pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 519292 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
- Print the debug messages in fallback.efi dynamically
- Refresh shim-fallback-workaround-masked-ami-variables.patch
- Measure more components and support TPM better

OBS-URL: https://build.opensuse.org/request/show/519292
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=132
This commit is contained in:
Gary Ching-Pang Lin 2017-08-29 09:16:30 +00:00 committed by Git OBS Bridge
parent 5263d48333
commit 6e9b303231
5 changed files with 1592 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
shim-add-fallback-verbose-print.patch Normal file
View File

@ -0,0 +1,304 @@
From 5b7f867367131e758548f9b537b765611ce3d874 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 31 Jul 2017 11:07:06 -0400
Subject: [PATCH 1/2] fallback: Minor whitespace cleanup
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit 87c8f07e98995c7a2bd040e9d7b7c35b15ff05e4)
---
fallback.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fallback.c b/fallback.c
index 0a7058b..9ec40b8 100644
--- a/fallback.c
+++ b/fallback.c
@@ -114,7 +114,7 @@ EFI_STATUS
make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen)
{
UINT64 len;
-
+
len = StrLen(L"\\EFI\\") + StrLen(dirname)
+ StrLen(L"\\") + StrLen(filename)
+ 2;
@@ -358,12 +358,12 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
rc = make_full_path(dirname, filename, &fullpath, &pathlen);
if (EFI_ERROR(rc))
return rc;
-
+
EFI_DEVICE_PATH *dph = NULL;
EFI_DEVICE_PATH *file = NULL;
EFI_DEVICE_PATH *full_device_path = NULL;
EFI_DEVICE_PATH *dp = NULL;
-
+
dph = DevicePathFromHandle(this_image->DeviceHandle);
if (!dph) {
rc = EFI_OUT_OF_RESOURCES;
--
2.14.1
From 74608d8f3dded28addbc09046c626f1a02251f3d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 31 Jul 2017 12:51:46 -0400
Subject: [PATCH 2/2] Make fallback debug printing be dynamic at runtime.
Signed-off-by: Peter Jones <pjones@redhat.com>
(cherry picked from commit c0f7d130746e82613b88cdaa9929fe37aff54c57)
---
fallback.c | 133 +++++++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 94 insertions(+), 39 deletions(-)
diff --git a/fallback.c b/fallback.c
index 9ec40b8..5602a88 100644
--- a/fallback.c
+++ b/fallback.c
@@ -15,6 +15,57 @@
EFI_LOADED_IMAGE *this_image = NULL;
+EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
+
+int
+get_fallback_verbose(void)
+{
+ EFI_GUID guid = SHIM_LOCK_GUID;
+ UINT8 *data = NULL;
+ UINTN dataSize = 0;
+ EFI_STATUS efi_status;
+ unsigned int i;
+ static int state = -1;
+
+ if (state != -1)
+ return state;
+
+ efi_status = get_variable(L"FALLBACK_VERBOSE",
+ &data, &dataSize, guid);
+ if (EFI_ERROR(efi_status)) {
+ state = 0;
+ return state;
+ }
+
+ for (i = 0; i < dataSize; i++) {
+ if (data[i]) {
+ state = 1;
