diff --git a/dbx-cert.tar.xz b/dbx-cert.tar.xz index 183b0fc..37eaf60 100644 --- a/dbx-cert.tar.xz +++ b/dbx-cert.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d453dc9335c148d93867ff72222696960a6247724dad6ffb1def8bb8df6765dc -size 5508 +oid sha256:7cea42a328d6dbac923fce1a15f1e941eee7c829aeff6c0b5016475cca99c47c +size 7032 diff --git a/gcc9-fix-warnings.patch b/gcc9-fix-warnings.patch deleted file mode 100644 index ecf2bb4..0000000 --- a/gcc9-fix-warnings.patch +++ /dev/null @@ -1,68 +0,0 @@ -From f30cd0b6330be8ea72a93bf25e43829c222ba611 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Tue, 26 Feb 2019 11:33:53 +0800 -Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of - CompareGuid - -Fix the errors from gcc9 '-Werror=address-of-packed-member' - -https://github.com/rhboot/shim/issues/161 - -Signed-off-by: Gary Lin ---- - MokManager.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index d69b4dbe..05dc1622 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1053,7 +1053,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, - continue; - - DataSize += sizeof(EFI_SIGNATURE_LIST); -- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) -+ if (CompareMem(&(list[i].Type), &X509_GUID, -+ sizeof(EFI_GUID)) == 0) - DataSize += sizeof(EFI_GUID); - DataSize += list[i].MokSize; - } -@@ -1075,7 +1076,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, - CertList->SignatureType = list[i].Type; - CertList->SignatureHeaderSize = 0; - -- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) { -+ if (CompareMem(&(list[i].Type), &X509_GUID, -+ sizeof(EFI_GUID)) == 0) { - CertList->SignatureListSize = list[i].MokSize + - sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); - CertList->SignatureSize = -@@ -1116,7 +1118,8 @@ static void delete_cert(void *key, UINT32 key_size, - int i; - - for (i = 0; i < mok_num; i++) { -- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0) -+ if (CompareMem(&(mok[i].Type), &X509_GUID, -+ sizeof(EFI_GUID)) != 0) - continue; - - if (mok[i].MokSize == key_size && -@@ -1167,7 +1170,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, - sig_size = hash_size + sizeof(EFI_GUID); - - for (i = 0; i < mok_num; i++) { -- if ((CompareGuid(&(mok[i].Type), &Type) != 0) || -+ if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) || - (mok[i].MokSize < sig_size)) - continue; - -@@ -1331,7 +1334,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) - - /* Search and destroy */ - for (i = 0; i < del_num; i++) { -- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) { -+ if (CompareMem(&(del_key[i].Type), &X509_GUID, -+ sizeof(EFI_GUID)) == 0) { - delete_cert(del_key[i].Mok, del_key[i].MokSize, - mok, mok_num); - } else if (is_sha2_hash(del_key[i].Type)) { diff --git a/shim-15+git47.tar.bz2 b/shim-15+git47.tar.bz2 deleted file mode 100644 index a2e5d19..0000000 --- a/shim-15+git47.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4e5d2d07df89384185dbbbe5b0cb4402829c858f615a1400d2264e3ecf78abc6 -size 1002928 diff --git a/shim-15.3.tar.bz2 b/shim-15.3.tar.bz2 new file mode 100644 index 0000000..2008a39 --- /dev/null +++ b/shim-15.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:df76c9b68cf6e6d9c024059b5335701441c366cdcced2ae21e115f3901cb8333 +size 1260580 diff --git a/shim-VLogError-Avoid-Null-pointer-dereferences.patch b/shim-VLogError-Avoid-Null-pointer-dereferences.patch deleted file mode 100644 index f978f55..0000000 --- a/shim-VLogError-Avoid-Null-pointer-dereferences.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 20e731f423a438f53738de73af9ef3d67c4cba2f Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 12 Feb 2019 18:04:49 -0500 -Subject: [PATCH] VLogError(): Avoid NULL pointer dereferences in (V)Sprint - calls - -VLogError() calculates the size of format strings by using calls to -SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer. -Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize -of "0" is special-cased to mean "there is no limit". So, we end up -writing our string to address 0x0. This was discovered because it -causes a crash on ARM where, unlike x86, it does not necessarily -have memory mapped at 0x0. - -Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which -handles the size calculation and allocation for us. - -Signed-off-by: Peter Jones -Fixes: 25f6fd08cd26 ("try to show errors more usefully.") -[dannf: commit message ] -Signed-off-by: dann frazier ---- - errlog.c | 15 +++------------ - 1 file changed, 3 insertions(+), 12 deletions(-) - -diff --git a/errlog.c b/errlog.c -index 18be482..eebb266 100644 ---- a/errlog.c -+++ b/errlog.c -@@ -14,29 +14,20 @@ EFI_STATUS - VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args) - { - va_list args2; -- UINTN size = 0, size2; - CHAR16 **newerrs; - -- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func); -- va_copy(args2, args); -- size2 = VSPrint(NULL, 0, fmt, args2); -- va_end(args2); -- - newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), - (nerrs + 3) * sizeof(*errs)); - if (!newerrs) - return EFI_OUT_OF_RESOURCES; - -- newerrs[nerrs] = AllocatePool(size*2+2); -+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); - if (!newerrs[nerrs]) - return EFI_OUT_OF_RESOURCES; -- newerrs[nerrs+1] = AllocatePool(size2*2+2); -+ va_copy(args2, args); -+ newerrs[nerrs+1] = VPoolPrint(fmt, args2); - if (!newerrs[nerrs+1]) - return EFI_OUT_OF_RESOURCES; -- -- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func); -- va_copy(args2, args); -- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2); - va_end(args2); - - nerrs += 2; --- -2.28.0 - diff --git a/shim-always-mirror-mok-variables.patch b/shim-always-mirror-mok-variables.patch deleted file mode 100644 index 515b8d7..0000000 --- a/shim-always-mirror-mok-variables.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e6ce8788f4a622da1ba5421a5eb11df163a56727 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Wed, 21 Nov 2018 12:47:43 +0800 -Subject: [PATCH] MOK: Fix the missing vendor cert in MokListRT - -When there is no key in MokList, import_mok_state() just skipped MokList -even though it should always mirror the vendor cert. - -https://github.com/rhboot/shim/issues/154 - -Signed-off-by: Gary Lin ---- - mok.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/mok.c b/mok.c -index 3867521..0bcab32 100644 ---- a/mok.c -+++ b/mok.c -@@ -223,11 +223,18 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) - UINT32 attrs = 0; - BOOLEAN delete = FALSE, present, addend; - -+ addend = (v->addend_source && v->addend_size && -+ *v->addend_source && *v->addend_size) -+ ? TRUE : FALSE; -+ - efi_status = get_variable_attr(v->name, - &v->data, &v->data_size, - *v->guid, &attrs); -- if (efi_status == EFI_NOT_FOUND) -+ if (efi_status == EFI_NOT_FOUND) { -+ if (addend) -+ goto mirror_addend; - continue; -+ } - if (EFI_ERROR(efi_status)) { - perror(L"Could not verify %s: %r\n", v->name, - efi_status); -@@ -272,9 +279,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) - } - - present = (v->data && v->data_size) ? TRUE : FALSE; -- addend = (v->addend_source && v->addend_size && -- *v->addend_source && *v->addend_size) -- ? TRUE : FALSE; - - if (v->flags & MOK_VARIABLE_MEASURE && present) { - /* -@@ -304,7 +308,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) - } - } - -- if (v->rtname && present && addend) { -+mirror_addend: -+ if (v->rtname && (present || addend)) { - if (v->flags & MOK_MIRROR_DELETE_FIRST) - LibDeleteVariable(v->rtname, v->guid); - --- -2.19.2 - diff --git a/shim-arch-independent-names.patch b/shim-arch-independent-names.patch index 21e3ef4..4b96a33 100644 --- a/shim-arch-independent-names.patch +++ b/shim-arch-independent-names.patch @@ -1,4 +1,4 @@ -From b0fc750ab3af4883a7124229398a758837a4e7ce Mon Sep 17 00:00:00 2001 +From 71ca8f761fb5434ef65895345d96ccf063da7d66 Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Tue, 22 Aug 2017 12:43:36 +0800 Subject: [PATCH] Make the names of EFI binaries arch-independent @@ -16,10 +16,10 @@ Signed-off-by: Gary Lin 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fallback.c b/fallback.c -index c3f5583..01f2ae4 100644 +index fc81c5e4..44b2d464 100644 --- a/fallback.c +++ b/fallback.c -@@ -999,7 +999,7 @@ debug_hook(void) +@@ -1058,7 +1058,7 @@ debug_hook(void) x = 1; console_print(L"add-symbol-file "DEBUGDIR @@ -29,10 +29,10 @@ index c3f5583..01f2ae4 100644 } diff --git a/shim.c b/shim.c -index fcc11eb..248c946 100644 +index 765c9254..6751a2bc 100644 --- a/shim.c +++ b/shim.c -@@ -2554,7 +2554,7 @@ debug_hook(void) +@@ -1811,7 +1811,7 @@ debug_hook(void) FreePool(data); console_print(L"add-symbol-file "DEBUGDIR @@ -42,11 +42,11 @@ index fcc11eb..248c946 100644 console_print(L"Pausing for debugger attachment.\n"); diff --git a/shim.h b/shim.h -index 2b359d8..d9c60f5 100644 +index 0a6c8cfa..b9c3c4d8 100644 --- a/shim.h +++ b/shim.h -@@ -92,8 +92,8 @@ - #endif +@@ -105,8 +105,8 @@ + #define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH #endif -#define FALLBACK L"\\fb" EFI_ARCH L".efi" @@ -54,8 +54,8 @@ index 2b359d8..d9c60f5 100644 +#define FALLBACK L"\\fallback.efi" +#define MOK_MANAGER L"\\MokManager.efi" - #include "include/configtable.h" - #include "include/console.h" + #if defined(VENDOR_DB_FILE) + # define vendor_authorized vendor_db -- -2.19.2 +2.29.2 diff --git a/shim-bsc1092000-fallback-menu.patch b/shim-bsc1092000-fallback-menu.patch deleted file mode 100644 index e48398a..0000000 --- a/shim-bsc1092000-fallback-menu.patch +++ /dev/null @@ -1,357 +0,0 @@ -From 407763d37cae353609b3f3ef78ff127745860357 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Wed, 23 May 2018 16:58:31 +0800 -Subject: [PATCH 1/2] console: Move the countdown function to console.c - -Move the countdown function from MokManager to console.c to make the -function public - -Also make console_save_and_set_mode() and console_restore_mode() public - -Signed-off-by: Gary Lin ---- - MokManager.c | 71 ++++--------------------------------------- - include/console.h | 6 ++++ - lib/console.