import shim-unsigned-aarch64-15-4.el8

2019-11-05 16:27:39 -05:00 · 2019-11-05 16:27:39 -05:00 · e3020f16e4
commit e3020f16e4
parent b917fe7e5f
5 changed files with 216 additions and 1 deletions
--- a/SOURCES/0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
+++ b/SOURCES/0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
@ -0,0 +1,47 @@
 From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001
 From: Patrick Uiterwijk <patrick@puiterwijk.org>
 Date: Thu, 6 Dec 2018 10:08:45 +0100
 Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled
 systems
 I have come across systems that are unwilling to reserve enough memory for
 a MokListRT big enough for big certificates.
 This seems to be the case with firmware implementations that do not support
 secureboot, which is probably the reason they went with much lower variable
 storage.
 This patch set makes sure we can still boot on those systems, by only
 making the copy action fatal if the system has secure boot enabled, or if
 the error was anything other than EFI_INVALID_PARAMETER.
 Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 ---
 shim.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
 diff --git a/shim.c b/shim.c
 index 7d25ad6fe70..aee4727fe67 100644
 --- a/shim.c
 +++ b/shim.c
@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	 * boot-services-only state variables are what we think they are.
 	 */
 	efi_status = import_mok_state(image_handle);
 -	if (EFI_ERROR(efi_status)) {
 +	if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
 +		/*
 +		 * Make copy failures fatal only if secure_mode is enabled, or
 +		 * the error was anything else than EFI_INVALID_PARAMETER.
 +		 * There are non-secureboot firmware implementations that don't
 +		 * reserve enough EFI variable memory to fit the variable.
 +		 */
 +		console_print(L"Importing MOK states has failed: %s: %r\n",
 +			      msgs[msg], efi_status);
 +		console_print(L"Continuing boot since secure mode is disabled");
 +	} else if (EFI_ERROR(efi_status)) {
 die:
 		console_print(L"Something has gone seriously wrong: %s: %r\n",
 			      msgs[msg], efi_status);
 -- 
 2.21.0
--- a/SOURCES/0006-Make-some-things-dprint-instead-of-console_print.patch
+++ b/SOURCES/0006-Make-some-things-dprint-instead-of-console_print.patch
@ -0,0 +1,28 @@
 From dad59f8c0f3620f68379a29c3e6badd22681ddc5 Mon Sep 17 00:00:00 2001
 From: Peter Jones <pjones@redhat.com>
 Date: Tue, 10 Apr 2018 12:36:34 -0400
 Subject: [PATCH] Make some things dprint() instead of console_print()
 Signed-off-by: Peter Jones <pjones@redhat.com>
 ---
 shim.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/shim.c b/shim.c
 index 00155346c12..ff0817009cd 100644
 --- a/shim.c
 +++ b/shim.c
@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
 	if (!dppath)
 		return 0;
 -	console_print(L"dppath: %s\n", dppath);
 -	console_print(L"path:   %s\n", path);
 +	dprint(L"dppath: %s\n", dppath);
 +	dprint(L"path:   %s\n", path);
 	if (StrnCaseCmp(dppath, path, len))
 		ret = 0;
 -- 
 2.21.0
--- a/SOURCES/0007-shim-Properly-generate-absolute-paths-from-relative-.patch
+++ b/SOURCES/0007-shim-Properly-generate-absolute-paths-from-relative-.patch
@ -0,0 +1,51 @@
 From a625fa5096ccdf87036379a5cb237bd43516d605 Mon Sep 17 00:00:00 2001
 From: Javier Martinez Canillas <javierm@redhat.com>
 Date: Fri, 7 Sep 2018 14:11:02 +0200
 Subject: [PATCH] shim: Properly generate absolute paths from relative
 image paths
 The generate_path_from_image_path() doesn't properly handle the case when
 shim is invoked using a relative path (e.g: from the EFI shell). In that
 function, always the last component is stripped from absolute file path
 to calculate the dirname, and this is concatenated with the image path.
 But if the path is a relative one, the function will wrongly concatenate
 the dirname with the relative image path, i.e:
 Shell> FS0:
 FS0:\> cd EFI
 FS0:\EFI\> BOOT\BOOTX64.EFI
 Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
 Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
 start_image() returned Not found
 Calculate the image path basename and concatenate that with the dirname.
