pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 209456 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
Update to 0.7, include upstream patches, and support MOK blacklist

OBS-URL: https://build.opensuse.org/request/show/209456
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=52
This commit is contained in:
Gary Ching-Pang Lin 2013-12-05 02:46:29 +00:00 committed by Git OBS Bridge
parent 123cf8931f
commit 1640d5b323
22 changed files with 1693 additions and 11010 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
shim-0.4.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:442c5ea22e50aeea816fc83e4a328e48d9429eefb706fa55de3d7c8b05aea0e7
size 966676

3
shim-0.7.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b85cabcdedfcf256e357dc2a8a0131a32f3b4619155a174465db47326c8102b7
size 988071

59
shim-bnc798043-no-doulbe-separators.patch
View File

@ -1,59 +0,0 @@
From cf7f87688efab2712f41b47eaad32e75ec730653 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 1 Mar 2013 18:04:06 +0800
Subject: [PATCH] Remove double-separators from the bootpath
---
shim.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/shim.c b/shim.c
index 0622c72..806f065 100644
--- a/shim.c
+++ b/shim.c
@@ -969,7 +969,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
{
EFI_DEVICE_PATH *devpath;
EFI_HANDLE device;
- int i;
+ int i, j, last = -1;
unsigned int pathlen = 0;
EFI_STATUS efi_status = EFI_SUCCESS;
CHAR16 *bootpath;
@@ -989,14 +989,27 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
if (bootpath[i] == '/')
bootpath[i] = '\\';
}
+
for (i=pathlen; i>0; i--) {
- if (bootpath[i] == '\\' && bootpath[i-1] != '\\')
- break;
+ if (bootpath[i] == '\\' && bootpath[i-1] == '\\')
+ bootpath[i] = '/';
+ else if (last == -1 && bootpath[i] == '\\')
+ last = i;
+ }
+
+ if (last == -1 && bootpath[0] == '\\')
+ last = 0;
+ bootpath[last+1] = '\0';
+
+ if (last > 0) {
+ for (i = 0, j = 0; bootpath[i] != '\0'; i++) {
+ if (bootpath[i] != '/') {
+ bootpath[j] = bootpath[i];
+ j++;
+ }
+ }
+ bootpath[j] = '\0';
}
- if (bootpath[i] == '\\')
- bootpath[i+1] = '\0';
- else
- bootpath[0] = '\0';
while (*ImagePath == '\\')
ImagePath++;
--
1.8.1.4

64
shim-bnc804631-fix-broken-bootpath.patch
View File

@ -1,64 +0,0 @@
From bfffac234fabdf8110e8e8c53557d57d61320098 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 21 Feb 2013 17:49:29 +0800
Subject: [PATCH] Fix the broken bootpath
- The file path from DevicePathToStr may use slash as the file
seperator. Change all slashes to backslashes to avoid the strange
bootpath.
- Remove the redundant backslashes.
- ImagePath no longer requires the leading backslash.
- Fix a memory leak
Based on the patch from Michal Marek <mmarek@suse.com>
---
shim.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/shim.c b/shim.c
index 94b9710..0622c72 100644
--- a/shim.c
+++ b/shim.c
@@ -981,15 +981,25 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
pathlen = StrLen(bootpath);
+ /*
+ * DevicePathToStr() concatenates two nodes with '/'.
+ * Convert '/' to '\\'.
+ */
+ for (i = 0; i < pathlen; i++) {
+ if (bootpath[i] == '/')
+ bootpath[i] = '\\';
+ }
for (i=pathlen; i>0; i--) {
- if (bootpath[i] == '\\')
+ if (bootpath[i] == '\\' && bootpath[i-1] != '\\')
break;
}
+ if (bootpath[i] == '\\')
+ bootpath[i+1] = '\0';
+ else
+ bootpath[0] = '\0';
- bootpath[i+1] = '\0';
-
- if (i == 0 || bootpath[i-i] == '\\')
- bootpath[i] = '\0';
+ while (*ImagePath == '\\')
+ ImagePath++;
*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
@@ -1007,6 +1017,8 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
*grubpath = FileDevicePath(device, *PathName);
error:
+ FreePool(bootpath);
+
return efi_status;
}
--
1.8.1.4

58
shim-bnc807760-change-pxe-2nd-loader-name.patch
View File

@ -1,58 +0,0 @@
From 9cf8c7fefdcfb5930cb96091676a67cc0c0402b9 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Mar 2013 11:59:44 +0800
Subject: [PATCH] Define the PXE 2nd stage loader in the beginning of the file
Make it easier to change the PXE 2nd stage loader.
---
netboot.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/netboot.c b/netboot.c
index 90fb9cb..ae723c7 100644
--- a/netboot.c
+++ b/netboot.c
@@ -39,6 +39,7 @@
#include "shim.h"
#include "netboot.h"
+#define DEFAULT_LOADER "/grub.efi"
static inline unsigned short int __swap16(unsigned short int x)
{
@@ -238,7 +239,7 @@ static BOOLEAN extract_tftp_info(char *url)
{
char *start, *end;
char ip6str[128];
- char *template = "/grubx64.efi";
+ char *template = DEFAULT_LOADER;
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
Print(L"URLS MUST START WITH tftp://\n");
@@ -294,9 +295,11 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- char *template = "/grubx64.efi";
- char *tmp = AllocatePool(16);
+ char *template = DEFAULT_LOADER;
+ char *tmp;
+ int len = strlen((CHAR8 *)template);
+ tmp = AllocatePool(len+1);
if (!tmp)
return EFI_OUT_OF_RESOURCES;
@@ -304,8 +307,7 @@ static EFI_STATUS parseDhcp4()
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
- memcpy(tmp, template, 12);
- tmp[13] = '\0';
+ memcpy(tmp, template, len+1);
full_path = tmp;
/* Note we don't capture the filename option here because we know its shim.efi
--
1.8.1.4

34
shim-bnc808106-correct-certcount.patch
View File

@ -1,34 +0,0 @@
From 37b8af226ea8e3af467944b3b6253218ba13838c Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 8 Mar 2013 14:44:50 +0800
Subject: [PATCH] Correct the certificate count of the signature list
---
shim.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index 806f065..7219d53 100644
--- a/shim.c
+++ b/shim.c
@@ -230,7 +230,7 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &CertType) == 0) {
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
for (Index = 0; Index < CertCount; Index++) {
IsFound = AuthenticodeVerify (data->CertData,
@@ -295,7 +295,7 @@ static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList,
BOOLEAN IsFound = FALSE;
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize -sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if (CompareGuid(&CertList->SignatureType, &CertType) == 0) {
for (Index = 0; Index < CertCount; Index++) {
--
1.8.1.4

