forked from rpms/shim-unsigned-aarch64
Compare commits
No commits in common. "c8" and "15.7-aligned" have entirely different histories.
c8
...
15.7-align
@ -1 +1 @@
|
|||||||
2dc6308584187bf3ee88bf9b119938c72c5a5088 SOURCES/shim-15.tar.bz2
|
c0e7c121f0c1aaa0332766def5a328d45064d78a SOURCES/shim-15.7.tar.bz2
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
From 9ab0d796bdc9cefdaa3b0df7434845d26c43d894 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Patrick Uiterwijk <patrick@puiterwijk.org>
|
|
||||||
Date: Mon, 5 Nov 2018 14:51:16 +0100
|
|
||||||
Subject: [PATCH 1/3] Make sure that MOK variables always get mirrored
|
|
||||||
|
|
||||||
Without this, if a Mok variable doesn't exist in Boot Services, it will also
|
|
||||||
not be copied to Runtime, even if we have data to be added to it (vendor cert).
|
|
||||||
This patch makes sure that if we have extra data to append, we still mirror
|
|
||||||
the variable.
|
|
||||||
|
|
||||||
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
|
||||||
---
|
|
||||||
mok.c | 20 ++++++++++++++++----
|
|
||||||
1 file changed, 16 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mok.c b/mok.c
|
|
||||||
index 38675211e0e..00dd1ad3034 100644
|
|
||||||
--- a/mok.c
|
|
||||||
+++ b/mok.c
|
|
||||||
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
UINT32 attrs = 0;
|
|
||||||
BOOLEAN delete = FALSE, present, addend;
|
|
||||||
|
|
||||||
+ addend = (v->addend_source && v->addend_size &&
|
|
||||||
+ *v->addend_source && *v->addend_size)
|
|
||||||
+ ? TRUE : FALSE;
|
|
||||||
+
|
|
||||||
efi_status = get_variable_attr(v->name,
|
|
||||||
&v->data, &v->data_size,
|
|
||||||
*v->guid, &attrs);
|
|
||||||
- if (efi_status == EFI_NOT_FOUND)
|
|
||||||
+ if (efi_status == EFI_NOT_FOUND) {
|
|
||||||
+ if (v->rtname && addend) {
|
|
||||||
+ efi_status = mirror_one_mok_variable(v);
|
|
||||||
+ if (EFI_ERROR(efi_status) &&
|
|
||||||
+ ret != EFI_SECURITY_VIOLATION)
|
|
||||||
+ ret = efi_status;
|
|
||||||
+ }
|
|
||||||
+ /*
|
|
||||||
+ * after possibly adding, we can continue, no
|
|
||||||
+ * further checks to be done.
|
|
||||||
+ */
|
|
||||||
continue;
|
|
||||||
+ }
|
|
||||||
if (EFI_ERROR(efi_status)) {
|
|
||||||
perror(L"Could not verify %s: %r\n", v->name,
|
|
||||||
efi_status);
|
|
||||||
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
}
|
|
||||||
|
|
||||||
present = (v->data && v->data_size) ? TRUE : FALSE;
|
|
||||||
- addend = (v->addend_source && v->addend_size &&
|
|
||||||
- *v->addend_source && *v->addend_size)
|
|
||||||
- ? TRUE : FALSE;
|
|
||||||
|
|
||||||
if (v->flags & MOK_VARIABLE_MEASURE && present) {
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 4b27ae034ba9885960e72f77b3f687a9b7fea824 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gary Lin <glin@suse.com>
|
|
||||||
Date: Wed, 21 Nov 2018 12:47:43 +0800
|
|
||||||
Subject: [PATCH 2/3] mok: fix the mirroring of RT variables
|
|
||||||
|
|
||||||
When there is no key in MokList, import_mok_state() just skipped MokList
|
|
||||||
even though it should always mirror the vendor cert. Besides, the faulty
|
|
||||||
check of 'present' and 'addend' invalidates the mirroring of MokListXRT,
|
|
||||||
MokSBStateRT, and MokIgnoreDB.
