rpms
/
shim-unsigned-aarch64
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import shim-unsigned-aarch64-15-6.el9

This commit is contained in:
CentOS Sources 2022-05-17 06:16:54 -04:00 committed by Stepan Oksanichenko
commit aa4732497d
17 changed files with 951 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/shim-15.tar.bz2

1
.shim-unsigned-aarch64.metadata Normal file
View File

@ -0,0 +1 @@
2dc6308584187bf3ee88bf9b119938c72c5a5088 SOURCES/shim-15.tar.bz2

60
SOURCES/0001-Make-sure-that-MOK-variables-always-get-mirrored.patch Normal file
View File

@ -0,0 +1,60 @@
From 9ab0d796bdc9cefdaa3b0df7434845d26c43d894 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Mon, 5 Nov 2018 14:51:16 +0100
Subject: [PATCH 1/3] Make sure that MOK variables always get mirrored
Without this, if a Mok variable doesn't exist in Boot Services, it will also
not be copied to Runtime, even if we have data to be added to it (vendor cert).
This patch makes sure that if we have extra data to append, we still mirror
the variable.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
mok.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/mok.c b/mok.c
index 38675211e0e..00dd1ad3034 100644
--- a/mok.c
+++ b/mok.c
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
UINT32 attrs = 0;
BOOLEAN delete = FALSE, present, addend;
+ addend = (v->addend_source && v->addend_size &&
+ *v->addend_source && *v->addend_size)
+ ? TRUE : FALSE;
+
efi_status = get_variable_attr(v->name,
&v->data, &v->data_size,
*v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND)
+ if (efi_status == EFI_NOT_FOUND) {
+ if (v->rtname && addend) {
+ efi_status = mirror_one_mok_variable(v);
+ if (EFI_ERROR(efi_status) &&
+ ret != EFI_SECURITY_VIOLATION)
+ ret = efi_status;
+ }
+ /*
+ * after possibly adding, we can continue, no
+ * further checks to be done.
+ */
continue;
+ }
if (EFI_ERROR(efi_status)) {
perror(L"Could not verify %s: %r\n", v->name,
efi_status);
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
present = (v->data && v->data_size) ? TRUE : FALSE;
- addend = (v->addend_source && v->addend_size &&
- *v->addend_source && *v->addend_size)
- ? TRUE : FALSE;
if (v->flags & MOK_VARIABLE_MEASURE && present) {
/*
--
2.20.1

49
SOURCES/0002-mok-fix-the-mirroring-of-RT-variables.patch Normal file
View File

@ -0,0 +1,49 @@
From 4b27ae034ba9885960e72f77b3f687a9b7fea824 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 21 Nov 2018 12:47:43 +0800
Subject: [PATCH 2/3] mok: fix the mirroring of RT variables
When there is no key in MokList, import_mok_state() just skipped MokList
even though it should always mirror the vendor cert. Besides, the faulty
check of 'present' and 'addend' invalidates the mirroring of MokListXRT,
MokSBStateRT, and MokIgnoreDB.
https://github.com/rhboot/shim/issues/154
Signed-off-by: Gary Lin <glin@suse.com>
---
mok.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/mok.c b/mok.c
index 00dd1ad3034..41925abbb49 100644
--- a/mok.c
+++ b/mok.c
@@ -231,12 +231,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
&v->data, &v->data_size,
*v->guid, &attrs);
if (efi_status == EFI_NOT_FOUND) {
- if (v->rtname && addend) {
- efi_status = mirror_one_mok_variable(v);
- if (EFI_ERROR(efi_status) &&
- ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
- }
+ if (addend)
+ goto mirror_addend;
/*
* after possibly adding, we can continue, no
* further checks to be done.
@@ -316,7 +312,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
}
- if (v->rtname && present && addend) {
+mirror_addend:
+ if (v->rtname && (present || addend)) {
if (v->flags & MOK_MIRROR_DELETE_FIRST)
LibDeleteVariable(v->rtname, v->guid);
--
2.20.1

