diff --git a/shim-bnc863205-mokmanager-fix-hash-delete.patch b/shim-bnc863205-mokmanager-fix-hash-delete.patch new file mode 100644 index 0000000..c476741 --- /dev/null +++ b/shim-bnc863205-mokmanager-fix-hash-delete.patch @@ -0,0 +1,86 @@ +From 23cdee7b62fc62cd988d74b2180014595da9e4c5 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 13 Feb 2014 15:05:45 +0800 +Subject: [PATCH 1/2] MokManager: calculate the variable size correctly + +MokSize of the hash signature list includes the owner GUID, +so we should not add the 16bytes compensation. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/MokManager.c b/MokManager.c +index e79a8e0..e0cc143 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -934,7 +934,9 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num, + if (list[i].Mok == NULL) + continue; + +- DataSize += sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); ++ DataSize += sizeof(EFI_SIGNATURE_LIST); ++ if (CompareGuid(&(list[i].Type), &CertType) == 0) ++ DataSize += sizeof(EFI_GUID); + DataSize += list[i].MokSize; + } + +-- +1.8.4.5 + + +From 6b70c15cd8a83e0e62088bc4f2f8e84e818d2b73 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Mon, 17 Feb 2014 17:49:55 +0800 +Subject: [PATCH 2/2] MokManager: fix the hash list counting in delete + +match_hash() requests the number of keys in a list and it was +mistakenly replaced with the size of the Mok node. This would +made MokManager to remove the whole Mok node instead of one +hash. + +Signed-off-by: Gary Ching-Pang Lin +--- + MokManager.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index e0cc143..5af5ce6 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1042,6 +1042,7 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, + { + EFI_GUID HashType = EFI_CERT_SHA256_GUID; + UINT32 sig_size; ++ UINT32 list_num; + int i, del_ind; + void *start, *end; + UINT32 remain; +@@ -1053,8 +1054,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, + (mok[i].MokSize < sig_size)) + continue; + ++ list_num = mok[i].MokSize / sig_size; ++ + del_ind = match_hash(hash, hash_size, 0, mok[i].Mok, +- mok[i].MokSize); ++ list_num); + while (del_ind >= 0) { + /* Remove the hash */ + if (sig_size == mok[i].MokSize) { +@@ -1069,9 +1072,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size, + + mem_move(start, end, remain); + mok[i].MokSize -= sig_size; ++ list_num--; + + del_ind = match_hash(hash, hash_size, del_ind, +- mok[i].Mok, mok[i].MokSize); ++ mok[i].Mok, list_num); + } + } + } +-- +1.8.4.5 + diff --git a/shim.changes b/shim.changes index efbdc8c..f67c7c4 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Feb 17 09:58:56 UTC 2014 - glin@suse.com + +- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the + hash deletion operation to avoid ruining the whole list + (bnc#863205) + ------------------------------------------------------------------- Tue Feb 11 06:30:02 UTC 2014 - glin@suse.com diff --git a/shim.spec b/shim.spec index d21f129..d86a770 100644 --- a/shim.spec +++ b/shim.spec @@ -57,6 +57,8 @@ Patch7: shim-only-os-name.patch Patch8: shim-get-variable-check.patch # PATCH-FIX-UPSTREAM shim-fallback-improve--entries-creation.patch glin@suse.com -- Improve the boot entry pathes and avoid generating the boot entries that are already there Patch9: shim-fallback-improve-entries-creation.patch +# PATCH-FIX-UPSTREAM shim-bnc863205-mokmanager-fix-hash-delete.patch bnc#863205 glin@suse.com -- Fix the hash deletion operation to avoid ruining the whole list +Patch10: shim-bnc863205-mokmanager-fix-hash-delete.patch BuildRequires: gnu-efi >= 3.0t BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 @@ -88,6 +90,7 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build # first, build MokManager and fallback as they don't depend on a