|
|
||||||
|
|
||||||
https://github.com/rhboot/shim/issues/154
|
|
||||||
|
|
||||||
Signed-off-by: Gary Lin <glin@suse.com>
|
|
||||||
---
|
|
||||||
mok.c | 11 ++++-------
|
|
||||||
1 file changed, 4 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mok.c b/mok.c
|
|
||||||
index 00dd1ad3034..41925abbb49 100644
|
|
||||||
--- a/mok.c
|
|
||||||
+++ b/mok.c
|
|
||||||
@@ -231,12 +231,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
&v->data, &v->data_size,
|
|
||||||
*v->guid, &attrs);
|
|
||||||
if (efi_status == EFI_NOT_FOUND) {
|
|
||||||
- if (v->rtname && addend) {
|
|
||||||
- efi_status = mirror_one_mok_variable(v);
|
|
||||||
- if (EFI_ERROR(efi_status) &&
|
|
||||||
- ret != EFI_SECURITY_VIOLATION)
|
|
||||||
- ret = efi_status;
|
|
||||||
- }
|
|
||||||
+ if (addend)
|
|
||||||
+ goto mirror_addend;
|
|
||||||
/*
|
|
||||||
* after possibly adding, we can continue, no
|
|
||||||
* further checks to be done.
|
|
||||||
@@ -316,7 +312,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (v->rtname && present && addend) {
|
|
||||||
+mirror_addend:
|
|
||||||
+ if (v->rtname && (present || addend)) {
|
|
||||||
if (v->flags & MOK_MIRROR_DELETE_FIRST)
|
|
||||||
LibDeleteVariable(v->rtname, v->guid);
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,109 +0,0 @@
|
|||||||
From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Thu, 31 Jan 2019 13:45:30 -0500
|
|
||||||
Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of
|
|
||||||
using goto
|
|
||||||
|
|
||||||
There's no reason to complicate the logic with a goto here, instead just
|
|
||||||
pull the logic we're jumping to out to a helper function.
|
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
||||||
---
|
|
||||||
mok.c | 41 ++++++++++++++++++++++++++++-------------
|
|
||||||
shim.h | 2 ++
|
|
||||||
2 files changed, 30 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mok.c b/mok.c
|
|
||||||
index 41925abbb49..2f495e6cf25 100644
|
|
||||||
--- a/mok.c
|
|
||||||
+++ b/mok.c
|
|
||||||
@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {
|
|
||||||
{ NULL, }
|
|
||||||
};
|
|
||||||
|
|
||||||
-static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
|
|
||||||
+static EFI_STATUS nonnull(1)
|
|
||||||
+mirror_one_mok_variable(struct mok_state_variable *v)
|
|
||||||
{
|
|
||||||
EFI_STATUS efi_status = EFI_SUCCESS;
|
|
||||||
void *FullData = NULL;
|
|
||||||
@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
|
|
||||||
return efi_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * Mirror a variable if it has an rtname, and preserve any
|
|
||||||
+ * EFI_SECURITY_VIOLATION status at the same time.
|
|
||||||
+ */
|
|
||||||
+static EFI_STATUS nonnull(1)
|
|
||||||
+maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
|
|
||||||
+{
|
|
||||||
+ EFI_STATUS efi_status;
|
|
||||||
+ if (v->rtname) {
|
|
||||||
+ if (v->flags & MOK_MIRROR_DELETE_FIRST)
|
|
||||||
+ LibDeleteVariable(v->rtname, v->guid);
|
|
||||||
+
|
|
||||||
+ efi_status = mirror_one_mok_variable(v);
|
|
||||||
+ if (EFI_ERROR(efi_status)) {
|
|
||||||
+ if (ret != EFI_SECURITY_VIOLATION)
|
|
||||||
+ ret = efi_status;
|
|
||||||
+ perror(L"Could not create %s: %r\n", v->rtname,
|
|
||||||
+ efi_status);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Verify our non-volatile MoK state. This checks the variables above
|
|
||||||
* accessable and have valid attributes. If they don't, it removes
|
|
||||||
@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
*v->guid, &attrs);
|
|
||||||
if (efi_status == EFI_NOT_FOUND) {
|
|
||||||
if (addend)
|
|
||||||
- goto mirror_addend;
|
|
||||||
+ ret = maybe_mirror_one_mok_variable(v, ret);
|
|
||||||
/*
|
|
||||||
* after possibly adding, we can continue, no
|
|
||||||
* further checks to be done.
