Accepting request 294902 from home:gary_lin:branches:devel:openSUSE:Factory

- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
  openssl to 0.9.8zf
- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
  the shim protocols at Exit (bsc#919675)
- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
  the buffer size for the boot options (bsc#920515) 
- Refresh shim-opensuse-cert-prompt.patch

OBS-URL: https://build.opensuse.org/request/show/294902
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=96

shim-bsc919675-uninstall-shim-protocols.patch

@@ -0,0 +1,145 @@
+From 4f8bf8c570dadf8044e7f3f260c55e3e22630998 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Tue, 3 Mar 2015 16:53:11 +0800
+Subject: [PATCH] Uninstall shim protocols at Exit()
+
+Shim uninstalls its own protocol at the end of the program. However,
+if the loaded binary, e.g. grub2, calls Exit(), the uninstall function
+would never be called, i.e. the shim protocol handle existed even if
+shim was gone. This already caused crashes on the dell machines with
+the following steps:
+
+1. boot to grub2 and press 'C' for the grub2 shell
+2. type "exit" to quit the shell
+3. boot to grub2 again and boot an OS
+
+While grub2 uses the shim protocol to verify the OS image, it may get
+the old dead shim handle and crash the system.
+
+This commit adds uninstall_shim_protocols() to the hooked exit function
+and always hook Exit to clean up the protocol handle.
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ replacements.c | 35 ++++++++++++++++++++++++++++-------
+ replacements.h |  1 +
+ shim.c         |  5 ++++-
+ 3 files changed, 33 insertions(+), 8 deletions(-)
+
+diff --git a/replacements.c b/replacements.c
+index f7623d9..4d96e57 100644
+--- a/replacements.c
++++ b/replacements.c
+@@ -74,6 +74,10 @@ unhook_system_services(void)
+ 		return;
+ 
+ 	systab->BootServices->Exit = system_exit;
++
++	if (hook_exit_only)
++		return;
++
+ 	systab->BootServices->LoadImage = system_load_image;
+ 	systab->BootServices->StartImage = system_start_image;
+ 	systab->BootServices->ExitBootServices = system_exit_boot_services;
+@@ -167,10 +171,24 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus,
+ {
+ 	EFI_STATUS status;
+ 	unhook_system_services();
++	uninstall_shim_protocols();
+ 
+ 	status = systab->BootServices->Exit(ImageHandle, ExitStatus, ExitDataSize, ExitData);
+-	if (EFI_ERROR(status))
++	if (EFI_ERROR(status)) {
++		EFI_STATUS status2 = install_shim_protocols();
++
++		if (EFI_ERROR(status2)) {
++			Print(L"Something has gone seriously wrong: %r\n",
++				status2);
++			Print(L"shim cannot continue, sorry.\n");
++			systab->BootServices->Stall(5000000);
++			systab->RuntimeServices->ResetSystem(
++				EfiResetShutdown,
++				EFI_SECURITY_VIOLATION, 0, NULL);
++		}
++
+ 		hook_system_services(systab);
++	}
+ 	return status;
+ }
+ 
+@@ -182,6 +200,15 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab)
+ 
+ 	/* We need to hook various calls to make this work... */
+ 
++	/* we need to hook Exit() so that we can allow users to quit the
++	 * bootloader and still e.g. start a new one or run an internal
++	 * shell. */
++	system_exit = systab->BootServices->Exit;
++	systab->BootServices->Exit = do_exit;
++
++	if (hook_exit_only)
++		return;
++
+ 	/* We need LoadImage() hooked so that fallback.c can load shim
+ 	 * without having to fake LoadImage as well.  This allows it
+ 	 * to call the system LoadImage(), and have us track the output
+@@ -201,10 +228,4 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab)
+ 	 * and b) we can unwrap when we're done. */
+ 	system_exit_boot_services = systab->BootServices->ExitBootServices;
+ 	systab->BootServices->ExitBootServices = exit_boot_services;
+-
+-	/* we need to hook Exit() so that we can allow users to quit the
+-	 * bootloader and still e.g. start a new one or run an internal
+-	 * shell. */
+-	system_exit = systab->BootServices->Exit;
+-	systab->BootServices->Exit = do_exit;
+ }
+diff --git a/replacements.h b/replacements.h
+index bd09424..928144d 100644
+--- a/replacements.h
++++ b/replacements.h
+@@ -37,6 +37,7 @@ typedef enum {
+ 
+ extern verification_method_t verification_method;
+ extern int loader_is_participating;
++extern int hook_exit_only;
+ 
+ extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab);
+ extern void unhook_system_services(void);
+diff --git a/shim.c b/shim.c
+index d46494a..6fbe427 100644
+--- a/shim.c
++++ b/shim.c
+@@ -90,6 +90,7 @@ UINT8 *vendor_dbx;
+  */
+ verification_method_t verification_method;
+ int loader_is_participating;
++int exit_only;
+ 
+ #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
+ 
+@@ -2100,6 +2101,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ 	/*
+ 	 * Tell the user that we're in insecure mode if necessary
+ 	 */
++	hook_exit_only = 1;
+ 	if (user_insecure_mode) {
+ 		Print(L"Booting in insecure mode\n");
+ 		uefi_call_wrapper(BS->Stall, 1, 2000000);
+@@ -2110,11 +2112,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ 			 * that anything it boots has performed some
+ 			 * validation of the next image.
+ 			 */
+-			hook_system_services(systab);
++			hook_exit_only = 0;
+ 			loader_is_participating = 0;
+ 		}
+ 	}
+ 
++	hook_system_services(systab);
+ 	efi_status = install_shim_protocols();
+ 	if (EFI_ERROR(efi_status))
+ 		return efi_status;
+-- 
+2.1.4
+

