pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 880833 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
- Update to 15.3 for SBAT support (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/880833
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=173
This commit is contained in:
Gary Ching-Pang Lin 2021-03-24 03:16:20 +00:00 committed by Git OBS Bridge
parent b9c4429460
commit 0fc0214e26
25 changed files with 134 additions and 2097 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dbx-cert.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d453dc9335c148d93867ff72222696960a6247724dad6ffb1def8bb8df6765dc
size 5508
oid sha256:7cea42a328d6dbac923fce1a15f1e941eee7c829aeff6c0b5016475cca99c47c
size 7032

68
gcc9-fix-warnings.patch
View File

@ -1,68 +0,0 @@
From f30cd0b6330be8ea72a93bf25e43829c222ba611 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 26 Feb 2019 11:33:53 +0800
Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of
CompareGuid
Fix the errors from gcc9 '-Werror=address-of-packed-member'
https://github.com/rhboot/shim/issues/161
Signed-off-by: Gary Lin <glin@suse.com>
---
MokManager.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/MokManager.c b/MokManager.c
index d69b4dbe..05dc1622 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -1053,7 +1053,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
continue;
DataSize += sizeof(EFI_SIGNATURE_LIST);
- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
+ if (CompareMem(&(list[i].Type), &X509_GUID,
+ sizeof(EFI_GUID)) == 0)
DataSize += sizeof(EFI_GUID);
DataSize += list[i].MokSize;
}
@@ -1075,7 +1076,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
CertList->SignatureType = list[i].Type;
CertList->SignatureHeaderSize = 0;
- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
+ if (CompareMem(&(list[i].Type), &X509_GUID,
+ sizeof(EFI_GUID)) == 0) {
CertList->SignatureListSize = list[i].MokSize +
sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
CertList->SignatureSize =
@@ -1116,7 +1118,8 @@ static void delete_cert(void *key, UINT32 key_size,
int i;
for (i = 0; i < mok_num; i++) {
- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
+ if (CompareMem(&(mok[i].Type), &X509_GUID,
+ sizeof(EFI_GUID)) != 0)
continue;
if (mok[i].MokSize == key_size &&
@@ -1167,7 +1170,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
sig_size = hash_size + sizeof(EFI_GUID);
for (i = 0; i < mok_num; i++) {
- if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
+ if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
(mok[i].MokSize < sig_size))
continue;
@@ -1331,7 +1334,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
/* Search and destroy */
for (i = 0; i < del_num; i++) {
- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
+ if (CompareMem(&(del_key[i].Type), &X509_GUID,
+ sizeof(EFI_GUID)) == 0) {
delete_cert(del_key[i].Mok, del_key[i].MokSize,
mok, mok_num);
} else if (is_sha2_hash(del_key[i].Type)) {

3
shim-15+git47.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4e5d2d07df89384185dbbbe5b0cb4402829c858f615a1400d2264e3ecf78abc6
size 1002928

3
shim-15.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:df76c9b68cf6e6d9c024059b5335701441c366cdcced2ae21e115f3901cb8333
size 1260580

65
shim-VLogError-Avoid-Null-pointer-dereferences.patch
View File

@ -1,65 +0,0 @@
From 20e731f423a438f53738de73af9ef3d67c4cba2f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 12 Feb 2019 18:04:49 -0500
Subject: [PATCH] VLogError(): Avoid NULL pointer dereferences in (V)Sprint
calls
VLogError() calculates the size of format strings by using calls to
SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
of "0" is special-cased to mean "there is no limit". So, we end up
writing our string to address 0x0. This was discovered because it
causes a crash on ARM where, unlike x86, it does not necessarily
have memory mapped at 0x0.
Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
handles the size calculation and allocation for us.
Signed-off-by: Peter Jones <pjones@redhat.com>
Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
[dannf: commit message ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
errlog.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/errlog.c b/errlog.c
index 18be482..eebb266 100644
--- a/errlog.c
+++ b/errlog.c
@@ -14,29 +14,20 @@ EFI_STATUS
VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
{
va_list args2;
- UINTN size = 0, size2;
CHAR16 **newerrs;
- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- size2 = VSPrint(NULL, 0, fmt, args2);
- va_end(args2);
-
newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
(nerrs + 3) * sizeof(*errs));
if (!newerrs)
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs] = AllocatePool(size*2+2);
+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
if (!newerrs[nerrs])
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs+1] = AllocatePool(size2*2+2);
+ va_copy(args2, args);
+ newerrs[nerrs+1] = VPoolPrint(fmt, args2);
if (!newerrs[nerrs+1])
return EFI_OUT_OF_RESOURCES;
-
- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
va_end(args2);
nerrs += 2;
--
2.28.0

62
shim-always-mirror-mok-variables.patch
View File

@ -1,62 +0,0 @@
From e6ce8788f4a622da1ba5421a5eb11df163a56727 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 21 Nov 2018 12:47:43 +0800
Subject: [PATCH] MOK: Fix the missing vendor cert in MokListRT
When there is no key in MokList, import_mok_state() just skipped MokList
even though it should always mirror the vendor cert.
https://github.com/rhboot/shim/issues/154
Signed-off-by: Gary Lin <glin@suse.com>
---
mok.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/mok.c b/mok.c
index 3867521..0bcab32 100644
--- a/mok.c
+++ b/mok.c
@@ -223,11 +223,18 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
UINT32 attrs = 0;
BOOLEAN delete = FALSE, present, addend;
+ addend = (v->addend_source && v->addend_size &&
+ *v->addend_source && *v->addend_size)
+ ? TRUE : FALSE;
+
efi_status = get_variable_attr(v->name,
&v->data, &v->data_size,
*v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND)
+ if (efi_status == EFI_NOT_FOUND) {
+ if (addend)
+ goto mirror_addend;
continue;
+ }
if (EFI_ERROR(efi_status)) {
perror(L"Could not verify %s: %r\n", v->name,
efi_status);
@@ -272,9 +279,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
present = (v->data && v->data_size) ? TRUE : FALSE;
- addend = (v->addend_source && v->addend_size &&
- *v->addend_source && *v->addend_size)
- ? TRUE : FALSE;
if (v->flags & MOK_VARIABLE_MEASURE && present) {
/*
@@ -304,7 +308,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
}
- if (v->rtname && present && addend) {
+mirror_addend:
+ if (v->rtname && (present || addend)) {
if (v->flags & MOK_MIRROR_DELETE_FIRST)
LibDeleteVariable(v->rtname, v->guid);
--
2.19.2

22
shim-arch-independent-names.patch
View File

@ -1,4 +1,4 @@
From b0fc750ab3af4883a7124229398a758837a4e7ce Mon Sep 17 00:00:00 2001
From 71ca8f761fb5434ef65895345d96ccf063da7d66 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Tue, 22 Aug 2017 12:43:36 +0800
Subject: [PATCH] Make the names of EFI binaries arch-independent
@ -16,10 +16,10 @@ Signed-off-by: Gary Lin <glin@suse.com>
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fallback.c b/fallback.c
index c3f5583..01f2ae4 100644
index fc81c5e4..44b2d464 100644
--- a/fallback.c
+++ b/fallback.c
@@ -999,7 +999,7 @@ debug_hook(void)
@@ -1058,7 +1058,7 @@ debug_hook(void)
x = 1;
console_print(L"add-symbol-file "DEBUGDIR
@ -29,10 +29,10 @@ index c3f5583..01f2ae4 100644
}
diff --git a/shim.c b/shim.c
index fcc11eb..248c946 100644
index 765c9254..6751a2bc 100644
--- a/shim.c
+++ b/shim.c
@@ -2554,7 +2554,7 @@ debug_hook(void)
@@ -1811,7 +1811,7 @@ debug_hook(void)
FreePool(data);
console_print(L"add-symbol-file "DEBUGDIR
@ -42,11 +42,11 @@ index fcc11eb..248c946 100644
console_print(L"Pausing for debugger attachment.\n");
diff --git a/shim.h b/shim.h
index 2b359d8..d9c60f5 100644
index 0a6c8cfa..b9c3c4d8 100644
--- a/shim.h
+++ b/shim.h
@@ -92,8 +92,8 @@
#endif
@@ -105,8 +105,8 @@
#define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
#endif
-#define FALLBACK L"\\fb" EFI_ARCH L".efi"
@ -54,8 +54,8 @@ index 2b359d8..d9c60f5 100644
+#define FALLBACK L"\\fallback.efi"
+#define MOK_MANAGER L"\\MokManager.efi"
#include "include/configtable.h"
#include "include/console.h"
#if defined(VENDOR_DB_FILE)
# define vendor_authorized vendor_db
--
2.19.2
2.29.2