789
shim-bnc841426-silence-shim-protocols.patch
View File

@ -1,789 +0,0 @@
From f60d64b0e119ad7df60d9111fc94fe7ded65750f Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 20 Jun 2013 12:41:14 -0400
Subject: [PATCH 1/3] Don't print that fallback isn't found in
should_use_fallback()
The call can simply fail if it isn't found - which will be the case on
removeable install media.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 47e3812..895b594 100644
--- a/shim.c
+++ b/shim.c
@@ -951,7 +951,12 @@ should_use_fallback(EFI_HANDLE image_handle)
rc = uefi_call_wrapper(vh->Open, 5, vh, &fh, L"\\EFI\\BOOT" FALLBACK,
EFI_FILE_MODE_READ, 0);
if (EFI_ERROR(rc)) {
- Print(L"Could not open \"\\EFI\\BOOT%s\": %d\n", FALLBACK, rc);
+ /* Do not print the error here - this is an acceptable case
+ * for removable media, where we genuinely don't want
+ * fallback.efi to exist.
+ * Print(L"Could not open \"\\EFI\\BOOT%s\": %d\n", FALLBACK,
+ * rc);
+ */
uefi_call_wrapper(vh->Close, 1, vh);
return 0;
}
--
1.8.1.4
From abe44733163c3ef8da96c09dadd8e54e65f9bdab Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 25 Jul 2013 10:51:05 -0400
Subject: [PATCH 2/3] Don't print things on the screen by default when
everything works.
There's no point to this text, and it generally confuses people.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/shim.c b/shim.c
index 895b594..137290d 100644
--- a/shim.c
+++ b/shim.c
@@ -53,6 +53,7 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB
static CHAR16 *second_stage;
static void *load_options;
static UINT32 load_options_size;
+static UINT8 verbose;
/*
* The vendor certificate used for validating the second stage loader
@@ -431,7 +432,8 @@ static BOOLEAN secure_mode (void)
/* FIXME - more paranoia here? */
if (status != EFI_SUCCESS || sb != 1) {
- Print(L"Secure boot not enabled\n");
+ if (verbose)
+ Print(L"Secure boot not enabled\n");
return FALSE;
}
@@ -439,7 +441,8 @@ static BOOLEAN secure_mode (void)
(void *)&setupmode);
if (status == EFI_SUCCESS && setupmode == 1) {
- Print(L"Platform is in setup mode\n");
+ if (verbose)
+ Print(L"Platform is in setup mode\n");
return FALSE;
}
@@ -699,7 +702,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
status = check_whitelist(cert, sha256hash, sha1hash);
if (status == EFI_SUCCESS) {
- Print(L"Binary is whitelisted\n");
+ if (verbose)
+ Print(L"Binary is whitelisted\n");
return status;
}
@@ -711,7 +715,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
shim_cert, sizeof(shim_cert), sha256hash,
SHA256_DIGEST_SIZE)) {
status = EFI_SUCCESS;
- Print(L"Binary is verified by the vendor certificate\n");
+ if (verbose)
+ Print(L"Binary is verified by the vendor certificate\n");
return status;
}
@@ -724,7 +729,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
vendor_cert, vendor_cert_size, sha256hash,
SHA256_DIGEST_SIZE)) {
status = EFI_SUCCESS;
- Print(L"Binary is verified by the vendor certificate\n");
+ if (verbose)
+ Print(L"Binary is verified by the vendor certificate\n");
return status;
}
@@ -1501,6 +1507,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
static SHIM_LOCK shim_lock_interface;
EFI_HANDLE handle = NULL;
EFI_STATUS efi_status;
+ UINT8 verbose_check;
+ UINTN verbose_check_size;
+ UINT32 attributes;
+ EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
/*
* Set up the shim lock protocol so that grub and MokManager can
@@ -1517,6 +1527,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
*/
InitializeLib(image_handle, systab);
+ verbose_check_size = 1;
+ efi_status = get_variable(L"SHIM_VERBOSE", global_var, &attributes,
+ &verbose_check_size, (void *)&verbose_check);
+ if (!EFI_ERROR(efi_status))
+ verbose = verbose_check;
+
/* Set the second stage loader */
set_second_stage (image_handle);
--
1.8.1.4
From 3a131108f7b86af4fe5ed0021374467feb98bd54 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 1 Oct 2013 11:58:52 +0800
Subject: [PATCH 3/3] Keep silent in shim protocol
On some machines, grub2 hung on shim_verify() which tried to output
messages. This commit silences the functions used in the shim
protocols to avoid system hang.
---
shim.c | 178 +++++++++++++++++++++++++++++++++++++++--------------------------
1 file changed, 106 insertions(+), 72 deletions(-)
diff --git a/shim.c b/shim.c
index 137290d..a0de14e 100644
--- a/shim.c
+++ b/shim.c
@@ -54,6 +54,9 @@ static CHAR16 *second_stage;
static void *load_options;
static UINT32 load_options_size;
static UINT8 verbose;
+static UINT8 in_protocol;
+
+#define ERROR(...) if(!in_protocol) {Print(__VA_ARGS__);}
/*
* The vendor certificate used for validating the second stage loader
@@ -94,7 +97,7 @@ static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid, UINT32 *attributes,
*buffer = AllocatePool(*size);
if (!*buffer) {
- Print(L"Unable to allocate variable buffer\n");
+ ERROR(L"Unable to allocate variable buffer\n");
return EFI_OUT_OF_RESOURCES;
}
@@ -134,7 +137,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
context->PEHdr->Pe32Plus.OptionalHeader.ImageBase = (UINT64)data;
if (context->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
- Print(L"Image has no relocation entry\n");
+ ERROR(L"Image has no relocation entry\n");
return EFI_UNSUPPORTED;
}
@@ -142,7 +145,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
RelocBaseEnd = ImageAddress(data, size, context->RelocDir->VirtualAddress + context->RelocDir->Size - 1);
if (!RelocBase || !RelocBaseEnd) {
- Print(L"Reloc table overflows binary\n");
+ ERROR(L"Reloc table overflows binary\n");
return EFI_UNSUPPORTED;
}
@@ -153,13 +156,13 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
RelocEnd = (UINT16 *) ((char *) RelocBase + RelocBase->SizeOfBlock);
if ((void *)RelocEnd < data || (void *)RelocEnd > ImageEnd) {
- Print(L"Reloc entry overflows binary\n");
+ ERROR(L"Reloc entry overflows binary\n");
return EFI_UNSUPPORTED;
}
FixupBase = ImageAddress(data, size, RelocBase->VirtualAddress);
if (!FixupBase) {
- Print(L"Invalid fixupbase\n");
+ ERROR(L"Invalid fixupbase\n");
return EFI_UNSUPPORTED;
}
@@ -208,7 +211,7 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
break;
default:
- Print(L"Unknown relocation\n");
+ ERROR(L"Unknown relocation\n");
return EFI_UNSUPPORTED;
}
Reloc += 1;
@@ -432,7 +435,7 @@ static BOOLEAN secure_mode (void)
/* FIXME - more paranoia here? */
if (status != EFI_SUCCESS || sb != 1) {
- if (verbose)
+ if (verbose && !in_protocol)
Print(L"Secure boot not enabled\n");
return FALSE;
}
@@ -441,7 +444,7 @@ static BOOLEAN secure_mode (void)
(void *)&setupmode);
if (status == EFI_SUCCESS && setupmode == 1) {
- if (verbose)
+ if (verbose && !in_protocol)
Print(L"Platform is in setup mode\n");
return FALSE;
}
@@ -477,12 +480,12 @@ static EFI_STATUS generate_hash (char *data, int datasize,
sha1ctx = AllocatePool(sha1ctxsize);
if (!sha256ctx || !sha1ctx) {
- Print(L"Unable to allocate memory for hash context\n");
+ ERROR(L"Unable to allocate memory for hash context\n");
return EFI_OUT_OF_RESOURCES;
}
if (!Sha256Init(sha256ctx) || !Sha1Init(sha1ctx)) {
- Print(L"Unable to initialise hash\n");
+ ERROR(L"Unable to initialise hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -494,7 +497,7 @@ static EFI_STATUS generate_hash (char *data, int datasize,
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
- Print(L"Unable to generate hash\n");
+ ERROR(L"Unable to generate hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -506,7 +509,7 @@ static EFI_STATUS generate_hash (char *data, int datasize,
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
- Print(L"Unable to generate hash\n");
+ ERROR(L"Unable to generate hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -518,7 +521,7 @@ static EFI_STATUS generate_hash (char *data, int datasize,
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
- Print(L"Unable to generate hash\n");
+ ERROR(L"Unable to generate hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -539,14 +542,14 @@ static EFI_STATUS generate_hash (char *data, int datasize,
}
if (SumOfSectionBytes >= datasize) {
- Print(L"Malformed binary: %x %x\n", SumOfSectionBytes, size);
+ ERROR(L"Malformed binary: %x %x\n", SumOfSectionBytes, size);
status = EFI_INVALID_PARAMETER;
goto done;
}
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * context->PEHdr->Pe32.FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
- Print(L"Unable to allocate section header\n");
+ ERROR(L"Unable to allocate section header\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -572,14 +575,14 @@ static EFI_STATUS generate_hash (char *data, int datasize,
hashsize = (unsigned int) Section->SizeOfRawData;
if (!hashbase) {
- Print(L"Malformed section header\n");
+ ERROR(L"Malformed section header\n");
status = EFI_INVALID_PARAMETER;
goto done;
}
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
- Print(L"Unable to generate hash\n");
+ ERROR(L"Unable to generate hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -596,7 +599,7 @@ static EFI_STATUS generate_hash (char *data, int datasize,
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
- Print(L"Unable to generate hash\n");
+ ERROR(L"Unable to generate hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -604,7 +607,7 @@ static EFI_STATUS generate_hash (char *data, int datasize,
if (!(Sha256Final(sha256ctx, sha256hash)) ||
!(Sha1Final(sha1ctx, sha1hash))) {
- Print(L"Unable to finalise hash\n");
+ ERROR(L"Unable to finalise hash\n");
status = EFI_OUT_OF_RESOURCES;
goto done;
}
@@ -634,9 +637,9 @@ static EFI_STATUS verify_mok (void) {
&MokListDataSize, &MokListData);
if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
- Print(L"MokList is compromised!\nErase all keys in MokList!\n");
+ ERROR(L"MokList is compromised!\nErase all keys in MokList!\n");
if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
- Print(L"Failed to erase MokList\n");
+ ERROR(L"Failed to erase MokList\n");
}
status = EFI_ACCESS_DENIED;
return status;
@@ -658,19 +661,19 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
unsigned int size = datasize;
if (context->SecDir->Size == 0) {
- Print(L"Empty security header\n");
+ ERROR(L"Empty security header\n");
return EFI_INVALID_PARAMETER;
}
cert = ImageAddress (data, size, context->SecDir->VirtualAddress);
if (!cert) {
- Print(L"Certificate located outside the image\n");
+ ERROR(L"Certificate located outside the image\n");
return EFI_INVALID_PARAMETER;
}
if (cert->Hdr.wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
- Print(L"Unsupported certificate type %x\n",
+ ERROR(L"Unsupported certificate type %x\n",
cert->Hdr.wCertificateType);
return EFI_UNSUPPORTED;
}
@@ -691,7 +694,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
status = check_blacklist(cert, sha256hash, sha1hash);
if (status != EFI_SUCCESS) {
- Print(L"Binary is blacklisted\n");
+ ERROR(L"Binary is blacklisted\n");
return status;
}
@@ -702,7 +705,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
status = check_whitelist(cert, sha256hash, sha1hash);
if (status == EFI_SUCCESS) {
- if (verbose)
+ if (verbose && !in_protocol)
Print(L"Binary is whitelisted\n");
return status;
}
@@ -715,7 +718,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
shim_cert, sizeof(shim_cert), sha256hash,
