sbchooser: add --explain

This adds an explainer mode to sbchooser, which attempts to tell the
user which PE binaries are allowed based on which db entries they are
trusted or revoked by.

Signed-off-by: Peter Jones <pjones@redhat.com>

Author: vathpela

docs/sbchooser.1.mdoc

@@ -66,6 +66,9 @@ Load the UEFI revoked key database from this system (default)
 Load an EFI binary from \fIpe\-file\fR.
 
 By default, if \fB-i\fR is not used, \fBsbchooser\fR reads a list of input files on \fIstandard in\fR.  If \fIpe-file\fR is \fB-\fR, \fBsbchooser\fR will look for input files on \fIstandard in\fR as well as any \fB-i\fR input options.
+.It Ao Fl e | Fl Fl explain Ac
+Instead of producing the normal results, attempt to explain the reason for
+trusting or distrusting each input PE file.
 .It Fl Fl Ec
 All following options are treated as input files.  Can be used with \fB-i -\fR to suppliment \fIstandard in\fR.
 .El
@@ -177,6 +180,29 @@ host:~$ sbchooser -s -d db.shim-15.5.el7.x64.sha256 -- \\
 /usr/lib/shim/shim-15-2.fedora.x64.msft2011.efi
 host:~$ 
 .Ed
+.Ss Explanation of choosing which bootloader is most appropriate with local security databases:
+.Bd -literal
+host:~$ sbchooser --db db.msft2023 --dbx db.msft2011 --explain -- \\
+                  /usr/lib/shim/shim-13-0.2.fedora.x64.nosigs.efi \\
+                  /usr/lib/shim/shim-15-2.fedora.x64.msft2011.efi \\
+                  /usr/lib/shim/shim-15-7.el7_2.x64.msft2011.efi \\
+                  /usr/lib/shim/shim-15-7.el7_2.x64.nosigs.efi \\
+                  /usr/lib/shim/shim-15.5-1.el9.x64.msft2011.efi \\
+                  /usr/lib/shim/shim-15.5.el7.x64.nosigs.efi \\
+                  /usr/lib/shim/shim-16.1-4.el10.x64.msft2011.efi \\
+                  /usr/lib/shim/shim-16.1-4.el10.x64.msft2011.msft2023.efi \\
+                  /usr/lib/shim/shim-16.1-4.el10.x64.msft2023.efi
+/usr/lib/shim/shim-16.1-4.el10.x64.msft2011.msft2023.efi is trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft UEFI CA 2023 signer" is trusted by "/C=US/O=Microsoft Corporation/CN=Microsoft UEFI CA 2023" in db
+/usr/lib/shim/shim-16.1-4.el10.x64.msft2023.efi is trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft UEFI CA 2023 signer" is trusted by "/C=US/O=Microsoft Corporation/CN=Microsoft UEFI CA 2023" in db
+/usr/lib/shim/shim-16.1-4.el10.x64.msft2011.efi is not trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher" is revoked by "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011" in dbx
+/usr/lib/shim/shim-15.5-1.el9.x64.msft2011.efi is not trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher" is revoked by "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011" in dbx
+/usr/lib/shim/shim-15-7.el7_2.x64.msft2011.efi is not trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher" is revoked by "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011" in dbx
+/usr/lib/shim/shim-15-2.fedora.x64.msft2011.efi is not trusted because cert "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher" is revoked by "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011" in dbx
+/usr/lib/shim/shim-13-0.2.fedora.x64.nosigs.efi is not trusted because no certs or hashes trust it
+/usr/lib/shim/shim-15-7.el7_2.x64.nosigs.efi is not trusted because no certs or hashes trust it
+/usr/lib/shim/shim-15.5.el7.x64.nosigs.efi is not trusted because no certs or hashes trust it
+host:~$ 
+.Ed
 .Sh STANDARDS
 .Rs
 .%A UEFI Specification Working Group

src/sbchooser-pe.c

@@ -191,6 +191,13 @@ update_cert_trust(sbchooser_context_t *ctx, cert_data_t *cert)
 
