ASN.1 parsing for verifying appended signatures

[Daniel Axtens]

Hi,

I'd like to teach grub how to verify appended signatures. Appended
signatures are a format used by the Linux kernel to cryptographically
sign binaries. They're used to verify kernel modules on all platforms
[1], and they're also used on some platforms (such as PowerPC) for
signing the kernel itself [2]. The cryptographic content of an appended
signature is a PKCS#7 message, which is in ASN.1 DER format.

I have a proof-of-concept that adds a verifier much like the existing
detached signature verifier. It uses libtasn1 to parse the appended
signature and an x509 signing certificate and then uses the existing
libgcrypt functionality to perform the cryptographic verification.

I'd like to gradually upstream this verifier. As part of that, rather
than writing a bespoke ASN.1 parser for grub, I'm hoping to include
libtasn1 in grub. libtasn1 is LGPLv2.1+ licensed, which is the same as
libgcrypt, so I believe it's a compatible license already.

I have a couple of questions I was hoping to get some input on:

1) Would including libtasn1 into grub be acceptable? It has the
   advantage of being extensively tried and tested, so I think it's
   likely to be more reliable than a hand-rolled solution.

2) If so, would it be better to write a script like import_gcry.py, or
   to perform the import once manually?

   I think the idea of import_gcry.py was to ease future upgrades of
   libgcrypt, but it no longer works and we've taken to applying patches
   directly [3].

   My preference would be to import it manually in two commits - one
   which brings in the unmodified libtasn1 source, and then one that
   adapts it to grub. That way, we should be able to use git rebase to
   help us apply future updates. But I'm happy to do whatever would be
   most acceptable.

Regards,
Daniel

[1]: https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html

[2]: These signatures are verified by the kernel's Integrity Measurement
     Architecture (IMA) when kexec()ing into a new kernel. Ubuntu
     already ships powerpc kernels signed in this way, and the OpenPower
     host bootloader (Petitboot) uses this for secure boot.

[3]: See e.g. commit e5ba6b26181b ("libgcrypt: Import replacement CRC
     operations"), which reads in part:

         The ideal solution would be to update to a new version of libgcrypt, 
and
         I spent some time trying to do that.  However, util/import_gcry.py
         requires complex modifications to cope with the new version, and I
         stalled part-way through; furthermore, GRUB's libgcrypt tree already
         contains some backports of upstream changes.  Rather than allowing the
         perfect to be the enemy of the good, I think it's best to backport this
         single change to at least sort out the licensing situation.  Doing so
         won't make things any harder for a future wholesale upgrade.