From e8b8c978209bb9faf7203d175c8f675f5e0d64383c4c54f1a3e63f79461d658c Mon Sep 17 00:00:00 2001 From: Joey Lee Date: Tue, 15 Nov 2022 09:50:55 +0000 Subject: [PATCH] Accepting request 1035798 from home:joeyli:branches:devel:openSUSE:Factory Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127) OBS-URL: https://build.opensuse.org/request/show/1035798 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=194 --- ...ble-TDX-measurement-to-RTMR-register.patch | 240 +++++++ shim-bsc1198101-opensuse-cert-prompt.patch | 36 +- ...jscPED-127-upgrade-shim-in-SLE15-SP5.patch | 672 ++++++++++++++++++ shim.changes | 89 +++ shim.spec | 12 +- 5 files changed, 1028 insertions(+), 21 deletions(-) create mode 100644 shim-Enable-TDX-measurement-to-RTMR-register.patch create mode 100644 shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch diff --git a/shim-Enable-TDX-measurement-to-RTMR-register.patch b/shim-Enable-TDX-measurement-to-RTMR-register.patch new file mode 100644 index 0000000..2436253 --- /dev/null +++ b/shim-Enable-TDX-measurement-to-RTMR-register.patch @@ -0,0 +1,240 @@ +From 4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Mon Sep 17 00:00:00 2001 +From: Lu Ken +Date: Sun, 22 May 2022 16:02:20 +0800 +Subject: [PATCH] Enable TDX measurement to RTMR register + +Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine +Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a +new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD +runs in a CPU mode that is designed to protect the confidentiality of +its memory contents and its CPU state from any other software, including +the hosting Virtual Machine Monitor (VMM). + +Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX +implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla +for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625. + +To support CC measurement/attestation with Intel TDX technology, these 4 +RTMR registers will be extended by TDX service like TPM/TPM2 PCR: + +- RTMR[0] for TDVF configuration +- RTMR[1] for the TD OS loader and kernel +- RTMR[2] for the OS application +- RTMR[3] reserved for special usage only + +Add a TDX Implementation for CC Measurement protocol along with +TPM/TPM2 protocol. + +References: +[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf +[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf +[3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf + +Signed-off-by: Lu Ken +[rharwood: style pass on code and commit message] +Signed-off-by: Robbie Harwood +--- + include/cc.h | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ + include/guid.h | 1 + + lib/guid.c | 1 + + shim.h | 1 + + tpm.c | 48 ++++++++++++++++++++++++++++ + 5 files changed, 136 insertions(+) + create mode 100644 include/cc.h + +diff --git a/include/cc.h b/include/cc.h +new file mode 100644 +index 0000000..8b12720 +--- /dev/null ++++ b/include/cc.h +@@ -0,0 +1,85 @@ ++// SPDX-License-Identifier: BSD-2-Clause-Patent ++ ++#ifndef SHIM_CC_H ++#define SHIM_CC_H ++ ++typedef struct { ++ uint8_t Major; ++ uint8_t Minor; ++} EFI_CC_VERSION; ++ ++#define EFI_CC_TYPE_NONE 0 ++#define EFI_CC_TYPE_SEV 1 ++#define EFI_CC_TYPE_TDX 2 ++ ++typedef struct { ++ uint8_t Type; ++ uint8_t SubType; ++} EFI_CC_TYPE; ++ ++typedef uint32_t EFI_CC_EVENT_LOG_BITMAP; ++typedef uint32_t EFI_CC_EVENT_LOG_FORMAT; ++typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP; ++typedef uint32_t EFI_CC_MR_INDEX; ++ ++#define TDX_MR_INDEX_MRTD 0 ++#define TDX_MR_INDEX_RTMR0 1 ++#define TDX_MR_INDEX_RTMR1 2 ++#define TDX_MR_INDEX_RTMR2 3 ++#define