357
shim-bsc1092000-fallback-menu.patch
View File

@ -1,357 +0,0 @@
From 407763d37cae353609b3f3ef78ff127745860357 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 23 May 2018 16:58:31 +0800
Subject: [PATCH 1/2] console: Move the countdown function to console.c
Move the countdown function from MokManager to console.c to make the
function public
Also make console_save_and_set_mode() and console_restore_mode() public
Signed-off-by: Gary Lin <glin@suse.com>
---
MokManager.c | 71 ++++---------------------------------------
include/console.h | 6 ++++
lib/console.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 88 insertions(+), 65 deletions(-)
diff --git a/MokManager.c b/MokManager.c
index 2e55c50..1ab8e5e 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -733,30 +733,6 @@ done:
return efi_status;
}
-static void console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
-{
- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-
- if (!SavedMode) {
- console_print(L"Invalid parameter: SavedMode\n");
- return;
- }
-
- CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE));
- co->EnableCursor(co, FALSE);
- co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
-}
-
-static void console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
-{
- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-
- co->EnableCursor(co, SavedMode->CursorVisible);
- co->SetCursorPosition(co, SavedMode->CursorColumn,
- SavedMode->CursorRow);
- co->SetAttribute(co, SavedMode->Attribute);
-}
-
static INTN reset_system()
{
gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
@@ -2032,18 +2008,13 @@ static BOOLEAN verify_pw(BOOLEAN * protected)
static int draw_countdown()
{
- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
- SIMPLE_INPUT_INTERFACE *ci = ST->ConIn;
- SIMPLE_TEXT_OUTPUT_MODE SavedMode;
- EFI_INPUT_KEY key;
- EFI_STATUS efi_status;
- UINTN cols, rows;
- CHAR16 *title[2];
CHAR16 *message = L"Press any key to perform MOK management";
+ CHAR16 *title;
+ EFI_STATUS efi_status;
void *MokTimeout = NULL;
MokTimeoutvar *var;
UINTN MokTimeoutSize = 0;
- int timeout, wait = 10000000;
+ int timeout;
efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout,
&MokTimeoutSize, SHIM_LOCK_GUID);
@@ -2059,41 +2030,11 @@ static int draw_countdown()
if (timeout < 0)
return timeout;
- console_save_and_set_mode(&SavedMode);
-
- title[0] = PoolPrint(L"%s UEFI key management", SHIM_VENDOR);
- title[1] = NULL;
-
- console_print_box_at(title, -1, 0, 0, -1, -1, 1, 1);
-
- co->QueryMode(co, co->Mode->Mode, &cols, &rows);
-
- console_print_at((cols - StrLen(message)) / 2, rows / 2, message);
- while (1) {
- if (timeout > 1)
- console_print_at(2, rows - 3,
- L"Booting in %d seconds ",
- timeout);
- else if (timeout)
- console_print_at(2, rows - 3,
- L"Booting in %d second ",
- timeout);
+ title = PoolPrint(L"%s UEFI key management", SHIM_VENDOR);
- efi_status = WaitForSingleEvent(ci->WaitForKey, wait);
- if (efi_status != EFI_TIMEOUT) {
- /* Clear the key in the queue */
- ci->ReadKeyStroke(ci, &key);
- break;
- }
+ timeout = console_countdown(title, message, timeout);
- timeout--;
- if (!timeout)
- break;
- }
-
- FreePool(title[0]);
-
- console_restore_mode(&SavedMode);
+ FreePool(title);
return timeout;
}
diff --git a/include/console.h b/include/console.h
index deb4fa3..bd75eb5 100644
--- a/include/console.h
+++ b/include/console.h
@@ -33,6 +33,12 @@ console_alertbox(CHAR16 **title);
void
console_notify(CHAR16 *string);
void
+console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode);
+void
+console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode);
+int
+console_countdown(CHAR16* title, const CHAR16* message, int timeout);
+void
console_reset(void);
#define NOSEL 0x7fffffff
diff --git a/lib/console.c b/lib/console.c
index 3aee41c..2d421af 100644
--- a/lib/console.c
+++ b/lib/console.c
@@ -409,6 +409,82 @@ console_notify(CHAR16 *string)
console_alertbox(str_arr);
}
+void
+console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
+{
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+
+ if (!SavedMode) {
+ console_print(L"Invalid parameter: SavedMode\n");
+ return;
+ }
+
+ CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE));
+ co->EnableCursor(co, FALSE);
+ co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
+}
+
+void
+console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
+{
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+
+ co->EnableCursor(co, SavedMode->CursorVisible);
+ co->SetCursorPosition(co, SavedMode->CursorColumn,
+ SavedMode->CursorRow);
+ co->SetAttribute(co, SavedMode->Attribute);
+}
+
+int
+console_countdown(CHAR16* title, const CHAR16* message,
+ int timeout)
+{
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+ SIMPLE_INPUT_INTERFACE *ci = ST->ConIn;
+ SIMPLE_TEXT_OUTPUT_MODE SavedMode;
+ EFI_INPUT_KEY key;
+ EFI_STATUS efi_status;
+ UINTN cols, rows;
+ CHAR16 *titles[2];
+ int wait = 10000000;
+
+ console_save_and_set_mode(&SavedMode);
+
+ titles[0] = title;
+ titles[1] = NULL;
+
+ console_print_box_at(titles, -1, 0, 0, -1, -1, 1, 1);
+
+ co->QueryMode(co, co->Mode->Mode, &cols, &rows);
+
+ console_print_at((cols - StrLen(message)) / 2, rows / 2, message);
+ while (1) {
+ if (timeout > 1)
+ console_print_at(2, rows - 3,
+ L"Booting in %d seconds ",
+ timeout);
+ else if (timeout)
+ console_print_at(2, rows - 3,
+ L"Booting in %d second ",
+ timeout);
+
+ efi_status = WaitForSingleEvent(ci->WaitForKey, wait);
+ if (efi_status != EFI_TIMEOUT) {
+ /* Clear the key in the queue */
+ ci->ReadKeyStroke(ci, &key);
+ break;
+ }
+
+ timeout--;
+ if (!timeout)
+ break;
+ }
+
+ console_restore_mode(&SavedMode);
+
+ return timeout;
+}
+
#define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
/* Copy of gnu-efi-3.0 with the added secure boot strings */
--
2.19.2
From 9544a6dc75343059184d9dfb0cfdc4eda880afd0 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 23 May 2018 18:13:05 +0800
Subject: [PATCH 2/2] fallback: show a countdown menu before reset
Some machines with the faulty firmware may keep booting the default boot
path instead of the boot option we create. To avoid the infinite reset
loop, this commit introduce a countdown screen before fallback resets the
system, so the user can interrupt the system reset and choose to boot
the restored boot option. The "Always continue boot" option creates a
BS+RT+NV variable, FB_NO_REBOOT, to make fallback boot the first boot
option afterward without asking. The user can revert the behavior by
removing the variable.
https://github.com/rhboot/shim/issues/128
Signed-off-by: Gary Lin <glin@suse.com>
---
fallback.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/fallback.c b/fallback.c
index 01f2ae4..33f104f 100644
--- a/fallback.c
+++ b/fallback.c
@@ -12,6 +12,8 @@
#include "shim.h"
+#define NO_REBOOT L"FB_NO_REBOOT"
+
EFI_LOADED_IMAGE *this_image = NULL;
int
@@ -973,6 +975,65 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
return efi_status;
}
+static UINT32
+get_fallback_no_reboot(void)
+{
+ EFI_STATUS efi_status;
+ UINT32 no_reboot;
+ UINTN size = sizeof(UINT32);
+
+ efi_status = gRT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
+ NULL, &size, &no_reboot);
+ if (!EFI_ERROR(efi_status)) {
+ return no_reboot;
+ }
+ return 0;
+}
+
+static EFI_STATUS
+set_fallback_no_reboot(void)
+{
+ EFI_STATUS efi_status;
+ UINT32 no_reboot = 1;
+ efi_status = gRT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE
+ | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ | EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof(UINT32), &no_reboot);
+ return efi_status;
+}
+
+static int
+draw_countdown(void)
+{
+ CHAR16 *title = L"Boot Option Restoration";
+ CHAR16 *message = L"Press any key to stop system reset";
+ int timeout;
+
+ timeout = console_countdown(title, message, 5);
+
+ return timeout;
+}
+
+static int
+get_user_choice(void)
+{
+ int choice;
+ CHAR16 *title[] = {L"Boot Option Restored", NULL};
+ CHAR16 *menu_strings[] = {
+ L"Reset system",
+ L"Continue boot",
+ L"Always continue boot",
+ NULL
+ };
+
+ do {
+ choice = console_select(title, menu_strings, 0);
+ } while (choice < 0 || choice > 2);
+
+ return choice;
+}
+
extern EFI_STATUS
efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab);
@@ -1039,6 +1100,26 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
VerbosePrint(L"tpm not present, starting the first image\n");
try_start_first_option(image);
} else {
+ if (get_fallback_no_reboot() == 1) {
+ VerbosePrint(L"NO_REBOOT is set, starting the first image\n");
+ try_start_first_option(image);
+ }
+
+ int timeout = draw_countdown();
+ if (timeout == 0)
+ goto reset;
+
+ int choice = get_user_choice();
+ if (choice == 0) {
+ goto reset;
+ } else if (choice == 2) {
+ efi_status = set_fallback_no_reboot();
+ if (EFI_ERROR(efi_status))
+ goto reset;
+ }
+ VerbosePrint(L"tpm present, starting the first image\n");
+ try_start_first_option(image);
+reset:
VerbosePrint(L"tpm present, resetting system\n");
}
--
2.19.2

47
shim-bsc1173411-only-check-efi-var-on-sb.patch
View File

@ -1,47 +0,0 @@
From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 6 Dec 2018 10:08:45 +0100
Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled
systems
I have come across systems that are unwilling to reserve enough memory for
a MokListRT big enough for big certificates.
This seems to be the case with firmware implementations that do not support
secureboot, which is probably the reason they went with much lower variable
storage.
This patch set makes sure we can still boot on those systems, by only
making the copy action fatal if the system has secure boot enabled, or if
the error was anything other than EFI_INVALID_PARAMETER.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
shim.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 7d25ad6..aee4727 100644
--- a/shim.c
+++ b/shim.c
@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
* boot-services-only state variables are what we think they are.
*/
efi_status = import_mok_state(image_handle);
- if (EFI_ERROR(efi_status)) {
+ if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
+ /*
+ * Make copy failures fatal only if secure_mode is enabled, or
+ * the error was anything else than EFI_INVALID_PARAMETER.
+ * There are non-secureboot firmware implementations that don't
+ * reserve enough EFI variable memory to fit the variable.
+ */
+ console_print(L"Importing MOK states has failed: %s: %r\n",
+ msgs[msg], efi_status);
+ console_print(L"Continuing boot since secure mode is disabled");
+ } else if (EFI_ERROR(efi_status)) {
die:
console_print(L"Something has gone seriously wrong: %s: %r\n",
msgs[msg], efi_status);
--
2.25.1