SHA256_DIGEST_SIZE)) {
status = EFI_SUCCESS;
- if (verbose)
+ if (verbose && !in_protocol)
Print(L"Binary is verified by the vendor certificate\n");
return status;
}
@@ -729,12 +732,12 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
vendor_cert, vendor_cert_size, sha256hash,
SHA256_DIGEST_SIZE)) {
status = EFI_SUCCESS;
- if (verbose)
+ if (verbose && !in_protocol)
Print(L"Binary is verified by the vendor certificate\n");
return status;
}
- Print(L"Invalid signature\n");
+ ERROR(L"Invalid signature\n");
status = EFI_ACCESS_DENIED;
return status;
@@ -750,7 +753,7 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
if (datasize < sizeof(EFI_IMAGE_DOS_HEADER)) {
- Print(L"Invalid image\n");
+ ERROR(L"Invalid image\n");
return EFI_UNSUPPORTED;
}
@@ -758,22 +761,22 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)((char *)data + DosHdr->e_lfanew);
if ((((UINT8 *)PEHdr - (UINT8 *)data) + sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION)) > datasize) {
- Print(L"Invalid image\n");
+ ERROR(L"Invalid image\n");
return EFI_UNSUPPORTED;
}
if (PEHdr->Te.Signature != EFI_IMAGE_NT_SIGNATURE) {
- Print(L"Unsupported image type\n");
+ ERROR(L"Unsupported image type\n");
return EFI_UNSUPPORTED;
}
if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED) {
- Print(L"Unsupported image - Relocations have been stripped\n");
+ ERROR(L"Unsupported image - Relocations have been stripped\n");
return EFI_UNSUPPORTED;
}
if (PEHdr->Pe32.OptionalHeader.Magic != EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
- Print(L"Only 64-bit images supported\n");
+ ERROR(L"Only 64-bit images supported\n");
return EFI_UNSUPPORTED;
}
@@ -789,22 +792,23 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
if (context->ImageSize < context->SizeOfHeaders) {
- Print(L"Invalid image\n");
+ ERROR(L"Invalid image\n");
return EFI_UNSUPPORTED;
}
if (((UINT8 *)context->SecDir - (UINT8 *)data) > (datasize - sizeof(EFI_IMAGE_DATA_DIRECTORY))) {
- Print(L"Invalid image\n");
+ ERROR(L"Invalid image\n");
return EFI_UNSUPPORTED;
}
if (context->SecDir->VirtualAddress >= datasize) {
- Print(L"Malformed security header\n");
+ ERROR(L"Malformed security header\n");
return EFI_INVALID_PARAMETER;
}
return EFI_SUCCESS;
}
+
/*
* Once the image has been loaded it needs to be validated and relocated
*/
@@ -823,7 +827,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
*/
efi_status = read_header(data, datasize, &context);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to read header\n");
+ ERROR(L"Failed to read header\n");
return efi_status;
}
@@ -834,7 +838,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
efi_status = verify_buffer(data, datasize, &context);
if (efi_status != EFI_SUCCESS) {
- Print(L"Verification failed\n");
+ ERROR(L"Verification failed\n");
return efi_status;
}
}
@@ -842,7 +846,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
buffer = AllocatePool(context.ImageSize);
if (!buffer) {
- Print(L"Failed to allocate image buffer\n");
+ ERROR(L"Failed to allocate image buffer\n");
return EFI_OUT_OF_RESOURCES;
}
@@ -862,7 +866,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
end = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress + size - 1);
if (!base || !end) {
- Print(L"Invalid section size\n");
+ ERROR(L"Invalid section size\n");
return EFI_UNSUPPORTED;
}
@@ -881,7 +885,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
efi_status = relocate_coff(&context, buffer);
if (efi_status != EFI_SUCCESS) {
- Print(L"Relocation failed\n");
+ ERROR(L"Relocation failed\n");
FreePool(buffer);
return efi_status;
}
@@ -899,7 +903,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
li->LoadOptionsSize = load_options_size;
if (!entry_point) {
- Print(L"Invalid entry point\n");
+ ERROR(L"Invalid entry point\n");
FreePool(buffer);
return EFI_UNSUPPORTED;
}
@@ -922,7 +926,7 @@ should_use_fallback(EFI_HANDLE image_handle)
rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
&loaded_image_protocol, (void **)&li);
if (EFI_ERROR(rc)) {
- Print(L"Could not get image for bootx64.efi: %d\n", rc);
+ ERROR(L"Could not get image for bootx64.efi: %d\n", rc);
return 0;
}
@@ -944,13 +948,13 @@ should_use_fallback(EFI_HANDLE image_handle)
rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,
&FileSystemProtocol, (void **)&fio);
if (EFI_ERROR(rc)) {
- Print(L"Could not get fio for li->DeviceHandle: %d\n", rc);
+ ERROR(L"Could not get fio for li->DeviceHandle: %d\n", rc);
return 0;
}
rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh);
if (EFI_ERROR(rc)) {
- Print(L"Could not open fio volume: %d\n", rc);
+ ERROR(L"Could not open fio volume: %d\n", rc);
return 0;
}
@@ -1029,7 +1033,7 @@ static EFI_STATUS generate_path(EFI_LOADED_IMAGE *li, CHAR16 *ImagePath,
*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
if (!*PathName) {
- Print(L"Failed to allocate path buffer\n");
+ ERROR(L"Failed to allocate path buffer\n");
efi_status = EFI_OUT_OF_RESOURCES;
goto error;
}
@@ -1072,14 +1076,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
(void **)&drive);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to find fs\n");
+ ERROR(L"Failed to find fs\n");
goto error;
}
efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to open fs\n");
+ ERROR(L"Failed to open fs\n");
goto error;
}
@@ -1090,14 +1094,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
EFI_FILE_MODE_READ, 0);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to open %s - %lx\n", PathName, efi_status);
+ ERROR(L"Failed to open %s - %lx\n", PathName, efi_status);
goto error;
}
fileinfo = AllocatePool(buffersize);
if (!fileinfo) {
- Print(L"Unable to allocate file info buffer\n");
+ ERROR(L"Unable to allocate file info buffer\n");
efi_status = EFI_OUT_OF_RESOURCES;
goto error;
}
@@ -1113,7 +1117,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
FreePool(fileinfo);
fileinfo = AllocatePool(buffersize);
if (!fileinfo) {
- Print(L"Unable to allocate file info buffer\n");
+ ERROR(L"Unable to allocate file info buffer\n");
efi_status = EFI_OUT_OF_RESOURCES;
goto error;
}
@@ -1123,7 +1127,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
}
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to get file info\n");
+ ERROR(L"Unable to get file info\n");
goto error;
}
@@ -1132,7 +1136,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
*data = AllocatePool(buffersize);
if (!*data) {
- Print(L"Unable to allocate file buffer\n");
+ ERROR(L"Unable to allocate file buffer\n");
efi_status = EFI_OUT_OF_RESOURCES;
goto error;
}
@@ -1151,7 +1155,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
}
if (efi_status != EFI_SUCCESS) {
- Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize);
+ ERROR(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize);
goto error;
}
@@ -1180,15 +1184,45 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
EFI_STATUS status;
PE_COFF_LOADER_IMAGE_CONTEXT context;
- if (!secure_mode())
- return EFI_SUCCESS;
+ in_protocol = 1;
+
+ if (!secure_mode()) {
+ status = EFI_SUCCESS;
+ goto done;
+ }
status = read_header(buffer, size, &context);
if (status != EFI_SUCCESS)
- return status;
+ goto done;
status = verify_buffer(buffer, size, &context);
+done:
+ in_protocol = 0;
+ return status;
+}
+
+static EFI_STATUS shim_hash (char *data, int datasize,
+ PE_COFF_LOADER_IMAGE_CONTEXT *context,
+ UINT8 *sha256hash, UINT8 *sha1hash)
+{
+ EFI_STATUS status;
+
+ in_protocol = 1;
+ status = generate_hash(data, datasize, context, sha256hash, sha1hash);
+ in_protocol = 0;
+
+ return status;
+}
+
+static EFI_STATUS shim_read_header(void *data, unsigned int datasize,
+ PE_COFF_LOADER_IMAGE_CONTEXT *context)
+{
+ EFI_STATUS status;
+
+ in_protocol = 1;
+ status = read_header(data, datasize, context);
+ in_protocol = 0;
return status;
}
@@ -1216,7 +1250,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
&loaded_image_protocol, (void **)&li);
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to init protocol\n");
+ ERROR(L"Unable to init protocol\n");
return efi_status;
}
@@ -1226,20 +1260,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = generate_path(li, ImagePath, &path, &PathName);
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to generate path: %s\n", ImagePath);
+ ERROR(L"Unable to generate path: %s\n", ImagePath);
goto done;
}
if (findNetboot(image_handle)) {
efi_status = parseNetbootinfo(image_handle);
if (efi_status != EFI_SUCCESS) {
- Print(L"Netboot parsing failed: %d\n", efi_status);
+ ERROR(L"Netboot parsing failed: %d\n", efi_status);
return EFI_PROTOCOL_ERROR;
}
efi_status = FetchNetbootimage(image_handle, &sourcebuffer,
&sourcesize);
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to fetch TFTP image\n");
+ ERROR(L"Unable to fetch TFTP image\n");
return efi_status;
}
data = sourcebuffer;
@@ -1251,7 +1285,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = load_image(li, &data, &datasize, PathName);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to load image\n");
+ ERROR(L"Failed to load image\n");
goto done;
}
}
@@ -1268,7 +1302,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = handle_image(data, datasize, li);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to load image\n");
+ ERROR(L"Failed to load image\n");
CopyMem(li, &li_bak, sizeof(li_bak));
goto done;
}
@@ -1336,7 +1370,7 @@ EFI_STATUS mirror_mok_list()
| EFI_VARIABLE_RUNTIME_ACCESS,
DataSize, Data);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to set MokListRT %d\n", efi_status);
+ ERROR(L"Failed to set MokListRT %d\n", efi_status);
}
done:
@@ -1378,7 +1412,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
efi_status = start_image(image_handle, MOK_MANAGER);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to start MokManager\n");
+ ERROR(L"Failed to start MokManager\n");
return efi_status;
}
}
@@ -1409,9 +1443,9 @@ static EFI_STATUS check_mok_sb (void)
* modified by the OS
*/
if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
- Print(L"MokSBState is compromised! Clearing it\n");
+ ERROR(L"MokSBState is compromised! Clearing it\n");
if (LibDeleteVariable(L"MokSBState", &shim_lock_guid) != EFI_SUCCESS) {
- Print(L"Failed to erase MokSBState\n");
+ ERROR(L"Failed to erase MokSBState\n");
}
status = EFI_ACCESS_DENIED;
} else {
@@ -1442,7 +1476,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
&LoadedImageProtocol, (void **) &li);
if (status != EFI_SUCCESS) {
- Print (L"Failed to get load options\n");
+ ERROR (L"Failed to get load options\n");
return status;
}
@@ -1486,7 +1520,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
if (loader_len > 0) {
loader_str = AllocatePool((loader_len + 1) * sizeof(CHAR16));
if (!loader_str) {
- Print(L"Failed to allocate loader string\n");
+ ERROR(L"Failed to allocate loader string\n");
return EFI_OUT_OF_RESOURCES;
}
for (i = 0; i < loader_len; i++)
@@ -1517,8 +1551,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
* call back in and use shim functions
*/
shim_lock_interface.Verify = shim_verify;
- shim_lock_interface.Hash = generate_hash;
- shim_lock_interface.Context = read_header;
+ shim_lock_interface.Hash = shim_hash;
+ shim_lock_interface.Context = shim_read_header;
systab = passed_systab;
--
1.8.1.4

