grub-lakitu: BACKPORT: FROMGIT: linuxefi: fail kernel validation without shim protocol.

If certificates that signed grub are installed into db, grub can be
booted directly. It will then boot any kernel without signature
validation. The booted kernel will think it was booted in secureboot
mode and will implement lockdown, yet it could have been tampered.

This version of the patch skips calling verification, when booted
without secureboot. And is indented with gnu ident.

CVE-2020-15705

Reported-by: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
(cherry picked from commit bb240087ce9ef9a62936fd6c1241df65a1e42d01
 https://github.com/rhboot/grub2 fedora-31)
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>

Conflicts:
 - grub-core/loader/i386/efi/linux.c: Removed TPM measurement from patch
 context. Our grub does TPM measurements differently. I also needed to
 include an additional header in this file.

BUG=b/162782466,b/137884271
TEST=validation test (cl/325153880)

Change-Id: Id5a91b77b42689b4dfac7d5c4bf5b077bec9178b
diff --git a/grub-lakitu/grub-core/loader/arm64/linux.c b/grub-lakitu/grub-core/loader/arm64/linux.c
index 7a071d2..6224631 100644
--- a/grub-lakitu/grub-core/loader/arm64/linux.c
+++ b/grub-lakitu/grub-core/loader/arm64/linux.c
@@ -297,11 +297,15 @@
 
   grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
 
-  rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
-  if (rc < 0)
+  if (grub_efi_secure_boot ())
     {
-      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
-      goto fail;
+      rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size);
+      if (rc <= 0)
+	{
+	  grub_error (GRUB_ERR_INVALID_COMMAND,
+		      N_("%s has invalid signature"), argv[0]);
+	  goto fail;
+	}
     }
 
   pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset);
diff --git a/grub-lakitu/grub-core/loader/efi/chainloader.c b/grub-lakitu/grub-core/loader/efi/chainloader.c
index 8f63c00..bab8626 100644
--- a/grub-lakitu/grub-core/loader/efi/chainloader.c
+++ b/grub-lakitu/grub-core/loader/efi/chainloader.c
@@ -1044,6 +1044,7 @@
 
       return 0;
     }
+  // -1 fall-through to fail
 
   grub_file_close (file);
   grub_device_close (dev);
diff --git a/grub-lakitu/grub-core/loader/efi/linux.c b/grub-lakitu/grub-core/loader/efi/linux.c
index 7fe7201..d9b5380 100644
--- a/grub-lakitu/grub-core/loader/efi/linux.c
+++ b/grub-lakitu/grub-core/loader/efi/linux.c
@@ -33,6 +33,7 @@
 };
 typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
 
+// Returns 1 on success, -1 on error, 0 when not available
 int
 grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
 {
diff --git a/grub-lakitu/grub-core/loader/i386/efi/linux.c b/grub-lakitu/grub-core/loader/i386/efi/linux.c
index 25ee194..59da32b 100644
--- a/grub-lakitu/grub-core/loader/i386/efi/linux.c
+++ b/grub-lakitu/grub-core/loader/i386/efi/linux.c
@@ -27,6 +27,7 @@
 #include <grub/lib/cmdline.h>
 #include <grub/efi/efi.h>
 #include <grub/efi/linux.h>
+#include <grub/efi/sb.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -196,12 +197,15 @@
       goto fail;
     }
 
-  rc = grub_linuxefi_secure_validate (kernel, filelen);
-  if (rc < 0)
+  if (grub_efi_secure_boot ())
     {
-      grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"),
-		  argv[0]);
-      goto fail;
+      rc = grub_linuxefi_secure_validate (kernel, filelen);
+      if (rc <= 0)
+	{
+	  grub_error (GRUB_ERR_INVALID_COMMAND,
+		      N_("%s has invalid signature"), argv[0]);
+	  goto fail;
+	}
     }
 
   params = grub_efi_allocate_pages_max (0x3fffffff,