46
shim-bsc1174512-correct-license-in-headers.patch
View File

@ -1,46 +0,0 @@
From 248e327146daf008b32615423f86d0a985d9d519 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 9 Jul 2020 00:24:57 -0400
Subject: [PATCH] Remove a couple of incorrect license claims.
A certain someone's default editor template leaked in to a couple of
source files, and claims they're GPL licensed. They're not.
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 476cbff111001d01a5a27dc2289fc7cd2d34c38e)
---
errlog.c | 3 ---
mok.c | 2 --
2 files changed, 5 deletions(-)
diff --git a/errlog.c b/errlog.c
index 18be482..e2ac04a 100644
--- a/errlog.c
+++ b/errlog.c
@@ -1,10 +1,7 @@
/*
* errlog.c
* Copyright 2017 Peter Jones <pjones@redhat.com>
- *
- * Distributed under terms of the GPLv3 license.
*/
-
#include "shim.h"
static CHAR16 **errs = NULL;
diff --git a/mok.c b/mok.c
index 0bcab32..9498440 100644
--- a/mok.c
+++ b/mok.c
@@ -1,8 +1,6 @@
/*
* mok.c
* Copyright 2017 Peter Jones <pjones@redhat.com>
- *
- * Distributed under terms of the GPLv3 license.
*/
#include "shim.h"
--
2.27.0

246
shim-bsc1175509-more-tpm-fixes.patch
View File

@ -1,246 +0,0 @@
From 3574fb71d1849295f662c3fcf0818bcd40373649 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 18 Feb 2020 12:03:28 +0100
Subject: [PATCH 1/3] shim: Update EFI_LOADED_IMAGE with the second stage
loader file path
When shim loads the second stage loader (e.g: GRUB) the FilePath field of
the EFI_LOADED_IMAGE structure isn't updated with the path of the loaded
binary. So it still contains the file path of the shim binary.
This isn't a problem since the file path is currently not used. But should
be used to set the DevicePath field of the EFI_IMAGE_LOAD_EVENT structure
that is logged when measuring the PE/COFF binaries. In that case the TPM
Event Log will have an incorrect file path for the measured binary, i.e:
$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
...
00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.|
00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.|
00000a70 5c 00 73 00 68 00 69 00 6d 00 78 00 36 00 34 00 |\.s.h.i.m.x.6.4.|
00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........|
00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................|
00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....|
00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd |
00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....|
...
So update the EFI_LOADED_IMAGE structure with the second stage loader file
path to have the correct value in the log, i.e:
$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
...
00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.|
00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.|
00000a70 5c 00 67 00 72 00 75 00 62 00 78 00 36 00 34 00 |\.g.r.u.b.x.6.4.|
00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........|
00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................|
00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....|
00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd |
00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....|
...
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
(cherry picked from commit cd7d42d493d2913625b9852743db99d97ad15c72)
---
shim.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index ebc46f0..1dff8a4 100644
--- a/shim.c
+++ b/shim.c
@@ -1950,6 +1950,16 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
*/
CopyMem(&li_bak, li, sizeof(li_bak));
+ /*
+ * Update the loaded image with the second stage loader file path
+ */
+ li->FilePath = FileDevicePath(NULL, PathName);
+ if (!li->FilePath) {
+ perror(L"Unable to update loaded image file path\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto restore;
+ }
+
/*
* Verify and, if appropriate, relocate and execute the executable
*/
@@ -1959,8 +1969,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
perror(L"Failed to load image: %r\n", efi_status);
PrintErrors();
ClearErrors();
- CopyMem(li, &li_bak, sizeof(li_bak));
- goto done;
+ goto restore;
}
loader_is_participating = 0;
@@ -1970,6 +1979,10 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
*/
efi_status = entry_point(image_handle, systab);
+restore:
+ if (li->FilePath)
+ FreePool(li->FilePath);
+
/*
* Restore our original loaded image values
*/
--
2.28.0
From eee96f1c59ba0f1a58eb1748a4bdf7ed0855b17a Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 18 Feb 2020 12:03:17 +0100
Subject: [PATCH 2/3] tpm: Include information about PE/COFF images in the TPM
Event Log
The "TCG PC Client Specific Platform Firmware Profile Specification" says
that when measuring a PE/COFF image, the TCG_PCR_EVENT2 structure Event
field MUST contain a UEFI_IMAGE_LOAD_EVENT structure.
Currently an empty UEFI_IMAGE_LOAD_EVENT structure is passed so users only
have the hash of the PE/COFF image, but not information such the file path
of the binary.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
(cherry picked from commit c252b9ee94c342f9074a3e9064fd254eef203a63)
---
include/tpm.h | 5 +++--
shim.c | 7 +++++--
tpm.c | 46 ++++++++++++++++++++++++++++++++--------------
3 files changed, 40 insertions(+), 18 deletions(-)
diff --git a/include/tpm.h b/include/tpm.h
index 746e871..a05c249 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -10,8 +10,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
const CHAR8 *description);
EFI_STATUS fallback_should_prefer_reset(void);
-EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
- UINT8 pcr);
+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path,
+ UINT8 *sha1hash, UINT8 pcr);
EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data);
diff --git a/shim.c b/shim.c
index 1dff8a4..6ce30a0 100644
--- a/shim.c
+++ b/shim.c
@@ -1299,7 +1299,9 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
#ifdef REQUIRE_TPM
efi_status =
#endif
- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4);
+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize,
+ (EFI_PHYSICAL_ADDRESS)(UINTN)context.ImageAddress,
+ li->FilePath, sha1hash, 4);
#ifdef REQUIRE_TPM
if (efi_status != EFI_SUCCESS) {
return efi_status;
@@ -1813,7 +1815,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
#ifdef REQUIRE_TPM
efi_status =
#endif
- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, 0, NULL,
+ sha1hash, 4);
#ifdef REQUIRE_TPM
if (EFI_ERROR(efi_status))
goto done;
diff --git a/tpm.c b/tpm.c
index 196b93c..22ad148 100644
--- a/tpm.c
+++ b/tpm.c
@@ -210,21 +210,39 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
strlen(description) + 1, 0xd, NULL);
}
-EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
- UINT8 pcr)
+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path,
+ UINT8 *sha1hash, UINT8 pcr)
{
- EFI_IMAGE_LOAD_EVENT ImageLoad;
-
- // All of this is informational and forces us to do more parsing before
- // we can generate it, so let's just leave it out for now
- ImageLoad.ImageLocationInMemory = 0;
- ImageLoad.ImageLengthInMemory = 0;
- ImageLoad.ImageLinkTimeAddress = 0;
- ImageLoad.LengthOfDevicePath = 0;
-
- return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
- sizeof(ImageLoad),
- EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
+ EFI_IMAGE_LOAD_EVENT *ImageLoad = NULL;
+ EFI_STATUS efi_status;
+ UINTN path_size = 0;
+
+ if (path)
+ path_size = DevicePathSize(path);
+
+ ImageLoad = AllocateZeroPool(sizeof(*ImageLoad) + path_size);
+ if (!ImageLoad) {
+ perror(L"Unable to allocate image load event structure\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ ImageLoad->ImageLocationInMemory = buf;
+ ImageLoad->ImageLengthInMemory = size;
+ ImageLoad->ImageLinkTimeAddress = addr;
+
+ if (path_size > 0) {
+ CopyMem(ImageLoad->DevicePath, path, path_size);
+ ImageLoad->LengthOfDevicePath = path_size;
+ }
+
+ efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad,
+ sizeof(*ImageLoad) + path_size,
+ EV_EFI_BOOT_SERVICES_APPLICATION,
+ sha1hash);
+ FreePool(ImageLoad);
+
+ return efi_status;
}
typedef struct {
--
2.28.0
From 537851177b72328b76f74782709029cff466168b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 23 Jul 2020 20:35:56 -0400
Subject: [PATCH 3/3] Fix a broken tpm type
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 871cfcf8bdc4f656642993d38b06e4e2d5be0c18)
---
tpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpm.c b/tpm.c
index 22ad148..03cf3a1 100644
--- a/tpm.c
+++ b/tpm.c
@@ -239,7 +239,7 @@ EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad,
sizeof(*ImageLoad) + path_size,
EV_EFI_BOOT_SERVICES_APPLICATION,
- sha1hash);
+ (CHAR8 *)sha1hash);
FreePool(ImageLoad);
return efi_status;
--
2.28.0