93
shim-correct-user_insecure-usage.patch Normal file
View File

@ -0,0 +1,93 @@
commit d95b24bd02cf41cca9adebd95f10609d6424d2b3
Author: Matthew Garrett <matthew.garrett@nebula.com>
Date: Tue Nov 19 10:09:13 2013 -0500
Clarify meaning of insecure_mode
insecure_mode was intended to indicate that the user had explicity disabled
checks with mokutil, which means it wasn't the opposite of secure_mode().
Change the names to clarify this and don't show the insecure mode message
unless the user has explicitly enabled that mode.
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
diff --git a/replacements.c b/replacements.c
index bac5e5d..5ea5c32 100644
--- a/replacements.c
+++ b/replacements.c
@@ -64,13 +64,9 @@ static typeof(systab->BootServices->StartImage) system_start_image;
static typeof(systab->BootServices->Exit) system_exit;
static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
-extern UINT8 insecure_mode;
-
void
unhook_system_services(void)
{
- if (insecure_mode)
- return;
systab->BootServices->Exit = system_exit;
systab->BootServices->StartImage = system_start_image;
systab->BootServices->ExitBootServices = system_exit_boot_services;
@@ -123,8 +119,6 @@ exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
void
hook_system_services(EFI_SYSTEM_TABLE *local_systab)
{
- if (insecure_mode)
- return;
systab = local_systab;
/* We need to hook various calls to make this work... */
diff --git a/shim.c b/shim.c
index 9ae1936..524f5fc 100644
--- a/shim.c
+++ b/shim.c
@@ -85,7 +85,7 @@ int loader_is_participating;
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
-UINT8 insecure_mode;
+UINT8 user_insecure_mode;
UINT8 ignore_db;
typedef enum {
@@ -456,7 +456,7 @@ static BOOLEAN secure_mode (void)
UINT8 *Data;
UINT8 sb, setupmode;
- if (insecure_mode)
+ if (user_insecure_mode)
return FALSE;
status = get_variable(L"SecureBoot", &Data, &len, global_var);
@@ -1534,7 +1534,7 @@ static EFI_STATUS check_mok_sb (void)
UINTN MokSBStateSize = 0;
UINT32 attributes;
- insecure_mode = 0;
+ user_insecure_mode = 0;
ignore_db = 0;
status = get_variable_attr(L"MokSBState", &MokSBState, &MokSBStateSize,
@@ -1555,7 +1555,7 @@ static EFI_STATUS check_mok_sb (void)
status = EFI_ACCESS_DENIED;
} else {
if (*(UINT8 *)MokSBState == 1) {
- insecure_mode = 1;
+ user_insecure_mode = 1;
}
}
@@ -1753,10 +1753,10 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
/*
* Tell the user that we're in insecure mode if necessary
*/
- if (!secure_mode()) {
+ if (user_insecure_mode) {
Print(L"Booting in insecure mode\n");
uefi_call_wrapper(BS->Stall, 1, 2000000);
- } else {
+ } else if (secure_mode()) {
/*
* Install our hooks for ExitBootServices() and StartImage()
*/

165
shim-fix-dhcpv4-path-generation.patch Normal file
View File

@ -0,0 +1,165 @@
From e62b69a5b0b87c6df7a4fc23906134945309e927 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 20 Nov 2013 12:20:23 -0500
Subject: [PATCH 1/2] Fix path generation for Dhcpv4 bootloader.
Right now we always look for e.g. "\grubx64.efi", which is completely
wrong. This makes it look for the path shim was loaded from and modify
that to end in a sanitized version of our default loader name.
Resolves: rhbz#1032583
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/str.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
netboot.c | 28 +++++++++++++++++++++-------
2 files changed, 66 insertions(+), 7 deletions(-)
create mode 100644 include/str.h
diff --git a/include/str.h b/include/str.h
new file mode 100644
index 0000000..0f3e003
--- /dev/null
+++ b/include/str.h
@@ -0,0 +1,45 @@
+#ifndef SHIM_STR_H
+#define SHIM_STR_H
+
+static inline
+__attribute__((unused))
+unsigned long strnlena(const CHAR8 *s, unsigned long n)
+{
+ unsigned long i;
+ for (i = 0; i <= n; i++)
+ if (s[i] == '\0')
+ break;
+ return i;
+}
+
+static inline
+__attribute__((unused))
+CHAR8 *
+strncpya(CHAR8 *dest, const CHAR8 *src, unsigned long n)
+{
+ unsigned long i;
+
+ for (i = 0; i < n && src[i] != '\0'; i++)
+ dest[i] = src[i];
+ for (; i < n; i++)
+ dest[i] = '\0';
+
+ return dest;
+}
+
+static inline
+__attribute__((unused))
+CHAR8 *
+strcata(CHAR8 *dest, const CHAR8 *src)
+{
+ unsigned long dest_len = strlena(dest);
+ unsigned long i;
+
+ for (i = 0; src[i] != '\0'; i++)
+ dest[dest_len + i] = src[i];
+ dest[dest_len + i] = '\0';
+
+ return dest;
+}
+
+#endif /* SHIM_STR_H */
diff --git a/netboot.c b/netboot.c
index a83c82a..1732dc7 100644
--- a/netboot.c
+++ b/netboot.c
@@ -38,6 +38,7 @@
#include <string.h>
#include "shim.h"
#include "netboot.h"
+#include "str.h"
static inline unsigned short int __swap16(unsigned short int x)
{
@@ -305,19 +306,32 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- CHAR8 *template = (CHAR8 *)DEFAULT_LOADER_CHAR;
- full_path = AllocateZeroPool(strlen(template)+1);
+ CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+ UINTN template_len = strlen(template) + 1;
+
+ UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
+ UINTN i;
+ UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile;
+
+ for (i = dir_len; i >= 0; i--) {
+ if (dir[i] == '/')
+ break;
+ }
+ dir_len = (i >= 0) ? i + 1 : 0;
+
+ full_path = AllocateZeroPool(dir_len + template_len);
if (!full_path)
return EFI_OUT_OF_RESOURCES;
+ if (dir_len > 0) {
+ strncpya(full_path, dir, dir_len);
+ if (full_path[dir_len-1] == '/' && template[0] == '/')
+ full_path[dir_len-1] = '\0';
+ }
+ strcata(full_path, template);
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
- memcpy(full_path, template, strlen(template));
-
- /* Note we don't capture the filename option here because we know its shim.efi
- * We instead assume the filename at the end of the path is going to be grubx64.efi
- */
return EFI_SUCCESS;
}
--
1.8.1.4
From 27129a5a05d1947e6f7479766e8281d50d6031f6 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 21 Nov 2013 11:26:08 -0500
Subject: [PATCH 2/2] Lengths that might be -1 can't be unsigned, Peter.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
netboot.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/netboot.c b/netboot.c
index 1732dc7..07e2773 100644
--- a/netboot.c
+++ b/netboot.c
@@ -307,10 +307,10 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
- UINTN template_len = strlen(template) + 1;
+ INTN template_len = strlen(template) + 1;
- UINTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
- UINTN i;
+ INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
+ INTN i;
UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile;
for (i = dir_len; i >= 0; i--) {
@@ -329,6 +329,8 @@ static EFI_STATUS parseDhcp4()
if (full_path[dir_len-1] == '/' && template[0] == '/')
full_path[dir_len-1] = '\0';
}
+ if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
+ template++;
strcata(full_path, template);
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
--
1.8.1.4