|
|
||||||
@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-mirror_addend:
|
|
||||||
- if (v->rtname && (present || addend)) {
|
|
||||||
- if (v->flags & MOK_MIRROR_DELETE_FIRST)
|
|
||||||
- LibDeleteVariable(v->rtname, v->guid);
|
|
||||||
-
|
|
||||||
- efi_status = mirror_one_mok_variable(v);
|
|
||||||
- if (EFI_ERROR(efi_status) &&
|
|
||||||
- ret != EFI_SECURITY_VIOLATION)
|
|
||||||
- ret = efi_status;
|
|
||||||
- }
|
|
||||||
+ if (present)
|
|
||||||
+ ret = maybe_mirror_one_mok_variable(v, ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -340,4 +356,4 @@ mirror_addend:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
-// vim:fenc=utf-8:tw=75
|
|
||||||
+// vim:fenc=utf-8:tw=75:noet
|
|
||||||
diff --git a/shim.h b/shim.h
|
|
||||||
index 2b359d821e3..c26d5f06538 100644
|
|
||||||
--- a/shim.h
|
|
||||||
+++ b/shim.h
|
|
||||||
@@ -30,6 +30,8 @@
|
|
||||||
|
|
||||||
#include <stddef.h>
|
|
||||||
|
|
||||||
+#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))
|
|
||||||
+
|
|
||||||
#define min(a, b) ({(a) < (b) ? (a) : (b);})
|
|
||||||
|
|
||||||
#ifdef __x86_64__
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,50 +0,0 @@
|
|||||||
From 0bff94b170116737e6e0838c35c0ac376542a5c0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Tue, 12 Feb 2019 18:04:49 -0500
|
|
||||||
Subject: [PATCH 4/4] Make VLogError() behave as expected.
|
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
||||||
---
|
|
||||||
errlog.c | 15 +++------------
|
|
||||||
1 file changed, 3 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/errlog.c b/errlog.c
|
|
||||||
index 18be4822d53..eebb266d396 100644
|
|
||||||
--- a/errlog.c
|
|
||||||
+++ b/errlog.c
|
|
||||||
@@ -14,29 +14,20 @@ EFI_STATUS
|
|
||||||
VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
|
|
||||||
{
|
|
||||||
va_list args2;
|
|
||||||
- UINTN size = 0, size2;
|
|
||||||
CHAR16 **newerrs;
|
|
||||||
|
|
||||||
- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
|
|
||||||
- va_copy(args2, args);
|
|
||||||
- size2 = VSPrint(NULL, 0, fmt, args2);
|
|
||||||
- va_end(args2);
|
|
||||||
-
|
|
||||||
newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
|
|
||||||
(nerrs + 3) * sizeof(*errs));
|
|
||||||
if (!newerrs)
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
|
||||||
|
|
||||||
- newerrs[nerrs] = AllocatePool(size*2+2);
|
|
||||||
+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
|
|
||||||
if (!newerrs[nerrs])
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
|
||||||
- newerrs[nerrs+1] = AllocatePool(size2*2+2);
|
|
||||||
+ va_copy(args2, args);
|
|
||||||
+ newerrs[nerrs+1] = VPoolPrint(fmt, args2);
|
|
||||||
if (!newerrs[nerrs+1])
|
|
||||||
return EFI_OUT_OF_RESOURCES;
|
|
||||||
-
|
|
||||||
- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
|
|
||||||
- va_copy(args2, args);
|
|
||||||
- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
|
|
||||||
va_end(args2);
|
|
||||||
|
|
||||||
nerrs += 2;
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Patrick Uiterwijk <patrick@puiterwijk.org>
|
|
||||||
Date: Thu, 6 Dec 2018 10:08:45 +0100
|
|
||||||
Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled
|
|
||||||
systems
|
|
||||||
|
|
||||||
I have come across systems that are unwilling to reserve enough memory for
|
|
||||||
a MokListRT big enough for big certificates.
|
|
||||||
This seems to be the case with firmware implementations that do not support
|
|
||||||
secureboot, which is probably the reason they went with much lower variable
|
|
||||||
storage.
|
|
||||||
|
|
||||||
This patch set makes sure we can still boot on those systems, by only
|
|
||||||
making the copy action fatal if the system has secure boot enabled, or if
|
|
||||||
the error was anything other than EFI_INVALID_PARAMETER.
|
|
||||||
|
|
||||||
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
|
||||||
---
|
|
||||||
shim.c | 12 +++++++++++-
|
|
||||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/shim.c b/shim.c
|
|
||||||
index 7d25ad6fe70..aee4727fe67 100644
|
|
||||||
--- a/shim.c
|
|
||||||
+++ b/shim.c
|
|
||||||
@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
|
|
||||||
* boot-services-only state variables are what we think they are.