205
shim-bsc1175509-tpm2-fixes.patch
View File

@ -1,205 +0,0 @@
From 551bab0a7c3199cad3bd1273d57e98e54bdf2ce9 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@google.com>
Date: Tue, 11 Dec 2018 15:25:44 -0800
Subject: [PATCH 1/4] Remove call to TPM2 get_event_log()
Calling the TPM2 get_event_log causes the firmware to start logging
events to the final events table, but implementations may also continue
logging to the boot services event log. Any OS that wishes to
reconstruct the full PCR state must already look at both the final
events log and the boot services event log, so if this call is made
anywhere other than immediately before ExitBootServices() then the OS
must deduplicate events that occur in both, complicating things
immensely.
Linux already has support for copying up the boot services event log
across the ExitBootServices() boundary, so there's no reason to make
this call. Remove it.
Signed-off-by: Matthew Garrett <mjg59@google.com>
(cherry picked from commit fd7c3bd920ba39082cb7c619afb7203d150a4cd3)
---
tpm.c | 46 ----------------------------------------------
1 file changed, 46 deletions(-)
diff --git a/tpm.c b/tpm.c
index 674e69b..f07362c 100644
--- a/tpm.c
+++ b/tpm.c
@@ -70,41 +70,6 @@ static BOOLEAN tpm2_present(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps,
return FALSE;
}
-static inline EFI_TCG2_EVENT_LOG_BITMAP
-tpm2_get_supported_logs(efi_tpm2_protocol_t *tpm,
- EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps,
- BOOLEAN old_caps)
-{
- if (old_caps)
- return ((TREE_BOOT_SERVICE_CAPABILITY *)caps)->SupportedEventLogs;
-
- return caps->SupportedEventLogs;
-}
-
-/*
- * According to TCG EFI Protocol Specification for TPM 2.0 family,
- * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
- * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
- * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
- * internal switch through calling get_event_log() in order to allow
- * to retrieve the logs from OS runtime.
- */
-static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2,
- EFI_TCG2_EVENT_LOG_BITMAP supported_logs)
-{
- EFI_TCG2_EVENT_LOG_FORMAT log_fmt;
- EFI_PHYSICAL_ADDRESS start;
- EFI_PHYSICAL_ADDRESS end;
- BOOLEAN truncated;
-
- if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
- else
- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
-
- return tpm2->get_event_log(tpm2, log_fmt, &start, &end, &truncated);
-}
-
static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
efi_tpm2_protocol_t **tpm2,
BOOLEAN *old_caps_p,
@@ -166,17 +131,6 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
#endif
} else if (tpm2) {
EFI_TCG2_EVENT *event;
- EFI_TCG2_EVENT_LOG_BITMAP supported_logs;
-
- supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps);
-
- efi_status = trigger_tcg2_final_events_table(tpm2,
- supported_logs);
- if (EFI_ERROR(efi_status)) {
- perror(L"Unable to trigger tcg2 final events table: %r\n",
- efi_status);
- return efi_status;
- }
event = AllocatePool(sizeof(*event) + logsize);
if (!event) {
--
2.28.0
From 03cb410a51e808179e9d991057fb94a526ac269a Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Sat, 22 Jun 2019 15:33:03 +0100
Subject: [PATCH 2/4] tpm: Fix off-by-one error when calculating event size
tpm_log_event_raw() allocates a buffer for the EFI_TCG2_EVENT structure
that is one byte larger than necessary, and sets event->Size accordingly.
The result of this is that the event data recorded in the log differs
from the data that is measured to the TPM (it has an extra zero byte
at the end).
(cherry picked from commit 8a27a4809a6a2b40fb6a4049071bf96d6ad71b50)
---
tpm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tpm.c b/tpm.c
index f07362c..516fb87 100644
--- a/tpm.c
+++ b/tpm.c
@@ -131,8 +131,10 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
#endif
} else if (tpm2) {
EFI_TCG2_EVENT *event;
+ UINTN event_size = sizeof(*event) - sizeof(event->Event) +
+ logsize;
- event = AllocatePool(sizeof(*event) + logsize);
+ event = AllocatePool(event_size);
if (!event) {
perror(L"Unable to allocate event structure\n");
return EFI_OUT_OF_RESOURCES;
@@ -142,7 +144,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
event->Header.HeaderVersion = 1;
event->Header.PCRIndex = pcr;
event->Header.EventType = type;
- event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1;
+ event->Size = event_size;
CopyMem(event->Event, (VOID *)log, logsize);
if (hash) {
/* TPM 2 systems will generate the appropriate hash
--
2.28.0
From 6b57ed99e1925728166017863ad849408cddf55d Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Sat, 22 Jun 2019 15:37:29 +0100
Subject: [PATCH 3/4] tpm: Define EFI_VARIABLE_DATA_TREE as packed
tpm_measure_variable() calculates VarLogSize by adding the size of VarName
and VarData to the size of EFI_VARIABLE_DATA_TREE, and then subtracting
the size of the UnicodeName and VariableData members. This results in a
calculation that is 5 bytes larger than necessary because it doesn't take
in to account the padding of these members. The effect of this is that
shim measures an additional 5 zero bytes when measuring UEFI variables
(at least on 64-bit architectures).
Byte packing EFI_VARIABLE_DATA_TREE fixes this.
(cherry picked from commit 7e4d3f1c8c730a5d3f40729cb285b5d8c7b241af)
---
tpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpm.c b/tpm.c
index 516fb87..c0617bb 100644
--- a/tpm.c
+++ b/tpm.c
@@ -233,7 +233,7 @@ typedef struct {
UINT64 VariableDataLength;
CHAR16 UnicodeName[1];
INT8 VariableData[1];
-} EFI_VARIABLE_DATA_TREE;
+} __attribute__ ((packed)) EFI_VARIABLE_DATA_TREE;
static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData)
{
--
2.28.0
From 85a8c568dde4d608a7c9cc5b0283bdc36e677947 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Thu, 26 Sep 2019 20:01:01 +0100
Subject: [PATCH 4/4] tpm: Don't log duplicate identical events
According to the comment in tpm_measure_variable ("Don't measure something that we've already measured"), shim
shouldn't measure duplicate events if they are identical, which also aligns with section 2.3.4.8 of the TCG PC
Client Platform Firmware Profile Specification ("If it has been measured previously, it MUST NOT be measured
again"). This is currently broken because tpm_data_measured() uses the return value of CompareGuid() incorrectly.
(cherry picked from commit 103adc89ce578a23cbdbd195c5dc5e329b85b854)
---
tpm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tpm.c b/tpm.c
index c0617bb..196b93c 100644
--- a/tpm.c
+++ b/tpm.c
@@ -241,7 +241,7 @@ static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN Var
for (i=0; i<measuredcount; i++) {
if ((StrCmp (VarName, measureddata[i].VariableName) == 0) &&
- (CompareGuid (&VendorGuid, measureddata[i].VendorGuid)) &&
+ (CompareGuid (&VendorGuid, measureddata[i].VendorGuid) == 0) &&
(VarSize == measureddata[i].Size) &&
(CompareMem (VarData, measureddata[i].Data, VarSize) == 0)) {
return TRUE;
--
2.28.0

34
shim-bsc1177315-fix-buffer-use-after-free.patch
View File

@ -1,34 +0,0 @@
From 049bf5c1bd83643b9a6e8b7e67ea51ef7076cbc6 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 22 Oct 2020 14:00:04 +0800
Subject: [PATCH] Cryptlib/CryptPkcs7VerifyEku: fix buffer use-after-free
Merge the patch from edk2 upstream:
https://bugzilla.tianocore.org/show_bug.cgi?id=2459
Since SignerCert is actually a part of Pkcs7, PKCS7_free() also fress
SignerCert, so there is no need to free SignerCert.
Signed-off-by: Gary Lin <glin@suse.com>
---
Cryptlib/Pk/CryptPkcs7VerifyEku.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
index d086886..2c172e2 100644
--- a/Cryptlib/Pk/CryptPkcs7VerifyEku.c
+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
@@ -507,10 +507,6 @@ Exit:
free (SignedData);
}
- if (SignerCert != NULL) {
- X509_free (SignerCert);
- }
-
if (Pkcs7 != NULL) {
PKCS7_free (Pkcs7);
}
--
2.28.0