+ return state;
+ }
+ }
+
+ state = 0;
+ return state;
+}
+
+#define VerbosePrintUnprefixed(fmt, ...) \
+ ({ \
+ UINTN ret_ = 0; \
+ if (get_fallback_verbose()) \
+ ret_ = Print((fmt), ##__VA_ARGS__); \
+ ret_; \
+ })
+
+#define VerbosePrint(fmt, ...) \
+ ({ UINTN line_ = __LINE__; \
+ UINTN ret_ = 0; \
+ if (get_fallback_verbose()) { \
+ Print(L"%a:%d: ", __func__, line_); \
+ ret_ = Print((fmt), ##__VA_ARGS__); \
+ } \
+ ret_; \
+ })
+
static EFI_STATUS
FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType,
EFI_DEVICE_PATH **Out)
@@ -23,9 +74,18 @@ FindSubDevicePath(EFI_DEVICE_PATH *In, UINT8 Type, UINT8 SubType,
if (!In || !Out)
return EFI_INVALID_PARAMETER;
+ CHAR16 *dps = DevicePathToStr(In);
+ VerbosePrint(L"input device path: \"%s\"\n", dps);
+ FreePool(dps);
+
for (dp = In; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) {
if (DevicePathType(dp) == Type &&
DevicePathSubType(dp) == SubType) {
+ dps = DevicePathToStr(dp);
+ VerbosePrint(L"sub-path (%hhd,%hhd): \"%s\"\n",
+ Type, SubType, dps);
+ FreePool(dps);
+
*Out = DuplicateDevicePath(dp);
if (!*Out)
return EFI_OUT_OF_RESOURCES;
@@ -327,13 +387,11 @@ update_boot_order(void)
return EFI_OUT_OF_RESOURCES;
CopyMem(newbootorder, bootorder, size);
-#ifdef DEBUG_FALLBACK
- Print(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16));
+ VerbosePrint(L"nbootorder: %d\nBootOrder: ", size / sizeof (CHAR16));
UINTN j;
for (j = 0 ; j < size / sizeof (CHAR16); j++)
- Print(L"%04x ", newbootorder[j]);
+ VerbosePrintUnprefixed(L"%04x ", newbootorder[j]);
Print(L"\n");
-#endif
rc = uefi_call_wrapper(RT->GetVariable, 5, L"BootOrder", &global,
NULL, &len, NULL);
if (rc == EFI_BUFFER_TOO_SMALL)
@@ -363,6 +421,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
EFI_DEVICE_PATH *file = NULL;
EFI_DEVICE_PATH *full_device_path = NULL;
EFI_DEVICE_PATH *dp = NULL;
+ CHAR16 *dps;
dph = DevicePathFromHandle(this_image->DeviceHandle);
if (!dph) {
@@ -381,6 +440,9 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
rc = EFI_OUT_OF_RESOURCES;
goto err;
}
+ dps = DevicePathToStr(full_device_path);
+ VerbosePrint(L"file DP: %s\n", dps);
+ FreePool(dps);
rc = FindSubDevicePath(full_device_path,
MEDIA_DEVICE_PATH, MEDIA_HARDDRIVE_DP, &dp);
@@ -393,22 +455,24 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
}
}
-#ifdef DEBUG_FALLBACK
{
- UINTN s = DevicePathSize(dp);
- UINTN i;
- UINT8 *dpv = (void *)dp;
- for (i = 0; i < s; i++) {
- if (i > 0 && i % 16 == 0)
- Print(L"\n");
- Print(L"%02x ", dpv[i]);
- }
- Print(L"\n");
+ UINTN s = DevicePathSize(dp);
+ UINTN i;
+ UINT8 *dpv = (void *)dp;
+ for (i = 0; i < s; i++) {
+ if (i % 16 == 0) {
+ if (i > 0)
+ VerbosePrintUnprefixed(L"\n");
+ VerbosePrint(L"");
+ }
+ VerbosePrintUnprefixed(L"%02x ", dpv[i]);
+ }
+ VerbosePrintUnprefixed(L"\n");
- CHAR16 *dps = DevicePathToStr(dp);
