certificates.

Detailed Description

Root certificate store.

Definition in file rootcert.c.

Macro Definition Documentation

FINGERPRINT_LEN

#define FINGERPRINT_LEN   SHA256_DIGEST_SIZE

Length of a root certificate fingerprint.

Definition at line 43 of file rootcert.c.

Referenced by rootcert_init().

ALLOW_TRUST_OVERRIDE

#define ALLOW_TRUST_OVERRIDE   1

Definition at line 50 of file rootcert.c.

Referenced by rootcert_init().

TRUSTED

#define TRUSTED

Value:

        /* iPXE root CA */                                              \
        0x9f, 0xaf, 0x71, 0x7b, 0x7f, 0x8c, 0xa2, 0xf9, 0x3c, 0x25,     \
        0x6c, 0x79, 0xf8, 0xac, 0x55, 0x91, 0x89, 0x5d, 0x66, 0xd1,     \
        0xff, 0x3b, 0xee, 0x63, 0x97, 0xa7, 0x0d, 0x29, 0xc6, 0x5e,     \
        0xed, 0x1a,

Definition at line 56 of file rootcert.c.

#define TRUSTED                                                         \
        /* iPXE root CA */                                              \
        0x9f, 0xaf, 0x71, 0x7b, 0x7f, 0x8c, 0xa2, 0xf9, 0x3c, 0x25,     \
        0x6c, 0x79, 0xf8, 0xac, 0x55, 0x91, 0x89, 0x5d, 0x66, 0xd1,     \
        0xff, 0x3b, 0xee, 0x63, 0x97, 0xa7, 0x0d, 0x29, 0xc6, 0x5e,     \
        0xed, 0x1a,

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

FILE_SECBOOT()

FILE_SECBOOT

(

PERMITTED

)

__setting()

struct setting trust_setting __setting ( SETTING_CRYPTO , trust  )

static

Root certificate fingerprint setting.

References __setting, DHCP_EB_TRUST, and SETTING_CRYPTO.

rootcert_init()

void rootcert_init ( void )

static

Initialise root certificate.

The list of trusted root certificates can be specified at build time using the TRUST= build parameter. If no certificates are specified, then the default iPXE root CA certificate is trusted.

If no certificates were explicitly specified, then we allow the list of trusted root certificate fingerprints to be overridden using the "trust" setting, but only at the point of iPXE initialisation. This prevents untrusted sources of settings (e.g. DHCP) from subverting the chain of trust, while allowing trustworthy sources (e.g. VMware GuestInfo or non-volatile stored options) to specify the trusted root certificate without requiring a rebuild.

Definition at line 102 of file rootcert.c.

                                   {
        static int initialised;
        void *external = NULL;
        int len;
 
        /* Allow trusted root certificates to be overridden only if
         * not explicitly specified at build time.
         */
        if ( ALLOW_TRUST_OVERRIDE && ( ! initialised ) ) {
 
                /* Fetch copy of "trust" setting, if it exists.  This
                 * memory will never be freed.
                 */
                if ( ( len = fetch_raw_setting_copy ( NULL, &trust_setting,
                                                      &external ) ) >= 0 ) {
                        root_certificates.fingerprints = external;
                        root_certificates.count = ( len / FINGERPRINT_LEN );
                }
 
                /* Prevent subsequent modifications */
                initialised = 1;
        }
 
        DBGC ( &root_certificates, "ROOTCERT using %d %s certificate(s):\n",
               root_certificates.count, ( external ? "external" : "built-in" ));
        DBGC_HDA ( &root_certificates, 0, root_certificates.fingerprints,
                   ( root_certificates.count * FINGERPRINT_LEN ) );
}

References ALLOW_TRUST_OVERRIDE, DBGC, DBGC_HDA, fetch_raw_setting_copy(), FINGERPRINT_LEN, len, NULL, and root_certificates.

Referenced by __startup_fn().

__startup_fn()

struct startup_fn rootcert_startup_fn __startup_fn

(

STARTUP_LATE

)

Root certificate initialiser.

References __startup_fn, rootcert_init(), and STARTUP_LATE.

Variable Documentation

allow_trust_override

const int allow_trust_override = ALLOW_TRUST_OVERRIDE

Flag indicating if root of trust may be overridden at runtime.

Definition at line 65 of file rootcert.c.

Referenced by efi_cacert(), and FILE_SECBOOT().

fingerprints

const uint8_t fingerprints[] = { TRUSTED }

static

Root certificate fingerprints.

Definition at line 68 of file rootcert.c.

{ TRUSTED };

root_certificates

struct x509_root root_certificates

Initial value:

= {
        .refcnt = REF_INIT ( ref_no_free ),
        .digest = &sha256_algorithm,
        .count = ( sizeof ( fingerprints ) / FINGERPRINT_LEN ),
        .fingerprints = fingerprints,
}

Root certificates.

Definition at line 79 of file rootcert.c.

                                     {
        .refcnt = REF_INIT ( ref_no_free ),
        .digest = &sha256_algorithm,
        .count = ( sizeof ( fingerprints ) / FINGERPRINT_LEN ),
        .fingerprints = fingerprints,
};

Referenced by add_tls(), efi_cacert(), FILE_SECBOOT(), ocsp_prepare_test(), rootcert_init(), x509_is_valid(), and x509_validate().