Accepting request 222658 from home:gary_lin:branches:devel:openSUSE:Factory

- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the hash deletion operation to avoid ruining the whole list (bnc#863205) OBS-URL: https://build.opensuse.org/request/show/222658 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=58
2014-02-18 03:46:55 +00:00 · 2014-02-18 03:46:55 +00:00 · 18c5d7ff47
commit 18c5d7ff47
parent 63a3d1b717
3 changed files with 96 additions and 0 deletions
--- a/shim-bnc863205-mokmanager-fix-hash-delete.patch
+++ b/shim-bnc863205-mokmanager-fix-hash-delete.patch
@ -0,0 +1,86 @@
+From 23cdee7b62fc62cd988d74b2180014595da9e4c5 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Thu, 13 Feb 2014 15:05:45 +0800
+Subject: [PATCH 1/2] MokManager: calculate the variable size correctly
+
+MokSize of the hash signature list includes the owner GUID,
+so we should not add the 16bytes compensation.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ MokManager.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index e79a8e0..e0cc143 100644
+--- a/MokManager.c
+++ b/MokManager.c
+@@ -934,7 +934,9 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num,
+ 		if (list[i].Mok == NULL)
+ 			continue;
+ 
+-		DataSize += sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
+		DataSize += sizeof(EFI_SIGNATURE_LIST);
+		if (CompareGuid(&(list[i].Type), &CertType) == 0)
+			DataSize += sizeof(EFI_GUID);
+ 		DataSize += list[i].MokSize;
+ 	}
+ 
+-- 
+1.8.4.5
+
+
+From 6b70c15cd8a83e0e62088bc4f2f8e84e818d2b73 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 17 Feb 2014 17:49:55 +0800
+Subject: [PATCH 2/2] MokManager: fix the hash list counting in delete
+
+match_hash() requests the number of keys in a list and it was
+mistakenly replaced with the size of the Mok node. This would
+made MokManager to remove the whole Mok node instead of one
+hash.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ MokManager.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index e0cc143..5af5ce6 100644
+--- a/MokManager.c
+++ b/MokManager.c
+@@ -1042,6 +1042,7 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size,
+ {
+ 	EFI_GUID HashType = EFI_CERT_SHA256_GUID;
+ 	UINT32 sig_size;
+	UINT32 list_num;
+ 	int i, del_ind;
+ 	void *start, *end;
+ 	UINT32 remain;
+@@ -1053,8 +1054,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size,
+ 		    (mok[i].MokSize < sig_size))
+ 			continue;
+ 
+		list_num = mok[i].MokSize / sig_size;
+
+ 		del_ind = match_hash(hash, hash_size, 0, mok[i].Mok,
+-				     mok[i].MokSize);
+				     list_num);
+ 		while (del_ind >= 0) {
+ 			/* Remove the hash */
+ 			if (sig_size == mok[i].MokSize) {
+@@ -1069,9 +1072,10 @@ static void delete_hash_in_list (UINT8 *hash, UINT32 hash_size,
+ 
+ 			mem_move(start, end, remain);
+ 			mok[i].MokSize -= sig_size;
+			list_num--;
+ 
+ 			del_ind = match_hash(hash, hash_size, del_ind,
+-					     mok[i].Mok, mok[i].MokSize);
+					     mok[i].Mok, list_num);
+ 		}
+ 	}
+ }
+-- 
+1.8.4.5
+
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Feb 17 09:58:56 UTC 2014 - glin@suse.com
+
+- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
+  hash deletion operation to avoid ruining the whole list
+  (bnc#863205)
+
 -------------------------------------------------------------------
 Tue Feb 11 06:30:02 UTC 2014 - glin@suse.com

--- a/shim.spec
+++ b/shim.spec
@ -57,6 +57,8 @@ Patch7:         shim-only-os-name.patch
 Patch8:         shim-get-variable-check.patch
 # PATCH-FIX-UPSTREAM shim-fallback-improve--entries-creation.patch glin@suse.com -- Improve the boot entry pathes and avoid generating the boot entries that are already there 
 Patch9:         shim-fallback-improve-entries-creation.patch
+# PATCH-FIX-UPSTREAM shim-bnc863205-mokmanager-fix-hash-delete.patch bnc#863205 glin@suse.com -- Fix the hash deletion operation to avoid ruining the whole list
+Patch10:        shim-bnc863205-mokmanager-fix-hash-delete.patch
 BuildRequires:  gnu-efi >= 3.0t
 BuildRequires:  mozilla-nss-tools
 BuildRequires:  openssl >= 0.9.8
@ -88,6 +90,7 @@ Authors:
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1

 %build
 # first, build MokManager and fallback as they don't depend on a