TDX_MR_INDEX_RTMR3 4 ++ ++#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002 ++#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 ++#define EFI_CC_EVENT_HEADER_VERSION 1 ++ ++typedef struct tdEFI_CC_EVENT_HEADER { ++ uint32_t HeaderSize; ++ uint16_t HeaderVersion; ++ EFI_CC_MR_INDEX MrIndex; ++ uint32_t EventType; ++} __attribute__((packed)) EFI_CC_EVENT_HEADER; ++ ++typedef struct tdEFI_CC_EVENT { ++ uint32_t Size; ++ EFI_CC_EVENT_HEADER Header; ++ uint8_t Event[1]; ++} __attribute__((packed)) EFI_CC_EVENT; ++ ++typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY { ++ uint8_t Size; ++ EFI_CC_VERSION StructureVersion; ++ EFI_CC_VERSION ProtocolVersion; ++ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; ++ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs; ++ EFI_CC_TYPE CcType; ++} EFI_CC_BOOT_SERVICE_CAPABILITY; ++ ++struct efi_cc_protocol ++{ ++ EFI_STATUS (EFIAPI *get_capability) ( ++ struct efi_cc_protocol *this, ++ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability); ++ EFI_STATUS (EFIAPI *get_event_log) ( ++ struct efi_cc_protocol *this, ++ EFI_CC_EVENT_LOG_FORMAT EventLogFormat, ++ EFI_PHYSICAL_ADDRESS *EventLogLocation, ++ EFI_PHYSICAL_ADDRESS *EventLogLastEntry, ++ BOOLEAN *EventLogTruncated); ++ EFI_STATUS (EFIAPI *hash_log_extend_event) ( ++ struct efi_cc_protocol *this, ++ uint64_t Flags, ++ EFI_PHYSICAL_ADDRESS DataToHash, ++ uint64_t DataToHashLen, ++ EFI_CC_EVENT *EfiCcEvent); ++ EFI_STATUS (EFIAPI *map_pcr_to_mr_index) ( ++ struct efi_cc_protocol *this, ++ uint32_t PcrIndex, ++ EFI_CC_MR_INDEX *MrIndex); ++}; ++ ++typedef struct efi_cc_protocol efi_cc_protocol_t; ++ ++#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010 ++ ++#endif /* SHIM_CC_H */ ++// vim:fenc=utf-8:tw=75 +diff --git a/include/guid.h b/include/guid.h +index d9910ff..dad63f0 100644 +--- a/include/guid.h ++++ b/include/guid.h +@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID; + extern EFI_GUID EFI_LOADED_IMAGE_GUID; + extern EFI_GUID EFI_TPM_GUID; + extern EFI_GUID EFI_TPM2_GUID; ++extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID; + extern EFI_GUID EFI_SECURE_BOOT_DB_GUID; + extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID; + extern EFI_GUID SECURITY_PROTOCOL_GUID; +diff --git a/lib/guid.c b/lib/guid.c +index e100c92..904629e 100644 +--- a/lib/guid.c ++++ b/lib/guid.c +@@ -28,6 +28,7 @@ EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48, + EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID; + EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } }; + EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } }; ++EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID = { 0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } }; + EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } }; + EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL; + EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } }; +diff --git a/shim.h b/shim.h +index 7e9d10e..14824c6 100644 +--- a/shim.h ++++ b/shim.h +@@ -186,6 +186,7 @@ + #include "include/simple_file.h" + #include "include/str.h" + #include "include/tpm.h" ++#include "include/cc.h" + #include "include/ucs2.h" + #include "include/variables.h" + #include "include/hexdump.h" +diff --git a/tpm.c b/tpm.c +index 41f3665..388f8d1 100644 +--- a/tpm.c ++++ b/tpm.c +@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, + return EFI_NOT_FOUND; + } + ++static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, ++ UINT8 pcr, const CHAR8 *log, UINTN logsize, ++ UINT32 type, BOOLEAN