shim-bsc920515-fix-fallback-buffer-length.patch

@@ -0,0 +1,54 @@
+From 8bfaa280dc0fcc67e636f33f5c056d6f08b22ef5 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 25 Feb 2015 18:45:41 +0000
+Subject: [PATCH] Fix length of allocated buffer for boot option comparison.
+
+The following commit:
+
+  commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6
+  Author: Gary Ching-Pang Lin <glin@suse.com>
+  Date:   Thu Mar 6 10:57:02 2014 +0800
+
+    [fallback] Fix the data size for boot option comparison
+
+corrected the data size used for comparison, but also reduced the
+allocation so it doesn't include the trailing UTF16LE '\0\0' at the
+end of the string, with the result that the trailer of the buffer
+containing the string is overwritten, which OVMF detects as memory
+corruption.
+
+Increase the size of the storage buffer in a few places to correct
+this problem.
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Gary Ching-Pang Lin <glin@suse.com>
+---
+ fallback.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fallback.c b/fallback.c
+index d10fb62..0c1a413 100644
+--- a/fallback.c
++++ b/fallback.c
+@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+ 				StrLen(label)*2 + 2 + DevicePathSize(hddp) +
+ 				StrLen(arguments) * 2;
+ 
+-			CHAR8 *data = AllocateZeroPool(size);
++			CHAR8 *data = AllocateZeroPool(size + 2);
+ 			CHAR8 *cursor = data;
+ 			*(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
+ 			cursor += sizeof (UINT32);
+@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
+ 		StrLen(label)*2 + 2 + DevicePathSize(dp) +
+ 		StrLen(arguments) * 2;
+ 
+-	CHAR8 *data = AllocateZeroPool(size);
++	CHAR8 *data = AllocateZeroPool(size + 2);
+ 	if (!data)
+ 		return EFI_OUT_OF_RESOURCES;
+ 	CHAR8 *cursor = data;
+-- 
+2.1.4
+

shim-opensuse-cert-prompt.patch

@@ -1,4 +1,4 @@
-From e3b81e524747199fb7da29e5988cff79db1658a3 Mon Sep 17 00:00:00 2001
+From eeeb5117c7d30eef6ec8a09f884d6e6872e41638 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Tue, 18 Feb 2014 17:29:19 +0800
 Subject: [PATCH 1/3] Show the build-in certificate prompt
@@ -21,18 +21,18 @@ The state will store in use_openSUSE_cert, a volatile RT variable.
  1 file changed, 74 insertions(+), 2 deletions(-)
 
 diff --git a/shim.c b/shim.c
-index d46494a..c14a54d 100644
+index 6fbe427..112a141 100644
 --- a/shim.c
 +++ b/shim.c
-@@ -90,6 +90,7 @@ UINT8 *vendor_dbx;
-  */
+@@ -91,6 +91,7 @@ UINT8 *vendor_dbx;
  verification_method_t verification_method;
  int loader_is_participating;
+ int exit_only;
 +BOOLEAN use_builtin_cert;
  
  #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
  
-@@ -954,7 +955,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
+@@ -955,7 +956,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
  	if (status == EFI_SUCCESS)
  		return status;
  
@@ -41,7 +41,7 @@ index d46494a..c14a54d 100644
  		/*
  		 * Check against the shim build key
  		 */
-@@ -1708,7 +1709,7 @@ EFI_STATUS mirror_mok_list()
+@@ -1709,7 +1710,7 @@ EFI_STATUS mirror_mok_list()
  	if (efi_status != EFI_SUCCESS)
  		DataSize = 0;
  
