pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list

OBS-URL: https://build.opensuse.org/request/show/157970
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
This commit is contained in:
Gary Ching-Pang Lin 2013-03-08 08:06:19 +00:00 committed by Git OBS Bridge
parent e356a6eeae
commit 6c21f45551
4 changed files with 106 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
shim-bnc807760-change-pxe-2nd-loader-name.patch Normal file
View File

@ -0,0 +1,58 @@
From 8222b5f6dd8ff34368173b86ae6108cb792802a7 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Mar 2013 11:59:44 +0800
Subject: [PATCH] Define the PXE 2nd stage loader in the beginning of the file
Make it easier to change the PXE 2nd stage loader.
---
netboot.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/netboot.c b/netboot.c
index 90fb9cb..ae723c7 100644
--- a/netboot.c
+++ b/netboot.c
@@ -39,6 +39,7 @@
#include "shim.h"
#include "netboot.h"
+#define DEFAULT_LOADER "/grub.efi"
static inline unsigned short int __swap16(unsigned short int x)
{
@@ -238,7 +239,7 @@ static BOOLEAN extract_tftp_info(char *url)
{
char *start, *end;
char ip6str[128];
- char *template = "/grubx64.efi";
+ char *template = DEFAULT_LOADER;
if (strncmp((UINT8 *)url, (UINT8 *)"tftp://", 7)) {
Print(L"URLS MUST START WITH tftp://\n");
@@ -294,9 +295,11 @@ static EFI_STATUS parseDhcp6()
static EFI_STATUS parseDhcp4()
{
- char *template = "/grubx64.efi";
- char *tmp = AllocatePool(16);
+ char *template = DEFAULT_LOADER;
+ char *tmp;
+ int len = strlen((CHAR8 *)template);
+ tmp = AllocatePool(len+1);
if (!tmp)
return EFI_OUT_OF_RESOURCES;
@@ -304,8 +307,7 @@ static EFI_STATUS parseDhcp4()
memcpy(&tftp_addr.v4, pxe->Mode->DhcpAck.Dhcpv4.BootpSiAddr, 4);
- memcpy(tmp, template, 12);
- tmp[13] = '\0';
+ memcpy(tmp, template, len+1);
full_path = tmp;
/* Note we don't capture the filename option here because we know its shim.efi
--
1.7.10.4

34
shim-bnc808106-correct-certcount.patch Normal file
View File

@ -0,0 +1,34 @@
From 822b44b8d978449a43fb2cd7bcd1381d961d0b25 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 8 Mar 2013 14:44:50 +0800
Subject: [PATCH] Correct the certificate count of the signature list
---
shim.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index c36b641..1daa84b 100644
--- a/shim.c
+++ b/shim.c
@@ -228,7 +228,7 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &CertType) == 0) {
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
for (Index = 0; Index < CertCount; Index++) {
IsFound = AuthenticodeVerify (data->CertData,
@@ -293,7 +293,7 @@ static CHECK_STATUS check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList,
BOOLEAN IsFound = FALSE;
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize -sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if (CompareGuid(&CertList->SignatureType, &CertType) == 0) {
for (Index = 0; Index < CertCount; Index++) {
--
1.7.10.4

8
shim.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Mar 8 06:53:47 UTC 2013 - glin@suse.com
- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the
PXE 2nd stage loader name (bnc#807760)
- Add shim-bnc808106-correct-certcount.patch to correct the
certificate count of the signature list (bnc#808106)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 1 10:07:55 UTC 2013 - glin@suse.com Fri Mar 1 10:07:55 UTC 2013 - glin@suse.com

6
shim.spec
View File

@ -57,6 +57,10 @@ Patch10: shim-keep-unsigned-mokmanager.patch
Patch11: shim-bnc804631-fix-broken-bootpath.patch Patch11: shim-bnc804631-fix-broken-bootpath.patch
# PATCH-FIX-UPSTREAM shim-bnc798043-no-doulbe-separators.patch bnc#798043 glin@suse.com -- Remove all double-separators from the bootpath # PATCH-FIX-UPSTREAM shim-bnc798043-no-doulbe-separators.patch bnc#798043 glin@suse.com -- Remove all double-separators from the bootpath
Patch12: shim-bnc798043-no-doulbe-separators.patch Patch12: shim-bnc798043-no-doulbe-separators.patch
# PATCH-FIX-UPSTREAM shim-bnc807760-change-pxe-2nd-loader-name.patch bnc#807760 glin@suse.com -- Change the PXE 2nd stage loader to match the filename we are using
Patch13: shim-bnc807760-change-pxe-2nd-loader-name.patch
# PATCH-FIX-UPSTREAM shim-bnc808106-correct-certcount.patch bnc#808106 glin@suse.com -- Correct the certifcate count of the signature list
Patch14: shim-bnc808106-correct-certcount.patch
BuildRequires: gnu-efi >= 3.0q BuildRequires: gnu-efi >= 3.0q
BuildRequires: mozilla-nss-tools BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8 BuildRequires: openssl >= 0.9.8
@ -90,6 +94,8 @@ Authors:
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1
%patch13 -p1
%patch14 -p1
%build %build
chmod +x "make-certs" chmod +x "make-certs"