efi/preinstall: Record accepted errors in CheckResult

This records errors accepted via ActionProceed to a new AcceptedErrors
field of CheckResult.

There are 2 uses for this:
- To use accepted errors to turn on options when generating PCR profiles.
  The WithAllowInsufficientDmaProtection() opt-in makes use of this new
  field with this PR. Future PRs will add additional opt-ins which make
  use of this new field.
- To compare future check results against, in order to determine whether
  anything has changed.

At the moment, only the accepted error kinds are retained. However, the
new field is a map of ErrorKind to arbitrary JSON value so that a future
update can use the arbitrary JSON value to record arguments that can
limit the scope of an accepted error.

Fixes: FR-11919

Author: chrisccoulson

efi/preinstall/checks_context.go

@@ -195,9 +195,12 @@ type RunChecksContext struct {
 	// being returned.
 	expectedActions []Action
 
-	// proceedFlags indicates the CheckFlags that will be enabled if Run is called
+	// proceedFlags indicates the CheckFlags that can be enabled if Run is called
 	// with ActionProceed.
 	proceedFlags CheckFlags
+
+	// acceptedErrors indicates the ErrorKinds that have been accepted with ActionProceed.
+	acceptedErrors []ErrorKind
 }
 
 // NewRunChecksContext returns a new RunChecksContext instance with the initial flags for [RunChecks]
@@ -729,7 +732,10 @@ func (c *RunChecksContext) runAction(action Action, args map[string]json.RawMess
 			)
 		}
 	case ActionProceed:
-		var proceedFlags CheckFlags
+		var (
+			proceedFlags   CheckFlags
+			acceptedErrors []ErrorKind
+		)
 		if args != nil {
 			const fieldName = "error-kinds"
 
@@ -775,6 +781,7 @@ func (c *RunChecksContext) runAction(action Action, args map[string]json.RawMess
 				}
 
 				proceedFlags |= flag
+				acceptedErrors = append(acceptedErrors, kind)
 				c.proceedFlags &^= flag
 			}
 		}
@@ -783,9 +790,16 @@ func (c *RunChecksContext) runAction(action Action, args map[string]json.RawMess
 			// Handle the case where no argument is supplied or
 			// an empty []ErrorKind slice is supplied
 			proceedFlags = c.proceedFlags
+			for kind, flag := range errorKindToProceedFlag {
+				if flag&proceedFlags > 0 {
+					acceptedErrors = append(acceptedErrors, kind)
+				}
+			}
+			c.proceedFlags = 0
 		}
 
 		c.flags |= proceedFlags
+		c.acceptedErrors = append(c.acceptedErrors, acceptedErrors...)
 	default:
 		return NewWithKindAndActionsError(
 			ErrorKindUnexpectedAction,
@@ -850,6 +864,10 @@ func (c *RunChecksContext) Run(ctx context.Context, action Action, args map[stri
 		}
 		if err == nil && profileErr == nil {
 			// If neither step failed, break and return success.
+			result.AcceptedErrors = make(map[ErrorKind]json.RawMessage)
+			for _, kind := range c.acceptedErrors {
+				result.AcceptedErrors[kind] = nil
+			}
 			c.result = result
 			break
 		}

efi/preinstall/checks_context_test.go

@@ -85,6 +85,7 @@ type testRunChecksContextRunParams struct {
 	expectedPcrAlg            tpm2.HashAlgorithmId
 	expectedUsedSecureBootCAs []*X509CertificateID
 	expectedFlags             CheckResultFlags
+	expectedAcceptedErrors    map[ErrorKind]json.RawMessage
 	expectedWarningsMatch     string
 }
 
@@ -202,6 +203,11 @@ func (s *runChecksContextSuite) testRun(c *C, params *testRunChecksContextRunPar
 		c.Check(ca, DeepEquals, params.expectedUsedSecureBootCAs[i])
 	}
 	c.Check(result.Flags, Equals, params.expectedFlags)
+	expectedAcceptedErrors := params.expectedAcceptedErrors
+	if expectedAcceptedErrors == nil {
+		expectedAcceptedErrors = make(map[ErrorKind]json.RawMessage)
+	}
+	c.Check(result.AcceptedErrors, DeepEquals, expectedAcceptedErrors)
 	c.Check(result.Warnings, ErrorMatches, params.expectedWarningsMatch)
 