109
SOURCES/0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch Normal file
View File

@ -0,0 +1,109 @@
From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 31 Jan 2019 13:45:30 -0500
Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of
using goto
There's no reason to complicate the logic with a goto here, instead just
pull the logic we're jumping to out to a helper function.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
mok.c | 41 ++++++++++++++++++++++++++++-------------
shim.h | 2 ++
2 files changed, 30 insertions(+), 13 deletions(-)
diff --git a/mok.c b/mok.c
index 41925abbb49..2f495e6cf25 100644
--- a/mok.c
+++ b/mok.c
@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {
{ NULL, }
};
-static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
+static EFI_STATUS nonnull(1)
+mirror_one_mok_variable(struct mok_state_variable *v)
{
EFI_STATUS efi_status = EFI_SUCCESS;
void *FullData = NULL;
@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
return efi_status;
}
+/*
+ * Mirror a variable if it has an rtname, and preserve any
+ * EFI_SECURITY_VIOLATION status at the same time.
+ */
+static EFI_STATUS nonnull(1)
+maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
+{
+ EFI_STATUS efi_status;
+ if (v->rtname) {
+ if (v->flags & MOK_MIRROR_DELETE_FIRST)
+ LibDeleteVariable(v->rtname, v->guid);
+
+ efi_status = mirror_one_mok_variable(v);
+ if (EFI_ERROR(efi_status)) {
+ if (ret != EFI_SECURITY_VIOLATION)
+ ret = efi_status;
+ perror(L"Could not create %s: %r\n", v->rtname,
+ efi_status);
+ }
+ }
+ return ret;
+}
+
/*
* Verify our non-volatile MoK state. This checks the variables above
* accessable and have valid attributes. If they don't, it removes
@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
*v->guid, &attrs);
if (efi_status == EFI_NOT_FOUND) {
if (addend)
- goto mirror_addend;
+ ret = maybe_mirror_one_mok_variable(v, ret);
/*
* after possibly adding, we can continue, no
* further checks to be done.
@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
}
-mirror_addend:
- if (v->rtname && (present || addend)) {
- if (v->flags & MOK_MIRROR_DELETE_FIRST)
- LibDeleteVariable(v->rtname, v->guid);
-
- efi_status = mirror_one_mok_variable(v);
- if (EFI_ERROR(efi_status) &&
- ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
- }
+ if (present)
+ ret = maybe_mirror_one_mok_variable(v, ret);
}
/*
@@ -340,4 +356,4 @@ mirror_addend:
return ret;
}
-// vim:fenc=utf-8:tw=75
+// vim:fenc=utf-8:tw=75:noet
diff --git a/shim.h b/shim.h
index 2b359d821e3..c26d5f06538 100644
--- a/shim.h
+++ b/shim.h
@@ -30,6 +30,8 @@
#include <stddef.h>
+#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))
+
#define min(a, b) ({(a) < (b) ? (a) : (b);})
#ifdef __x86_64__
--
2.20.1

50
SOURCES/0004-Make-VLogError-behave-as-expected.patch Normal file
View File

@ -0,0 +1,50 @@
From 0bff94b170116737e6e0838c35c0ac376542a5c0 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 12 Feb 2019 18:04:49 -0500
Subject: [PATCH 4/4] Make VLogError() behave as expected.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
errlog.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/errlog.c b/errlog.c
index 18be4822d53..eebb266d396 100644
--- a/errlog.c
+++ b/errlog.c
@@ -14,29 +14,20 @@ EFI_STATUS
VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
{
va_list args2;
- UINTN size = 0, size2;
CHAR16 **newerrs;
- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- size2 = VSPrint(NULL, 0, fmt, args2);
- va_end(args2);
-
newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
(nerrs + 3) * sizeof(*errs));
if (!newerrs)
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs] = AllocatePool(size*2+2);
+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
if (!newerrs[nerrs])
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs+1] = AllocatePool(size2*2+2);
+ va_copy(args2, args);
+ newerrs[nerrs+1] = VPoolPrint(fmt, args2);
if (!newerrs[nerrs+1])
return EFI_OUT_OF_RESOURCES;
-
- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
va_end(args2);
nerrs += 2;
--
2.20.1