@@ -50,7 +50,7 @@ index d46494a..c14a54d 100644
  		FullDataSize = DataSize
  			     + sizeof (*CertList)
  			     + sizeof (EFI_GUID)
-@@ -2057,6 +2058,75 @@ uninstall_shim_protocols(void)
+@@ -2058,6 +2059,75 @@ uninstall_shim_protocols(void)
  			  &shim_lock_guid, &shim_lock_interface);
  }
  
@@ -126,9 +126,9 @@ index d46494a..c14a54d 100644
  EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
  {
  	EFI_STATUS efi_status;
-@@ -2112,6 +2182,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
+@@ -2114,6 +2184,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
  			 */
- 			hook_system_services(systab);
+ 			hook_exit_only = 0;
  			loader_is_participating = 0;
 +			if (builtin_cert_prompt() != 0)
 +				return EFI_ABORTED;
@@ -136,10 +136,10 @@ index d46494a..c14a54d 100644
  	}
  
 -- 
-1.8.4.5
+2.1.4
 
 
-From 7b87b12059a9f26125f135ae649757346d26d6f8 Mon Sep 17 00:00:00 2001
+From 869b4633b647c00d13bdf9c2ad554e5d5b8b9670 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Thu, 20 Feb 2014 16:57:08 +0800
 Subject: [PATCH 2/3] Support revoking the openSUSE cert
@@ -292,10 +292,10 @@ index 442ab8f..7277968 100644
  	LibDeleteVariable(L"MokDelAuth", &shim_lock_guid);
  	LibDeleteVariable(L"MokXAuth", &shim_lock_guid);
 diff --git a/shim.c b/shim.c
-index c14a54d..1287eed 100644
+index 112a141..9ffac1f 100644
 --- a/shim.c
 +++ b/shim.c
-@@ -1818,7 +1818,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
+@@ -1819,7 +1819,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
  	    check_var(L"MokPW") || check_var(L"MokAuth") ||
  	    check_var(L"MokDel") || check_var(L"MokDB") ||
  	    check_var(L"MokXNew") || check_var(L"MokXDel") ||
@@ -305,10 +305,10 @@ index c14a54d..1287eed 100644
  
  		if (efi_status != EFI_SUCCESS) {
 -- 
-1.8.4.5
+2.1.4
 
 
-From c7340fe9219777622fe58b6596f53a4cad739e9f Mon Sep 17 00:00:00 2001
+From 8d8ccfdebdd01601548d662ad8a43371d307e2f1 Mon Sep 17 00:00:00 2001
 From: Gary Ching-Pang Lin <glin@suse.com>
 Date: Fri, 7 Mar 2014 16:17:20 +0800
 Subject: [PATCH 3/3] Delete openSUSE_Verify the right way
@@ -337,5 +337,5 @@ index 7277968..b5d2454 100644
  		console_error(L"Failed to delete openSUSE_Verify", status);
  		return -1;
 -- 
-1.8.4.5
+2.1.4
 

shim.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Tue Apr  7 07:42:06 UTC 2015 - glin@suse.com
+
+- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
+  openssl to 0.9.8zf
+- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
+  the shim protocols at Exit (bsc#919675)
+- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
+  the buffer size for the boot options (bsc#920515) 
+- Refresh shim-opensuse-cert-prompt.patch
+
 -------------------------------------------------------------------
 Thu Apr  2 16:31:28 UTC 2015 - crrodriguez@opensuse.org
 

shim.spec

@@ -48,6 +48,12 @@ Patch2:         shim-only-os-name.patch
 Patch3:         shim-fix-gnu-efi-30w.patch
 # PATCH-FIX-UPSTREAM shim-fix-mokmanager-sections.patch glin@suse.com -- Fix the objcopy parameters for the EFI files
 Patch4:         shim-fix-mokmanager-sections.patch
+# PATCH-FIX-UPSTREAM shim-bsc919675-uninstall-shim-protocols.patch glin@suse.com -- Uinstall the shim protocols at Exit
+Patch5:         shim-bsc919675-uninstall-shim-protocols.patch
+# PATCH-FIX-UPSTREAM shim-bsc920515-fix-fallback-buffer-length.patch glin@suse.com -- Fix the buffer size for the boot options
+Patch6:         shim-bsc920515-fix-fallback-buffer-length.patch
+# PATCH-FIX-UPSTREAM shim-update-cryptlib.patch glin@suse.com -- Update Cryptlib and openssl
+Patch7:         shim-update-cryptlib.patch
 # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
 Patch100:       shim-opensuse-cert-prompt.patch
 Patch101:       shim-gcc5.patch
@@ -78,6 +84,9 @@ Authors:
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 %patch100 -p1
 %patch101 -p1
 %build