 	c.Check(ctx.Result(), DeepEquals, result)
@@ -579,6 +585,9 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindEmptyPCRBanks: nil,
+		},
 		expectedWarningsMatch: `3 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet
@@ -743,6 +752,10 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport | InsufficientDMAProtectionDetected,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindInsufficientDMAProtection: nil,
+			ErrorKindNoKernelIOMMU:             nil,
+		},
 		expectedWarningsMatch: `3 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet
@@ -1097,6 +1110,9 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindRunningInVM: nil,
+		},
 		expectedWarningsMatch: `4 errors detected:
 - virtual machine environment detected
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
@@ -1686,6 +1702,9 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindAddonDriversPresent: nil,
+		},
 		expectedWarningsMatch: `4 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - addon drivers were detected:
@@ -1920,6 +1939,9 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindSysPrepApplicationsPresent: nil,
+		},
 		expectedWarningsMatch: `4 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet
@@ -2087,6 +2109,9 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindAbsolutePresent: nil,
+		},
 		expectedWarningsMatch: `4 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet
@@ -2378,6 +2403,10 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindAddonDriversPresent:             nil,
+			ErrorKindPreOSDigestVerificationDetected: nil,
+		},
 		expectedWarningsMatch: `5 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - addon drivers were detected:
@@ -2600,6 +2629,11 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindAddonDriversPresent:              nil,
+			ErrorKindWeakSecureBootAlgorithmsDetected: nil,
+			ErrorKindPreOSDigestVerificationDetected:  nil,
+		},
 		expectedWarningsMatch: `6 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - addon drivers were detected:
@@ -2768,6 +2802,11 @@ C7E003CB
 		expectedPcrAlg:            tpm2.HashAlgorithmSHA256,
 		expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
 		expectedFlags:             NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport,
+		expectedAcceptedErrors: map[ErrorKind]json.RawMessage{
+			ErrorKindAddonDriversPresent:              nil,
+			ErrorKindWeakSecureBootAlgorithmsDetected: nil,
+			ErrorKindPreOSDigestVerificationDetected:  nil,
+		},
 		expectedWarningsMatch: `6 errors detected:
 - error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet
 - addon drivers were detected:

efi/preinstall/export_test.go

@@ -57,6 +57,7 @@ const (
 	DtpmPartialResetAttackMitigationNotRequired = dtpmPartialResetAttackMitigationNotRequired
 	DtpmPartialResetAttackMitigationPreferred   = dtpmPartialResetAttackMitigationPreferred
 	DtpmPartialResetAttackMitigationUnavailable = dtpmPartialResetAttackMitigationUnavailable
+	InsufficientDMAProtectionDetected           = insufficientDMAProtectionDetected
 	SecureBootIncludesWeakAlg                   = secureBootIncludesWeakAlg
 	SecureBootPreOSVerificationIncludesDigest   = secureBootPreOSVerificationIncludesDigest
 	StartupLocalityNotProtected                 = startupLocalityNotProtected

efi/preinstall/profile.go

@@ -393,7 +393,7 @@ func (o *pcrProfileAutoSetPcrsOption) ApplyOptionTo(visitor internal_efi.PCRProf
 			return fmt.Errorf("cannot add PCR profile option %d: %w", i, err)
 		}
 	}
-	if o.result.Flags&InsufficientDMAProtectionDetected != 0 {
+	if _, permitted := o.result.AcceptedErrors[ErrorKindInsufficientDMAProtection]; permitted {
 		if err := secboot_efi.WithAllowInsufficientDmaProtection().ApplyOptionTo(visitor); err != nil {
 			return fmt.Errorf("cannot add DMA allow insufficient protection profile option: %w", err)
 		}

efi/preinstall/profile_test.go

@@ -570,7 +570,7 @@ func (s *profileSuite) TestWithAutoTCGPCRInsufficientDMAProtection(c *C) {
 	result := &CheckResult{
 		PCRAlg:            tpm2.HashAlgorithmSHA256,
 		UsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))},
-		Flags:             InsufficientDMAProtectionDetected,
+		AcceptedErrors:    map[ErrorKind]json.RawMessage{ErrorKindInsufficientDMAProtection: nil},
 	}
 	profile := WithAutoTCGPCRProfile(result, PCRProfileOptionsDefault)
 

efi/preinstall/result.go

@@ -96,14 +96,9 @@ const (
 	// lifting pins.
 	RequestPartialDiscreteTPMResetAttackMitigation
 