47
SOURCES/0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch Normal file
View File

@ -0,0 +1,47 @@
From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 6 Dec 2018 10:08:45 +0100
Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled
systems
I have come across systems that are unwilling to reserve enough memory for
a MokListRT big enough for big certificates.
This seems to be the case with firmware implementations that do not support
secureboot, which is probably the reason they went with much lower variable
storage.
This patch set makes sure we can still boot on those systems, by only
making the copy action fatal if the system has secure boot enabled, or if
the error was anything other than EFI_INVALID_PARAMETER.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
shim.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 7d25ad6fe70..aee4727fe67 100644
--- a/shim.c
+++ b/shim.c
@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
* boot-services-only state variables are what we think they are.
*/
efi_status = import_mok_state(image_handle);
- if (EFI_ERROR(efi_status)) {
+ if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
+ /*
+ * Make copy failures fatal only if secure_mode is enabled, or
+ * the error was anything else than EFI_INVALID_PARAMETER.
+ * There are non-secureboot firmware implementations that don't
+ * reserve enough EFI variable memory to fit the variable.
+ */
+ console_print(L"Importing MOK states has failed: %s: %r\n",
+ msgs[msg], efi_status);
+ console_print(L"Continuing boot since secure mode is disabled");
+ } else if (EFI_ERROR(efi_status)) {
die:
console_print(L"Something has gone seriously wrong: %s: %r\n",
msgs[msg], efi_status);
--
2.21.0

28
SOURCES/0006-Make-some-things-dprint-instead-of-console_print.patch Normal file
View File

@ -0,0 +1,28 @@
From dad59f8c0f3620f68379a29c3e6badd22681ddc5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 10 Apr 2018 12:36:34 -0400
Subject: [PATCH] Make some things dprint() instead of console_print()
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index 00155346c12..ff0817009cd 100644
--- a/shim.c
+++ b/shim.c
@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
if (!dppath)
return 0;
- console_print(L"dppath: %s\n", dppath);
- console_print(L"path: %s\n", path);
+ dprint(L"dppath: %s\n", dppath);
+ dprint(L"path: %s\n", path);
if (StrnCaseCmp(dppath, path, len))
ret = 0;
--
2.21.0

51
SOURCES/0007-shim-Properly-generate-absolute-paths-from-relative-.patch Normal file
View File

@ -0,0 +1,51 @@
From a625fa5096ccdf87036379a5cb237bd43516d605 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 7 Sep 2018 14:11:02 +0200
Subject: [PATCH] shim: Properly generate absolute paths from relative
image paths
The generate_path_from_image_path() doesn't properly handle the case when
shim is invoked using a relative path (e.g: from the EFI shell). In that
function, always the last component is stripped from absolute file path
to calculate the dirname, and this is concatenated with the image path.
But if the path is a relative one, the function will wrongly concatenate
the dirname with the relative image path, i.e:
Shell> FS0:
FS0:\> cd EFI
FS0:\EFI\> BOOT\BOOTX64.EFI
Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
start_image() returned Not found
Calculate the image path basename and concatenate that with the dirname.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Maran Wilson maran.wilson@oracle.com
Tested-by: Maran Wilson maran.wilson@oracle.com
---
shim.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index f29f39214f5..32d2772b279 100644
--- a/shim.c
+++ b/shim.c
@@ -1640,9 +1640,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
bootpath[j] = '\0';
}
- while (*ImagePath == '\\')
- ImagePath++;
+ for (i = 0, last = 0; i < StrLen(ImagePath); i++)
+ if (ImagePath[i] == '\\')
+ last = i + 1;
+ ImagePath = ImagePath + last;
*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
if (!*PathName) {
--
2.21.0

75
SOURCES/0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch Normal file
View File

@ -0,0 +1,75 @@
From e563bc3dcd17d91861d3b363ed19d30228f409e1 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 7 Sep 2018 15:10:51 +0200
Subject: [PATCH] shim: Prevent shim to set itself as a second stage loader
When shim is invoked from a relative path (e.g: from the UEFI shell), the
Loaded Image handle LoadOptions can be set to the binary relative path.
But the is_our_path() function only checks if LoadOptions is set to the
absolute path of shim to ignore it. So if a relative path is there, shim
would set itself as the secondary loader and invoke itself in a loop.
To prevent that, use the path in LoadOptions to calculate the absolute
path and compare it with the one in the Loader Image handle FilePath.
Resolves: bz#1622485
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Maran Wilson maran.wilson@oracle.com
Tested-by: Maran Wilson maran.wilson@oracle.com
---
shim.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/shim.c b/shim.c
index 32d2772b279..8abc0c267cf 100644
--- a/shim.c
+++ b/shim.c
@@ -2116,21 +2116,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
return EFI_SUCCESS;
}
-static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
+static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
{
CHAR16 *dppath = NULL;
+ CHAR16 *PathName = NULL;
+ EFI_STATUS efi_status;
int ret = 1;
dppath = DevicePathToStr(li->FilePath);
if (!dppath)
return 0;
+ efi_status = generate_path_from_image_path(li, path, &PathName);
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Unable to generate path %s: %r\n", path,
+ efi_status);
+ goto done;
+ }
+
dprint(L"dppath: %s\n", dppath);
dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, path, len))
+ if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
ret = 0;
+done:
FreePool(dppath);
+ FreePool(PathName);
return ret;
}
@@ -2319,7 +2330,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
* which is just cruel... So yeah, just don't use it.
*/
- if (strings == 1 && is_our_path(li, start, loader_len))
+ if (strings == 1 && is_our_path(li, start))
return EFI_SUCCESS;
/*
--
2.21.0