 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
 Reviewed-by: Maran Wilson maran.wilson@oracle.com
 Tested-by: Maran Wilson maran.wilson@oracle.com
 ---
 shim.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/shim.c b/shim.c
 index f29f39214f5..32d2772b279 100644
 --- a/shim.c
 +++ b/shim.c
@@ -1640,9 +1640,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
 		bootpath[j] = '\0';
 	}
 -	while (*ImagePath == '\\')
 -		ImagePath++;
 +	for (i = 0, last = 0; i < StrLen(ImagePath); i++)
 +		if (ImagePath[i] == '\\')
 +			last = i + 1;
 +	ImagePath = ImagePath + last;
 	*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
 	if (!*PathName) {
 -- 
 2.21.0
--- a/SOURCES/0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
+++ b/SOURCES/0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
@ -0,0 +1,75 @@
 From e563bc3dcd17d91861d3b363ed19d30228f409e1 Mon Sep 17 00:00:00 2001
 From: Javier Martinez Canillas <javierm@redhat.com>
 Date: Fri, 7 Sep 2018 15:10:51 +0200
 Subject: [PATCH] shim: Prevent shim to set itself as a second stage loader
 When shim is invoked from a relative path (e.g: from the UEFI shell), the
 Loaded Image handle LoadOptions can be set to the binary relative path.
 But the is_our_path() function only checks if LoadOptions is set to the
 absolute path of shim to ignore it. So if a relative path is there, shim
 would set itself as the secondary loader and invoke itself in a loop.
 To prevent that, use the path in LoadOptions to calculate the absolute
 path and compare it with the one in the Loader Image handle FilePath.
 Resolves: bz#1622485
 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
 Reviewed-by: Maran Wilson maran.wilson@oracle.com
 Tested-by: Maran Wilson maran.wilson@oracle.com
 ---
 shim.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)
 diff --git a/shim.c b/shim.c
 index 32d2772b279..8abc0c267cf 100644
 --- a/shim.c
 +++ b/shim.c
@@ -2116,21 +2116,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
 	return EFI_SUCCESS;
 }
 -static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
 +static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
 {
 	CHAR16 *dppath = NULL;
 +	CHAR16 *PathName = NULL;
 +	EFI_STATUS efi_status;
 	int ret = 1;
 	dppath = DevicePathToStr(li->FilePath);
 	if (!dppath)
 		return 0;
 +	efi_status = generate_path_from_image_path(li, path, &PathName);
 +	if (EFI_ERROR(efi_status)) {
 +		perror(L"Unable to generate path %s: %r\n", path,
 +		       efi_status);
 +		goto done;
 +	}
 +
 	dprint(L"dppath: %s\n", dppath);
 	dprint(L"path:   %s\n", path);
 -	if (StrnCaseCmp(dppath, path, len))
 +	if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
 		ret = 0;
 +done:
 	FreePool(dppath);
 +	FreePool(PathName);
 	return ret;
 }
@@ -2319,7 +2330,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
 	 * which is just cruel... So yeah, just don't use it.
 	 */
 -	if (strings == 1 && is_our_path(li, start, loader_len))
 +	if (strings == 1 && is_our_path(li, start))
 		return EFI_SUCCESS;
 	/*
 -- 
 2.21.0
--- a/SPECS/shim-unsigned-aarch64.spec
+++ b/SPECS/shim-unsigned-aarch64.spec
@ -16,7 +16,7 @@
 Name:		shim-unsigned-aarch64
 Version:	15
-Release:	2%{?dist}
+Release:	4%{?dist}
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	aarch64
 License:	BSD
@ -33,6 +33,10 @@ Patch0001:	0001-Make-sure-that-MOK-variables-always-get-mirrored.patch
 Patch0002:	0002-mok-fix-the-mirroring-of-RT-variables.patch
 Patch0003:	0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
 Patch0004:	0004-Make-VLogError-behave-as-expected.patch
 Patch0005:	0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
 Patch0006:	0006-Make-some-things-dprint-instead-of-console_print.patch
 Patch0007:	0007-shim-Properly-generate-absolute-paths-from-relative-.patch
 Patch0008:	0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
 BuildRequires:	elfutils-libelf-devel
 BuildRequires:	git openssl-devel openssl
@ -131,6 +135,16 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list
 %changelog
 * Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> 15-4
 - Add a gating.yaml file so the package can be properly gated
  Related: rhbz#1682749
 * Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-3
 - Make EFI variable copying fatal only on secureboot enabled systems
  Resolves: rhbz#1704854
 - Fix booting shim from an EFI shell using a relative path
  Resolves: rhbz#1717063
 * Tue Feb 12 2019 Peter Jones <pjones@redhat.com> - 15-2
 - Fix MoK mirroring issue which breaks kdump without intervention
  Related: rhbz#1668966