47
shim-bsc1177315-verify-eku-codesign.patch
View File

@ -1,4 +1,4 @@
From b27f96477647c0a055e97f1f9a9cffba354dad6f Mon Sep 17 00:00:00 2001
From 6ff890bf0af9d37acc6ea8ad64f597060e8bb143 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 14 Oct 2020 14:31:12 +0800
Subject: [PATCH] Enforce EKU CodeSign extension check
@ -8,22 +8,25 @@ Per NIAP OS_PP, the signer certificate of the UEFI image has to contain
This commit borrows VerifyEKUsInPkcs7Signature() from edk2 and enforces
the CodeSign check in Pkcs7Verify().
+ Also merged the buffer use-after-free fix (*)
(*) https://bugzilla.tianocore.org/show_bug.cgi?id=2459
Signed-off-by: Gary Lin <glin@suse.com>
---
Cryptlib/InternalCryptLib.h | 32 ++
Cryptlib/Library/BaseCryptLib.h | 40 +++
Cryptlib/Makefile | 1 +
Cryptlib/Pk/CryptPkcs7Verify.c | 11 +
Cryptlib/Pk/CryptPkcs7VerifyEku.c | 520 ++++++++++++++++++++++++++++++
5 files changed, 604 insertions(+)
Cryptlib/Pk/CryptPkcs7Verify.c | 10 +
Cryptlib/Pk/CryptPkcs7VerifyEku.c | 516 ++++++++++++++++++++++++++++++
5 files changed, 599 insertions(+)
create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyEku.c
diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h
index 8cccf72..026793f 100644
index e9a4c20..8c9a2a4 100644
--- a/Cryptlib/InternalCryptLib.h
+++ b/Cryptlib/InternalCryptLib.h
@@ -33,4 +33,36 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -30,5 +30,37 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define OBJ_length(o) ((o)->length)
#endif
@ -60,6 +63,7 @@ index 8cccf72..026793f 100644
+ );
+
#endif
diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h
index 2df8bd2..ed482d3 100644
--- a/Cryptlib/Library/BaseCryptLib.h
@ -112,10 +116,10 @@ index 2df8bd2..ed482d3 100644
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
data could be wrapped in a ContentInfo structure.
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 2aa5695..0147587 100644
index 18a33b1..a1d8b02 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -38,6 +38,7 @@ OBJS = Hash/CryptMd4Null.o \
@@ -41,6 +41,7 @@ OBJS = Hash/CryptMd4Null.o \
Pk/CryptRsaExtNull.o \
Pk/CryptPkcs7SignNull.o \
Pk/CryptPkcs7Verify.o \
@ -124,20 +128,19 @@ index 2aa5695..0147587 100644
Pk/CryptTs.o \
Pk/CryptX509.o \
diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c
index cbd9669..b3ef356 100644
index 09895d8..da15be2 100644
--- a/Cryptlib/Pk/CryptPkcs7Verify.c
+++ b/Cryptlib/Pk/CryptPkcs7Verify.c
@@ -30,6 +30,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -29,6 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <openssl/pkcs7.h>
UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
+/* EKU CodeSign */
+CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3";
+
BOOLEAN ca_warning;
void
@@ -812,6 +815,8 @@ Pkcs7Verify (
#if 1
#if OPENSSL_VERSION_NUMBER < 0x10100000L
@@ -846,6 +848,8 @@ Pkcs7Verify (
CONST UINT8 *Temp;
UINTN SignedDataSize;
BOOLEAN Wrapped;
@ -146,7 +149,7 @@ index cbd9669..b3ef356 100644
//
// Check input parameters.
@@ -825,6 +830,7 @@ Pkcs7Verify (
@@ -859,6 +863,7 @@ Pkcs7Verify (
DataBio = NULL;
Cert = NULL;
CertStore = NULL;
@ -154,7 +157,7 @@ index cbd9669..b3ef356 100644
//
// Register & Initialize necessary digest algorithms for PKCS#7 Handling
@@ -924,6 +930,11 @@ Pkcs7Verify (
@@ -958,6 +963,11 @@ Pkcs7Verify (
//
X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
@ -168,10 +171,10 @@ index cbd9669..b3ef356 100644
//
diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
new file mode 100644
index 0000000..d086886
index 0000000..2c172e2
--- /dev/null
+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
@@ -0,0 +1,520 @@
@@ -0,0 +1,516 @@
+/** @file
+ This module verifies that Enhanced Key Usages (EKU's) are present within
+ a PKCS7 signature blob using OpenSSL.
@ -681,10 +684,6 @@ index 0000000..d086886
+ free (SignedData);
+ }
+
+ if (SignerCert != NULL) {
+ X509_free (SignerCert);
+ }
+
+ if (Pkcs7 != NULL) {
+ PKCS7_free (Pkcs7);
+ }
@ -693,5 +692,5 @@ index 0000000..d086886
+}
+
--
2.28.0
2.29.2

27
shim-bsc1177404-fix-a-use-of-strlen.patch
View File

@ -1,27 +0,0 @@
From 3b3ef3899245299c55fbb9b3adb367276b1c5514 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 5 Sep 2019 10:36:23 -0400
Subject: [PATCH] Fix a use of strlen() instead of Strlen()
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 1870bae796022f8bbf60465352eac329ff1d6ffd)
---
shim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 0f5e58d..ebc46f0 100644
--- a/shim.c
+++ b/shim.c
@@ -2145,7 +2145,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
dprint(L"dppath: %s\n", dppath);
dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
ret = 0;
done:
--
2.28.0

236
shim-bsc1182776-fix-crash-at-exit.patch
View File

@ -1,236 +0,0 @@
From 999983b82c611d7d3b864f5f46764645f4eed096 Mon Sep 17 00:00:00 2001
From: Stuart Hayes <stuart.w.hayes@gmail.com>
Date: Fri, 8 Feb 2019 15:48:20 -0500
Subject: [PATCH 1/2] Hook exit when shim_lock protocol installed
A recent commit moved where the shim_lock protocol is loaded and
unloaded, but did not move where exit was hooked and unhooked. Exit
needs to be hooked when the protocol is installed, so that the protocol
will be uninstalled on exit. Otherwise, the system can crash if, for
example, shim loads grub, the user exits grub, shim is run again, which
installs a second instance of the protocol, and then grub tries to use
the shim_lock protocol that was installed by the first instance of shim.
Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Upstream-commit-id: 06c92591e94
(cherry picked from commit b5e10f70c7a495dc1788e3604803ee633f1e5f76)
---
shim.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index 6ce30a06..e9ab8f1a 100644
--- a/shim.c
+++ b/shim.c
@@ -2517,9 +2517,9 @@ shim_init(void)
loader_is_participating = 0;
}
- hook_exit(systab);
}
+ hook_exit(systab);
return install_shim_protocols();
}
@@ -2537,9 +2537,10 @@ shim_fini(void)
* Remove our hooks from system services.
*/
unhook_system_services();
- unhook_exit();
}
+ unhook_exit();
+
/*
* Free the space allocated for the alternative 2nd stage loader
*/
--
2.29.2
From 13eeece966bf2e5b2d1c1cca0c8b47bbded0f98e Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Fri, 5 Mar 2021 15:00:29 +0800
Subject: [PATCH 2/2] Restore loaded image of shim at Exit()
When grub2 invoked Exit() in AArch64 AAVMF, the VM crashed with the
following messsages:
Unloading driver at 0x000B7D7B000
Synchronous Exception at 0x00000000BF5D5E68
AllocatePool: failed to allocate 800 bytes
Synchronous Exception at 0x00000000BF5D5E68
The similar error also showed when I modified MokManager to call
gBS->Exit() at the end of efi_main(). However, if MokManager just
returned, the error never showed. One significant difference is
whether the loaded image was restored or not, and the firmware seems
to need the original ImageBase pointer to do clean-up.
To avoid the potential crash, this commit adds restore_loaded_image() so
that we can restore the loaded image both in start_image() and
do_exit().
Signed-off-by: Gary Lin <glin@suse.com>
(cherry picked from commit 74d26654d55a4f32e58b76757efca50ceedefef4)
---
replacements.c | 2 ++
shim.c | 41 ++++++++++++++++++++++++-----------------
shim.h | 1 +
3 files changed, 27 insertions(+), 17 deletions(-)
diff --git a/replacements.c b/replacements.c
index 944c779d..1d06b0cf 100644
--- a/replacements.c
+++ b/replacements.c
@@ -159,6 +159,8 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
shim_fini();
+ restore_loaded_image();
+
efi_status = gBS->Exit(ImageHandle, ExitStatus,
ExitDataSize, ExitData);
if (EFI_ERROR(efi_status)) {
diff --git a/shim.c b/shim.c
index e9ab8f1a..b5882768 100644
--- a/shim.c
+++ b/shim.c
@@ -62,6 +62,8 @@
static EFI_SYSTEM_TABLE *systab;
static EFI_HANDLE global_image_handle;
+static EFI_LOADED_IMAGE *shim_li;
+static EFI_LOADED_IMAGE shim_li_bak;
static CHAR16 *second_stage;
static void *load_options;
@@ -1863,13 +1865,24 @@ static EFI_STATUS shim_read_header(void *data, unsigned int datasize,
return efi_status;
}
+VOID
+restore_loaded_image(VOID)
+{
+ if (shim_li->FilePath)
+ FreePool(shim_li->FilePath);
+
+ /*
+ * Restore our original loaded image values
+ */
+ CopyMem(shim_li, &shim_li_bak, sizeof(shim_li_bak));
+}
+
/*
* Load and run an EFI executable
*/
EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
{
EFI_STATUS efi_status;
- EFI_LOADED_IMAGE *li, li_bak;
EFI_IMAGE_ENTRY_POINT entry_point;
EFI_PHYSICAL_ADDRESS alloc_address;
UINTN alloc_pages;
@@ -1884,7 +1897,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
* binary in order to find our path
*/
efi_status = gBS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
- (void **)&li);
+ (void **)&shim_li);
if (EFI_ERROR(efi_status)) {
perror(L"Unable to init protocol\n");
return efi_status;
@@ -1893,14 +1906,14 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
/*
* Build a new path from the existing one plus the executable name
*/
- efi_status = generate_path_from_image_path(li, ImagePath, &PathName);
+ efi_status = generate_path_from_image_path(shim_li, ImagePath, &PathName);
if (EFI_ERROR(efi_status)) {
perror(L"Unable to generate path %s: %r\n", ImagePath,
efi_status);
goto done;
}
- if (findNetboot(li->DeviceHandle)) {
+ if (findNetboot(shim_li->DeviceHandle)) {
efi_status = parseNetbootinfo(image_handle);
if (EFI_ERROR(efi_status)) {
perror(L"Netboot parsing failed: %r\n", efi_status);
@@ -1916,7 +1929,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
data = sourcebuffer;
datasize = sourcesize;
#if defined(ENABLE_HTTPBOOT)
- } else if (find_httpboot(li->DeviceHandle)) {
+ } else if (find_httpboot(shim_li->DeviceHandle)) {
efi_status = httpboot_fetch_buffer (image_handle,
&sourcebuffer,
&sourcesize);
@@ -1932,7 +1945,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
/*
* Read the new executable off disk
*/
- efi_status = load_image(li, &data, &datasize, PathName);
+ efi_status = load_image(shim_li, &data, &datasize, PathName);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to load image %s: %r\n",
PathName, efi_status);
@@ -1951,13 +1964,13 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
* We need to modify the loaded image protocol entry before running
* the new binary, so back it up
*/
- CopyMem(&li_bak, li, sizeof(li_bak));
+ CopyMem(&shim_li_bak, shim_li, sizeof(shim_li_bak));
/*
* Update the loaded image with the second stage loader file path
*/
- li->FilePath = FileDevicePath(NULL, PathName);
- if (!li->FilePath) {
+ shim_li->FilePath = FileDevicePath(NULL, PathName);
+ if (!shim_li->FilePath) {
perror(L"Unable to update loaded image file path\n");
efi_status = EFI_OUT_OF_RESOURCES;
goto restore;
@@ -1966,7 +1979,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
/*
* Verify and, if appropriate, relocate and execute the executable
*/
- efi_status = handle_image(data, datasize, li, &entry_point,
+ efi_status = handle_image(data, datasize, shim_li, &entry_point,
&alloc_address, &alloc_pages);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to load image: %r\n", efi_status);
@@ -1983,13 +1996,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = entry_point(image_handle, systab);
restore:
- if (li->FilePath)
- FreePool(li->FilePath);
-
- /*
- * Restore our original loaded image values
- */
- CopyMem(li, &li_bak, sizeof(li_bak));
+ restore_loaded_image();
done:
if (PathName)
FreePool(PathName);
diff --git a/shim.h b/shim.h
index 3db7df9d..38627abf 100644
--- a/shim.h
+++ b/shim.h
@@ -160,6 +160,7 @@ extern EFI_STATUS LogError_(const char *file, int line, const char *func, CHAR16
extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args);
extern VOID PrintErrors(VOID);
extern VOID ClearErrors(VOID);
+extern VOID restore_loaded_image(VOID);
extern EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath);
extern EFI_STATUS import_mok_state(EFI_HANDLE image_handle);
--
2.29.2