28
SOURCES/0009-Fix-a-use-of-strlen-instead-of-Strlen.patch Normal file
View File

@ -0,0 +1,28 @@
From 1870bae796022f8bbf60465352eac329ff1d6ffd Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 5 Sep 2019 10:36:23 -0400
Subject: [PATCH] Fix a use of strlen() instead of Strlen()
Resolves: rhbz#1817882
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/shim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 3f131f48572..38f1346da7f 100644
--- a/shim.c
+++ b/shim.c
@@ -2053,7 +2053,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
dprint(L"dppath: %s\n", dppath);
dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
ret = 0;
done:
--
2.25.1

139
SOURCES/0010-translate_slashes-don-t-write-to-string-literals.patch Normal file
View File

@ -0,0 +1,139 @@
From 9813e8bc8b3295f343809fac43298a73a93ffc97 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 28 Jan 2020 23:33:46 +0100
Subject: [PATCH] translate_slashes(): don't write to string literals
Currently, all three invocations of the translate_slashes() function may
lead to writes to the string literal that is #defined with the
DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined
behavior ("If the program attempts to modify such an array, the behavior
is undefined").
This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data
abort: Permission fault"), where the platform firmware maps the .text
section (which contains the string literal) read-only.
Modify translate_slashes() so that it copies and translates characters
from an input array of "char" to an output array of "CHAR8".
While at it, fix another bug. Before this patch, if translate_slashes()
ever encountered a double backslash (translating it to a single forward
slash), then the output would end up shorter than the input. However, the
output was not NUL-terminated in-place, therefore the original string
length (and according trailing garbage) would be preserved. After this
patch, the NUL-termination on contraction is automatic, as the output
array's contents are indeterminate when entering the function, and so we
must NUL-terminate it anyway.
Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98
Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927
Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
include/str.h | 14 ++++++++------
httpboot.c | 4 ++--
netboot.c | 16 +++++++++++-----
3 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/include/str.h b/include/str.h
index 9a748366bd1..f73c6212cd9 100644
--- a/include/str.h
+++ b/include/str.h
@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src)
static inline
__attribute__((unused))
CHAR8 *
-translate_slashes(char *str)
+translate_slashes(CHAR8 *out, const char *str)
{
int i;
int j;
- if (str == NULL)
- return (CHAR8 *)str;
+ if (str == NULL || out == NULL)
+ return NULL;
for (i = 0, j = 0; str[i] != '\0'; i++, j++) {
if (str[i] == '\\') {
- str[j] = '/';
+ out[j] = '/';
if (str[i+1] == '\\')
i++;
- }
+ } else
+ out[j] = str[i];
}
- return (CHAR8 *)str;
+ out[j] = '\0';
+ return out;
}
#endif /* SHIM_STR_H */
diff --git a/httpboot.c b/httpboot.c
index 3622e85867c..2d27e8ed993 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
{
EFI_STATUS efi_status;
EFI_HANDLE nic;
- CHAR8 *next_loader = NULL;
+ CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR];
CHAR8 *next_uri = NULL;
CHAR8 *hostname = NULL;
if (!uri)
return EFI_NOT_READY;
- next_loader = translate_slashes(DEFAULT_LOADER_CHAR);
+ translate_slashes(next_loader, DEFAULT_LOADER_CHAR);
/* Create the URI for the next loader based on the original URI */
efi_status = generate_next_uri(uri, next_loader, &next_uri);
diff --git a/netboot.c b/netboot.c
index 583fe4bee71..6d293bca9dd 100644
--- a/netboot.c
+++ b/netboot.c
@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
CHAR8 *start, *end;
CHAR8 ip6str[40];
CHAR8 ip6inv[16];
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
+
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
// to check against str2ip6() errors
memset(ip6inv, 0, sizeof(ip6inv));
@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
- INTN template_len = strlen(template) + 1;
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
+ INTN template_len;
+ UINTN template_ofs = 0;
EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4;
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
+ template_len = strlen(template) + 1;
+
if(pxe->Mode->ProxyOfferReceived) {
/*
* Proxy should not have precedence. Check if DhcpAck
@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4()
full_path[dir_len-1] = '\0';
}
if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
- template++;
- strcata(full_path, template);
+ template_ofs++;
+ strcata(full_path, template + template_ofs);
memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);
return EFI_SUCCESS;
--
2.26.2