- Print(L"device path: \"%s\"\n", dps);
+ CHAR16 *dps = DevicePathToStr(dp);
+ VerbosePrint(L"device path: \"%s\"\n", dps);
+ FreePool(dps);
}
-#endif
UINT16 option;
rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option);
@@ -443,35 +507,27 @@ err:
EFI_STATUS
populate_stanza(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *csv)
{
-#ifdef DEBUG_FALLBACK
- Print(L"CSV data: \"%s\"\n", csv);
-#endif
CHAR16 *file = csv;
+ VerbosePrint(L"CSV data: \"%s\"\n", csv);
UINTN comma0 = StrCSpn(csv, L",");
if (comma0 == 0)
return EFI_INVALID_PARAMETER;
file[comma0] = L'\0';
-#ifdef DEBUG_FALLBACK
- Print(L"filename: \"%s\"\n", file);
-#endif
+ VerbosePrint(L"filename: \"%s\"\n", file);
CHAR16 *label = csv + comma0 + 1;
UINTN comma1 = StrCSpn(label, L",");
if (comma1 == 0)
return EFI_INVALID_PARAMETER;
label[comma1] = L'\0';
-#ifdef DEBUG_FALLBACK
- Print(L"label: \"%s\"\n", label);
-#endif
+ VerbosePrint(L"label: \"%s\"\n", label);
CHAR16 *arguments = csv + comma0 +1 + comma1 +1;
UINTN comma2 = StrCSpn(arguments, L",");
arguments[comma2] = L'\0';
/* This one is optional, so don't check if comma2 is 0 */
-#ifdef DEBUG_FALLBACK
- Print(L"arguments: \"%s\"\n", arguments);
-#endif
+ VerbosePrint(L"arguments: \"%s\"\n", arguments);
add_to_boot_list(fh, dirname, file, label, arguments);
@@ -489,9 +545,7 @@ try_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename)
if (EFI_ERROR(rc))
return rc;
-#ifdef DEBUG_FALLBACK
- Print(L"Found file \"%s\"\n", fullpath);
-#endif
+ VerbosePrint(L"Found file \"%s\"\n", fullpath);
CHAR16 *buffer;
UINT64 bs;
@@ -503,9 +557,7 @@ try_boot_csv(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename)
}
FreePool(fullpath);
-#ifdef DEBUG_FALLBACK
- Print(L"File looks like:\n%s\n", buffer);
-#endif
+ VerbosePrint(L"File looks like:\n%s\n", buffer);
CHAR16 *start = buffer;
/* The file may or may not start with the Unicode byte order marker.
@@ -735,9 +787,7 @@ find_boot_options(EFI_HANDLE device)
buffer = NULL;
continue;
}
-#ifdef DEBUG_FALLBACK
- Print(L"Found directory named \"%s\"\n", fi->FileName);
-#endif
+ VerbosePrint(L"Found directory named \"%s\"\n", fi->FileName);
EFI_FILE_HANDLE fh3;
rc = uefi_call_wrapper(fh->Open, 5, fh2, &fh3, fi->FileName,
@@ -810,7 +860,6 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
return rc;
}
-EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
extern EFI_STATUS
efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab);
@@ -870,6 +919,12 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
try_start_first_option(image);
Print(L"Reset System\n");
+
+ if (get_fallback_verbose()) {
+ Print(L"Verbose enabled, sleeping for half a second\n");
+ uefi_call_wrapper(BS->Stall, 1, 500000);
+ }
+
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetCold,
EFI_SUCCESS, 0, NULL);
--
2.14.1