-	// InsufficientDMAProtectionDetected indicates that DMA remapping was disabled in the pre-OS environment.
-	// This weakens security because it allows pre-OS DMA attacks to compromise system integrity.
-	// Support for this has to be opted into with the PermitInsufficientDMAProtection flag to RunChecks.
-	// This check may not run if the NoSecureBootPolicyProfileSupport flag is set.
-	InsufficientDMAProtectionDetected
-
 	discreteTPMDetected
 	startupLocalityNotProtected
+	insufficientDMAProtectionDetected
 )
 
 func (f CheckResultFlags) toStringSlice() []string {
@@ -132,8 +127,6 @@ func (f CheckResultFlags) toStringSlice() []string {
 			str = "no-secure-boot-policy-profile-support"
 		case RequestPartialDiscreteTPMResetAttackMitigation:
 			str = "request-partial-dtpm-reset-attack-mitigation"
-		case InsufficientDMAProtectionDetected:
-			str = "insufficient-dma-protection-detected"
 		default:
 			str = fmt.Sprintf("%#08x", uint32(flag))
 		}
@@ -179,7 +172,7 @@ func (f *CheckResultFlags) UnmarshalJSON(data []byte) error {
 		case "request-partial-dtpm-reset-attack-mitigation":
 			val = RequestPartialDiscreteTPMResetAttackMitigation
 		case "insufficient-dma-protection-detected":
-			val = InsufficientDMAProtectionDetected
+			val = insufficientDMAProtectionDetected
 		case "discrete-tpm-detected":
 			val = discreteTPMDetected
 		case "startup-locality-not-protected":
@@ -213,9 +206,10 @@ func (f CheckResultFlags) String() string {
 }
 
 type checkResultJSON struct {
-	PCRAlg            hashAlgorithmId      `json:"pcr-alg"`
-	UsedSecureBootCAs []*X509CertificateID `json:"used-secure-boot-cas"`
-	Flags             CheckResultFlags     `json:"flags"`
+	PCRAlg            hashAlgorithmId               `json:"pcr-alg"`
+	UsedSecureBootCAs []*X509CertificateID          `json:"used-secure-boot-cas"`
+	Flags             CheckResultFlags              `json:"flags"`
+	AcceptedErrors    map[ErrorKind]json.RawMessage `json:"accepted-errors,omitempty"`
 }
 
 // CheckResult is returned from [RunChecks] when it completes successfully.
@@ -232,6 +226,12 @@ type CheckResult struct {
 	// Flags contains a set of result flags
 	Flags CheckResultFlags
 
+	// AcceptedErrors are the errors that were initially accepted using ActionProceed.
+	// It is a map of each accepted error kind to a set of arguments associated with
+	// the accepted error. The arguments are currently unused and this is only here
+	// for future proofing.
+	AcceptedErrors map[ErrorKind]json.RawMessage
+
 	// Warnings contains any non-fatal errors that were detected when running the tests
 	// on the current platform with the specified configuration. Note that this field is
 	// not serialized.
@@ -244,6 +244,7 @@ func (r CheckResult) MarshalJSON() ([]byte, error) {
 		PCRAlg:            hashAlgorithmId(r.PCRAlg),
 		UsedSecureBootCAs: r.UsedSecureBootCAs,
 		Flags:             r.Flags,
+		AcceptedErrors:    r.AcceptedErrors,
 	}
 	return json.Marshal(res)
 }
@@ -259,7 +260,17 @@ func (r *CheckResult) UnmarshalJSON(data []byte) error {
 		PCRAlg:            tpm2.HashAlgorithmId(res.PCRAlg),
 		UsedSecureBootCAs: res.UsedSecureBootCAs,
 		Flags:             res.Flags,
+		AcceptedErrors:    res.AcceptedErrors,
 	}
+	if r.Flags&insufficientDMAProtectionDetected > 0 {
+		if r.AcceptedErrors == nil {
+			r.AcceptedErrors = make(map[ErrorKind]json.RawMessage)
+		}
+		r.AcceptedErrors[ErrorKindInsufficientDMAProtection] = nil
+		r.AcceptedErrors[ErrorKindNoKernelIOMMU] = nil
+		r.Flags &^= insufficientDMAProtectionDetected
+	}
+
 	return nil
 }