25
SOURCES/0011-RHEL-9-disable-Wpointer-sign-for-now.patch Normal file
View File

@ -0,0 +1,25 @@
From 7e7fa748c8651ca3d9fdd55f0ad891c816949ff5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 6 Aug 2021 16:43:37 -0400
Subject: [PATCH] RHEL-9: disable -Wpointer-sign for now
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Make.defaults | 1 +
1 file changed, 1 insertion(+)
diff --git a/Make.defaults b/Make.defaults
index e11ab5a7f2c..9b28720d186 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -42,6 +42,7 @@ EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-Werror=sign-compare -ffreestanding -std=gnu89 \
+ -Wno-pointer-sign -Wno-address-of-packed-member \
-I$(shell $(CC) -print-file-name=include) \
"-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
"-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
--
2.31.1

0
SOURCES/dbx.esl Normal file
View File

BIN
SOURCES/securebootca.cer Normal file
View File

Binary file not shown.

90
SOURCES/shim-find-debuginfo.sh Executable file
View File

@ -0,0 +1,90 @@
#!/bin/bash
#
# shim-find-debuginfo.sh
# Copyright (C) 2017 Peter Jones <Peter Jones@random>
#
# Distributed under terms of the GPLv3 license.
#
set -e
set -u
mainarch=$1 && shift
if [ $# == 1 ]; then
altarch=$1 && shift
fi
if ! [ -v RPM_BUILD_ROOT ]; then
echo "RPM_BUILD_ROOT must be set" 1>&2
exit 1
fi
findsource()
{
(
cd ${RPM_BUILD_ROOT}
find usr/src/debug/ -type d | sed "s,^,%dir /,"
find usr/src/debug/ -type f | sed "s,^,/,"
)
}
finddebug()
{
arch=$1 && shift
declare -a dirs=()
declare -a files=()
declare -a excludes=()
pushd ${RPM_BUILD_ROOT} >/dev/null 2>&1
for x in $(find usr/lib/debug/ -type f -iname *.efi.debug); do
if ! [ -e "${x}" ]; then
break
fi
if [[ ${x} =~ ${arch}\.efi\.debug$ ]]; then
files[${#files[@]}]=${x}
else
excludes[${#excludes[@]}]=${x}
fi
done
for x in usr/lib/debug/.build-id/*/*.debug ; do
if ! [ -e "${x}" ]; then
break
fi
link=$(readlink "${x}")
if [[ ${link} =~ ${arch}\.efi\.debug$ ]]; then
files[${#files[@]}]=${x}
files[${#files[@]}]=${x%%.debug}
else
excludes[${#excludes[@]}]=${x}
excludes[${#excludes[@]}]=${x%%.debug}
fi
done
for x in ${files[@]} ; do
declare name=$(dirname /${x})
while [ "${name}" != "/" ]; do
case "${name}" in
"/usr/lib/debug"|"/usr/lib"|"/usr")
;;
*)
dirs[${#dirs[@]}]=${name}
;;
esac
name=$(dirname ${name})
done
done
popd >/dev/null 2>&1
for x in ${dirs[@]} ; do
echo "%dir ${x}"
done | sort | uniq
for x in ${files[@]} ; do
echo "/${x}"
done | sort | uniq
for x in ${excludes[@]} ; do
echo "%exclude /${x}"
done
}
findsource > build-${mainarch}/debugsource.list
finddebug ${mainarch} > build-${mainarch}/debugfiles.list
if [ -v altarch ]; then
finddebug ${altarch} > build-${altarch}/debugfiles.list
fi