61
shim-fix-pointer-casting.patch
View File

@ -1,61 +0,0 @@
From 23002e8e5c03800845afae8aaa7e42770c3e5d17 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 11 Jun 2013 14:58:25 -0400
Subject: [PATCH] Fix some pointer casting issues.
This also fixes the size of an empty vendor_cert or dbx_cert.
Signed-off-by: Peter Jones <shim-owner@fedoraproject.org>
---
cert.S | 2 +-
shim.c | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/cert.S b/cert.S
index 2ed9b6d..66a05b8 100644
--- a/cert.S
+++ b/cert.S
@@ -32,5 +32,5 @@ vendor_cert:
.size vendor_cert_size, 4
.section .vendor_cert, "a", @progbits
vendor_cert_size:
- .long 1
+ .long 0
#endif
diff --git a/shim.c b/shim.c
index 94b9710..7d43f04 100644
--- a/shim.c
+++ b/shim.c
@@ -59,7 +59,7 @@ static UINT32 load_options_size;
*/
extern UINT8 vendor_cert[];
extern UINT32 vendor_cert_size;
-extern EFI_SIGNATURE_LIST *vendor_dbx;
+extern UINT8 vendor_dbx[];
extern UINT32 vendor_dbx_size;
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
@@ -359,16 +359,17 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
UINT8 *sha256hash, UINT8 *sha1hash)
{
EFI_GUID secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
+ EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx;
- if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha256hash,
+ if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash,
SHA256_DIGEST_SIZE, EfiHashSha256Guid) ==
DATA_FOUND)
return EFI_ACCESS_DENIED;
- if (check_db_hash_in_ram(vendor_dbx, vendor_dbx_size, sha1hash,
+ if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha1hash,
SHA1_DIGEST_SIZE, EfiHashSha1Guid) ==
DATA_FOUND)
return EFI_ACCESS_DENIED;
- if (check_db_cert_in_ram(vendor_dbx, vendor_dbx_size, cert,
+ if (check_db_cert_in_ram(dbx, vendor_dbx_size, cert,
sha256hash) == DATA_FOUND)
return EFI_ACCESS_DENIED;
--
1.8.1.4

149
shim-fix-simple-file-selector.patch
View File

@ -1,149 +0,0 @@
From ed9cf192de86c58e9c5397afa48de7b6d7bab7a7 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:05:59 +0800
Subject: [PATCH 1/2] simple_file: Allocate buffers for file entries
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
---
lib/simple_file.c | 42 ++++++++++++++++++++++++++++++++++--------
1 file changed, 34 insertions(+), 8 deletions(-)
diff --git a/lib/simple_file.c b/lib/simple_file.c
index 0e5ecd2..e288272 100644
--- a/lib/simple_file.c
+++ b/lib/simple_file.c
@@ -344,9 +344,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
goto next;
if (next->Attribute & EFI_FILE_DIRECTORY) {
- (*result)[(*count)] = next->FileName;
- (*result)[(*count)][len] = '/';
- (*result)[(*count)++][len + 1] = '\0';
+ (*result)[(*count)] = PoolPrint(L"%s/", next->FileName);
+ if (!(*result)[(*count)]) {
+ Print(L"Failed to allocate buffer");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ (*count)++;
goto next;
}
@@ -354,7 +357,12 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
offs = StrLen(filterarr[c]);
if (StrCmp(&next->FileName[len - offs], filterarr[c]) == 0) {
- (*result)[(*count)++] = next->FileName;
+ (*result)[(*count)] = StrDuplicate(next->FileName);
+ if (!(*result)[(*count)]) {
+ Print(L"Failed to allocate buffer");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ (*count)++;
} else {
continue;
}
@@ -362,7 +370,7 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
}
next:
- if (StrCmp(next->FileName, L"../") == 0) {
+ if (StrCmp(next->FileName, L"..") == 0) {
/* place .. directory first */
CHAR16 *tmp = (*result)[(*count) - 1];
@@ -392,6 +400,15 @@ simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter,
return status;
}
+static void
+free_entries(CHAR16 **entries, int count)
+{
+ int i;
+
+ for (i = 0; i<count; i++)
+ FreePool(entries[i]);
+}
+
void
simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
CHAR16 *filter, CHAR16 **result)
@@ -436,8 +453,6 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* ESC key */
goto out_free;
selected = entries[select];
- FreePool(entries);
- entries = NULL;
/* note that memory used by selected is valid until dmp is freed */
len = StrLen(selected);
if (selected[len - 1] == '/') {
@@ -445,6 +460,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* stay where we are */
if (StrCmp(selected, L"./") == 0) {
+ free_entries(entries, count);
+ FreePool(entries);
+ entries = NULL;
FreePool(dmp);
goto redo;
} else if (StrCmp(selected, L"../") == 0) {
@@ -463,6 +481,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
if (StrCmp(name, L"\\") != 0
&& StrCmp(&name[i], L"..") != 0) {
name[i] = '\0';
+ free_entries(entries, count);
+ FreePool(entries);
+ entries = NULL;
FreePool(dmp);
goto redo;
}
@@ -478,6 +499,9 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
/* remove trailing / */
newname[StrLen(newname) - 1] = '\0';
+ free_entries(entries, count);
+ FreePool(entries);
+ entries = NULL;
FreePool(dmp);
FreePool(name);
name = newname;
@@ -494,8 +518,10 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name,
out_free:
FreePool(dmp);
- if (entries)
+ if (entries) {
+ free_entries(entries, count);
FreePool(entries);
+ }
out_free_name:
FreePool(name);
}
--
1.8.1.4
From 33080500e6bf33324a7c1463f4608f3f21d923b3 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 30 May 2013 14:10:56 +0800
Subject: [PATCH 2/2] Clean lib/, too
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index f64f409..ed47360 100644
--- a/Makefile
+++ b/Makefile
@@ -109,6 +109,7 @@ lib/lib.a:
clean:
$(MAKE) -C Cryptlib clean
$(MAKE) -C Cryptlib/OpenSSL clean
+ $(MAKE) -C lib clean
rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
rm -f *.debug *.so *.efi
--
1.8.1.4

49
shim-fix-verify-mok.patch Normal file
View File

@ -0,0 +1,49 @@
commit 11495d4019d44dce1487939f91f7d751ffbb9730
Author: Andrew Boie <andrew.p.boie@intel.com>
Date: Mon Apr 15 14:11:17 2013 -0700
fix verify_mok()
() Fix the return value semantics. If the MokList doesn't
exist, we are OK. If the MokList was compromised but we
were able to erase it, that is OK too. Only if the list
can't be nuked do we return an error.
() Fix use of potentially uninitialized attribute variable
() Actually use the return value when called from verify_buffer.
Change-Id: If16df21d79c52a1726928df96d133390cde4cb7e
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
diff --git a/shim.c b/shim.c
index 23dd0ee..dcb36d0 100644
--- a/shim.c
+++ b/shim.c
@@ -670,13 +670,12 @@ static EFI_STATUS verify_mok (void) {
status = get_variable_attr(L"MokList", &MokListData, &MokListDataSize,
shim_lock_guid, &attributes);
- if (attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
+ if (!EFI_ERROR(status) && attributes & EFI_VARIABLE_RUNTIME_ACCESS) {
Print(L"MokList is compromised!\nErase all keys in MokList!\n");
if (LibDeleteVariable(L"MokList", &shim_lock_guid) != EFI_SUCCESS) {
Print(L"Failed to erase MokList\n");
+ return EFI_ACCESS_DENIED;
}
- status = EFI_ACCESS_DENIED;
- return status;
}
if (MokListData)
@@ -722,7 +721,9 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
/*
* Check that the MOK database hasn't been modified
*/
- verify_mok();
+ status = verify_mok();
+ if (status != EFI_SUCCESS)
+ return status;
/*
* Ensure that the binary isn't blacklisted