 		X509_NAME_oneline(cert->revoked_cert->subject, revoker, 4095);
 
+		if (cert->rationale) {
+			free(cert->rationale);
+			cert->rationale = NULL;
+			debug("updating cert rationale to revoked");
+		}
+		asprintf(&cert->rationale, "cert \"%s\" is revoked by \"%s\" in dbx",
+			 subject, revoker);
 		debug("cert \"%s\" revoked by \"%s\"", subject, revoker);
 		cert->revoked = true;
 	} else {
@@ -205,6 +212,11 @@ update_cert_trust(sbchooser_context_t *ctx, cert_data_t *cert)
 		X509_NAME_oneline(cert->trust_anchor_cert->subject,
 				  trust_anchor, 4095);
 
+		if (!cert->rationale) {
+			debug("updating cert rationale to trusted");
+			asprintf(&cert->rationale, "cert \"%s\" is trusted by \"%s\" in db",
+				 subject, trust_anchor);
+		}
 		debug("cert \"%s\" trusted by \"%s\"", subject, trust_anchor);
 		cert->trusted = true;
 	} else {
@@ -308,11 +320,19 @@ update_sig_trust(sbchooser_context_t *ctx, sig_data_t *sig)
 
 		update_cert_trust(ctx, sigcert);
 
-		if (sigcert->trusted)
+		if (sigcert->trusted) {
+			if (!sig->revoked) {
+				debug("updating sig rationale to trusted");
+				sig->rationale = sigcert->rationale;
+			}
 			sig->trusted = true;
+		}
 
-		if (sigcert->revoked)
+		if (sigcert->revoked) {
+			debug("updating sig rationale to revoked");
+			sig->rationale = sigcert->rationale;
 			sig->revoked = true;
+		}
 	}
 	if (sig->revoked)
 		sig->trusted = false;
@@ -931,9 +951,18 @@ update_pe_security(sbchooser_context_t *ctx, pe_file_t *pe)
 
 		update_sig_trust(ctx, sig);
 
+		if (sig->rationale && !pe->rationale) {
+			debug("updating pe rationale to %s", sig->revoked ? "revoked" : (sig->trusted ? "trusted" : ""));
+			pe->rationale = sig->rationale;
+		}
+
 		if (sig->trusted) {
-			pe->has_trusted_signature = true;
 			found_trusted_sig = true;
+			if (!pe->has_trusted_signature && pe->rationale) {
+				debug("updating pe rationale to %s", sig->revoked ? "revoked" : (sig->trusted ? "trusted" : ""));
+				pe->rationale = sig->rationale;
+			}
+			pe->has_trusted_signature = true;
 
 			if (sig->lowest_md_secbits < lowest_md_secbits) {
 				lowest_md_secbits = sig->lowest_md_secbits;

src/sbchooser-pe.h

@@ -71,6 +71,11 @@ struct sig_data {
 	 */
 	const ASN1_TIME *earliest_not_before;
 	const ASN1_TIME *latest_not_after;
+
+	/*
+	 * why was this revoked or trusted?  Borrowed from certs
+	 */
+	char *rationale;
 };
 
 typedef struct sig_data sig_data_t;
@@ -120,6 +125,11 @@ struct pe_file {
 	const ASN1_TIME *earliest_not_before;
 	const ASN1_TIME *latest_not_after;
 
+	/*
+	 * why was this revoked or trusted?  Borrowed from sigs
+	 */
+	char *rationale;
+
 	bool first_sig_only;	// should only the first signature be scored?
 };
 

src/sbchooser-x509.c

@@ -112,6 +112,12 @@ free_cert(cert_data_t *cert)
 		X509_free(cert->x509);
 		cert->x509 = NULL;
 	}
+
+	if (cert->rationale) {
+		free(cert->rationale);
+		cert->rationale = NULL;
+	}
+
 	free(cert);
 }
 

src/sbchooser-x509.h

@@ -44,6 +44,8 @@ struct cert_data {
 
 	bool revoked;
 	cert_data_t *revoked_cert;	// the cert that's actually in dbx
+
+	char *rationale;		// why was this revoked or trusted
 };
 