198
SPECS/shim-unsigned-aarch64.spec Normal file
View File

@ -0,0 +1,198 @@
%global pesign_vre 0.106-1
%global gnuefi_vre 1:3.0.5-6
%global openssl_vre 1.0.2j
%global debug_package %{nil}
%global __debug_package 1
%global _binaries_in_noarch_packages_terminate_build 0
%global __debug_install_post %{SOURCE100} aa64
%undefine _debuginfo_subpackages
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
%global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release}
%global efiarch aa64
%global shimdir %{shimversiondir}/%{efiarch}
Name: shim-unsigned-aarch64
Version: 15
Release: 6%{?dist}
Summary: First-stage UEFI bootloader
ExclusiveArch: aarch64
License: BSD
URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: securebootca.cer
# currently here's what's in our dbx:
# nothing.
Source2: dbx.esl
Source100: shim-find-debuginfo.sh
Patch0001: 0001-Make-sure-that-MOK-variables-always-get-mirrored.patch
Patch0002: 0002-mok-fix-the-mirroring-of-RT-variables.patch
Patch0003: 0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
Patch0004: 0004-Make-VLogError-behave-as-expected.patch
Patch0005: 0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
Patch0006: 0006-Make-some-things-dprint-instead-of-console_print.patch
Patch0007: 0007-shim-Properly-generate-absolute-paths-from-relative-.patch
Patch0008: 0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
Patch0009: 0009-Fix-a-use-of-strlen-instead-of-Strlen.patch
Patch0010: 0010-translate_slashes-don-t-write-to-string-literals.patch
Patch0011: 0011-RHEL-9-disable-Wpointer-sign-for-now.patch
BuildRequires: gcc make
BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre}
BuildRequires: gnu-efi >= %{gnuefi_vre}
BuildRequires: gnu-efi-devel >= %{gnuefi_vre}
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a
# POSIX-style C library.
# BuildRequires: OpenSSL
Provides: bundled(openssl) = %{openssl_vre}
%global desc \
Initial UEFI bootloader that handles chaining to a trusted full \
bootloader under secure boot environments.
%global debug_desc \
This package provides debug information for package %{expand:%%{name}} \
Debug information is useful when developing applications that \
use this package or when debugging this package.
%description
%desc
%package debuginfo
Summary: Debug information for shim-unsigned-aarch64
Requires: %{name}-debugsource = %{version}-%{release}
Group: Development/Debug
AutoReqProv: 0
BuildArch: noarch
%description debuginfo
%debug_desc
%package debugsource
Summary: Debug Source for shim-unsigned
Group: Development/Debug
AutoReqProv: 0
BuildArch: noarch
%description debugsource
%debug_desc
%prep
%autosetup -S git -n shim-%{version}
git config --unset user.email
git config --unset user.name
mkdir build-%{efiarch}
%build
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi
cd build-%{efiarch}
make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all
cd ..
%install
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi
cd build-%{efiarch}
make ${MAKEFLAGS} \
DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \
DESTDIR=${RPM_BUILD_ROOT} \
install-as-data install-debuginfo install-debugsource
cd ..
%files
%license COPYRIGHT
%dir %{shimrootdir}
%dir %{shimversiondir}
%dir %{shimdir}
%{shimdir}/*.efi
%{shimdir}/*.hash
%files debuginfo -f build-%{efiarch}/debugfiles.list
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
- Fix a shim crash when attempting to netboot
Resolves: rhbz#1840036
* Mon May 04 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-5
- Fix firmware update bug in aarch64 caused by shim ignoring arguments
Resolves: rhbz#1817882
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-4
- Add a gating.yaml file so the package can be properly gated
Related: rhbz#1682749
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-3
- Make EFI variable copying fatal only on secureboot enabled systems
Resolves: rhbz#1704854
- Fix booting shim from an EFI shell using a relative path
Resolves: rhbz#1717063
* Tue Feb 12 2019 Peter Jones <pjones@redhat.com> - 15-2
- Fix MoK mirroring issue which breaks kdump without intervention
Related: rhbz#1668966
* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1
- Update to shim 15
- better checking for bad linker output
- flicker-free console if there's no error output
- improved http boot support
- better protocol re-installation
- dhcp proxy support
- tpm measurement even when verification is disabled
- REQUIRE_TPM build flag
- more reproducable builds
- measurement of everything verified through shim_verify()
- coverity and scan-build checker make targets
- misc cleanups
* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
- Actually update to the *real* 13 final.
Related: rhbz#1489604
* Thu Aug 31 2017 Peter Jones <pjones@redhat.com> - 13-2
- Actually update to 13 final.
* Mon Aug 21 2017 Peter Jones <pjones@redhat.com> - 13-0.1
- Update to shim-13 test release.
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu May 12 2016 Peter Jones <pjones@redhat.com> - - 0.9-1
- Initial split up of -aarch64