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 88 insertions(+), 65 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 2e55c50..1ab8e5e 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -733,30 +733,6 @@ done: - return efi_status; - } - --static void console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) --{ -- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -- -- if (!SavedMode) { -- console_print(L"Invalid parameter: SavedMode\n"); -- return; -- } -- -- CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); -- co->EnableCursor(co, FALSE); -- co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); --} -- --static void console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) --{ -- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -- -- co->EnableCursor(co, SavedMode->CursorVisible); -- co->SetCursorPosition(co, SavedMode->CursorColumn, -- SavedMode->CursorRow); -- co->SetAttribute(co, SavedMode->Attribute); --} -- - static INTN reset_system() - { - gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); -@@ -2032,18 +2008,13 @@ static BOOLEAN verify_pw(BOOLEAN * protected) - - static int draw_countdown() - { -- SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -- SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; -- SIMPLE_TEXT_OUTPUT_MODE SavedMode; -- EFI_INPUT_KEY key; -- EFI_STATUS efi_status; -- UINTN cols, rows; -- CHAR16 *title[2]; - CHAR16 *message = L"Press any key to perform MOK management"; -+ CHAR16 *title; -+ EFI_STATUS efi_status; - void *MokTimeout = NULL; - MokTimeoutvar *var; - UINTN MokTimeoutSize = 0; -- int timeout, wait = 10000000; -+ int timeout; - - efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout, - &MokTimeoutSize, SHIM_LOCK_GUID); -@@ -2059,41 +2030,11 @@ static int draw_countdown() - if (timeout < 0) - return timeout; - -- console_save_and_set_mode(&SavedMode); -- -- title[0] = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); -- title[1] = NULL; -- -- console_print_box_at(title, -1, 0, 0, -1, -1, 1, 1); -- -- co->QueryMode(co, co->Mode->Mode, &cols, &rows); -- -- console_print_at((cols - StrLen(message)) / 2, rows / 2, message); -- while (1) { -- if (timeout > 1) -- console_print_at(2, rows - 3, -- L"Booting in %d seconds ", -- timeout); -- else if (timeout) -- console_print_at(2, rows - 3, -- L"Booting in %d second ", -- timeout); -+ title = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); - -- efi_status = WaitForSingleEvent(ci->WaitForKey, wait); -- if (efi_status != EFI_TIMEOUT) { -- /* Clear the key in the queue */ -- ci->ReadKeyStroke(ci, &key); -- break; -- } -+ timeout = console_countdown(title, message, timeout); - -- timeout--; -- if (!timeout) -- break; -- } -- -- FreePool(title[0]); -- -- console_restore_mode(&SavedMode); -+ FreePool(title); - - return timeout; - } -diff --git a/include/console.h b/include/console.h -index deb4fa3..bd75eb5 100644 ---- a/include/console.h -+++ b/include/console.h -@@ -33,6 +33,12 @@ console_alertbox(CHAR16 **title); - void - console_notify(CHAR16 *string); - void -+console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); -+void -+console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); -+int -+console_countdown(CHAR16* title, const CHAR16* message, int timeout); -+void - console_reset(void); - #define NOSEL 0x7fffffff - -diff --git a/lib/console.c b/lib/console.c -index 3aee41c..2d421af 100644 ---- a/lib/console.c -+++ b/lib/console.c -@@ -409,6 +409,82 @@ console_notify(CHAR16 *string) - console_alertbox(str_arr); - } - -+void -+console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -+{ -+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -+ -+ if (!SavedMode) { -+ console_print(L"Invalid parameter: SavedMode\n"); -+ return; -+ } -+ -+ CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); -+ co->EnableCursor(co, FALSE); -+ co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); -+} -+ -+void -+console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -+{ -+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -+ -+ co->EnableCursor(co, SavedMode->CursorVisible); -+ co->SetCursorPosition(co, SavedMode->CursorColumn, -+ SavedMode->CursorRow); -+ co->SetAttribute(co, SavedMode->Attribute); -+} -+ -+int -+console_countdown(CHAR16* title, const CHAR16* message, -+ int timeout) -+{ -+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; -+ SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; -+ SIMPLE_TEXT_OUTPUT_MODE SavedMode; -+ EFI_INPUT_KEY key; -+ EFI_STATUS efi_status; -+ UINTN cols, rows; -+ CHAR16 *titles[2]; -+ int wait = 10000000; -+ -+ console_save_and_set_mode(&SavedMode); -+ -+ titles[0] = title; -+ titles[1] = NULL; -+ -+ console_print_box_at(titles, -1, 0, 0, -1, -1, 1, 1); -+ -+ co->QueryMode(co, co->Mode->Mode, &cols, &rows); -+ -+ console_print_at((cols - StrLen(message)) / 2, rows / 2, message); -+ while (1) { -+ if (timeout > 1) -+ console_print_at(2, rows - 3, -+ L"Booting in %d seconds ", -+ timeout); -+ else if (timeout) -+ console_print_at(2, rows - 3, -+ L"Booting in %d second ", -+ timeout); -+ -+ efi_status = WaitForSingleEvent(ci->WaitForKey, wait); -+ if (efi_status != EFI_TIMEOUT) { -+ /* Clear the key in the queue */ -+ ci->ReadKeyStroke(ci, &key); -+ break; -+ } -+ -+ timeout--; -+ if (!timeout) -+ break; -+ } -+ -+ console_restore_mode(&SavedMode); -+ -+ return timeout; -+} -+ - #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) - - /* Copy of gnu-efi-3.0 with the added secure boot strings */ --- -2.19.2 - - -From 9544a6dc75343059184d9dfb0cfdc4eda880afd0 Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Wed, 23 May 2018 18:13:05 +0800 -Subject: [PATCH 2/2] fallback: show a countdown menu before reset - -Some machines with the faulty firmware may keep booting the default boot -path instead of the boot option we create. To avoid the infinite reset -loop, this commit introduce a countdown screen before fallback resets the -system, so the user can interrupt the system reset and choose to boot -the restored boot option. The "Always continue boot" option creates a -BS+RT+NV variable, FB_NO_REBOOT, to make fallback boot the first boot -option afterward without asking. The user can revert the behavior by -removing the variable. - -https://github.com/rhboot/shim/issues/128 - -Signed-off-by: Gary Lin ---- - fallback.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 81 insertions(+) - -diff --git a/fallback.c b/fallback.c -index 01f2ae4..33f104f 100644 ---- a/fallback.c -+++ b/fallback.c -@@ -12,6 +12,8 @@ - - #include "shim.h" - -+#define NO_REBOOT L"FB_NO_REBOOT" -+ - EFI_LOADED_IMAGE *this_image = NULL; - - int -@@ -973,6 +975,65 @@ try_start_first_option(EFI_HANDLE parent_image_handle) - return efi_status; - } - -+static UINT32 -+get_fallback_no_reboot(void) -+{ -+ EFI_STATUS efi_status; -+ UINT32 no_reboot; -+ UINTN size = sizeof(UINT32); -+ -+ efi_status = gRT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID, -+ NULL, &size, &no_reboot); -+ if (!EFI_ERROR(efi_status)) { -+ return no_reboot; -+ } -+ return 0; -+} -+ -+static EFI_STATUS -+set_fallback_no_reboot(void) -+{ -+ EFI_STATUS efi_status; -+ UINT32 no_reboot = 1; -+ efi_status = gRT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID, -+ EFI_VARIABLE_NON_VOLATILE -+ | EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS, -+ sizeof(UINT32), &no_reboot); -+ return efi_status; -+} -+ -+static int -+draw_countdown(void) -+{ -+ CHAR16 *title = L"Boot Option Restoration"; -+ CHAR16 *message = L"Press any key to stop system reset"; -+ int timeout; -+ -+ timeout = console_countdown(title, message, 5); -+ -+ return timeout; -+} -+ -+static int -+get_user_choice(void) -+{ -+ int choice; -+ CHAR16 *title[] = {L"Boot Option Restored", NULL}; -+ CHAR16 *menu_strings[] = { -+ L"Reset system", -+ L"Continue boot", -+ L"Always continue boot", -+ NULL -+ }; -+ -+ do { -+ choice = console_select(title, menu_strings, 0); -+ } while (choice < 0 || choice > 2); -+ -+ return choice; -+} -+ - extern EFI_STATUS - efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab); - -@@ -1039,6 +1100,26 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) - VerbosePrint(L"tpm not present, starting the first image\n"); - try_start_first_option(image); - } else { -+ if (get_fallback_no_reboot() == 1) { -+ VerbosePrint(L"NO_REBOOT is set, starting the first image\n"); -+ try_start_first_option(image); -+ } -+ -+ int timeout = draw_countdown(); -+ if (timeout == 0) -+ goto reset; -+ -+ int choice = get_user_choice(); -+ if (choice == 0) { -+ goto reset; -+ } else if (choice == 2) { -+ efi_status = set_fallback_no_reboot(); -+ if (EFI_ERROR(efi_status)) -+ goto reset; -+ } -+ VerbosePrint(L"tpm present, starting the first image\n"); -+ try_start_first_option(image); -+reset: - VerbosePrint(L"tpm present, resetting system\n"); - } - --- -2.19.2 - diff --git a/shim-bsc1173411-only-check-efi-var-on-sb.patch b/shim-bsc1173411-only-check-efi-var-on-sb.patch deleted file mode 100644 index 3df34fd..0000000 --- a/shim-bsc1173411-only-check-efi-var-on-sb.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Thu, 6 Dec 2018 10:08:45 +0100 -Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled - systems - -I have come across systems that are unwilling to reserve enough memory for -a MokListRT big enough for big certificates. -This seems to be the case with firmware implementations that do not support -secureboot, which is probably the reason they went with much lower variable -storage. - -This patch set makes sure we can still boot on those systems, by only -making the copy action fatal if the system has secure boot enabled, or if -the error was anything other than EFI_INVALID_PARAMETER. - -Signed-off-by: Patrick Uiterwijk ---- - shim.