|
|
||||||
*/
|
|
||||||
efi_status = import_mok_state(image_handle);
|
|
||||||
- if (EFI_ERROR(efi_status)) {
|
|
||||||
+ if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
|
|
||||||
+ /*
|
|
||||||
+ * Make copy failures fatal only if secure_mode is enabled, or
|
|
||||||
+ * the error was anything else than EFI_INVALID_PARAMETER.
|
|
||||||
+ * There are non-secureboot firmware implementations that don't
|
|
||||||
+ * reserve enough EFI variable memory to fit the variable.
|
|
||||||
+ */
|
|
||||||
+ console_print(L"Importing MOK states has failed: %s: %r\n",
|
|
||||||
+ msgs[msg], efi_status);
|
|
||||||
+ console_print(L"Continuing boot since secure mode is disabled");
|
|
||||||
+ } else if (EFI_ERROR(efi_status)) {
|
|
||||||
die:
|
|
||||||
console_print(L"Something has gone seriously wrong: %s: %r\n",
|
|
||||||
msgs[msg], efi_status);
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From dad59f8c0f3620f68379a29c3e6badd22681ddc5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Tue, 10 Apr 2018 12:36:34 -0400
|
|
||||||
Subject: [PATCH] Make some things dprint() instead of console_print()
|
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
||||||
---
|
|
||||||
shim.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/shim.c b/shim.c
|
|
||||||
index 00155346c12..ff0817009cd 100644
|
|
||||||
--- a/shim.c
|
|
||||||
+++ b/shim.c
|
|
||||||
@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
|
|
||||||
if (!dppath)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
- console_print(L"dppath: %s\n", dppath);
|
|
||||||
- console_print(L"path: %s\n", path);
|
|
||||||
+ dprint(L"dppath: %s\n", dppath);
|
|
||||||
+ dprint(L"path: %s\n", path);
|
|
||||||
if (StrnCaseCmp(dppath, path, len))
|
|
||||||
ret = 0;
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,51 +0,0 @@
|
|||||||
From a625fa5096ccdf87036379a5cb237bd43516d605 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
||||||
Date: Fri, 7 Sep 2018 14:11:02 +0200
|
|
||||||
Subject: [PATCH] shim: Properly generate absolute paths from relative
|
|
||||||
image paths
|
|
||||||
|
|
||||||
The generate_path_from_image_path() doesn't properly handle the case when
|
|
||||||
shim is invoked using a relative path (e.g: from the EFI shell). In that
|
|
||||||
function, always the last component is stripped from absolute file path
|
|
||||||
to calculate the dirname, and this is concatenated with the image path.
|
|
||||||
|
|
||||||
But if the path is a relative one, the function will wrongly concatenate
|
|
||||||
the dirname with the relative image path, i.e:
|
|
||||||
|
|
||||||
Shell> FS0:
|
|
||||||
FS0:\> cd EFI
|
|
||||||
FS0:\EFI\> BOOT\BOOTX64.EFI
|
|
||||||
Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
|
|
||||||
Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
|
|
||||||
start_image() returned Not found
|
|
||||||
|
|
||||||
Calculate the image path basename and concatenate that with the dirname.
|
|
||||||
|
|
||||||
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
||||||
Reviewed-by: Maran Wilson maran.wilson@oracle.com
|
|
||||||
Tested-by: Maran Wilson maran.wilson@oracle.com
|
|
||||||
---
|
|
||||||
shim.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/shim.c b/shim.c
|
|
||||||
index f29f39214f5..32d2772b279 100644
|
|
||||||
--- a/shim.c
|
|
||||||
+++ b/shim.c
|
|
||||||
@@ -1640,9 +1640,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
|
|
||||||
bootpath[j] = '\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
- while (*ImagePath == '\\')
|
|
||||||
- ImagePath++;
|
|
||||||
+ for (i = 0, last = 0; i < StrLen(ImagePath); i++)
|
|
||||||
+ if (ImagePath[i] == '\\')
|
|
||||||
+ last = i + 1;
|
|
||||||
|
|
||||||
+ ImagePath = ImagePath + last;
|
|
||||||
*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
|
|
||||||
|
|
||||||
if (!*PathName) {
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
|||||||
From e563bc3dcd17d91861d3b363ed19d30228f409e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
||||||
Date: Fri, 7 Sep 2018 15:10:51 +0200
|
|
||||||
Subject: [PATCH] shim: Prevent shim to set itself as a second stage loader
|
|
||||||
|
|
||||||
When shim is invoked from a relative path (e.g: from the UEFI shell), the
|
|
||||||
Loaded Image handle LoadOptions can be set to the binary relative path.