181
shim-improve-error-messages.patch Normal file
View File

@ -0,0 +1,181 @@
commit 2f09d0ab290d9b0d8aa14c3243f1d85a20bc34e6
Author: Andrew Boie <andrew.p.boie@intel.com>
Date: Mon Nov 11 17:29:06 2013 -0800
shim: improve error messages
%r when used in Print() will show a string representation of
an EFI_STATUS code.
Change-Id: I6db47f5213454603bd66177aca378ad01e9f0bd4
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
diff --git a/shim.c b/shim.c
index a043779..9ae1936 100644
--- a/shim.c
+++ b/shim.c
@@ -914,7 +914,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
*/
efi_status = read_header(data, datasize, &context);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to read header\n");
+ Print(L"Failed to read header: %r\n", efi_status);
return efi_status;
}
@@ -981,7 +981,7 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
efi_status = relocate_coff(&context, buffer);
if (efi_status != EFI_SUCCESS) {
- Print(L"Relocation failed\n");
+ Print(L"Relocation failed: %r\n", efi_status);
FreePool(buffer);
return efi_status;
}
@@ -1022,7 +1022,7 @@ should_use_fallback(EFI_HANDLE image_handle)
rc = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
&loaded_image_protocol, (void **)&li);
if (EFI_ERROR(rc)) {
- Print(L"Could not get image for bootx64.efi: %d\n", rc);
+ Print(L"Could not get image for bootx64.efi: %r\n", rc);
return 0;
}
@@ -1044,13 +1044,13 @@ should_use_fallback(EFI_HANDLE image_handle)
rc = uefi_call_wrapper(BS->HandleProtocol, 3, li->DeviceHandle,
&FileSystemProtocol, (void **)&fio);
if (EFI_ERROR(rc)) {
- Print(L"Could not get fio for li->DeviceHandle: %d\n", rc);
+ Print(L"Could not get fio for li->DeviceHandle: %r\n", rc);
return 0;
}
rc = uefi_call_wrapper(fio->OpenVolume, 2, fio, &vh);
if (EFI_ERROR(rc)) {
- Print(L"Could not open fio volume: %d\n", rc);
+ Print(L"Could not open fio volume: %r\n", rc);
return 0;
}
@@ -1172,14 +1172,14 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
(void **)&drive);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to find fs\n");
+ Print(L"Failed to find fs: %r\n", efi_status);
goto error;
}
efi_status = uefi_call_wrapper(drive->OpenVolume, 2, drive, &root);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to open fs\n");
+ Print(L"Failed to open fs: %r\n", efi_status);
goto error;
}
@@ -1190,7 +1190,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
EFI_FILE_MODE_READ, 0);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to open %s - %lx\n", PathName, efi_status);
+ Print(L"Failed to open %s - %r\n", PathName, efi_status);
goto error;
}
@@ -1223,7 +1223,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
}
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to get file info\n");
+ Print(L"Unable to get file info: %r\n", efi_status);
goto error;
}
@@ -1251,7 +1251,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
}
if (efi_status != EFI_SUCCESS) {
- Print(L"Unexpected return from initial read: %x, buffersize %x\n", efi_status, buffersize);
+ Print(L"Unexpected return from initial read: %r, buffersize %x\n", efi_status, buffersize);
goto error;
}
@@ -1328,20 +1328,20 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = generate_path(li, ImagePath, &path, &PathName);
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to generate path: %s\n", ImagePath);
+ Print(L"Unable to generate path %s: %r\n", ImagePath, efi_status);
goto done;
}
if (findNetboot(image_handle)) {
efi_status = parseNetbootinfo(image_handle);
if (efi_status != EFI_SUCCESS) {
- Print(L"Netboot parsing failed: %d\n", efi_status);
+ Print(L"Netboot parsing failed: %r\n", efi_status);
return EFI_PROTOCOL_ERROR;
}
efi_status = FetchNetbootimage(image_handle, &sourcebuffer,
&sourcesize);
if (efi_status != EFI_SUCCESS) {
- Print(L"Unable to fetch TFTP image\n");
+ Print(L"Unable to fetch TFTP image: %r\n", efi_status);
return efi_status;
}
data = sourcebuffer;
@@ -1353,7 +1353,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = load_image(li, &data, &datasize, PathName);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to load image\n");
+ Print(L"Failed to load image %s: %r\n", PathName, efi_status);
goto done;
}
}
@@ -1370,7 +1370,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
efi_status = handle_image(data, datasize, li);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to load image\n");
+ Print(L"Failed to load image: %r\n", efi_status);
CopyMem(li, &li_bak, sizeof(li_bak));
goto done;
}
@@ -1473,7 +1473,7 @@ EFI_STATUS mirror_mok_list()
| EFI_VARIABLE_RUNTIME_ACCESS,
FullDataSize, FullData);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to set MokListRT %d\n", efi_status);
+ Print(L"Failed to set MokListRT: %r\n", efi_status);
}
return efi_status;
@@ -1514,7 +1514,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
efi_status = start_image(image_handle, MOK_MANAGER);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to start MokManager\n");
+ Print(L"Failed to start MokManager: %r\n", efi_status);
return efi_status;
}
}
@@ -1621,7 +1621,7 @@ static EFI_STATUS mok_ignore_db()
| EFI_VARIABLE_RUNTIME_ACCESS,
DataSize, (void *)&Data);
if (efi_status != EFI_SUCCESS) {
- Print(L"Failed to set MokIgnoreDB %d\n", efi_status);
+ Print(L"Failed to set MokIgnoreDB: %r\n", efi_status);
}
}
@@ -1648,7 +1648,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
status = uefi_call_wrapper(BS->HandleProtocol, 3, image_handle,
&LoadedImageProtocol, (void **) &li);
if (status != EFI_SUCCESS) {
- Print (L"Failed to get load options\n");
+ Print (L"Failed to get load options: %r\n", status);
return status;
}

5260
shim-merge-lf-loader-code.patch
View File

File diff suppressed because it is too large Load Diff

149
shim-mokmanager-disable-gfx-console.patch
View File

@ -1,149 +0,0 @@
From c19cef4b4a61c82ba9a2c323659a20ec5d1d7ba2 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 26 Sep 2013 09:44:50 -0400
Subject: [PATCH] MokManager needs to disable the graphics console.
Without this patch, on some machines we never see MokManager's UI. This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.
If you're looking for a reference, look at:
EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c
in the edk2 tree from Tiano.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Makefile | 2 +-
MokManager.c | 32 ++++++++++++++++++++++++++++++++
console_control.h | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 77 insertions(+), 1 deletion(-)
create mode 100644 console_control.h
diff --git a/Makefile b/Makefile
index 77f3e52..1e4aed8 100644
--- a/Makefile
+++ b/Makefile
@@ -37,7 +37,7 @@ OBJS = shim.o netboot.o cert.o dbx.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key
SOURCES = shim.c shim.h netboot.c signature.h PeImage.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
-MOK_SOURCES = MokManager.c shim.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
+MOK_SOURCES = MokManager.c shim.h console_control.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o
FALLBACK_SRCS = fallback.c
diff --git a/MokManager.c b/MokManager.c
index 604129f..01362f2 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -6,6 +6,7 @@
#include "signature.h"
#include "PeImage.h"
#include "PasswordCrypt.h"
+#include "console_control.h"
#include "include/console.h"
#include "include/simple_file.h"
@@ -1741,6 +1742,34 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
return EFI_SUCCESS;
}
+static VOID setup_console (int text)
+{
+ EFI_STATUS status;
+ EFI_GUID console_control_guid = EFI_CONSOLE_CONTROL_PROTOCOL_GUID;
+ EFI_CONSOLE_CONTROL_PROTOCOL *concon;
+ static EFI_CONSOLE_CONTROL_SCREEN_MODE mode =
+ EfiConsoleControlScreenGraphics;
+ EFI_CONSOLE_CONTROL_SCREEN_MODE new_mode;
+
+ status = LibLocateProtocol(&console_control_guid, (VOID **)&concon);
+ if (status != EFI_SUCCESS)
+ return;
+
+ if (text) {
+ new_mode = EfiConsoleControlScreenText;
+
+ status = uefi_call_wrapper(concon->GetMode, 4, concon, &mode,
+ 0, 0);
+ /* If that didn't work, assume it's graphics */
+ if (status != EFI_SUCCESS)
+ mode = EfiConsoleControlScreenGraphics;
+ } else {
+ new_mode = mode;
+ }
+
+ uefi_call_wrapper(concon->SetMode, 2, concon, new_mode);
+}
+
static EFI_STATUS setup_rand (void)
{
EFI_TIME time;
@@ -1772,9 +1801,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *systab)
InitializeLib(image_handle, systab);
+ setup_console(1);
+
setup_rand();
efi_status = check_mok_request(image_handle);
+ setup_console(0);
return efi_status;
}
diff --git a/console_control.h b/console_control.h
new file mode 100644
index 0000000..5fb8a4a
--- /dev/null
+++ b/console_control.h
@@ -0,0 +1,44 @@
+#ifndef _SHIM_CONSOLE_CONTROL_H
+#define _SHIM_CONSOLE_CONTROL_H 1
+
+#define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \
+ { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} }
+
+typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL EFI_CONSOLE_CONTROL_PROTOCOL;
+
+typedef enum {
+ EfiConsoleControlScreenText,
+ EfiConsoleControlScreenGraphics,
+ EfiConsoleControlScreenMaxValue
+} EFI_CONSOLE_CONTROL_SCREEN_MODE;
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_CONSOLE_CONTROL_PROTOCOL_GET_MODE) (
+ IN EFI_CONSOLE_CONTROL_PROTOCOL *This,
+ OUT EFI_CONSOLE_CONTROL_SCREEN_MODE *Mode,
+ OUT BOOLEAN *GopUgaExists, OPTIONAL
+ OUT BOOLEAN *StdInLocked OPTIONAL
+ );
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_CONSOLE_CONTROL_PROTOCOL_SET_MODE) (
+ IN EFI_CONSOLE_CONTROL_PROTOCOL *This,
+ IN EFI_CONSOLE_CONTROL_SCREEN_MODE Mode
+ );
+
+typedef
+EFI_STATUS
+(EFIAPI *EFI_CONSOLE_CONTROL_PROTOCOL_LOCK_STD_IN) (
+ IN EFI_CONSOLE_CONTROL_PROTOCOL *This,
+ IN CHAR16 *Password
+ );
+
+struct _EFI_CONSOLE_CONTROL_PROTOCOL {
+ EFI_CONSOLE_CONTROL_PROTOCOL_GET_MODE GetMode;
+ EFI_CONSOLE_CONTROL_PROTOCOL_SET_MODE SetMode;
+ EFI_CONSOLE_CONTROL_PROTOCOL_LOCK_STD_IN LockStdIn;
+};
+
+#endif /* _SHIM_CONSOLE_CONTROL_H */
--
1.8.1.4