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index 7d25ad6..aee4727 100644 ---- a/shim.c -+++ b/shim.c -@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) - * boot-services-only state variables are what we think they are. - */ - efi_status = import_mok_state(image_handle); -- if (EFI_ERROR(efi_status)) { -+ if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) { -+ /* -+ * Make copy failures fatal only if secure_mode is enabled, or -+ * the error was anything else than EFI_INVALID_PARAMETER. -+ * There are non-secureboot firmware implementations that don't -+ * reserve enough EFI variable memory to fit the variable. -+ */ -+ console_print(L"Importing MOK states has failed: %s: %r\n", -+ msgs[msg], efi_status); -+ console_print(L"Continuing boot since secure mode is disabled"); -+ } else if (EFI_ERROR(efi_status)) { - die: - console_print(L"Something has gone seriously wrong: %s: %r\n", - msgs[msg], efi_status); --- -2.25.1 - diff --git a/shim-bsc1174512-correct-license-in-headers.patch b/shim-bsc1174512-correct-license-in-headers.patch deleted file mode 100644 index f265ab1..0000000 --- a/shim-bsc1174512-correct-license-in-headers.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 248e327146daf008b32615423f86d0a985d9d519 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 9 Jul 2020 00:24:57 -0400 -Subject: [PATCH] Remove a couple of incorrect license claims. - -A certain someone's default editor template leaked in to a couple of -source files, and claims they're GPL licensed. They're not. - -Signed-off-by: Peter Jones -(cherry picked from commit 476cbff111001d01a5a27dc2289fc7cd2d34c38e) ---- - errlog.c | 3 --- - mok.c | 2 -- - 2 files changed, 5 deletions(-) - -diff --git a/errlog.c b/errlog.c -index 18be482..e2ac04a 100644 ---- a/errlog.c -+++ b/errlog.c -@@ -1,10 +1,7 @@ - /* - * errlog.c - * Copyright 2017 Peter Jones -- * -- * Distributed under terms of the GPLv3 license. - */ -- - #include "shim.h" - - static CHAR16 **errs = NULL; -diff --git a/mok.c b/mok.c -index 0bcab32..9498440 100644 ---- a/mok.c -+++ b/mok.c -@@ -1,8 +1,6 @@ - /* - * mok.c - * Copyright 2017 Peter Jones -- * -- * Distributed under terms of the GPLv3 license. - */ - - #include "shim.h" --- -2.27.0 - diff --git a/shim-bsc1175509-more-tpm-fixes.patch b/shim-bsc1175509-more-tpm-fixes.patch deleted file mode 100644 index 792a129..0000000 --- a/shim-bsc1175509-more-tpm-fixes.patch +++ /dev/null @@ -1,246 +0,0 @@ -From 3574fb71d1849295f662c3fcf0818bcd40373649 Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 18 Feb 2020 12:03:28 +0100 -Subject: [PATCH 1/3] shim: Update EFI_LOADED_IMAGE with the second stage - loader file path - -When shim loads the second stage loader (e.g: GRUB) the FilePath field of -the EFI_LOADED_IMAGE structure isn't updated with the path of the loaded -binary. So it still contains the file path of the shim binary. - -This isn't a problem since the file path is currently not used. But should -be used to set the DevicePath field of the EFI_IMAGE_LOAD_EVENT structure -that is logged when measuring the PE/COFF binaries. In that case the TPM -Event Log will have an incorrect file path for the measured binary, i.e: - -$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements -... -00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.| -00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.| -00000a70 5c 00 73 00 68 00 69 00 6d 00 78 00 36 00 34 00 |\.s.h.i.m.x.6.4.| -00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........| -00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................| -00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....| -00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd | -00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....| -... - -So update the EFI_LOADED_IMAGE structure with the second stage loader file -path to have the correct value in the log, i.e: - -$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements -... -00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.| -00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.| -00000a70 5c 00 67 00 72 00 75 00 62 00 78 00 36 00 34 00 |\.g.r.u.b.x.6.4.| -00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........| -00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................| -00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....| -00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd | -00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....| -... - -Signed-off-by: Javier Martinez Canillas -(cherry picked from commit cd7d42d493d2913625b9852743db99d97ad15c72) ---- - shim.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - -diff --git a/shim.c b/shim.c -index ebc46f0..1dff8a4 100644 ---- a/shim.c -+++ b/shim.c -@@ -1950,6 +1950,16 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - */ - CopyMem(&li_bak, li, sizeof(li_bak)); - -+ /* -+ * Update the loaded image with the second stage loader file path -+ */ -+ li->FilePath = FileDevicePath(NULL, PathName); -+ if (!li->FilePath) { -+ perror(L"Unable to update loaded image file path\n"); -+ efi_status = EFI_OUT_OF_RESOURCES; -+ goto restore; -+ } -+ - /* - * Verify and, if appropriate, relocate and execute the executable - */ -@@ -1959,8 +1969,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - perror(L"Failed to load image: %r\n", efi_status); - PrintErrors(); - ClearErrors(); -- CopyMem(li, &li_bak, sizeof(li_bak)); -- goto done; -+ goto restore; - } - - loader_is_participating = 0; -@@ -1970,6 +1979,10 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - */ - efi_status = entry_point(image_handle, systab); - -+restore: -+ if (li->FilePath) -+ FreePool(li->FilePath); -+ - /* - * Restore our original loaded image values - */ --- -2.28.0 - - -From eee96f1c59ba0f1a58eb1748a4bdf7ed0855b17a Mon Sep 17 00:00:00 2001 -From: Javier Martinez Canillas -Date: Tue, 18 Feb 2020 12:03:17 +0100 -Subject: [PATCH 2/3] tpm: Include information about PE/COFF images in the TPM - Event Log - -The "TCG PC Client Specific Platform Firmware Profile Specification" says -that when measuring a PE/COFF image, the TCG_PCR_EVENT2 structure Event -field MUST contain a UEFI_IMAGE_LOAD_EVENT structure. - -Currently an empty UEFI_IMAGE_LOAD_EVENT structure is passed so users only -have the hash of the PE/COFF image, but not information such the file path -of the binary. - -Signed-off-by: Javier Martinez Canillas -(cherry picked from commit c252b9ee94c342f9074a3e9064fd254eef203a63) ---- - include/tpm.h | 5 +++-- - shim.c | 7 +++++-- - tpm.c | 46 ++++++++++++++++++++++++++++++++-------------- - 3 files changed, 40 insertions(+), 18 deletions(-) - -diff --git a/include/tpm.h b/include/tpm.h -index 746e871..a05c249 100644 ---- a/include/tpm.h -+++ b/include/tpm.h -@@ -10,8 +10,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - const CHAR8 *description); - EFI_STATUS fallback_should_prefer_reset(void); - --EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, -- UINT8 pcr); -+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, -+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path, -+ UINT8 *sha1hash, UINT8 pcr); - - EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data); - -diff --git a/shim.c b/shim.c -index 1dff8a4..6ce30a0 100644 ---- a/shim.c -+++ b/shim.c -@@ -1299,7 +1299,9 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, - #ifdef REQUIRE_TPM - efi_status = - #endif -- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4); -+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, -+ (EFI_PHYSICAL_ADDRESS)(UINTN)context.ImageAddress, -+ li->FilePath, sha1hash, 4); - #ifdef REQUIRE_TPM - if (efi_status != EFI_SUCCESS) { - return efi_status; -@@ -1813,7 +1815,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) - #ifdef REQUIRE_TPM - efi_status = - #endif -- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4); -+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, 0, NULL, -+ sha1hash, 4); - #ifdef REQUIRE_TPM - if (EFI_ERROR(efi_status)) - goto done; -diff --git a/tpm.c b/tpm.c -index 196b93c..22ad148 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -210,21 +210,39 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, - strlen(description) + 1, 0xd, NULL); - } - --EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, -- UINT8 pcr) -+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, -+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path, -+ UINT8 *sha1hash, UINT8 pcr) - { -- EFI_IMAGE_LOAD_EVENT ImageLoad; -- -- // All of this is informational and forces us to do more parsing before -- // we can generate it, so let's just leave it out for now -- ImageLoad.ImageLocationInMemory = 0; -- ImageLoad.ImageLengthInMemory = 0; -- ImageLoad.ImageLinkTimeAddress = 0; -- ImageLoad.LengthOfDevicePath = 0; -- -- return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad, -- sizeof(ImageLoad), -- EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash); -+ EFI_IMAGE_LOAD_EVENT *ImageLoad = NULL; -+ EFI_STATUS efi_status; -+ UINTN path_size = 0; -+ -+ if (path) -+ path_size = DevicePathSize(path); -+ -+ ImageLoad = AllocateZeroPool(sizeof(*ImageLoad) + path_size); -+ if (!ImageLoad) { -+ perror(L"Unable to allocate image load event structure\n"); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ ImageLoad->ImageLocationInMemory = buf; -+ ImageLoad->ImageLengthInMemory = size; -+ ImageLoad->ImageLinkTimeAddress = addr; -+ -+ if (path_size > 0) { -+ CopyMem(ImageLoad->DevicePath, path, path_size); -+ ImageLoad->LengthOfDevicePath = path_size; -+ } -+ -+ efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad, -+ sizeof(*ImageLoad) + path_size, -+ EV_EFI_BOOT_SERVICES_APPLICATION, -+ sha1hash); -+ FreePool(ImageLoad); -+ -+ return efi_status; - } - - typedef struct { --- -2.28.0 - - -From 537851177b72328b76f74782709029cff466168b Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 23 Jul 2020 20:35:56 -0400 -Subject: [PATCH 3/3] Fix a broken tpm type - -Signed-off-by: Peter Jones -(cherry picked from commit 871cfcf8bdc4f656642993d38b06e4e2d5be0c18) ---- - tpm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tpm.c b/tpm.c -index 22ad148..03cf3a1 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -239,7 +239,7 @@ EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, - efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad, - sizeof(*ImageLoad) + path_size, - EV_EFI_BOOT_SERVICES_APPLICATION, -- sha1hash); -+ (CHAR8 *)sha1hash); - FreePool(ImageLoad); - - return efi_status; --- -2.28.0 - diff --git a/shim-bsc1175509-tpm2-fixes.patch b/shim-bsc1175509-tpm2-fixes.patch deleted file mode 100644 index 83d0ea9..0000000 --- a/shim-bsc1175509-tpm2-fixes.