|
|
||||||
|
|
||||||
But the is_our_path() function only checks if LoadOptions is set to the
|
|
||||||
absolute path of shim to ignore it. So if a relative path is there, shim
|
|
||||||
would set itself as the secondary loader and invoke itself in a loop.
|
|
||||||
|
|
||||||
To prevent that, use the path in LoadOptions to calculate the absolute
|
|
||||||
path and compare it with the one in the Loader Image handle FilePath.
|
|
||||||
|
|
||||||
Resolves: bz#1622485
|
|
||||||
|
|
||||||
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
||||||
Reviewed-by: Maran Wilson maran.wilson@oracle.com
|
|
||||||
Tested-by: Maran Wilson maran.wilson@oracle.com
|
|
||||||
---
|
|
||||||
shim.c | 17 ++++++++++++++---
|
|
||||||
1 file changed, 14 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/shim.c b/shim.c
|
|
||||||
index 32d2772b279..8abc0c267cf 100644
|
|
||||||
--- a/shim.c
|
|
||||||
+++ b/shim.c
|
|
||||||
@@ -2116,21 +2116,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
|
|
||||||
return EFI_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
|
|
||||||
+static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
|
|
||||||
{
|
|
||||||
CHAR16 *dppath = NULL;
|
|
||||||
+ CHAR16 *PathName = NULL;
|
|
||||||
+ EFI_STATUS efi_status;
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
dppath = DevicePathToStr(li->FilePath);
|
|
||||||
if (!dppath)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ efi_status = generate_path_from_image_path(li, path, &PathName);
|
|
||||||
+ if (EFI_ERROR(efi_status)) {
|
|
||||||
+ perror(L"Unable to generate path %s: %r\n", path,
|
|
||||||
+ efi_status);
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
dprint(L"dppath: %s\n", dppath);
|
|
||||||
dprint(L"path: %s\n", path);
|
|
||||||
- if (StrnCaseCmp(dppath, path, len))
|
|
||||||
+ if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
|
|
||||||
ret = 0;
|
|
||||||
|
|
||||||
+done:
|
|
||||||
FreePool(dppath);
|
|
||||||
+ FreePool(PathName);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -2319,7 +2330,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
|
|
||||||
|
|
||||||
* which is just cruel... So yeah, just don't use it.
|
|
||||||
*/
|
|
||||||
- if (strings == 1 && is_our_path(li, start, loader_len))
|
|
||||||
+ if (strings == 1 && is_our_path(li, start))
|
|
||||||
return EFI_SUCCESS;
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 1870bae796022f8bbf60465352eac329ff1d6ffd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Jones <pjones@redhat.com>
|
|
||||||
Date: Thu, 5 Sep 2019 10:36:23 -0400
|
|
||||||
Subject: [PATCH] Fix a use of strlen() instead of Strlen()
|
|
||||||
|
|
||||||
Resolves: rhbz#1817882
|
|
||||||
|
|
||||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
||||||
---
|
|
||||||
src/shim.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/shim.c b/shim.c
|
|
||||||
index 3f131f48572..38f1346da7f 100644
|
|
||||||
--- a/shim.c
|
|
||||||
+++ b/shim.c
|
|
||||||
@@ -2053,7 +2053,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
|
|
||||||
|
|
||||||
dprint(L"dppath: %s\n", dppath);
|
|
||||||
dprint(L"path: %s\n", path);
|
|
||||||
- if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
|
|
||||||
+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
|
|
||||||
ret = 0;
|
|
||||||
|
|
||||||
done:
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
@ -1,139 +0,0 @@
|
|||||||
From 9813e8bc8b3295f343809fac43298a73a93ffc97 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
Date: Tue, 28 Jan 2020 23:33:46 +0100
|
|
||||||
Subject: [PATCH] translate_slashes(): don't write to string literals
|
|
||||||
|
|
||||||
Currently, all three invocations of the translate_slashes() function may
|
|
||||||
lead to writes to the string literal that is #defined with the
|
|
||||||
DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined
|
|
||||||
behavior ("If the program attempts to modify such an array, the behavior
|
|
||||||
is undefined").
|
|
||||||
|
|
||||||
This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data
|
|
||||||
abort: Permission fault"), where the platform firmware maps the .text
|
|
||||||
section (which contains the string literal) read-only.