is_pe_image) ++{ ++ EFI_STATUS efi_status; ++ EFI_CC_EVENT *event; ++ efi_cc_protocol_t *cc; ++ EFI_CC_MR_INDEX mr; ++ uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0; ++ ++ efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID, ++ (VOID **)&cc); ++ if (EFI_ERROR(efi_status) || !cc) ++ return EFI_SUCCESS; ++ ++ efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr); ++ if (EFI_ERROR(efi_status)) ++ return EFI_NOT_FOUND; ++ ++ UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize; ++ ++ event = AllocatePool(event_size); ++ if (!event) { ++ perror(L"Unable to allocate event structure\n"); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER); ++ event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION; ++ event->Header.MrIndex = mr; ++ event->Header.EventType = type; ++ event->Size = event_size; ++ CopyMem(event->Event, (VOID *)log, logsize); ++ efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size, ++ event); ++ FreePool(event); ++ return efi_status; ++} ++ + static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, + UINT8 pcr, const CHAR8 *log, UINTN logsize, + UINT32 type, CHAR8 *hash) +@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, + BOOLEAN old_caps; + EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; + ++ /* CC guest like TDX or SEV will measure the buffer and log the event, ++ extend the result into a specific CC MR like TCG's PCR. It could ++ coexists with TCG's TPM 1.2 and TPM 2. ++ */ ++ efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type, ++ (hash != NULL)); ++ if (EFI_ERROR(efi_status)) ++ return efi_status; ++ + efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps); + if (EFI_ERROR(efi_status)) { + #ifdef REQUIRE_TPM +-- +2.35.3 + diff --git a/shim-bsc1198101-opensuse-cert-prompt.patch b/shim-bsc1198101-opensuse-cert-prompt.patch index 87389a3..1c7dc23 100644 --- a/shim-bsc1198101-opensuse-cert-prompt.patch +++ b/shim-bsc1198101-opensuse-cert-prompt.patch @@ -22,10 +22,10 @@ The state will store in use_openSUSE_cert, a volatile RT variable. shim.h | 1 + 3 files changed, 71 insertions(+), 2 deletions(-) -Index: shim-15.6~rc1+77144e5a/mok.c +Index: shim-15.6/mok.c =================================================================== ---- shim-15.6~rc1+77144e5a.orig/mok.c -+++ shim-15.6~rc1+77144e5a/mok.c +--- shim-15.6.orig/mok.c ++++ shim-15.6/mok.c @@ -46,7 +46,8 @@ static EFI_STATUS check_mok_request(EFI_ check_var(L"MokPW") || check_var(L"MokAuth") || check_var(L"MokDel") || check_var(L"MokDB") || @@ -46,10 +46,10 @@ Index: shim-15.6~rc1+77144e5a/mok.c return VENDOR_ADDEND_NONE; } -Index: shim-15.6~rc1+77144e5a/shim.c +Index: shim-15.6/shim.c =================================================================== ---- shim-15.6~rc1+77144e5a.orig/shim.c -+++ shim-15.6~rc1+77144e5a/shim.c +--- shim-15.6.orig/shim.c ++++ shim-15.6/shim.c @@ -496,6 +496,8 @@ verify_one_signature(WIN_CERTIFICATE_EFI } @@ -59,7 +59,7 @@ Index: shim-15.6~rc1+77144e5a/shim.c #if defined(ENABLE_SHIM_CERT) /* * Check against the shim build key -@@ -1572,6 +1574,69 @@ shim_fini(void) +@@ -1568,6 +1570,69 @@ shim_fini(void) console_fini(); } @@ -129,7 +129,7 @@ Index: shim-15.6~rc1+77144e5a/shim.c extern EFI_STATUS efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab); -@@ -1712,6 +1777,9 @@ efi_main (EFI_HANDLE passed_image_handle +@@ -1708,6 +1773,9 @@ efi_main (EFI_HANDLE passed_image_handle */ debug_hook(); @@ -139,10 +139,10 @@ Index: shim-15.6~rc1+77144e5a/shim.c efi_status = set_sbat_uefi_variable(); if (EFI_ERROR(efi_status) && secure_mode()) { perror(L"%s