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 551bab0a7c3199cad3bd1273d57e98e54bdf2ce9 Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Tue, 11 Dec 2018 15:25:44 -0800 -Subject: [PATCH 1/4] Remove call to TPM2 get_event_log() - -Calling the TPM2 get_event_log causes the firmware to start logging -events to the final events table, but implementations may also continue -logging to the boot services event log. Any OS that wishes to -reconstruct the full PCR state must already look at both the final -events log and the boot services event log, so if this call is made -anywhere other than immediately before ExitBootServices() then the OS -must deduplicate events that occur in both, complicating things -immensely. - -Linux already has support for copying up the boot services event log -across the ExitBootServices() boundary, so there's no reason to make -this call. Remove it. - -Signed-off-by: Matthew Garrett -(cherry picked from commit fd7c3bd920ba39082cb7c619afb7203d150a4cd3) ---- - tpm.c | 46 ---------------------------------------------- - 1 file changed, 46 deletions(-) - -diff --git a/tpm.c b/tpm.c -index 674e69b..f07362c 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -70,41 +70,6 @@ static BOOLEAN tpm2_present(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, - return FALSE; - } - --static inline EFI_TCG2_EVENT_LOG_BITMAP --tpm2_get_supported_logs(efi_tpm2_protocol_t *tpm, -- EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, -- BOOLEAN old_caps) --{ -- if (old_caps) -- return ((TREE_BOOT_SERVICE_CAPABILITY *)caps)->SupportedEventLogs; -- -- return caps->SupportedEventLogs; --} -- --/* -- * According to TCG EFI Protocol Specification for TPM 2.0 family, -- * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG -- * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka -- * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the -- * internal switch through calling get_event_log() in order to allow -- * to retrieve the logs from OS runtime. -- */ --static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, -- EFI_TCG2_EVENT_LOG_BITMAP supported_logs) --{ -- EFI_TCG2_EVENT_LOG_FORMAT log_fmt; -- EFI_PHYSICAL_ADDRESS start; -- EFI_PHYSICAL_ADDRESS end; -- BOOLEAN truncated; -- -- if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) -- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; -- else -- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; -- -- return tpm2->get_event_log(tpm2, log_fmt, &start, &end, &truncated); --} -- - static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, - efi_tpm2_protocol_t **tpm2, - BOOLEAN *old_caps_p, -@@ -166,17 +131,6 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - #endif - } else if (tpm2) { - EFI_TCG2_EVENT *event; -- EFI_TCG2_EVENT_LOG_BITMAP supported_logs; -- -- supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); -- -- efi_status = trigger_tcg2_final_events_table(tpm2, -- supported_logs); -- if (EFI_ERROR(efi_status)) { -- perror(L"Unable to trigger tcg2 final events table: %r\n", -- efi_status); -- return efi_status; -- } - - event = AllocatePool(sizeof(*event) + logsize); - if (!event) { --- -2.28.0 - - -From 03cb410a51e808179e9d991057fb94a526ac269a Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Sat, 22 Jun 2019 15:33:03 +0100 -Subject: [PATCH 2/4] tpm: Fix off-by-one error when calculating event size - -tpm_log_event_raw() allocates a buffer for the EFI_TCG2_EVENT structure -that is one byte larger than necessary, and sets event->Size accordingly. -The result of this is that the event data recorded in the log differs -from the data that is measured to the TPM (it has an extra zero byte -at the end). - -(cherry picked from commit 8a27a4809a6a2b40fb6a4049071bf96d6ad71b50) ---- - tpm.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/tpm.c b/tpm.c -index f07362c..516fb87 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -131,8 +131,10 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - #endif - } else if (tpm2) { - EFI_TCG2_EVENT *event; -+ UINTN event_size = sizeof(*event) - sizeof(event->Event) + -+ logsize; - -- event = AllocatePool(sizeof(*event) + logsize); -+ event = AllocatePool(event_size); - if (!event) { - perror(L"Unable to allocate event structure\n"); - return EFI_OUT_OF_RESOURCES; -@@ -142,7 +144,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - event->Header.HeaderVersion = 1; - event->Header.PCRIndex = pcr; - event->Header.EventType = type; -- event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1; -+ event->Size = event_size; - CopyMem(event->Event, (VOID *)log, logsize); - if (hash) { - /* TPM 2 systems will generate the appropriate hash --- -2.28.0 - - -From 6b57ed99e1925728166017863ad849408cddf55d Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Sat, 22 Jun 2019 15:37:29 +0100 -Subject: [PATCH 3/4] tpm: Define EFI_VARIABLE_DATA_TREE as packed - -tpm_measure_variable() calculates VarLogSize by adding the size of VarName -and VarData to the size of EFI_VARIABLE_DATA_TREE, and then subtracting -the size of the UnicodeName and VariableData members. This results in a -calculation that is 5 bytes larger than necessary because it doesn't take -in to account the padding of these members. The effect of this is that -shim measures an additional 5 zero bytes when measuring UEFI variables -(at least on 64-bit architectures). - -Byte packing EFI_VARIABLE_DATA_TREE fixes this. - -(cherry picked from commit 7e4d3f1c8c730a5d3f40729cb285b5d8c7b241af) ---- - tpm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tpm.c b/tpm.c -index 516fb87..c0617bb 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -233,7 +233,7 @@ typedef struct { - UINT64 VariableDataLength; - CHAR16 UnicodeName[1]; - INT8 VariableData[1]; --} EFI_VARIABLE_DATA_TREE; -+} __attribute__ ((packed)) EFI_VARIABLE_DATA_TREE; - - static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData) - { --- -2.28.0 - - -From 85a8c568dde4d608a7c9cc5b0283bdc36e677947 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Thu, 26 Sep 2019 20:01:01 +0100 -Subject: [PATCH 4/4] tpm: Don't log duplicate identical events - -According to the comment in tpm_measure_variable ("Don't measure something that we've already measured"), shim -shouldn't measure duplicate events if they are identical, which also aligns with section 2.3.4.8 of the TCG PC -Client Platform Firmware Profile Specification ("If it has been measured previously, it MUST NOT be measured -again"). This is currently broken because tpm_data_measured() uses the return value of CompareGuid() incorrectly. - -(cherry picked from commit 103adc89ce578a23cbdbd195c5dc5e329b85b854) ---- - tpm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tpm.c b/tpm.c -index c0617bb..196b93c 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -241,7 +241,7 @@ static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN Var - - for (i=0; i -Date: Thu, 22 Oct 2020 14:00:04 +0800 -Subject: [PATCH] Cryptlib/CryptPkcs7VerifyEku: fix buffer use-after-free - -Merge the patch from edk2 upstream: -https://bugzilla.tianocore.org/show_bug.cgi?id=2459 - -Since SignerCert is actually a part of Pkcs7, PKCS7_free() also fress -SignerCert, so there is no need to free SignerCert. - -Signed-off-by: Gary Lin ---- - Cryptlib/Pk/CryptPkcs7VerifyEku.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c -index d086886..2c172e2 100644 ---- a/Cryptlib/Pk/CryptPkcs7VerifyEku.c -+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c -@@ -507,10 +507,6 @@ Exit: - free (SignedData); - } - -- if (SignerCert != NULL) { -- X509_free (SignerCert); -- } -- - if (Pkcs7 != NULL) { - PKCS7_free (Pkcs7); - } --- -2.28.0 - diff --git a/shim-bsc1177315-verify-eku-codesign.patch b/shim-bsc1177315-verify-eku-codesign.patch index e46afe9..bb931ba 100644 --- a/shim-bsc1177315-verify-eku-codesign.patch +++ b/shim-bsc1177315-verify-eku-codesign.patch @@ -1,4 +1,4 @@ -From b27f96477647c0a055e97f1f9a9cffba354dad6f Mon Sep 17 00:00:00 2001 +From 6ff890bf0af9d37acc6ea8ad64f597060e8bb143 Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Wed, 14 Oct 2020 14:31:12 +0800 Subject: [PATCH] Enforce EKU CodeSign extension check @@ -8,22 +8,25 @@ Per NIAP OS_PP, the signer certificate of the UEFI image has to contain This commit borrows VerifyEKUsInPkcs7Signature() from edk2 and enforces the CodeSign check in Pkcs7Verify(). ++ Also merged the buffer use-after-free fix (*) + +(*) https://bugzilla.tianocore.org/show_bug.cgi?id=2459 Signed-off-by: Gary Lin --- Cryptlib/InternalCryptLib.h | 32 ++ Cryptlib/Library/BaseCryptLib.h | 40 +++ Cryptlib/Makefile | 1 + - Cryptlib/Pk/CryptPkcs7Verify.c | 11 + - Cryptlib/Pk/CryptPkcs7VerifyEku.c | 520 ++++++++++++++++++++++++++++++ - 5 files changed, 604 insertions(+) + Cryptlib/Pk/CryptPkcs7Verify.c | 10 + + Cryptlib/Pk/CryptPkcs7VerifyEku.c | 516 ++++++++++++++++++++++++++++++ + 5 files changed, 599 insertions(+) create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyEku.c diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h -index 8cccf72..026793f 100644 +index e9a4c20..8c9a2a4 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h -@@ -33,4 +33,36 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +@@ -30,5 +30,37 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define OBJ_length(o) ((o)->length) #endif @@ -60,6 +63,7 @@ index 8cccf72..026793f 100644 + ); + #endif + diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h index 2df8bd2..ed482d3 100644 --- a/Cryptlib/Library/BaseCryptLib.h @@ -112,10 +116,10 @@ index 2df8bd2..ed482d3 100644 Extracts the attached content from a PKCS#7 signed data if existed. The input signed data could be wrapped in a ContentInfo structure. diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile -index 2aa5695..0147587 100644 +index 18a33b1..a1d8b02 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile -@@ -38,6 +38,7 @@ OBJS = Hash/CryptMd4Null.o \ +@@ -41,6 +41,7 @@ OBJS = Hash/CryptMd4Null.o \ Pk/CryptRsaExtNull.o \ Pk/CryptPkcs7SignNull.o \ Pk/CryptPkcs7Verify.o \ @@ -124,20 +128,19 @@ index 2aa5695..0147587 100644 Pk/CryptTs.o \ Pk/CryptX509.o \ diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c -index cbd9669..b3ef356 100644 +index 09895d8..da15be2 100644 --- a/Cryptlib/Pk/CryptPkcs7Verify.c +++ b/Cryptlib/Pk/CryptPkcs7Verify.c -@@ -30,6 +30,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +@@ -29,6 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #include UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; - +/* EKU CodeSign */ +CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3"; -+ - BOOLEAN ca_warning; - void -@@ -812,6 +815,8 @@ Pkcs7Verify ( + #if 1 + #if OPENSSL_VERSION_NUMBER < 0x10100000L +@@ -846,6 +848,8 @@ Pkcs7Verify ( CONST UINT8 *Temp; UINTN SignedDataSize; BOOLEAN Wrapped; @@ -146,7 +149,7 @@ index cbd9669..b3ef356 100644 // // Check input parameters. -@@ -825,6 +830,7 @@ Pkcs7Verify ( +@@ -859,6 +863,7 @@ Pkcs7Verify ( DataBio = NULL; Cert = NULL; CertStore = NULL; @@ -154,7 +157,7 @@ index cbd9669..b3ef356 100644 // // Register & Initialize necessary digest algorithms for PKCS#7 Handling -@@ -924,6 +930,11 @@ Pkcs7Verify ( +@@ -958,6 +963,11 @@ Pkcs7Verify ( // X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY); @@ -168,10 +171,10 @@ index cbd9669..b3ef356 100644 // diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c new file mode 100644 -index 0000000..d086886 +index 0000000..2c172e2 --- /dev/null +++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c -@@ -0,0 +1,520 @@ +@@ -0,0 +1,516 @@ +/** @file + This module verifies that Enhanced Key Usages (EKU's) are present within + a PKCS7 signature blob using OpenSSL. @@ -681,10 +684,6 @@ index 0000000..d086886 + free (SignedData); + } + -+ if (SignerCert != NULL) { -+ X509_free (SignerCert); -+ } -+ + if (Pkcs7 != NULL) { + PKCS7_free (Pkcs7); + } @@ -693,5 +692,5 @@ index 0000000..d086886 +} + -- -2.28.0 +2.29.2 diff --git a/shim-bsc1177404-fix-a-use-of-strlen.patch b/shim-bsc1177404-fix-a-use-of-strlen.patch deleted file mode 100644 index 7ac526d..0000000 --- a/shim-bsc1177404-fix-a-use-of-strlen.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 3b3ef3899245299c55fbb9b3adb367276b1c5514 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 5 Sep 2019 10:36:23 -0400 -Subject: [PATCH] Fix a use of strlen() instead of Strlen() - -Signed-off-by: Peter Jones -(cherry picked from commit 1870bae796022f8bbf60465352eac329ff1d6ffd) ---- - shim.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index 0f5e58d..ebc46f0 100644 ---- a/shim.c -+++ b/shim.c -@@ -2145,7 +2145,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path) - - dprint(L"dppath: %s\n", dppath); - dprint(L"path: %s\n", path); -- if (StrnCaseCmp(dppath, PathName, strlen(dppath))) -+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath))) - ret = 0; - - done: --- -2.28.0 - diff --git a/shim-bsc1182776-fix-crash-at-exit.patch b/shim-bsc1182776-fix-crash-at-exit.patch deleted file mode 100644 index eb62137..0000000 --- a/shim-bsc1182776-fix-crash-at-exit.patch +++ /dev/null @@ -1,236 +0,0 @@ -From 999983b82c611d7d3b864f5f46764645f4eed096 Mon Sep 17 00:00:00 2001 -From: Stuart Hayes -Date: Fri, 8 Feb 2019 15:48:20 -0500 -Subject: [PATCH 1/2] Hook exit when shim_lock protocol installed - -A recent commit moved where the shim_lock protocol is loaded and -unloaded, but did not move where exit was hooked and unhooked. Exit -needs to be hooked when the protocol is installed, so that the protocol -will be uninstalled on exit. Otherwise, the system can crash if, for -example, shim loads grub, the user exits grub, shim is run again, which -installs a second instance of the protocol, and then grub tries to use -the shim_lock protocol that was installed by the first instance of shim. - -Signed-off-by: Stuart Hayes -Upstream-commit-id: 06c92591e94 -(cherry picked from commit b5e10f70c7a495dc1788e3604803ee633f1e5f76) ---- - shim.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/shim.c b/shim.c -index 6ce30a06..e9ab8f1a 100644 ---- a/shim.c -+++ b/shim.c -@@ -2517,9 +2517,9 @@ shim_init(void) - loader_is_participating = 0; - } - -- hook_exit(systab); - } - -+ hook_exit(systab); - return install_shim_protocols(); - } - -@@ -2537,9 +2537,10 @@ shim_fini(void) - * Remove our hooks from system services. - */ - unhook_system_services(); -- unhook_exit(); - } - -+ unhook_exit(); -+ - /* - * Free the space allocated for the alternative 2nd stage loader - */ --- -2.29.2 - - -From 13eeece966bf2e5b2d1c1cca0c8b47bbded0f98e Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Fri, 5 Mar 2021 15:00:29 +0800 -Subject: [PATCH 2/2] Restore loaded image of shim at Exit() - -When grub2 invoked Exit() in AArch64 AAVMF, the VM crashed with the -following messsages: - -Unloading driver at 0x000B7D7B000 - -Synchronous Exception at 0x00000000BF5D5E68 -AllocatePool: failed to allocate 800 bytes - -Synchronous Exception at 0x00000000BF5D5E68 - -The similar error also showed when I modified MokManager to call -gBS->Exit() at the end of efi_main(). However, if MokManager just -returned, the error never showed. One significant difference is -whether the loaded image was restored or not, and the firmware seems -to need the original ImageBase pointer to do clean-up. - -To avoid the potential crash, this commit adds restore_loaded_image() so -that we can restore the loaded image both in start_image() and -do_exit(). - -Signed-off-by: Gary Lin -(cherry picked from commit 74d26654d55a4f32e58b76757efca50ceedefef4) ---- - replacements.c | 2 ++ - shim.c | 41 ++++++++++++++++++++++++----------------- - shim.h | 1 + - 3 files changed, 27 insertions(+), 17 deletions(-) - -diff --git a/replacements.c b/replacements.c -index 944c779d..1d06b0cf 100644 ---- a/replacements.c -+++ b/replacements.c -@@ -159,6 +159,8 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, - - shim_fini(); - -+ restore_loaded_image(); -+ - efi_status = gBS->Exit(ImageHandle, ExitStatus, - ExitDataSize, ExitData); - if (EFI_ERROR(efi_status)) { -diff --git a/shim.c b/shim.c -index e9ab8f1a..b5882768 100644 ---- a/shim.c -+++ b/shim.c -@@ -62,6 +62,8 @@ - - static EFI_SYSTEM_TABLE *systab; - static EFI_HANDLE global_image_handle; -+static EFI_LOADED_IMAGE *shim_li; -+static EFI_LOADED_IMAGE shim_li_bak; - - static CHAR16 *second_stage; - static void *load_options; -@@ -1863,13 +1865,24 @@ static EFI_STATUS shim_read_header(void *data, unsigned int datasize, - return efi_status; - } - -+VOID -+restore_loaded_image(VOID) -+{ -+ if (shim_li->FilePath) -+ FreePool(shim_li->FilePath); -+ -+ /* -+ * Restore our original loaded image values -+ */ -+ CopyMem(shim_li, &shim_li_bak, sizeof(shim_li_bak)); -+} -+ - /* - * Load and run an EFI executable - */ - EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - { - EFI_STATUS efi_status; -- EFI_LOADED_IMAGE *li, li_bak; - EFI_IMAGE_ENTRY_POINT entry_point; - EFI_PHYSICAL_ADDRESS alloc_address; - UINTN alloc_pages; -@@ -1884,7 +1897,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - * binary in order to find our path - */ - efi_status = gBS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID, -- (void **)&li); -+ (void **)&shim_li); - if (EFI_ERROR(efi_status)) { - perror(L"Unable to init protocol\n"); - return efi_status; -@@ -1893,14 +1906,14 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - /* - * Build a new path from the existing one plus the executable name - */ -- efi_status = generate_path_from_image_path(li, ImagePath, &PathName); -+ efi_status = generate_path_from_image_path(shim_li, ImagePath, &PathName); - if (EFI_ERROR(efi_status)) { - perror(L"Unable to generate path %s: %r\n", ImagePath, - efi_status); - goto done; - } - -- if (findNetboot(li->DeviceHandle)) { -+ if (findNetboot(shim_li->DeviceHandle)) { - efi_status = parseNetbootinfo(image_handle); - if (EFI_ERROR(efi_status)) { - perror(L"Netboot parsing failed: %r\n", efi_status); -@@ -1916,7 +1929,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - data = sourcebuffer; - datasize = sourcesize; - #if defined(ENABLE_HTTPBOOT) -- } else if (find_httpboot(li->DeviceHandle)) { -+ } else if (find_httpboot(shim_li->DeviceHandle)) { - efi_status = httpboot_fetch_buffer (image_handle, - &sourcebuffer, - &sourcesize); -@@ -1932,7 +1945,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - /* - * Read the new executable off disk - */ -- efi_status = load_image(li, &data, &datasize, PathName); -+ efi_status = load_image(shim_li, &data, &datasize, PathName); - if (EFI_ERROR(efi_status)) { - perror(L"Failed to load image %s: %r\n", - PathName, efi_status); -@@ -1951,13 +1964,13 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - * We need to modify the loaded image protocol entry before running - * the new binary, so back it up - */ -- CopyMem(&li_bak, li, sizeof(li_bak)); -+ CopyMem(&shim_li_bak, shim_li, sizeof(shim_li_bak)); - - /* - * Update the loaded image with the second stage loader file path - */ -- li->FilePath = FileDevicePath(NULL, PathName); -- if (!li->FilePath) { -+ shim_li->FilePath = FileDevicePath(NULL, PathName); -+ if (!shim_li->FilePath) { - perror(L"Unable to update loaded image file path\n"); - efi_status = EFI_OUT_OF_RESOURCES; - goto restore; -@@ -1966,7 +1979,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - /* - * Verify and, if appropriate, relocate and execute the executable - */ -- efi_status = handle_image(data, datasize, li, &entry_point, -+ efi_status = handle_image(data, datasize, shim_li, &entry_point, - &alloc_address, &alloc_pages); - if (EFI_ERROR(efi_status)) { - perror(L"Failed to load image: %r\n", efi_status); -@@ -1983,13 +1996,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) - efi_status = entry_point(image_handle, systab); - - restore: -- if (li->FilePath) -- FreePool(li->FilePath); -- -- /* -- * Restore our original loaded image values -- */ -- CopyMem(li, &li_bak, sizeof(li_bak)); -+ restore_loaded_image(); - done: - if (PathName) - FreePool(PathName); -diff --git a/shim.h b/shim.h -index 3db7df9d..38627abf 100644 ---- a/shim.h -+++ b/shim.h -@@ -160,6 +160,7 @@ extern EFI_STATUS LogError_(const char *file, int line, const char *func, CHAR16 - extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args); - extern VOID PrintErrors(VOID); - extern VOID ClearErrors(VOID); -+extern VOID restore_loaded_image(VOID); - extern EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath); - extern EFI_STATUS import_mok_state(EFI_HANDLE image_handle); - --- -2.29.2 - diff --git a/shim-change-debug-file-path.patch b/shim-change-debug-file-path.patch index 2948e2c..90e3755 100644 --- a/shim-change-debug-file-path.patch +++ b/shim-change-debug-file-path.patch @@ -1,4 +1,4 @@ -From e766e3943fa8513c1afe01e69e8aa6ec14067028 Mon Sep 17 00:00:00 2001 +From ac7e88b1f2219ec2b09c9596e6f7d5911e5f6ffd Mon Sep 17 00:00:00 2001 From: Gary Lin Date: Thu, 4 Jan 2018 12:28:37 +0800 Subject: [PATCH] Use our own debug path @@ -6,21 +6,49 @@ Subject: [PATCH] Use our own debug path Signed-off-by: Gary Lin --- Make.defaults | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + fallback.c | 2 +- + shim.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Make.defaults b/Make.defaults -index bbfc1d7..1cec0e1 100644 +index bef3cb51..d88367e3 100644 --- a/Make.defaults +++ b/Make.defaults -@@ -119,7 +119,7 @@ SHIMHASHNAME = $(SHIMSTEM).hash - BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI +@@ -167,7 +167,7 @@ BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV --CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" -+CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" + DEFINES += -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \ +- -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"' ++ -DDEBUGDIR=L\"/usr/lib/debug/usr/share/efi/"$(ARCH)/"\" - ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" + ifneq ($(origin VENDOR_DB_FILE), undefined) + DEFINES += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\" +diff --git a/fallback.c b/fallback.c +index 44b2d464..8e0de901 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -1058,7 +1058,7 @@ debug_hook(void) + + x = 1; + console_print(L"add-symbol-file "DEBUGDIR +- L"fallback.efi.debug %p -s .data %p\n", ++ L"fallback.debug %p -s .data %p\n", + &_etext, &_edata); + } + +diff --git a/shim.c b/shim.c +index 1d539855..f8d2ba5f 100644 +--- a/shim.c ++++ b/shim.c +@@ -1818,7 +1818,7 @@ debug_hook(void) + FreePool(data); + + console_print(L"add-symbol-file "DEBUGDIR +- L"shim.efi.debug 0x%08x -s .data 0x%08x\n", ++ L"shim.debug 0x%08x -s .data 0x%08x\n", + &_text, &_data); + + console_print(L"Pausing for debugger attachment.\n"); -- -2.19.2 +2.29.2 diff --git a/shim-correct-license-in-headers.patch b/shim-correct-license-in-headers.patch deleted file mode 100644 index 97f4436..0000000 --- a/shim-correct-license-in-headers.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 64492acf8b1d72cea0c3e203887bfe26fb840f1d Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Thu, 13 Dec 2018 17:19:36 +0800 -Subject: [PATCH] Add the license change statement for errlog.c and mok.c - ---- - errlog.c | 6 ++++++ - mok.c | 6 ++++++ - 2 files changed, 12 insertions(+) - -diff --git a/errlog.c b/errlog.c -index 18be482..4a1fffb 100644 ---- a/errlog.c -+++ b/errlog.c -@@ -3,6 +3,12 @@ - * Copyright 2017 Peter Jones - * - * Distributed under terms of the GPLv3 license. -+ * -+ * As Peter stated in issues#155: -+ * "I'll publicly state here that as the author of those files, you can -+ * treat them as dual-licensed with the GPLv3 text that accidentally -+ * made it in and the BSD license they should have borne." -+ * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252 - */ - - #include "shim.h" -diff --git a/mok.c b/mok.c -index 3867521..903b3b4 100644 ---- a/mok.c -+++ b/mok.c -@@ -3,6 +3,12 @@ - * Copyright 2017 Peter Jones - * - * Distributed under terms of the GPLv3 license. -+ * -+ * As Peter stated in issues#155: -+ * "I'll publicly state here that as the author of those files, you can -+ * treat them as dual-licensed with the GPLv3 text that accidentally -+ * made it in and the BSD license they should have borne." -+ * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252 - */ - - #include "shim.h" --- -2.19.2 - diff --git a/shim-do-not-write-string-literals.patch b/shim-do-not-write-string-literals.patch deleted file mode 100644 index 5965195..0000000 --- a/shim-do-not-write-string-literals.patch +++ /dev/null @@ -1,140 +0,0 @@ -From c6bedd5b83529925c3ec08f96a3bf61c81bff0ae Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 28 Jan 2020 23:33:46 +0100 -Subject: [PATCH] translate_slashes(): don't write to string literals - -Currently, all three invocations of the translate_slashes() function may -lead to writes to the string literal that is #defined with the -DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined -behavior ("If the program attempts to modify such an array, the behavior -is undefined"). - -This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data -abort: Permission fault"), where the platform firmware maps the .text -section (which contains the string literal) read-only. - -Modify translate_slashes() so that it copies and translates characters -from an input array of "char" to an output array of "CHAR8". - -While at it, fix another bug. Before this patch, if translate_slashes() -ever encountered a double backslash (translating it to a single forward -slash), then the output would end up shorter than the input. However, the -output was not NUL-terminated in-place, therefore the original string -length (and according trailing garbage) would be preserved. After this -patch, the NUL-termination on contraction is automatic, as the output -array's contents are indeterminate when entering the function, and so we -must NUL-terminate it anyway. - -Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98 -Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927 -Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654 -Signed-off-by: Laszlo Ersek -Upstream-commit-id: 9813e8bc8b3 ---- - httpboot.c | 4 ++-- - include/str.h | 14 ++++++++------ - netboot.c | 16 +++++++++++----- - 3 files changed, 21 insertions(+), 13 deletions(-) - -diff --git a/httpboot.c b/httpboot.c -index 3622e85..2d27e8e 100644 ---- a/httpboot.c -+++ b/httpboot.c -@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size) - { - EFI_STATUS efi_status; - EFI_HANDLE nic; -- CHAR8 *next_loader = NULL; -+ CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR]; - CHAR8 *next_uri = NULL; - CHAR8 *hostname = NULL; - - if (!uri) - return EFI_NOT_READY; - -- next_loader = translate_slashes(DEFAULT_LOADER_CHAR); -+ translate_slashes(next_loader, DEFAULT_LOADER_CHAR); - - /* Create the URI for the next loader based on the original URI */ - efi_status = generate_next_uri(uri, next_loader, &next_uri); -diff --git a/include/str.h b/include/str.h -index 9a74836..f73c621 100644 ---- a/include/str.h -+++ b/include/str.h -@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src) - static inline - __attribute__((unused)) - CHAR8 * --translate_slashes(char *str) -+translate_slashes(CHAR8 *out, const char *str) - { - int i; - int j; -- if (str == NULL) -- return (CHAR8 *)str; -+ if (str == NULL || out == NULL) -+ return NULL; - - for (i = 0, j = 0; str[i] != '\0'; i++, j++) { - if (str[i] == '\\') { -- str[j] = '/'; -+ out[j] = '/'; - if (str[i+1] == '\\') - i++; -- } -+ } else -+ out[j] = str[i]; - } -- return (CHAR8 *)str; -+ out[j] = '\0'; -+ return out; - } - - #endif /* SHIM_STR_H */ -diff --git a/netboot.c b/netboot.c -index 58babfb..4922ef2 100644 ---- a/netboot.c -+++ b/netboot.c -@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url) - CHAR8 *start, *end; - CHAR8 ip6str[40]; - CHAR8 ip6inv[16]; -- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); -+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR]; -+ -+ translate_slashes(template, DEFAULT_LOADER_CHAR); - - // to check against str2ip6() errors - memset(ip6inv, 0, sizeof(ip6inv)); -@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6() - - static EFI_STATUS parseDhcp4() - { -- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR); -- INTN template_len = strlen(template) + 1; -+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR]; -+ INTN template_len; -+ UINTN template_ofs = 0; - EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4; - -+ translate_slashes(template, DEFAULT_LOADER_CHAR); -+ template_len = strlen(template) + 1; -+ - if(pxe->Mode->ProxyOfferReceived) { - /* - * Proxy should not have precedence. Check if DhcpAck -@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4() - full_path[dir_len-1] = '\0'; - } - if (dir_len == 0 && dir[0] != '/' && template[0] == '/') -- template++; -- strcata(full_path, template); -+ template_ofs++; -+ strcata(full_path, template + template_ofs); - memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4); - - return EFI_SUCCESS; --- -2.28.0 - diff --git a/shim-fix-gnu-efi-3.0.11.patch b/shim-fix-gnu-efi-3.0.11.patch deleted file mode 100644 index d06bb4e..0000000 --- a/shim-fix-gnu-efi-3.0.11.