|
|
||||||
|
|
||||||
Modify translate_slashes() so that it copies and translates characters
|
|
||||||
from an input array of "char" to an output array of "CHAR8".
|
|
||||||
|
|
||||||
While at it, fix another bug. Before this patch, if translate_slashes()
|
|
||||||
ever encountered a double backslash (translating it to a single forward
|
|
||||||
slash), then the output would end up shorter than the input. However, the
|
|
||||||
output was not NUL-terminated in-place, therefore the original string
|
|
||||||
length (and according trailing garbage) would be preserved. After this
|
|
||||||
patch, the NUL-termination on contraction is automatic, as the output
|
|
||||||
array's contents are indeterminate when entering the function, and so we
|
|
||||||
must NUL-terminate it anyway.
|
|
||||||
|
|
||||||
Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98
|
|
||||||
Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927
|
|
||||||
Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072
|
|
||||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654
|
|
||||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
||||||
---
|
|
||||||
include/str.h | 14 ++++++++------
|
|
||||||
httpboot.c | 4 ++--
|
|
||||||
netboot.c | 16 +++++++++++-----
|
|
||||||
3 files changed, 21 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/str.h b/include/str.h
|
|
||||||
index 9a748366bd1..f73c6212cd9 100644
|
|
||||||
--- a/include/str.h
|
|
||||||
+++ b/include/str.h
|
|
||||||
@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src)
|
|
||||||
static inline
|
|
||||||
__attribute__((unused))
|
|
||||||
CHAR8 *
|
|
||||||
-translate_slashes(char *str)
|
|
||||||
+translate_slashes(CHAR8 *out, const char *str)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
int j;
|
|
||||||
- if (str == NULL)
|
|
||||||
- return (CHAR8 *)str;
|
|
||||||
+ if (str == NULL || out == NULL)
|
|
||||||
+ return NULL;
|
|
||||||
|
|
||||||
for (i = 0, j = 0; str[i] != '\0'; i++, j++) {
|
|
||||||
if (str[i] == '\\') {
|
|
||||||
- str[j] = '/';
|
|
||||||
+ out[j] = '/';
|
|
||||||
if (str[i+1] == '\\')
|
|
||||||
i++;
|
|
||||||
- }
|
|
||||||
+ } else
|
|
||||||
+ out[j] = str[i];
|
|
||||||
}
|
|
||||||
- return (CHAR8 *)str;
|
|
||||||
+ out[j] = '\0';
|
|
||||||
+ return out;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* SHIM_STR_H */
|
|
||||||
diff --git a/httpboot.c b/httpboot.c
|
|
||||||
index 3622e85867c..2d27e8ed993 100644
|
|
||||||
--- a/httpboot.c
|
|
||||||
+++ b/httpboot.c
|
|
||||||
@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
|
|
||||||
{
|
|
||||||
EFI_STATUS efi_status;
|
|
||||||
EFI_HANDLE nic;
|
|
||||||
- CHAR8 *next_loader = NULL;
|
|
||||||
+ CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR];
|
|
||||||
CHAR8 *next_uri = NULL;
|
|
||||||
CHAR8 *hostname = NULL;
|
|
||||||
|
|
||||||
if (!uri)
|
|
||||||
return EFI_NOT_READY;
|
|
||||||
|
|
||||||
- next_loader = translate_slashes(DEFAULT_LOADER_CHAR);
|
|
||||||
+ translate_slashes(next_loader, DEFAULT_LOADER_CHAR);
|
|
||||||
|
|
||||||
/* Create the URI for the next loader based on the original URI */
|
|
||||||
efi_status = generate_next_uri(uri, next_loader, &next_uri);
|
|
||||||
diff --git a/netboot.c b/netboot.c
|
|
||||||
index 583fe4bee71..6d293bca9dd 100644
|
|
||||||
--- a/netboot.c
|
|
||||||
+++ b/netboot.c
|
|
||||||
@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
|
|
||||||
CHAR8 *start, *end;
|
|
||||||
CHAR8 ip6str[40];
|
|
||||||
CHAR8 ip6inv[16];
|
|
||||||
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
|
|
||||||
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
|
|
||||||
+
|
|
||||||
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
|
|
||||||
|
|
||||||
// to check against str2ip6() errors
|
|
||||||
memset(ip6inv, 0, sizeof(ip6inv));
|
|
||||||
@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6()
|
|
||||||
|
|
||||||