47
shim-fallback-workaround-masked-ami-variables.patch
View File

@ -1,8 +1,8 @@
From 40eef4450fd4d5ec9ea666a02c276bbe073300d3 Mon Sep 17 00:00:00 2001 From 38744a099187401f2f5e382c2ce8869e1e9b22a0 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com> From: Lans Zhang <jia.zhang@windriver.com>
Date: Fri, 11 Aug 2017 13:42:20 +0800 Date: Fri, 11 Aug 2017 13:42:20 +0800
Subject: [PATCH 1/2] fallback: work around the issue of boot option creation Subject: [PATCH] fallback: work around the issue of boot option creation with
with AMI BIOS AMI BIOS
AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX
variables with ami_masked_device_path_guid. variables with ami_masked_device_path_guid.
@ -42,15 +42,16 @@ We can get the valid device path if just skipping the masked device path and
its next end path. its next end path.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com> Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
(cherry picked from commit 0cc030c2f2fba53b74fb09466a07b8e6297a52d3)
--- ---
fallback.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- fallback.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 109 insertions(+), 5 deletions(-) 1 file changed, 109 insertions(+), 5 deletions(-)
diff --git a/fallback.c b/fallback.c diff --git a/fallback.c b/fallback.c
index 0a7058b..7b58018 100644 index 5602a88..8c0369f 100644
--- a/fallback.c --- a/fallback.c
+++ b/fallback.c +++ b/fallback.c
@@ -226,6 +226,105 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, @@ -286,6 +286,105 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
@ -156,7 +157,7 @@ index 0a7058b..7b58018 100644
EFI_STATUS EFI_STATUS
find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments,
@@ -255,7 +354,8 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, @@ -315,7 +414,8 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
EFI_GUID global = EFI_GLOBAL_VARIABLE; EFI_GUID global = EFI_GLOBAL_VARIABLE;
EFI_STATUS rc; EFI_STATUS rc;
@ -166,7 +167,7 @@ index 0a7058b..7b58018 100644
if (!candidate) { if (!candidate) {
FreePool(data); FreePool(data);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@@ -267,17 +367,21 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, @@ -327,17 +427,21 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4];
varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0];
@ -193,35 +194,5 @@ index 0a7058b..7b58018 100644
/* at this point, we have duplicate data. */ /* at this point, we have duplicate data. */
if (!first_new_option) { if (!first_new_option) {
-- --
2.14.0 2.14.1
From 5efee65f1cb7a04ea9434eedfc0d8a49b0305c83 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 23 Aug 2017 18:26:00 +0800
Subject: [PATCH 2/2] fallback: Remove VerbosePrint()
It's not available in shim 12.
Signed-off-by: Gary Lin <glin@suse.com>
---
fallback.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/fallback.c b/fallback.c
index 7b58018..701a1c4 100644
--- a/fallback.c
+++ b/fallback.c
@@ -380,9 +380,6 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
} else if (CompareMem(candidate, data, size))
continue;
- VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" "
- L"for file \"%s\"\n", varname, label, filename);
-
/* at this point, we have duplicate data. */
if (!first_new_option) {
first_new_option = DuplicateDevicePath(fulldp);
--
2.14.0

1263
shim-more-tpm-measurement.patch Normal file
View File

File diff suppressed because it is too large Load Diff

9
shim.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Aug 29 08:44:25 UTC 2017 - glin@suse.com
- Add shim-add-fallback-verbose-print.patch to print the debug
messages in fallback.efi dynamically
- Refresh shim-fallback-workaround-masked-ami-variables.patch
- Add shim-more-tpm-measurement.patch to measure more components
and support TPM better
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 23 10:28:44 UTC 2017 - glin@suse.com Wed Aug 23 10:28:44 UTC 2017 - glin@suse.com

8
shim.spec
View File

@ -53,8 +53,12 @@ Patch3: shim-fix-httpboot-crash.patch
Patch4: shim-fix-openssl-flags.patch Patch4: shim-fix-openssl-flags.patch
# PATCH-FIX-UPSTREAM shim-fix-fallback-double-free.patch glin@suse.com -- Fix double free in fallback.c # PATCH-FIX-UPSTREAM shim-fix-fallback-double-free.patch glin@suse.com -- Fix double free in fallback.c
Patch5: shim-fix-fallback-double-free.patch Patch5: shim-fix-fallback-double-free.patch
# PATCH-FIX-UPSTREAM shim-add-fallback-verbose-print.patch glin@suse.com -- Print debug messages dynamically
Patch6: shim-add-fallback-verbose-print.patch
# PATCH-FIX-UPSTREAM shim-fallback-workaround-masked-ami-variables.patch glin@suse.com -- Work around the masked AMI variables # PATCH-FIX-UPSTREAM shim-fallback-workaround-masked-ami-variables.patch glin@suse.com -- Work around the masked AMI variables
Patch6: shim-fallback-workaround-masked-ami-variables.patch Patch7: shim-fallback-workaround-masked-ami-variables.patch
# PATCH-FIX-UPSTREAM shim-more-tpm-measurement.patch glin@suse.com -- Measure more components for TPM
Patch8: shim-more-tpm-measurement.patch
# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path
Patch50: shim-change-debug-file-path.patch Patch50: shim-change-debug-file-path.patch
# PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
@ -108,6 +112,8 @@ Authors:
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
%patch8 -p1
%patch50 -p1 %patch50 -p1
%if 0%{?is_opensuse} == 1 %if 0%{?is_opensuse} == 1
%patch100 -p1 %patch100 -p1