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/lib/console.c b/lib/console.c -index 2d421af..6e2a8ca 100644 ---- a/lib/console.c -+++ b/lib/console.c -@@ -521,7 +521,11 @@ static struct { - { EFI_SECURITY_VIOLATION, L"Security Violation"}, - - // warnings -+#ifdef EFI_WARN_UNKOWN_GLYPH - { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"}, -+#else -+ { EFI_WARN_UNKNOWN_GLYPH, L"Warning Unknown Glyph"}, -+#endif - { EFI_WARN_DELETE_FAILURE, L"Warning Delete Failure"}, - { EFI_WARN_WRITE_FAILURE, L"Warning Write Failure"}, - { EFI_WARN_BUFFER_TOO_SMALL, L"Warning Buffer Too Small"}, diff --git a/shim-fix-verify-eku.patch b/shim-fix-verify-eku.patch deleted file mode 100644 index e142818..0000000 --- a/shim-fix-verify-eku.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 44b211bcf7ad58ff29e6495e1c3978e4660cb7d1 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Tue, 15 Jan 2019 18:04:34 -0500 -Subject: [PATCH] OpenSSL: always provide OBJ_create() with name strings. - -Some versions of OpenSSL seem to go back and forth as to whether NULL -for these names are okay. Don't risk it. - -Signed-off-by: Peter Jones -Upstream-commit-id: 46b76a01717 ---- - shim.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/shim.c b/shim.c -index a0eb19b..d7ee2b6 100644 ---- a/shim.c -+++ b/shim.c -@@ -388,7 +388,9 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize) - EXTENDED_KEY_USAGE *eku; - ASN1_OBJECT *module_signing; - -- module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN, NULL, NULL)); -+ module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN, -+ "modsign-eku", -+ "modsign-eku")); - - x509 = d2i_X509 (NULL, &Temp, (long) CertSize); - if (x509 != NULL) { --- -2.28.0 - diff --git a/shim-opensuse-cert-prompt.patch b/shim-opensuse-cert-prompt.patch deleted file mode 100644 index 654d215..0000000 --- a/shim-opensuse-cert-prompt.patch +++ /dev/null @@ -1,356 +0,0 @@ -From 49355a83722494099caeb23b46637b2c94a6ab9e Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Tue, 18 Feb 2014 17:29:19 +0800 -Subject: [PATCH 1/3] Show the build-in certificate prompt - -This is an openSUSE-only patch. - -Pop up a window to ask if the user is willing to trust the built-in -openSUSE certificate. - -If yes, set openSUSE_Verify, a BootService variable, to 1, and shim -won't bother the user afterward. - -If no, continue the booting process without using the built-in -certificate to verify the EFI images, and the window will show up -again after reboot. - -The state will store in use_openSUSE_cert, a volatile RT variable. ---- - mok.c | 3 ++- - shim.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- - shim.h | 1 + - 3 files changed, 71 insertions(+), 2 deletions(-) - -diff --git a/mok.c b/mok.c -index 00dd1ad..1645d24 100644 ---- a/mok.c -+++ b/mok.c -@@ -139,7 +139,8 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v) - - if ((v->flags & MOK_MIRROR_KEYDB) && - v->addend_source && *v->addend_source && -- v->addend_size && *v->addend_size) { -+ v->addend_size && *v->addend_size && -+ use_builtin_cert) { - EFI_SIGNATURE_LIST *CertList = NULL; - EFI_SIGNATURE_DATA *CertData = NULL; - FullDataSize = v->data_size -diff --git a/shim.c b/shim.c -index 248c946..d52f46f 100644 ---- a/shim.c -+++ b/shim.c -@@ -83,6 +83,7 @@ UINT8 *vendor_dbx; - */ - verification_method_t verification_method; - int loader_is_participating; -+BOOLEAN use_builtin_cert; - - #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} - -@@ -1066,7 +1067,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, - return efi_status; - } - -- if (cert) { -+ if (cert && use_builtin_cert) { - #if defined(ENABLE_SHIM_CERT) - /* - * Check against the shim build key -@@ -2529,6 +2530,69 @@ shim_fini(void) - console_fini(); - } - -+#define VENDOR_VERIFY L"openSUSE_Verify" -+ -+/* Show the built-in certificate prompt if necessary */ -+static int builtin_cert_prompt(void) -+{ -+ EFI_STATUS status; -+ UINT32 attributes; -+ UINTN len = sizeof(UINT8); -+ UINT8 data; -+ -+ use_builtin_cert = FALSE; -+ -+ if (vendor_cert_size == 0) -+ return 0; -+ -+ status = gRT->GetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID, -+ &attributes, &len, (void *)&data); -+ if (status != EFI_SUCCESS || -+ (attributes & EFI_VARIABLE_RUNTIME_ACCESS)) { -+ int choice; -+ -+ if (status != EFI_NOT_FOUND) -+ LibDeleteVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID); -+ -+ CHAR16 *str[] = {L"Trust openSUSE Certificate", -+ L"", -+ L"Do you agree to use the built-in openSUSE certificate", -+ L"to verify boot loaders and kernels?", -+ NULL}; -+ choice = console_yes_no(str); -+ if (choice != 1) { -+ data = 0; -+ goto done; -+ } -+ -+ data = 1; -+ status = gRT->SetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID, -+ EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof(UINT8), &data); -+ if (status != EFI_SUCCESS) { -+ console_error(L"Failed to set openSUSE_Verify", status); -+ return -1; -+ } -+ } -+ -+ use_builtin_cert = TRUE; -+ data = 1; -+ -+done: -+ /* Setup a runtime variable to show the current state */ -+ status = gRT->SetVariable(L"use_openSUSE_cert", &SHIM_LOCK_GUID, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS, -+ sizeof(UINT8), &data); -+ if (status != EFI_SUCCESS) { -+ console_error(L"Failed to set use_openSUSE_cert", status); -+ return -1; -+ } -+ -+ return 0; -+} -+ - extern EFI_STATUS - efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab); - -@@ -2623,6 +2687,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) - */ - debug_hook(); - -+ if (secure_mode() && (builtin_cert_prompt() != 0)) -+ return EFI_ABORTED; -+ - /* - * Before we do anything else, validate our non-volatile, - * boot-services-only state variables are what we think they are. -diff --git a/shim.h b/shim.h -index d9c60f5..ab384d4 100644 ---- a/shim.h -+++ b/shim.h -@@ -174,6 +174,7 @@ extern UINT8 *vendor_dbx; - extern UINT8 user_insecure_mode; - extern UINT8 ignore_db; - extern UINT8 in_protocol; -+extern BOOLEAN use_builtin_cert; - - #define perror_(file, line, func, fmt, ...) ({ \ - UINTN __perror_ret = 0; \ --- -2.19.2 - - -From 18b6390f3193ebccad44cf1448ce54be512cd066 Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Thu, 20 Feb 2014 16:57:08 +0800 -Subject: [PATCH 2/3] Support revoking the openSUSE cert - -This is an openSUSE-only patch. - -To revoke the openSUSE cert, create ClearVerify, a NV RT variable, -and store the password hash in the variable, and then MokManager -will show up with an additional option to clear openSUSE_Verify ---- - MokManager.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++-- - mok.c | 2 +- - 2 files changed, 59 insertions(+), 3 deletions(-) - -diff --git a/MokManager.c b/MokManager.c -index 1ab8e5e..fbb7d22 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1715,6 +1715,31 @@ mokpw_done: - return EFI_SUCCESS; - } - -+static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { -+ EFI_STATUS status; -+ -+ if (console_yes_no((CHAR16 *[]){L"Do you want to revoke openSUSE certificate?", NULL}) != 1) -+ return 0; -+ -+ if (ClearVerifySize == PASSWORD_CRYPT_SIZE) { -+ status = match_password((PASSWORD_CRYPT *)ClearVerify, NULL, 0, -+ NULL, NULL); -+ } -+ if (status != EFI_SUCCESS) -+ return -1; -+ -+ status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID); -+ if (status != EFI_SUCCESS) { -+ console_error(L"Failed to delete openSUSE_Verify", status); -+ return -1; -+ } -+ -+ console_notify(L"The system must now be rebooted"); -+ gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); -+ console_notify(L"Failed to reboot"); -+ return -1; -+} -+ - static BOOLEAN verify_certificate(UINT8 * cert, UINTN size) - { - X509 *X509Cert; -@@ -2050,6 +2075,7 @@ typedef enum { - MOK_CHANGE_SB, - MOK_SET_PW, - MOK_CHANGE_DB, -+ MOK_CLEAR_VERIFY, - MOK_KEY_ENROLL, - MOK_HASH_ENROLL - } mok_menu_item; -@@ -2070,7 +2096,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - void *MokPW, UINTN MokPWSize, - void *MokDB, UINTN MokDBSize, - void *MokXNew, UINTN MokXNewSize, -- void *MokXDel, UINTN MokXDelSize) -+ void *MokXDel, UINTN MokXDelSize, -+ void *ClearVerify, UINTN ClearVerifySize) - { - CHAR16 **menu_strings = NULL; - mok_menu_item *menu_item = NULL; -@@ -2146,8 +2173,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - if (MokDB) - menucount++; - -+ if (ClearVerify) -+ menucount++; -+ - menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * - (menucount + 1)); -+ - if (!menu_strings) - return EFI_OUT_OF_RESOURCES; - -@@ -2217,6 +2248,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - i++; - } - -+ if (ClearVerify) { -+ menu_strings[i] = L"Revoke openSUSE certificate"; -+ menu_item[i] = MOK_CLEAR_VERIFY; -+ i++; -+ } -+ - menu_strings[i] = L"Enroll key from disk"; - menu_item[i] = MOK_KEY_ENROLL; - i++; -@@ -2321,6 +2358,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, - if (!EFI_ERROR(efi_status)) - MokDB = NULL; - break; -+ case MOK_CLEAR_VERIFY: -+ mok_clear_verify_prompt(ClearVerify, ClearVerifySize); -+ break; - case MOK_KEY_ENROLL: - efi_status = mok_key_enroll(); - break; -@@ -2352,6 +2392,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - { - UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0; - UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0; -+ UINTN ClearVerifySize = 0; - void *MokNew = NULL; - void *MokDel = NULL; - void *MokSB = NULL; -@@ -2359,6 +2400,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - void *MokDB = NULL; - void *MokXNew = NULL; - void *MokXDel = NULL; -+ void *ClearVerify = NULL; - EFI_STATUS efi_status; - - efi_status = get_variable(L"MokNew", (UINT8 **) & MokNew, &MokNewSize, -@@ -2431,9 +2473,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - console_error(L"Could not retrieve MokXDel", efi_status); - } - -+ efi_status = get_variable(L"ClearVerify", (UINT8 **)&ClearVerify, -+ &ClearVerifySize, SHIM_LOCK_GUID); -+ if (!EFI_ERROR(efi_status)) { -+ efi_status = LibDeleteVariable(L"ClearVerify", &SHIM_LOCK_GUID); -+ if (EFI_ERROR(efi_status)) -+ console_notify(L"Failed to delete ClearVerify"); -+ } else if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) { -+ console_error(L"Could not retrieve ClearVerify", efi_status); -+ } -+ - enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize, - MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize, -- MokXNew, MokXNewSize, MokXDel, MokXDelSize); -+ MokXNew, MokXNewSize, MokXDel, MokXDelSize, -+ ClearVerify, ClearVerifySize); - - if (MokNew) - FreePool(MokNew); -@@ -2456,6 +2509,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - if (MokXDel) - FreePool(MokXDel); - -+ if (ClearVerify) -+ FreePool (ClearVerify); -+ - LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID); - LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID); - LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID); -diff --git a/mok.c b/mok.c -index 1645d24..45110cd 100644 ---- a/mok.c -+++ b/mok.c -@@ -37,7 +37,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) - check_var(L"MokPW") || check_var(L"MokAuth") || - check_var(L"MokDel") || check_var(L"MokDB") || - check_var(L"MokXNew") || check_var(L"MokXDel") || -- check_var(L"MokXAuth")) { -+ check_var(L"MokXAuth") || check_var(L"ClearVerify")) { - efi_status = start_image(image_handle, MOK_MANAGER); - - if (EFI_ERROR(efi_status)) { --- -2.19.2 - - -From f16f00e47824722651e2e4f2b327dfbe4fb6367d Mon Sep 17 00:00:00 2001 -From: Gary Ching-Pang Lin -Date: Fri, 7 Mar 2014 16:17:20 +0800 -Subject: [PATCH 3/3] Delete openSUSE_Verify the right way - -This is an openSUSE-only patch. - -LibDeleteVariable only works on the runtime variables. ---- - MokManager.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/MokManager.c b/MokManager.c -index fbb7d22..22336d4 100644 ---- a/MokManager.c -+++ b/MokManager.c -@@ -1728,7 +1728,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { - if (status != EFI_SUCCESS) - return -1; - -- status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID); -+ status = gRT->SetVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_NON_VOLATILE, -+ 0, NULL); - if (status != EFI_SUCCESS) { - console_error(L"Failed to delete openSUSE_Verify", status); - return -1; --- -2.19.2 - diff --git a/shim.changes b/shim.changes index bc933fe..d943743 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Wed Mar 24 01:29:17 UTC 2021 - Gary Ching-Pang Lin + +- Update to 15.3 for SBAT support (bsc#1182057) + + Drop gnu-efi from BuildRequires since upstream pull it into the + tar ball. +- Generate vender-specific SBAT metadata + + Add dos2unix to BuildRequires since Makefile requires it for + vendor SBAT +- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following + sign keys: + + SLES-UEFI-SIGN-Certificate-2020-07.crt + + openSUSE-UEFI-SIGN-Certificate-2020-07.crt +- Refresh patches + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-bsc1177315-verify-eku-codesign.patch + - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch +- Drop upstreamed fixes + + shim-always-mirror-mok-variables.patch + + shim-bsc1175509-more-tpm-fixes.patch + + shim-bsc1173411-only-check-efi-var-on-sb.patch + + shim-fix-verify-eku.patch + + gcc9-fix-warnings.patch + + shim-fix-gnu-efi-3.0.11.patch + + shim-bsc1177404-fix-a-use-of-strlen.patch + + shim-do-not-write-string-literals.patch + + shim-VLogError-Avoid-Null-pointer-dereferences.patch + + shim-bsc1092000-fallback-menu.patch + + shim-bsc1175509-tpm2-fixes.patch + + shim-bsc1174512-correct-license-in-headers.patch + + shim-bsc1182776-fix-crash-at-exit.patch +- Drop shim-opensuse-cert-prompt.patch + + All newly released openSUSE kernels enable kernel lockdown + and signature verification, so there is no need to add the + prompt anymore. + ------------------------------------------------------------------- Thu Mar 11 03:15:03 UTC 2021 - Gary Ching-Pang Lin diff --git a/shim.spec b/shim.spec index 92cd074..3a6e881 100644 --- a/shim.spec +++ b/shim.spec @@ -36,7 +36,7 @@ %endif Name: shim -Version: 15+git47 +Version: 15.3 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause @@ -67,43 +67,11 @@ Source99: SIGNATURE_UPDATE.txt Patch1: shim-arch-independent-names.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path Patch2: shim-change-debug-file-path.patch -# PATCH-FIX-UPSTREAM shim-bsc1092000-fallback-menu.patch bsc#1092000 glin@suse.com -- Show a menu before reset -Patch3: shim-bsc1092000-fallback-menu.patch -# PATCH-FIX-UPSTREAM shim-always-mirror-mok-variables.patch glin@suse.com -- Mirror MOK variables correctly -Patch4: shim-always-mirror-mok-variables.patch -# PATCH-FIX-UPSTREAM shim-bsc1174512-correct-license-in-headers.patch glin@suse.com -- Fix the license header in errlog.c and mok.c -Patch5: shim-bsc1174512-correct-license-in-headers.patch -# PATCH-FIX-SUSE shim-correct-license-in-headers.patch glin@suse.com -- Another fix for the license header in errlog.c and mok.c -Patch51: shim-correct-license-in-headers.patch -# PATCH-FIX-UPSTREAM gcc9-fix-warnings.patch mliska@suse.cz -- MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid -Patch6: gcc9-fix-warnings.patch -# PATCH-FIX-OPENSUSE shim-fix-gnu-efi-3.0.11.patch glin@suse.com -- Fix the build error caused by the typo fix in gnu-efi 3.0.11 -Patch7: shim-fix-gnu-efi-3.0.11.patch -# PATCH-FIX-UPSTREAM shim-bsc1173411-only-check-efi-var-on-sb.patch bsc#1173411 glin@suse.com -- Make EFI variable copying check only fatal on SB systems -Patch8: shim-bsc1173411-only-check-efi-var-on-sb.patch -# PATCH-FIX-UPSTREAM shim-bsc1175509-tpm2-fixes.patch bsc#1175509 glin@suse.com -- Upstream fixes for the TPM2 measurement -Patch9: shim-bsc1175509-tpm2-fixes.patch -# PATCH-FIX-UPSTREAM shim-VLogError-Avoid-Null-pointer-dereferences.patch glin@suse.com -- Fix VlogError crash in AArch64 -Patch10: shim-VLogError-Avoid-Null-pointer-dereferences.patch -# PATCH-FIX-UPSTREAM shim-fix-verify-eku.patch glin@suse.com -- Fix the potential crash at verify_eku() -Patch11: shim-fix-verify-eku.patch -# PATCH-FIX-UPSTREAM shim-do-not-write-string-literals.patch -- Fix the potential crash when accessing the DEFAULT_LOADER string -Patch12: shim-do-not-write-string-literals.patch -# PATCH-FIX-UPSTREAM shim-bsc1177404-fix-a-use-of-strlen.patch bsc#1177404 glin@suse.com -- Fix the length of the option data string to launch the program correctly -Patch13: shim-bsc1177404-fix-a-use-of-strlen.patch -# PATCH-FIX-UPSTREAM shim-bsc1175509-more-tpm-fixes.patch bsc#1175509 glin@suse.com -- Fix the file path in tpm event log -Patch14: shim-bsc1175509-more-tpm-fixes.patch # PATCH-FIX-SUSE shim-bsc1177315-verify-eku-codesign.patch bsc#1177315 glin@suse.com -- Verify CodeSign in the signer's EKU -Patch15: shim-bsc1177315-verify-eku-codesign.patch +Patch3: shim-bsc1177315-verify-eku-codesign.patch # PATCH-FIX-UPSTREAM shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch bsc#1177789 glin@suse.com -- Fix the NULL pointer dereference in AuthenticodeVerify() -Patch16: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch -# PATCH-FIX-SUSE shim-bsc1177315-fix-buffer-use-after-free.patch bsc#1177315 glin@suse.com -- Fix buffer use-after-free at the end of the EKU verification -Patch17: shim-bsc1177315-fix-buffer-use-after-free.patch -# PATCH-FIX-UPSTREAM shim-bsc1182776-fix-crash-at-exit.patch bsc#1182776 glin@suse.com -- Fix the potential crash at Exit() -Patch18: shim-bsc1182776-fix-crash-at-exit.patch -# PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not -Patch100: shim-opensuse-cert-prompt.patch -BuildRequires: gnu-efi >= 3.0.3 +Patch4: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch +BuildRequires: dos2unix BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 BuildRequires: pesign @@ -146,34 +114,23 @@ The source code of UEFI shim loader %patch2 -p1 %patch3 -p1 %patch4 -p1 -%ifarch x86_64 -%patch51 -p1 -%else -%patch5 -p1 -%endif -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%ifarch aarch64 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%endif -%if 0%{?is_opensuse} == 1 -%patch100 -p1 -%endif %build +# generate the vendor SBAT metadata +%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0 +distro_id="opensuse" +distro_name="The openSUSE project" +%else +distro_id="sle" +distro_name="SUSE Linux Enterprise" +%endif +distro_sbat=1 +sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security-team@suse.de" +echo "${sbat}" > data/sbat.vendor.csv + # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 \ +make RELEASE=0 \ MMSTEM=MokManager FBSTEM=fallback \ MokManager.efi.debug fallback.efi.debug \ MokManager.efi fallback.efi @@ -232,7 +189,7 @@ for suffix in "${suffixes[@]}"; do fi openssl x509 -in $cert -outform DER -out shim-$suffix.der - make EFI_PATH=/usr/lib64 RELEASE=0 SHIMSTEM=shim \ + make RELEASE=0 SHIMSTEM=shim \ VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \ DEFAULT_LOADER="\\\\\\\\grub.efi" \ VENDOR_DBX_FILE=%{SOURCE51} \ diff --git a/vendor-dbx.bin b/vendor-dbx.bin index ab8bfca..af4e49f 100644 --- a/vendor-dbx.bin +++ b/vendor-dbx.bin @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:06ce49f33cc79ae90358c375c2dc626e42ee8539dc45eec9dbd64089e9ffd8e6 -size 8131 +oid sha256:52bb4f6ec072142320cac802aa92eacf0130df641631a8abddf0d4d7507b456b +size 10684