 void free_cert(cert_data_t *cert);

src/sbchooser.c

@@ -88,7 +88,7 @@ add_one_pe_to_ctx(sbchooser_context_t *ctx, const char *filename)
 int
 main(int argc, char *argv[])
 {
-	const char sopts[] = ":d:Dfi:sSx:Xvh";
+	const char sopts[] = ":d:Defi:sSx:Xvh";
 	const struct option lopts[] = {
 		{"db", required_argument, NULL, 'd' },
 		{"no-system-db", no_argument, NULL, 'D' },
@@ -97,6 +97,7 @@ main(int argc, char *argv[])
 		{"no-system-dbx", no_argument, NULL, 'X' },
 		{"system-dbx", no_argument, NULL, 'S' },
 		{"first-sig-only", no_argument, NULL, 'f' },
+		{"explain", no_argument, NULL, 'e' },
 		{"in", required_argument, NULL, 'i' },
 		{"verbose", no_argument, NULL, 'v' },
 		{"usage", no_argument, NULL, 'h' },
@@ -109,6 +110,7 @@ main(int argc, char *argv[])
 	bool needs_db = true;
 	bool needs_dbx = true;
 	bool read_inputs_from_stdin = false;
+	bool explain = false;
 
 	sbchooser_context_t ctx;
 
@@ -149,6 +151,9 @@ main(int argc, char *argv[])
 				    argv[optind-1]);
 			needs_db = false;
 			break;
+		case 'e':
+			explain = true;
+			break;
 		case 'f':
 			ctx.first_sig_only = true;
 			break;
@@ -278,6 +283,8 @@ main(int argc, char *argv[])
 
 	for (size_t i = 0; i < ctx.n_files; i++) {
 		pe_file_t *pe = ctx.files[i];
+		digest_data_t *dgst = NULL;
+		char buf[1024];
 
 		/*
 		 * UEFI spec 2.12ish says:
@@ -302,21 +309,43 @@ main(int argc, char *argv[])
 		 *
 		 * And so we check dbx hashes first, then db.
 		 */
-		if (is_revoked_by_hash(pe, NULL)) {
-			debug("PE \"%s\" is revoked by hash", pe->filename);
+		if (is_revoked_by_hash(pe, &dgst)) {
+			fmt_digest(dgst, buf, sizeof(buf));
+			debug("PE \"%s\" is revoked by hash %s", pe->filename, buf);
+			if (explain) {
+				printf("%s is revoked by hash %s in dbx\n", pe->filename, buf);
+			}
 			continue;
 		}
-		if (is_trusted_by_hash(pe, NULL)) {
-			debug("PE \"%s\" is trusted by hash", pe->filename);
-			printf("%s\n", pe->filename);
+		dgst = NULL;
+		if (is_trusted_by_hash(pe, &dgst)) {
+			fmt_digest(dgst, buf, sizeof(buf));
+			debug("PE \"%s\" is trusted by hash %s", pe->filename, buf);
+			if (explain) {
+				printf("%s is trusted by hash %s in db\n", pe->filename, buf);
+			} else {
+				printf("%s\n", pe->filename);
+			}
 			continue;
 		} else {
 			debug("PE \"%s\" is not trusted by hash", pe->filename);
 		}
 
 		debug("PE \"%s\" score 0x%"PRIx32, pe->filename, pe->secbits);
-		if (pe->secbits != 0) {
-			printf("%s\n", pe->filename);
+		if (pe->secbits == 0) {
+			if (explain) {
+				if (!pe->rationale) {
+					printf("%s is not trusted because no certs or hashes trust it\n", pe->filename);
+				} else {
+					printf("%s is not trusted because %s\n", pe->filename, pe->rationale);
+				}
+			}
+		} else {
+			if (explain) {
+				printf("%s is trusted because %s\n", pe->filename, pe->rationale);
+			} else {
+				printf("%s\n", pe->filename);
+			}
 		}
 	}