48
shim-change-debug-file-path.patch
View File

@ -1,4 +1,4 @@
From e766e3943fa8513c1afe01e69e8aa6ec14067028 Mon Sep 17 00:00:00 2001
From ac7e88b1f2219ec2b09c9596e6f7d5911e5f6ffd Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 4 Jan 2018 12:28:37 +0800
Subject: [PATCH] Use our own debug path
@ -6,21 +6,49 @@ Subject: [PATCH] Use our own debug path
Signed-off-by: Gary Lin <glin@suse.com>
---
Make.defaults | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
fallback.c | 2 +-
shim.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index bbfc1d7..1cec0e1 100644
index bef3cb51..d88367e3 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -119,7 +119,7 @@ SHIMHASHNAME = $(SHIMSTEM).hash
BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
@@ -167,7 +167,7 @@ BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
-CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\""
+CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\""
DEFINES += -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
- -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'
+ -DDEBUGDIR=L\"/usr/lib/debug/usr/share/efi/"$(ARCH)/"\"
ifneq ($(origin VENDOR_CERT_FILE), undefined)
CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
ifneq ($(origin VENDOR_DB_FILE), undefined)
DEFINES += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
diff --git a/fallback.c b/fallback.c
index 44b2d464..8e0de901 100644
--- a/fallback.c
+++ b/fallback.c
@@ -1058,7 +1058,7 @@ debug_hook(void)
x = 1;
console_print(L"add-symbol-file "DEBUGDIR
- L"fallback.efi.debug %p -s .data %p\n",
+ L"fallback.debug %p -s .data %p\n",
&_etext, &_edata);
}
diff --git a/shim.c b/shim.c
index 1d539855..f8d2ba5f 100644
--- a/shim.c
+++ b/shim.c
@@ -1818,7 +1818,7 @@ debug_hook(void)
FreePool(data);
console_print(L"add-symbol-file "DEBUGDIR
- L"shim.efi.debug 0x%08x -s .data 0x%08x\n",
+ L"shim.debug 0x%08x -s .data 0x%08x\n",
&_text, &_data);
console_print(L"Pausing for debugger attachment.\n");
--
2.19.2
2.29.2

47
shim-correct-license-in-headers.patch
View File

@ -1,47 +0,0 @@
From 64492acf8b1d72cea0c3e203887bfe26fb840f1d Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 13 Dec 2018 17:19:36 +0800
Subject: [PATCH] Add the license change statement for errlog.c and mok.c
---
errlog.c | 6 ++++++
mok.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/errlog.c b/errlog.c
index 18be482..4a1fffb 100644
--- a/errlog.c
+++ b/errlog.c
@@ -3,6 +3,12 @@
* Copyright 2017 Peter Jones <pjones@redhat.com>
*
* Distributed under terms of the GPLv3 license.
+ *
+ * As Peter stated in issues#155:
+ * "I'll publicly state here that as the author of those files, you can
+ * treat them as dual-licensed with the GPLv3 text that accidentally
+ * made it in and the BSD license they should have borne."
+ * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252
*/
#include "shim.h"
diff --git a/mok.c b/mok.c
index 3867521..903b3b4 100644
--- a/mok.c
+++ b/mok.c
@@ -3,6 +3,12 @@
* Copyright 2017 Peter Jones <pjones@redhat.com>
*
* Distributed under terms of the GPLv3 license.
+ *
+ * As Peter stated in issues#155:
+ * "I'll publicly state here that as the author of those files, you can
+ * treat them as dual-licensed with the GPLv3 text that accidentally
+ * made it in and the BSD license they should have borne."
+ * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252
*/
#include "shim.h"
--
2.19.2

140
shim-do-not-write-string-literals.patch
View File

@ -1,140 +0,0 @@
From c6bedd5b83529925c3ec08f96a3bf61c81bff0ae Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 28 Jan 2020 23:33:46 +0100
Subject: [PATCH] translate_slashes(): don't write to string literals
Currently, all three invocations of the translate_slashes() function may
lead to writes to the string literal that is #defined with the
DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined
behavior ("If the program attempts to modify such an array, the behavior
is undefined").
This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data
abort: Permission fault"), where the platform firmware maps the .text
section (which contains the string literal) read-only.
Modify translate_slashes() so that it copies and translates characters
from an input array of "char" to an output array of "CHAR8".
While at it, fix another bug. Before this patch, if translate_slashes()
ever encountered a double backslash (translating it to a single forward
slash), then the output would end up shorter than the input. However, the
output was not NUL-terminated in-place, therefore the original string
length (and according trailing garbage) would be preserved. After this
patch, the NUL-termination on contraction is automatic, as the output
array's contents are indeterminate when entering the function, and so we
must NUL-terminate it anyway.
Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98
Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927
Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Upstream-commit-id: 9813e8bc8b3
---
httpboot.c | 4 ++--
include/str.h | 14 ++++++++------
netboot.c | 16 +++++++++++-----
3 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/httpboot.c b/httpboot.c
index 3622e85..2d27e8e 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
{
EFI_STATUS efi_status;
EFI_HANDLE nic;
- CHAR8 *next_loader = NULL;
+ CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR];
CHAR8 *next_uri = NULL;
CHAR8 *hostname = NULL;
if (!uri)
return EFI_NOT_READY;
- next_loader = translate_slashes(DEFAULT_LOADER_CHAR);
+ translate_slashes(next_loader, DEFAULT_LOADER_CHAR);
/* Create the URI for the next loader based on the original URI */
efi_status = generate_next_uri(uri, next_loader, &next_uri);
diff --git a/include/str.h b/include/str.h
index 9a74836..f73c621 100644
--- a/include/str.h
+++ b/include/str.h
@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src)
static inline
__attribute__((unused))
CHAR8 *
-translate_slashes(char *str)
+translate_slashes(CHAR8 *out, const char *str)
{
int i;
int j;
- if (str == NULL)
- return (CHAR8 *)str;
+ if (str == NULL || out == NULL)
+ return NULL;
for (i = 0, j = 0; str[i] != '\0'; i++, j++) {
if (str[i] == '\\') {
- str[j] = '/';
+ out[j] = '/';
if (str[i+1] == '\\')
i++;
- }
+ } else
+ out[j] = str[i];
}
- return (CHAR8 *)str;
+ out[j] = '\0';
+ return out;
}
#endif /* SHIM_STR_H */
diff --git a/netboot.c b/netboot.c
index 58babfb..4922ef2 100644
--- a/netboot.c
+++ b/netboot.c
@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
CHAR8 *start, *end;
CHAR8 ip6str[40];
CHAR8 ip6inv[16];
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
+
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
// to check against str2ip6() errors
memset(ip6inv, 0, sizeof(ip6inv));
@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
- INTN template_len = strlen(template) + 1;
+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
+ INTN template_len;
+ UINTN template_ofs = 0;
EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4;
+ translate_slashes(template, DEFAULT_LOADER_CHAR);
+ template_len = strlen(template) + 1;
+
if(pxe->Mode->ProxyOfferReceived) {
/*
* Proxy should not have precedence. Check if DhcpAck
@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4()
full_path[dir_len-1] = '\0';
}
if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
- template++;
- strcata(full_path, template);
+ template_ofs++;
+ strcata(full_path, template + template_ofs);
memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);
return EFI_SUCCESS;
--
2.28.0

16
shim-fix-gnu-efi-3.0.11.patch
View File

@ -1,16 +0,0 @@
diff --git a/lib/console.c b/lib/console.c
index 2d421af..6e2a8ca 100644
--- a/lib/console.c
+++ b/lib/console.c
@@ -521,7 +521,11 @@ static struct {
{ EFI_SECURITY_VIOLATION, L"Security Violation"},
// warnings
+#ifdef EFI_WARN_UNKOWN_GLYPH
{ EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"},
+#else
+ { EFI_WARN_UNKNOWN_GLYPH, L"Warning Unknown Glyph"},
+#endif
{ EFI_WARN_DELETE_FAILURE, L"Warning Delete Failure"},
{ EFI_WARN_WRITE_FAILURE, L"Warning Write Failure"},
{ EFI_WARN_BUFFER_TOO_SMALL, L"Warning Buffer Too Small"},