static EFI_STATUS parseDhcp4()
|
|
||||||
{
|
|
||||||
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
|
|
||||||
- INTN template_len = strlen(template) + 1;
|
|
||||||
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
|
|
||||||
+ INTN template_len;
|
|
||||||
+ UINTN template_ofs = 0;
|
|
||||||
EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4;
|
|
||||||
|
|
||||||
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
|
|
||||||
+ template_len = strlen(template) + 1;
|
|
||||||
+
|
|
||||||
if(pxe->Mode->ProxyOfferReceived) {
|
|
||||||
/*
|
|
||||||
* Proxy should not have precedence. Check if DhcpAck
|
|
||||||
@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4()
|
|
||||||
full_path[dir_len-1] = '\0';
|
|
||||||
}
|
|
||||||
if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
|
|
||||||
- template++;
|
|
||||||
- strcata(full_path, template);
|
|
||||||
+ template_ofs++;
|
|
||||||
+ strcata(full_path, template + template_ofs);
|
|
||||||
memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);
|
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
33
SOURCES/0012-pe-align-section-size.patch
Normal file
33
SOURCES/0012-pe-align-section-size.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nicholas Bishop <nicholasbishop@google.com>
|
||||||
|
Date: Mon, 19 Dec 2022 18:56:13 -0500
|
||||||
|
Subject: [PATCH] pe: Align section size up to page size for mem attrs
|
||||||
|
|
||||||
|
Setting memory attributes is generally done at page granularity, and
|
||||||
|
this is enforced by checks in `get_mem_attrs` and
|
||||||
|
`update_mem_attrs`. But unlike the section address, the section size
|
||||||
|
isn't necessarily aligned to 4KiB. Round up the section size to fix
|
||||||
|
this.
|
||||||
|
|
||||||
|
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
|
||||||
|
---
|
||||||
|
pe.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/pe.c b/pe.c
|
||||||
|
index 9a3679e16..5ad0914ba 100644
|
||||||
|
--- a/pe.c
|
||||||
|
+++ b/pe.c
|
||||||
|
@@ -1372,7 +1372,11 @@ handle_image (void *data, unsigned int datasize,
|
||||||
|
+ Section->Misc.VirtualSize - 1);
|
||||||
|
|
||||||
|
addr = (uintptr_t)base;
|
||||||
|
- length = (uintptr_t)end - (uintptr_t)base + 1;
|
||||||
|
+ // Align the length up to PAGE_SIZE. This is required because
|
||||||
|
+ // platforms generally set memory attributes at page
|
||||||
|
+ // granularity, but the section length (unlike the section
|
||||||
|
+ // address) is not required to be aligned.
|
||||||
|
+ length = ALIGN_VALUE((uintptr_t)end - (uintptr_t)base + 1, PAGE_SIZE);
|
||||||
|
|
||||||
|
if (Section->Characteristics & EFI_IMAGE_SCN_MEM_WRITE) {
|
||||||
|
set_attrs |= MEM_ATTR_W;
|
BIN
SOURCES/clsecureboot001.cer
Normal file
BIN
SOURCES/clsecureboot001.cer
Normal file
Binary file not shown.
Binary file not shown.
@ -8,38 +8,30 @@
|
|||||||
%global __debug_install_post %{SOURCE100} aa64
|
%global __debug_install_post %{SOURCE100} aa64
|
||||||
%undefine _debuginfo_subpackages
|
%undefine _debuginfo_subpackages
|
||||||
|
|
||||||
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
|
%global efidir almalinux
|
||||||
%global shimrootdir %{_datadir}/shim/
|
%global shimrootdir %{_datadir}/shim/
|
||||||
%global shimversiondir %{shimrootdir}/%{version}-%{release}
|
%global shimversiondir %{shimrootdir}/%{version}-%{release}
|
||||||
%global efiarch aa64
|
%global efiarch aa64
|
||||||
%global shimdir %{shimversiondir}/%{efiarch}
|
%global shimdir %{shimversiondir}/%{efiarch}
|
||||||
|
|
||||||
Name: shim-unsigned-aarch64
|
Name: shim-unsigned-aarch64
|
||||||
Version: 15
|
Version: 15.7
|
||||||
Release: 7%{?dist}
|
Release: 2%{?dist}.alma
|
||||||
Summary: First-stage UEFI bootloader
|
Summary: First-stage UEFI bootloader
|
||||||
ExclusiveArch: aarch64
|
ExclusiveArch: aarch64
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: https://github.com/rhboot/shim