1878
shim-mokmanager-support-crypt-hash-method.patch
View File

File diff suppressed because it is too large Load Diff

2082
shim-mokmanager-ui-revamp.patch
View File

File diff suppressed because it is too large Load Diff

1162
shim-mokx-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

370
shim-netboot-fixes.patch
View File

@ -1,370 +0,0 @@
From 6bd858269e91b3966c569f5d18a6fd3932b65112 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Fri, 20 Sep 2013 11:29:23 -0500
Subject: [PATCH 1/7] Pass the right arguments to
EFI_PXE_BASE_CODE_TFTP_READ_FILE
A wrong pointer was being passed to EFI_PXE_BASE_CODE_TFTP_READ_FILE,
preventing us from getting the file size back from the tftp call, ensuring
that we don't have enough information to properly secureboot-validate the
retrieved image.
---
netboot.c | 4 ++--
shim.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/netboot.c b/netboot.c
index d569048..f7a6a1a 100644
--- a/netboot.c
+++ b/netboot.c
@@ -328,7 +328,7 @@ EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle)
return rc;
}
-EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufsiz)
+EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz)
{
EFI_STATUS rc;
EFI_PXE_BASE_CODE_TFTP_OPCODE read = EFI_PXE_BASE_CODE_TFTP_READ_FILE;
@@ -346,7 +346,7 @@ EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINTN *bufs
try_again:
rc = uefi_call_wrapper(pxe->Mtftp, 10, pxe, read, *buffer, overwrite,
- &bufsiz, &blksz, &tftp_addr, full_path, NULL, nobuffer);
+ bufsiz, &blksz, &tftp_addr, full_path, NULL, nobuffer);
if (rc == EFI_BUFFER_TOO_SMALL) {
/* try again, doubling buf size */
diff --git a/shim.c b/shim.c
index 47e3812..c1bb85f 100644
--- a/shim.c
+++ b/shim.c
@@ -1193,7 +1193,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
EFI_DEVICE_PATH *path;
CHAR16 *PathName = NULL;
void *sourcebuffer = NULL;
- UINTN sourcesize = 0;
+ UINT64 sourcesize = 0;
void *data = NULL;
int datasize;
--
1.8.1.4
From b1fa932c45038fbe280420b88f0103610fff48aa Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Fri, 20 Sep 2013 13:03:57 -0500
Subject: [PATCH 2/7] Fix nul termination errors in filenames passed to tftp
Fix various errors in the tftp string handling, to ensure we always have
properly nul-terminated strings.
---
netboot.c | 39 ++++++++++++++++-----------------------
1 file changed, 16 insertions(+), 23 deletions(-)
diff --git a/netboot.c b/netboot.c
index f7a6a1a..b31e71c 100644
--- a/netboot.c
+++ b/netboot.c
@@ -54,7 +54,7 @@ static inline unsigned short int __swap16(unsigned short int x)
static EFI_PXE_BASE_CODE *pxe;
static EFI_IP_ADDRESS tftp_addr;
-static char *full_path;
+static UINT8 *full_path;
typedef struct {
@@ -112,7 +112,7 @@ try_again:
for (i=0; i < (bs / sizeof(EFI_HANDLE)); i++) {
status = uefi_call_wrapper(BS->OpenProtocol, 6, hbuf[i],
&pxe_base_code_protocol,
- &pxe, image_handle, NULL,
+ (void **)&pxe, image_handle, NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL);
if (status != EFI_SUCCESS) {
@@ -228,15 +228,15 @@ static UINT8 *str2ip6(char *str)
static BOOLEAN extract_tftp_info(char *url)
{
- char *start, *end;
+ CHAR8 *start, *end;
char ip6str[128];
- char *template = DEFAULT_LOADER;
+ CHAR8 *template = (CHAR8 *)DEFAULT_LOADER;
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
Print(L"URLS MUST START WITH tftp://\n");
return FALSE;
}
- start = url + 7;
+ start = (CHAR8 *)url + 7;
if (*start != '[') {
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
@@ -251,21 +251,19 @@ static BOOLEAN extract_tftp_info(char *url)
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
}
- *end = '\0';
memset(ip6str, 0, 128);
- memcpy(ip6str, start, strlen((UINT8 *)start));
- *end = ']';
+ memcpy(ip6str, start, end + 1 - start);
end++;
memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
- full_path = AllocatePool(strlen((UINT8 *)end)+strlen((UINT8 *)template)+1);
+ full_path = AllocateZeroPool(strlen(end)+strlen(template)+1);
if (!full_path)
return FALSE;
- memset(full_path, 0, strlen((UINT8 *)end)+strlen((UINT8 *)template));
- memcpy(full_path, end, strlen((UINT8 *)end));
- end = strrchr(full_path, '/');
+ memcpy(full_path, end, strlen(end));
+ end = (CHAR8 *)strrchr((char *)full_path, '/');
if (!end)
- end = full_path;
- memcpy(end, template, strlen((UINT8 *)template));
+ end = (CHAR8 *)full_path;
+ memcpy(end, template, strlen(template));
+ end[strlen(template)] = '\0';
return TRUE;
}
@@ -286,20 +284,15 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- char *template = DEFAULT_LOADER;
- char *tmp;
- int len = strlen((CHAR8 *)template);
+ CHAR8 *template = (CHAR8 *)DEFAULT_LOADER;
+ full_path = AllocateZeroPool(strlen(template)+1);
- tmp = AllocatePool(len+1);
-
- if (!tmp)
+ if (!full_path)
return EFI_OUT_OF_RESOURCES;
-
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
- memcpy(tmp, template, len+1);
- full_path = tmp;
+ memcpy(full_path, template, strlen(template));
/* Note we don't capture the filename option here because we know its shim.efi
* We instead assume the filename at the end of the path is going to be grubx64.efi
--
1.8.1.4
From a68d8233dcc76094813e5c235a80fb6c7ec6ad7c Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Fri, 20 Sep 2013 17:06:33 -0500
Subject: [PATCH 3/7] Fix an off-by-one error
We don't need to add one because our end pointer is already off the end of
the string we want to copy.
---
netboot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/netboot.c b/netboot.c
index b31e71c..15dbdf7 100644
--- a/netboot.c
+++ b/netboot.c
@@ -252,7 +252,7 @@ static BOOLEAN extract_tftp_info(char *url)
return FALSE;
}
memset(ip6str, 0, 128);
- memcpy(ip6str, start, end + 1 - start);
+ memcpy(ip6str, start, end - start);
end++;
memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
full_path = AllocateZeroPool(strlen(end)+strlen(template)+1);
--
1.8.1.4
From bbaa1df5dcc6570dc29544dbcc00353f925a1128 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 22 Sep 2013 22:21:49 -0700
Subject: [PATCH 4/7] Misc allocation cleanups
---
netboot.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/netboot.c b/netboot.c
index 15dbdf7..c81e28e 100644
--- a/netboot.c
+++ b/netboot.c
@@ -160,10 +160,9 @@ static char *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
if (ntohs(option->OpCode) == 59) {
/* This is the bootfile url option */
urllen = ntohs(option->Length);
- url = AllocatePool(urllen+2);
+ url = AllocateZeroPool(urllen+1);
if (!url)
return NULL;
- memset(url, 0, urllen+2);
memcpy(url, option->Data, urllen);
return url;
}
@@ -275,10 +274,13 @@ static EFI_STATUS parseDhcp6()
bootfile_url = get_v6_bootfile_url(packet);
- if (extract_tftp_info(bootfile_url) == FALSE)
- return EFI_NOT_FOUND;
if (!bootfile_url)
return EFI_NOT_FOUND;
+ if (extract_tftp_info(bootfile_url) == FALSE) {
+ FreePool(bootfile_url);
+ return EFI_NOT_FOUND;
+ }
+ FreePool(bootfile_url);
return EFI_SUCCESS;
}
--
1.8.1.4
From 4b1e7425479a111553f1055757429249bc389d28 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 22 Sep 2013 22:25:47 -0700
Subject: [PATCH 5/7] More consistent types, fewer casts
---
netboot.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/netboot.c b/netboot.c
index c81e28e..dab1f5c 100644
--- a/netboot.c
+++ b/netboot.c
@@ -142,11 +142,11 @@ try_again:
return rc;
}
-static char *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
+static CHAR8 *get_v6_bootfile_url(EFI_PXE_BASE_CODE_DHCPV6_PACKET *pkt)
{
void *optr;
EFI_DHCP6_PACKET_OPTION *option;
- char *url;
+ CHAR8 *url;
UINT32 urllen;
optr = pkt->DhcpOptions;
@@ -225,7 +225,7 @@ static UINT8 *str2ip6(char *str)
return (UINT8 *)ip;
}
-static BOOLEAN extract_tftp_info(char *url)
+static BOOLEAN extract_tftp_info(CHAR8 *url)
{
CHAR8 *start, *end;
char ip6str[128];
@@ -235,7 +235,7 @@ static BOOLEAN extract_tftp_info(char *url)
Print(L"URLS MUST START WITH tftp://\n");
return FALSE;
}
- start = (CHAR8 *)url + 7;
+ start = url + 7;
if (*start != '[') {
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
@@ -270,8 +270,7 @@ static BOOLEAN extract_tftp_info(char *url)
static EFI_STATUS parseDhcp6()
{
EFI_PXE_BASE_CODE_DHCPV6_PACKET *packet = (EFI_PXE_BASE_CODE_DHCPV6_PACKET *)&pxe->Mode->DhcpAck.Raw;
- char *bootfile_url;
-
+ CHAR8 *bootfile_url;
bootfile_url = get_v6_bootfile_url(packet);
if (!bootfile_url)
--
1.8.1.4
From 12cd90c232301efe7d262a33c471a6af1282ae03 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 22 Sep 2013 22:45:26 -0700
Subject: [PATCH 6/7] Correct limits on the length of ipv6 addresses
The maximum length of a string representation of an ipv6 address is 39
characters (8 groups of 4 hex chars, with 7 colons in between). So don't
allocate more room than this - and more importantly, don't blindly accept
strings from the server that are longer than our buffer...
---
netboot.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/netboot.c b/netboot.c
index dab1f5c..61777a2 100644
--- a/netboot.c
+++ b/netboot.c
@@ -228,7 +228,7 @@ static UINT8 *str2ip6(char *str)
static BOOLEAN extract_tftp_info(CHAR8 *url)
{
CHAR8 *start, *end;
- char ip6str[128];
+ char ip6str[40];
CHAR8 *template = (CHAR8 *)DEFAULT_LOADER;
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
@@ -245,12 +245,16 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
end = start;
while ((*end != '\0') && (*end != ']')) {
end++;
+ if (end - start > 39) {
+ Print(L"TFTP URL includes malformed IPv6 address\n");
+ return FALSE;
+ }
}
if (end == '\0') {
Print(L"TFTP SERVER MUST BE ENCLOSED IN [..]\n");
return FALSE;
}
- memset(ip6str, 0, 128);
+ memset(ip6str, 0, 40);
memcpy(ip6str, start, end - start);
end++;
memcpy(&tftp_addr.v6, str2ip6(ip6str), 16);
--
1.8.1.4
From 0c3bd9d9ea5261cfdf5c1d6feb2f42d17ba4ca8a Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 22 Sep 2013 23:11:26 -0700
Subject: [PATCH 7/7] Fix a memory leak
---
netboot.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/netboot.c b/netboot.c
index 61777a2..927445d 100644
--- a/netboot.c
+++ b/netboot.c
@@ -356,6 +356,8 @@ try_again:
goto try_again;
}
+ if (rc != EFI_SUCCESS && *buffer) {
+ FreePool(*buffer);
+ }
return rc;
-
}
--
1.8.1.4