32
shim-fix-verify-eku.patch
View File

@ -1,32 +0,0 @@
From 44b211bcf7ad58ff29e6495e1c3978e4660cb7d1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 15 Jan 2019 18:04:34 -0500
Subject: [PATCH] OpenSSL: always provide OBJ_create() with name strings.
Some versions of OpenSSL seem to go back and forth as to whether NULL
for these names are okay. Don't risk it.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: 46b76a01717
---
shim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index a0eb19b..d7ee2b6 100644
--- a/shim.c
+++ b/shim.c
@@ -388,7 +388,9 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize)
EXTENDED_KEY_USAGE *eku;
ASN1_OBJECT *module_signing;
- module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN, NULL, NULL));
+ module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN,
+ "modsign-eku",
+ "modsign-eku"));
x509 = d2i_X509 (NULL, &Temp, (long) CertSize);
if (x509 != NULL) {
--
2.28.0

356
shim-opensuse-cert-prompt.patch
View File

@ -1,356 +0,0 @@
From 49355a83722494099caeb23b46637b2c94a6ab9e Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 18 Feb 2014 17:29:19 +0800
Subject: [PATCH 1/3] Show the build-in certificate prompt
This is an openSUSE-only patch.
Pop up a window to ask if the user is willing to trust the built-in
openSUSE certificate.
If yes, set openSUSE_Verify, a BootService variable, to 1, and shim
won't bother the user afterward.
If no, continue the booting process without using the built-in
certificate to verify the EFI images, and the window will show up
again after reboot.
The state will store in use_openSUSE_cert, a volatile RT variable.
---
mok.c | 3 ++-
shim.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
shim.h | 1 +
3 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/mok.c b/mok.c
index 00dd1ad..1645d24 100644
--- a/mok.c
+++ b/mok.c
@@ -139,7 +139,8 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
if ((v->flags & MOK_MIRROR_KEYDB) &&
v->addend_source && *v->addend_source &&
- v->addend_size && *v->addend_size) {
+ v->addend_size && *v->addend_size &&
+ use_builtin_cert) {
EFI_SIGNATURE_LIST *CertList = NULL;
EFI_SIGNATURE_DATA *CertData = NULL;
FullDataSize = v->data_size
diff --git a/shim.c b/shim.c
index 248c946..d52f46f 100644
--- a/shim.c
+++ b/shim.c
@@ -83,6 +83,7 @@ UINT8 *vendor_dbx;
*/
verification_method_t verification_method;
int loader_is_participating;
+BOOLEAN use_builtin_cert;
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
@@ -1066,7 +1067,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
return efi_status;
}
- if (cert) {
+ if (cert && use_builtin_cert) {
#if defined(ENABLE_SHIM_CERT)
/*
* Check against the shim build key
@@ -2529,6 +2530,69 @@ shim_fini(void)
console_fini();
}
+#define VENDOR_VERIFY L"openSUSE_Verify"
+
+/* Show the built-in certificate prompt if necessary */
+static int builtin_cert_prompt(void)
+{
+ EFI_STATUS status;
+ UINT32 attributes;
+ UINTN len = sizeof(UINT8);
+ UINT8 data;
+
+ use_builtin_cert = FALSE;
+
+ if (vendor_cert_size == 0)
+ return 0;
+
+ status = gRT->GetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID,
+ &attributes, &len, (void *)&data);
+ if (status != EFI_SUCCESS ||
+ (attributes & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ int choice;
+
+ if (status != EFI_NOT_FOUND)
+ LibDeleteVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID);
+
+ CHAR16 *str[] = {L"Trust openSUSE Certificate",
+ L"",
+ L"Do you agree to use the built-in openSUSE certificate",
+ L"to verify boot loaders and kernels?",
+ NULL};
+ choice = console_yes_no(str);
+ if (choice != 1) {
+ data = 0;
+ goto done;
+ }
+
+ data = 1;
+ status = gRT->SetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof(UINT8), &data);
+ if (status != EFI_SUCCESS) {
+ console_error(L"Failed to set openSUSE_Verify", status);
+ return -1;
+ }
+ }
+
+ use_builtin_cert = TRUE;
+ data = 1;
+
+done:
+ /* Setup a runtime variable to show the current state */
+ status = gRT->SetVariable(L"use_openSUSE_cert", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof(UINT8), &data);
+ if (status != EFI_SUCCESS) {
+ console_error(L"Failed to set use_openSUSE_cert", status);
+ return -1;
+ }
+
+ return 0;
+}
+
extern EFI_STATUS
efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab);
@@ -2623,6 +2687,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
*/
debug_hook();
+ if (secure_mode() && (builtin_cert_prompt() != 0))
+ return EFI_ABORTED;
+
/*
* Before we do anything else, validate our non-volatile,
* boot-services-only state variables are what we think they are.
diff --git a/shim.h b/shim.h
index d9c60f5..ab384d4 100644
--- a/shim.h
+++ b/shim.h
@@ -174,6 +174,7 @@ extern UINT8 *vendor_dbx;
extern UINT8 user_insecure_mode;
extern UINT8 ignore_db;
extern UINT8 in_protocol;
+extern BOOLEAN use_builtin_cert;
#define perror_(file, line, func, fmt, ...) ({ \
UINTN __perror_ret = 0; \
--
2.19.2
From 18b6390f3193ebccad44cf1448ce54be512cd066 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 20 Feb 2014 16:57:08 +0800
Subject: [PATCH 2/3] Support revoking the openSUSE cert
This is an openSUSE-only patch.
To revoke the openSUSE cert, create ClearVerify, a NV RT variable,
and store the password hash in the variable, and then MokManager
will show up with an additional option to clear openSUSE_Verify
---
MokManager.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++--
mok.c | 2 +-
2 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/MokManager.c b/MokManager.c
index 1ab8e5e..fbb7d22 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -1715,6 +1715,31 @@ mokpw_done:
return EFI_SUCCESS;
}
+static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) {
+ EFI_STATUS status;
+
+ if (console_yes_no((CHAR16 *[]){L"Do you want to revoke openSUSE certificate?", NULL}) != 1)
+ return 0;
+
+ if (ClearVerifySize == PASSWORD_CRYPT_SIZE) {
+ status = match_password((PASSWORD_CRYPT *)ClearVerify, NULL, 0,
+ NULL, NULL);
+ }
+ if (status != EFI_SUCCESS)
+ return -1;
+
+ status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID);
+ if (status != EFI_SUCCESS) {
+ console_error(L"Failed to delete openSUSE_Verify", status);
+ return -1;
+ }
+
+ console_notify(L"The system must now be rebooted");
+ gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
+ console_notify(L"Failed to reboot");
+ return -1;
+}
+
static BOOLEAN verify_certificate(UINT8 * cert, UINTN size)
{
X509 *X509Cert;
@@ -2050,6 +2075,7 @@ typedef enum {
MOK_CHANGE_SB,
MOK_SET_PW,
MOK_CHANGE_DB,
+ MOK_CLEAR_VERIFY,
MOK_KEY_ENROLL,
MOK_HASH_ENROLL
} mok_menu_item;
@@ -2070,7 +2096,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
void *MokPW, UINTN MokPWSize,
void *MokDB, UINTN MokDBSize,
void *MokXNew, UINTN MokXNewSize,
- void *MokXDel, UINTN MokXDelSize)
+ void *MokXDel, UINTN MokXDelSize,
+ void *ClearVerify, UINTN ClearVerifySize)
{
CHAR16 **menu_strings = NULL;
mok_menu_item *menu_item = NULL;
@@ -2146,8 +2173,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
if (MokDB)
menucount++;
+ if (ClearVerify)
+ menucount++;
+
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) *
(menucount + 1));
+
if (!menu_strings)
return EFI_OUT_OF_RESOURCES;
@@ -2217,6 +2248,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
i++;
}
+ if (ClearVerify) {
+ menu_strings[i] = L"Revoke openSUSE certificate";
+ menu_item[i] = MOK_CLEAR_VERIFY;
+ i++;
+ }
+
menu_strings[i] = L"Enroll key from disk";
menu_item[i] = MOK_KEY_ENROLL;
i++;
@@ -2321,6 +2358,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
if (!EFI_ERROR(efi_status))
MokDB = NULL;
break;
+ case MOK_CLEAR_VERIFY:
+ mok_clear_verify_prompt(ClearVerify, ClearVerifySize);
+ break;
case MOK_KEY_ENROLL:
efi_status = mok_key_enroll();
break;
@@ -2352,6 +2392,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
{
UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0;
UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0;
+ UINTN ClearVerifySize = 0;
void *MokNew = NULL;
void *MokDel = NULL;
void *MokSB = NULL;
@@ -2359,6 +2400,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
void *MokDB = NULL;
void *MokXNew = NULL;
void *MokXDel = NULL;
+ void *ClearVerify = NULL;
EFI_STATUS efi_status;
efi_status = get_variable(L"MokNew", (UINT8 **) & MokNew, &MokNewSize,
@@ -2431,9 +2473,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
console_error(L"Could not retrieve MokXDel", efi_status);
}
+ efi_status = get_variable(L"ClearVerify", (UINT8 **)&ClearVerify,
+ &ClearVerifySize, SHIM_LOCK_GUID);
+ if (!EFI_ERROR(efi_status)) {
+ efi_status = LibDeleteVariable(L"ClearVerify", &SHIM_LOCK_GUID);
+ if (EFI_ERROR(efi_status))
+ console_notify(L"Failed to delete ClearVerify");
+ } else if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) {
+ console_error(L"Could not retrieve ClearVerify", efi_status);
+ }
+
enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize,
MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize,
- MokXNew, MokXNewSize, MokXDel, MokXDelSize);
+ MokXNew, MokXNewSize, MokXDel, MokXDelSize,
+ ClearVerify, ClearVerifySize);
if (MokNew)
FreePool(MokNew);
@@ -2456,6 +2509,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
if (MokXDel)
FreePool(MokXDel);
+ if (ClearVerify)
+ FreePool (ClearVerify);
+
LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
diff --git a/mok.c b/mok.c
index 1645d24..45110cd 100644
--- a/mok.c
+++ b/mok.c
@@ -37,7 +37,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
check_var(L"MokPW") || check_var(L"MokAuth") ||
check_var(L"MokDel") || check_var(L"MokDB") ||
check_var(L"MokXNew") || check_var(L"MokXDel") ||
- check_var(L"MokXAuth")) {
+ check_var(L"MokXAuth") || check_var(L"ClearVerify")) {
efi_status = start_image(image_handle, MOK_MANAGER);
if (EFI_ERROR(efi_status)) {
--
2.19.2
From f16f00e47824722651e2e4f2b327dfbe4fb6367d Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 7 Mar 2014 16:17:20 +0800
Subject: [PATCH 3/3] Delete openSUSE_Verify the right way
This is an openSUSE-only patch.
LibDeleteVariable only works on the runtime variables.
---
MokManager.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/MokManager.c b/MokManager.c
index fbb7d22..22336d4 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -1728,7 +1728,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) {
if (status != EFI_SUCCESS)
return -1;
- status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID);
+ status = gRT->SetVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ 0, NULL);
if (status != EFI_SUCCESS) {
console_error(L"Failed to delete openSUSE_Verify", status);
return -1;
--
2.19.2