|
URL: https://github.com/rhboot/shim
|
||||||
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
|
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
|
||||||
Source1: securebootca.cer
|
Source1: clsecureboot001.cer
|
||||||
# currently here's what's in our dbx:
|
# currently here's what's in our dbx:
|
||||||
# nothing.
|
# nothing.
|
||||||
Source2: dbx.esl
|
Source2: dbx.esl
|
||||||
|
|
||||||
Source100: shim-find-debuginfo.sh
|
Source100: shim-find-debuginfo.sh
|
||||||
|
|
||||||
Patch0001: 0001-Make-sure-that-MOK-variables-always-get-mirrored.patch
|
Patch0012: 0012-pe-align-section-size.patch
|
||||||
Patch0002: 0002-mok-fix-the-mirroring-of-RT-variables.patch
|
|
||||||
Patch0003: 0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
|
|
||||||
Patch0004: 0004-Make-VLogError-behave-as-expected.patch
|
|
||||||
Patch0005: 0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
|
|
||||||
Patch0006: 0006-Make-some-things-dprint-instead-of-console_print.patch
|
|
||||||
Patch0007: 0007-shim-Properly-generate-absolute-paths-from-relative-.patch
|
|
||||||
Patch0008: 0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
|
|
||||||
Patch0009: 0009-Fix-a-use-of-strlen-instead-of-Strlen.patch
|
|
||||||
Patch0010: 0010-translate_slashes-don-t-write-to-string-literals.patch
|
|
||||||
|
|
||||||
|
BuildRequires: gcc make
|
||||||
BuildRequires: elfutils-libelf-devel
|
BuildRequires: elfutils-libelf-devel
|
||||||
BuildRequires: git openssl-devel openssl
|
BuildRequires: git openssl-devel openssl
|
||||||
BuildRequires: pesign >= %{pesign_vre}
|
BuildRequires: pesign >= %{pesign_vre}
|
||||||
@ -131,15 +123,15 @@ cd ..
|
|||||||
%dir %{shimdir}
|
%dir %{shimdir}
|
||||||
%{shimdir}/*.efi
|
%{shimdir}/*.efi
|
||||||
%{shimdir}/*.hash
|
%{shimdir}/*.hash
|
||||||
|
%{shimdir}/*.CSV
|
||||||
|
|
||||||
%files debuginfo -f build-%{efiarch}/debugfiles.list
|
%files debuginfo -f build-%{efiarch}/debugfiles.list
|
||||||
|
|
||||||
%files debugsource -f build-%{efiarch}/debugsource.list
|
%files debugsource -f build-%{efiarch}/debugsource.list
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15-7
|
* Thu May 19 2022 Eduard Abdullin <eabdullin@almalinux.org> - 15-6.alma
|
||||||
- Backport this to EL 8 so we can build-dep on the right version.
|
- Use AlmaLinux cert
|
||||||
Related: CVE-2020-14372 (and others)
|
|
||||||
|
|
||||||
* Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
|
* Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
|
||||||
- Fix a shim crash when attempting to netboot
|
- Fix a shim crash when attempting to netboot
|
||||||
@ -163,8 +155,19 @@ cd ..
|
|||||||
- Fix MoK mirroring issue which breaks kdump without intervention
|
- Fix MoK mirroring issue which breaks kdump without intervention
|
||||||
Related: rhbz#1668966
|
Related: rhbz#1668966
|
||||||
|
|
||||||
* Fri Jul 20 2018 Peter Jones <pjones@redhat.com> - 15-1
|
* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1
|
||||||
- Update to shim 15
|
- Update to shim 15
|
||||||
|
- better checking for bad linker output
|
||||||
|
- flicker-free console if there's no error output
|
||||||
|
- improved http boot support
|
||||||
|
- better protocol re-installation
|
||||||
|
- dhcp proxy support
|
||||||
|
- tpm measurement even when verification is disabled
|
||||||
|
- REQUIRE_TPM build flag
|
||||||
|
- more reproducable builds
|
||||||
|
- measurement of everything verified through shim_verify()
|
||||||
|
- coverity and scan-build checker make targets
|
||||||
|
- misc cleanups
|
||||||
|
|
||||||
* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
|
* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
|
||||||
- Actually update to the *real* 13 final.
|
- Actually update to the *real* 13 final.
|
||||||
|
Loading…
Reference in New Issue
Block a user