15
shim-suse-build.patch
View File

@ -1,15 +0,0 @@
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ LIB_PATH = /usr/lib64
EFI_INCLUDE = /usr/include/efi
EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
-EFI_PATH = /usr/lib64/gnuefi
+EFI_PATH = /usr/lib64
LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)

27
shim.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu Dec 5 02:05:13 UTC 2013 - glin@suse.com
- Update to 0.7
- Add upstream patches:
+ shim-fix-verify-mok.patch
+ shim-improve-error-messages.patch
+ shim-correct-user_insecure-usage.patch
+ shim-fix-dhcpv4-path-generation.patch
- Add shim-mokx-support.patch to support the MOK blacklist
(Fate#316531)
- Drop upstreamed patches
+ shim-fix-pointer-casting.patch
+ shim-merge-lf-loader-code.patch
+ shim-fix-simple-file-selector.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
+ shim-netboot-fixes.patch
+ shim-mokmanager-disable-gfx-console.patch
- Drop shim-suse-build.patch: it's not necessary anymore
- Drop shim-bnc841426-silence-shim-protocols.patch: shim is not
verbose by default
-------------------------------------------------------------------
Thu Oct 31 09:11:18 UTC 2013 - fcrozat@suse.com

52
shim.spec
View File

@ -19,7 +19,7 @@
# needssslcertforbuild
Name: shim
Version: 0.4
Version: 0.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
@ -38,32 +38,16 @@ Source7: show_hash.sh
Source8: show_signatures.sh
Source9: openSUSE-UEFI-CA-Certificate-4096.crt
Source10: timestamp.pl
# PATCH-FIX-SUSE shim-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch0: shim-suse-build.patch
# PATCH-FIX-UPSTREAM shim-fix-pointer-casting.patch glin@suse.com -- Fix a casting issue and the size of an empty vendor_cert or dbx_cert.
Patch1: shim-fix-pointer-casting.patch
# PATCH-FIX-UPSTREAM shim-merge-lf-loader-code.patch glin@suse.com -- Merge the Linux Foundation loader UI code
Patch2: shim-merge-lf-loader-code.patch
# PATCH-FIX-UPSTREAM shim-fix-simple-file-selector.patch glin@suse.com -- Fix the buffer allocation in the simple file selector
Patch3: shim-fix-simple-file-selector.patch
# PATCH-FIX-UPSTREAM shim-mokmanager-support-crypt-hash-method.patch glin@suse.com -- Support the password hashes from /etc/shadow
Patch4: shim-mokmanager-support-crypt-hash-method.patch
# PATCH-FIX-UPSTREAM shim-bnc804631-fix-broken-bootpath.patch bnc#804631 glin@suse.com -- Fix the broken bootpath generated in generate_path()
Patch5: shim-bnc804631-fix-broken-bootpath.patch
# PATCH-FIX-UPSTREAM shim-bnc798043-no-doulbe-separators.patch bnc#798043 glin@suse.com -- Remove all double-separators from the bootpath
Patch6: shim-bnc798043-no-doulbe-separators.patch
# PATCH-FIX-UPSTREAM shim-bnc807760-change-pxe-2nd-loader-name.patch bnc#807760 glin@suse.com -- Change the PXE 2nd stage loader to match the filename we are using
Patch7: shim-bnc807760-change-pxe-2nd-loader-name.patch
# PATCH-FIX-UPSTREAM shim-bnc808106-correct-certcount.patch bnc#808106 glin@suse.com -- Correct the certifcate count of the signature list
Patch8: shim-bnc808106-correct-certcount.patch
# PATCH-FIX-UPSTREAM shim-mokmanager-ui-revamp.patch glin@suse.com -- Revamp the MokManager UI
Patch9: shim-mokmanager-ui-revamp.patch
# PATCH-FIX-UPSTREAM shim-netboot-fixes.patch glin@suse.com -- Upstream netboot fixes
Patch10: shim-netboot-fixes.patch
# PATCH-FIX-UPSTREAM shim-mokmanager-disable-gfx-console.patch glin@suse.com -- Disable graphics console to avoid system hang on some machines
Patch11: shim-mokmanager-disable-gfx-console.patch
# PATCH-FIX-UPSTREAM shim-bnc841426-silence-shim-protocols.patch bnc#841426 glin@suse.com -- Silence the shim protocols to avoid system hang
Patch12: shim-bnc841426-silence-shim-protocols.patch
# PATCH-FIX-UPSTREAM shim-fix-verify-mok.patch glin@suse.com -- Fix the error handling in verify_mok()
Patch1: shim-fix-verify-mok.patch
# PATCH-FIX-UPSTREAM shim-improve-error-messages.patch glin@suse.com -- Improve the error messages
Patch2: shim-improve-error-messages.patch
# PATCH-FIX-UPSTREAM shim-correct-user_insecure-usage.patch glin@suse.com -- Correct the usage of the user insecure mode variable
Patch3: shim-correct-user_insecure-usage.patch
# PATCH-FIX-UPSTREAM shim-fix-dhcpv4-path-generation.patch glin@suse.com -- Fix path generation for DHCPv4 bootloader
Patch4: shim-fix-dhcpv4-path-generation.patch
# PATCH-FIX-UPSTREAM shim-mokx-support.patch glin@suse.com -- Support MOK blacklist
Patch5: shim-mokx-support.patch
BuildRequires: gnu-efi >= 3.0t
BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8
@ -86,26 +70,16 @@ Authors:
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%build
chmod +x "make-certs"
# first, build MokManager and fallback as they don't depend on a
# specific certificate
make MokManager.efi fallback.efi 2>/dev/null
make EFI_PATH=/usr/lib64 MokManager.efi fallback.efi 2>/dev/null
# now build variants of shim that embed different certificates
default=''
@ -154,7 +128,7 @@ for suffix in "${suffixes[@]}"; do
rm -f shim.cer
fi
# make sure cast warnings don't trigger post build check
make VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null
make EFI_PATH=/usr/lib64 VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null
# make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
chmod 755 %{SOURCE6} %{SOURCE7} %{SOURCE10}
# alternative: verify signature