37
shim.changes
View File

@ -1,3 +1,40 @@
-------------------------------------------------------------------
Wed Mar 24 01:29:17 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
- Update to 15.3 for SBAT support (bsc#1182057)
+ Drop gnu-efi from BuildRequires since upstream pull it into the
tar ball.
- Generate vender-specific SBAT metadata
+ Add dos2unix to BuildRequires since Makefile requires it for
vendor SBAT
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following
sign keys:
+ SLES-UEFI-SIGN-Certificate-2020-07.crt
+ openSUSE-UEFI-SIGN-Certificate-2020-07.crt
- Refresh patches
+ shim-arch-independent-names.patch
+ shim-change-debug-file-path.patch
+ shim-bsc1177315-verify-eku-codesign.patch
- Unified with shim-bsc1177315-fix-buffer-use-after-free.patch
- Drop upstreamed fixes
+ shim-always-mirror-mok-variables.patch
+ shim-bsc1175509-more-tpm-fixes.patch
+ shim-bsc1173411-only-check-efi-var-on-sb.patch
+ shim-fix-verify-eku.patch
+ gcc9-fix-warnings.patch
+ shim-fix-gnu-efi-3.0.11.patch
+ shim-bsc1177404-fix-a-use-of-strlen.patch
+ shim-do-not-write-string-literals.patch
+ shim-VLogError-Avoid-Null-pointer-dereferences.patch
+ shim-bsc1092000-fallback-menu.patch
+ shim-bsc1175509-tpm2-fixes.patch
+ shim-bsc1174512-correct-license-in-headers.patch
+ shim-bsc1182776-fix-crash-at-exit.patch
- Drop shim-opensuse-cert-prompt.patch
+ All newly released openSUSE kernels enable kernel lockdown
and signature verification, so there is no need to add the
prompt anymore.
-------------------------------------------------------------------
Thu Mar 11 03:15:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

79
shim.spec
View File

@ -36,7 +36,7 @@
%endif
Name: shim
Version: 15+git47
Version: 15.3
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
@ -67,43 +67,11 @@ Source99: SIGNATURE_UPDATE.txt
Patch1: shim-arch-independent-names.patch
# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path
Patch2: shim-change-debug-file-path.patch
# PATCH-FIX-UPSTREAM shim-bsc1092000-fallback-menu.patch bsc#1092000 glin@suse.com -- Show a menu before reset
Patch3: shim-bsc1092000-fallback-menu.patch
# PATCH-FIX-UPSTREAM shim-always-mirror-mok-variables.patch glin@suse.com -- Mirror MOK variables correctly
Patch4: shim-always-mirror-mok-variables.patch
# PATCH-FIX-UPSTREAM shim-bsc1174512-correct-license-in-headers.patch glin@suse.com -- Fix the license header in errlog.c and mok.c
Patch5: shim-bsc1174512-correct-license-in-headers.patch
# PATCH-FIX-SUSE shim-correct-license-in-headers.patch glin@suse.com -- Another fix for the license header in errlog.c and mok.c
Patch51: shim-correct-license-in-headers.patch
# PATCH-FIX-UPSTREAM gcc9-fix-warnings.patch mliska@suse.cz -- MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid
Patch6: gcc9-fix-warnings.patch
# PATCH-FIX-OPENSUSE shim-fix-gnu-efi-3.0.11.patch glin@suse.com -- Fix the build error caused by the typo fix in gnu-efi 3.0.11
Patch7: shim-fix-gnu-efi-3.0.11.patch
# PATCH-FIX-UPSTREAM shim-bsc1173411-only-check-efi-var-on-sb.patch bsc#1173411 glin@suse.com -- Make EFI variable copying check only fatal on SB systems
Patch8: shim-bsc1173411-only-check-efi-var-on-sb.patch
# PATCH-FIX-UPSTREAM shim-bsc1175509-tpm2-fixes.patch bsc#1175509 glin@suse.com -- Upstream fixes for the TPM2 measurement
Patch9: shim-bsc1175509-tpm2-fixes.patch
# PATCH-FIX-UPSTREAM shim-VLogError-Avoid-Null-pointer-dereferences.patch glin@suse.com -- Fix VlogError crash in AArch64
Patch10: shim-VLogError-Avoid-Null-pointer-dereferences.patch
# PATCH-FIX-UPSTREAM shim-fix-verify-eku.patch glin@suse.com -- Fix the potential crash at verify_eku()
Patch11: shim-fix-verify-eku.patch
# PATCH-FIX-UPSTREAM shim-do-not-write-string-literals.patch -- Fix the potential crash when accessing the DEFAULT_LOADER string
Patch12: shim-do-not-write-string-literals.patch
# PATCH-FIX-UPSTREAM shim-bsc1177404-fix-a-use-of-strlen.patch bsc#1177404 glin@suse.com -- Fix the length of the option data string to launch the program correctly
Patch13: shim-bsc1177404-fix-a-use-of-strlen.patch
# PATCH-FIX-UPSTREAM shim-bsc1175509-more-tpm-fixes.patch bsc#1175509 glin@suse.com -- Fix the file path in tpm event log
Patch14: shim-bsc1175509-more-tpm-fixes.patch
# PATCH-FIX-SUSE shim-bsc1177315-verify-eku-codesign.patch bsc#1177315 glin@suse.com -- Verify CodeSign in the signer's EKU
Patch15: shim-bsc1177315-verify-eku-codesign.patch
Patch3: shim-bsc1177315-verify-eku-codesign.patch
# PATCH-FIX-UPSTREAM shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch bsc#1177789 glin@suse.com -- Fix the NULL pointer dereference in AuthenticodeVerify()
Patch16: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
# PATCH-FIX-SUSE shim-bsc1177315-fix-buffer-use-after-free.patch bsc#1177315 glin@suse.com -- Fix buffer use-after-free at the end of the EKU verification
Patch17: shim-bsc1177315-fix-buffer-use-after-free.patch
# PATCH-FIX-UPSTREAM shim-bsc1182776-fix-crash-at-exit.patch bsc#1182776 glin@suse.com -- Fix the potential crash at Exit()
Patch18: shim-bsc1182776-fix-crash-at-exit.patch
# PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
Patch100: shim-opensuse-cert-prompt.patch
BuildRequires: gnu-efi >= 3.0.3
Patch4: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
BuildRequires: dos2unix
BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign
@ -146,34 +114,23 @@ The source code of UEFI shim loader
%patch2 -p1
%patch3 -p1
%patch4 -p1
%ifarch x86_64
%patch51 -p1
%else
%patch5 -p1
%endif
%patch6 -p1
%patch7 -p1
%patch8 -p1
%ifarch aarch64
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%endif
%if 0%{?is_opensuse} == 1
%patch100 -p1
%endif
%build
# generate the vendor SBAT metadata
%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0
distro_id="opensuse"
distro_name="The openSUSE project"
%else
distro_id="sle"
distro_name="SUSE Linux Enterprise"
%endif
distro_sbat=1
sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security-team@suse.de"
echo "${sbat}" > data/sbat.vendor.csv
# first, build MokManager and fallback as they don't depend on a
# specific certificate
make EFI_PATH=/usr/lib64 RELEASE=0 \
make RELEASE=0 \
MMSTEM=MokManager FBSTEM=fallback \
MokManager.efi.debug fallback.efi.debug \
MokManager.efi fallback.efi
@ -232,7 +189,7 @@ for suffix in "${suffixes[@]}"; do
fi
openssl x509 -in $cert -outform DER -out shim-$suffix.der
make EFI_PATH=/usr/lib64 RELEASE=0 SHIMSTEM=shim \
make RELEASE=0 SHIMSTEM=shim \
VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \
DEFAULT_LOADER="\\\\\\\\grub.efi" \
VENDOR_DBX_FILE=%{SOURCE51} \

4
vendor-dbx.bin
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:06ce49f33cc79ae90358c375c2dc626e42ee8539dc45eec9dbd64089e9ffd8e6
size 8131
oid sha256:52bb4f6ec072142320cac802aa92eacf0130df641631a8abddf0d4d7507b456b
size 10684