variable initialization failed\n", SBAT_VAR_NAME); -Index: shim-15.6~rc1+77144e5a/MokManager.c +Index: shim-15.6/MokManager.c =================================================================== ---- shim-15.6~rc1+77144e5a.orig/MokManager.c -+++ shim-15.6~rc1+77144e5a/MokManager.c +--- shim-15.6.orig/MokManager.c ++++ shim-15.6/MokManager.c @@ -1864,6 +1864,36 @@ mokpw_done: return EFI_SUCCESS; } @@ -280,10 +280,10 @@ Index: shim-15.6~rc1+77144e5a/MokManager.c LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID); LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID); LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID); -Index: shim-15.6~rc1+77144e5a/globals.c +Index: shim-15.6/globals.c =================================================================== ---- shim-15.6~rc1+77144e5a.orig/globals.c -+++ shim-15.6~rc1+77144e5a/globals.c +--- shim-15.6.orig/globals.c ++++ shim-15.6/globals.c @@ -25,6 +25,7 @@ UINT8 *build_cert; */ verification_method_t verification_method; @@ -292,11 +292,11 @@ Index: shim-15.6~rc1+77144e5a/globals.c UINT8 user_insecure_mode; UINT8 ignore_db; -Index: shim-15.6~rc1+77144e5a/shim.h +Index: shim-15.6/shim.h =================================================================== ---- shim-15.6~rc1+77144e5a.orig/shim.h -+++ shim-15.6~rc1+77144e5a/shim.h -@@ -268,6 +268,7 @@ extern UINT8 mok_policy; +--- shim-15.6.orig/shim.h ++++ shim-15.6/shim.h +@@ -270,6 +270,7 @@ extern UINT8 mok_policy; extern UINT8 in_protocol; extern void *load_options; extern UINT32 load_options_size; diff --git a/shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch b/shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch new file mode 100644 index 0000000..a80223e --- /dev/null +++ b/shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch @@ -0,0 +1,672 @@ +From 0eb07e11b20680200d3ce9c5bc59299121a75388 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Tue, 31 May 2022 22:21:26 +0100 +Subject: [PATCH 01/12] Make SBAT variable payload introspectable + +Given a set of EFI variables and boot assets, it should be possible +to compute what the value of PCR 7 will be on the next boot. + +As shim manages the contents of the SbatLevel variable and this is +measured to PCR 7, export the payloads that shim contains in a new +COFF section (.sbatlevel) so that it can be introspected by code +outside of shim. + +The new section works a bit like .vendor_cert - it contains a header +and then the payload. In this case, the header contains no size fields +because the strings are NULL terminated. Shim uses this new section +internally in set_sbat_uefi_variable. + +The .sbatlevel section starts with a 4 byte version field which is +not used by shim but may be useful for external auditors if the +format of the section contents change in the future. + +Signed-off-by: Chris Coulson +--- + Makefile | 7 ++++--- + elf_aarch64_efi.lds | 4 ++++ + elf_ia32_efi.lds | 4 ++++ + elf_ia64_efi.lds | 4 ++++ + elf_x86_64_efi.lds | 4 ++++ + include/sbat.h | 32 -------------------------------- + include/sbat_var_defs.h | 38 ++++++++++++++++++++++++++++++++++++++ + include/test.mk | 2 +- + sbat.c | 21 ++++++++++++++++----- + sbat_var.S | 20 ++++++++++++++++++++ + shim.h | 1 + + 11 files changed, 96 insertions(+), 41 deletions(-) + create mode 100644 include/sbat_var_defs.h + create mode 100644 sbat_var.S + +diff --git a/Makefile b/Makefile +index 24ac314..866611c 100644 +--- a/Makefile ++++ b/Makefile +@@ -38,9 +38,9 @@ CFLAGS += -DENABLE_SHIM_CERT + else + TARGETS += $(MMNAME) $(FBNAME) + endif +-OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o ++OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer +-ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S ++ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S + MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o + ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) + FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o +@@ -253,7 +253,7 @@ endif + $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ + -j .dynamic -j .rodata -j .rel* \ + -j .rela* -j .dyn -j .reloc -j .eh_frame \ +- -j .vendor_cert -j .sbat \ ++ -j .vendor_cert -j .sbat -j .sbatlevel \ + $(FORMAT) $< $@ + ./post-process-pe -vv $@ + +@@ -269,6 +269,7 @@ endif + $(OBJCOPY) -D -j .text -j .sdata -j .data \ + -j .dynamic -j .rodata -j .rel* \ + -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ ++ -j .sbatlevel \ + -j .debug_info -j .debug_abbrev -j .debug_aranges \ + -j .debug_line -j .debug_str -j .debug_ranges \ + -j .note.gnu.build-id \ +diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds +index 60c55ba..0861f5e 100644 +--- a/elf_aarch64_efi.lds ++++ b/elf_aarch64_efi.lds +@@ -34,6 +34,10 @@ SECTIONS + .data.ident : { + *(.data.ident) + } ++ . = ALIGN(4096); ++ .sbatlevel : { ++ *(.sbatlevel) ++ } + + . = ALIGN(4096); + .data : +diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds +index 497a3a1..e8da91b 100644 +--- a/elf_ia32_efi.lds ++++ b/elf_ia32_efi.lds +@@ -28,6 +28,10 @@ SECTIONS + .data.ident : { + *(.data.ident) + } ++ . = ALIGN(4096); ++ .sbatlevel : { ++ *(.sbatlevel) ++ } + + . = ALIGN(4096); + .data : +diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds +index 2669b85..a219560 100644 +--- a/elf_ia64_efi.lds ++++ b/elf_ia64_efi.lds +@@ -34,6 +34,10 @@ SECTIONS + .data.ident : { + *(.data.ident) + } ++ . = ALIGN(4096); ++ .sbatlevel : { ++ *(.sbatlevel) ++ } + + . = ALIGN(4096); + .data : +diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds +index bcc6527..39aff6b 100644 +--- a/elf_x86_64_efi.lds ++++ b/elf_x86_64_efi.lds +@@ -35,6 +35,10 @@ SECTIONS + .data.ident : { + *(.data.ident) + } ++ . = ALIGN(4096); ++ .sbatlevel : { ++ *(.sbatlevel) ++ } + + . = ALIGN(4096); + .data : +diff --git a/include/sbat.h b/include/sbat.h +index aca4359..c94c4fb 100644 +--- a/include/sbat.h ++++ b/include/sbat.h +@@ -6,38 +6,6 @@ + #ifndef SBAT_H_ + #define SBAT_H_ + +-#define SBAT_VAR_SIG "sbat," +-#define SBAT_VAR_VERSION "1," +-#define SBAT_VAR_ORIGINAL_DATE "2021030218" +-#define SBAT_VAR_ORIGINAL \ +- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" +- +-#if defined(ENABLE_SHIM_DEVEL) +-#define SBAT_VAR_PREVIOUS_DATE "2022020101" +-#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n" +-#define SBAT_VAR_PREVIOUS \ +- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ +- SBAT_VAR_PREVIOUS_REVOCATIONS +- +-#define SBAT_VAR_LATEST_DATE "2022050100" +-#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" +-#define SBAT_VAR_LATEST \ +- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ +- SBAT_VAR_LATEST_REVOCATIONS +-#else /* !ENABLE_SHIM_DEVEL */ +-#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE +-#define SBAT_VAR_PREVIOUS_REVOCATIONS +-#define SBAT_VAR_PREVIOUS \ +- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ +- SBAT_VAR_PREVIOUS_REVOCATIONS +- +-#define SBAT_VAR_LATEST_DATE "2022052400" +-#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n" +-#define SBAT_VAR_LATEST \ +- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ +- SBAT_VAR_LATEST_REVOCATIONS +-#endif /* ENABLE_SHIM_DEVEL */ +- + #define UEFI_VAR_NV_BS \ + (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) + #define UEFI_VAR_NV_BS_RT \ +diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h +new file mode 100644 +index 0000000..c656b56 +--- /dev/null ++++ b/include/sbat_var_defs.h +@@ -0,0 +1,38 @@ ++// SPDX-License-Identifier: BSD-2-Clause-Patent ++ ++#ifndef SBAT_VAR_DEFS_H_ ++#define SBAT_VAR_DEFS_H_ ++ ++#define SBAT_VAR_SIG "sbat," ++#define SBAT_VAR_VERSION "1," ++#define SBAT_VAR_ORIGINAL_DATE "2021030218" ++#define SBAT_VAR_ORIGINAL \ ++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" ++ ++#if defined(ENABLE_SHIM_DEVEL) ++#define SBAT_VAR_PREVIOUS_DATE "2022020101" ++#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n" ++#define SBAT_VAR_PREVIOUS \ ++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ ++ SBAT_VAR_PREVIOUS_REVOCATIONS ++ ++#define SBAT_VAR_LATEST_DATE "2022050100" ++#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" ++#define SBAT_VAR_LATEST \ ++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ ++ SBAT_VAR_LATEST_REVOCATIONS ++#else /* !ENABLE_SHIM_DEVEL */ ++#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE ++#define SBAT_VAR_PREVIOUS_REVOCATIONS ++#define SBAT_VAR_PREVIOUS \ ++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ ++ SBAT_VAR_PREVIOUS_REVOCATIONS ++ ++#define SBAT_VAR_LATEST_DATE "2022052400" ++#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n" ++#define SBAT_VAR_LATEST \ ++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ ++ SBAT_VAR_LATEST_REVOCATIONS ++#endif /* ENABLE_SHIM_DEVEL */ ++ ++#endif /* !SBAT_VAR_DEFS_H_ */ +diff --git a/include/test.mk b/include/test.mk +index e965c60..c0e2409 100644 +--- a/include/test.mk ++++ b/include/test.mk +@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID + test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c + test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID + +-test-sbat_FILES = csv.c lib/variables.c lib/guid.c ++test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S + test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID + + test-str_FILES = lib/string.c +diff --git a/sbat.c b/sbat.c +index f1d6e98..a08c5b2 100644 +--- a/sbat.c ++++ b/sbat.c +@@ -5,6 +5,11 @@ + + #include "shim.h" + ++extern struct { ++ UINT32 previous_offset; ++ UINT32 latest_offset; ++} sbat_var_payload_header; ++ + EFI_STATUS + parse_sbat_section(char *section_base, size_t section_size, + size_t *n_entries, +@@ -399,6 +404,9 @@ set_sbat_uefi_variable(void) + EFI_STATUS efi_status = EFI_SUCCESS; + UINT32 attributes = 0; + ++ char *sbat_var_previous; ++ char *sbat_var_latest; ++ + UINT8 *sbat = NULL; + UINT8 *sbat_policy = NULL; + UINTN sbatsize = 0; +@@ -407,27 +415,30 @@ set_sbat_uefi_variable(void) + char *sbat_var = NULL; + bool reset_sbat = false; + ++ sbat_var_previous = (char *)&sbat_var_payload_header + sbat_var_payload_header.previous_offset; ++ sbat_var_latest = (char *)&sbat_var_payload_header + sbat_var_payload_header.latest_offset; ++ + efi_status = get_variable_attr(SBAT_POLICY, &sbat_policy, + &sbat_policysize, SHIM_LOCK_GUID, + &attributes); + if (EFI_ERROR(efi_status)) { + dprint("Default sbat policy: previous\n"); +- sbat_var = SBAT_VAR_PREVIOUS; ++ sbat_var = sbat_var_previous; + } else { + switch (*sbat_policy) { + case SBAT_POLICY_LATEST: + dprint("Custom sbat policy: latest\n"); +- sbat_var = SBAT_VAR_LATEST; ++ sbat_var = sbat_var_latest; + clear_sbat_policy(); + break; + case SBAT_POLICY_PREVIOUS: + dprint("Custom sbat policy: previous\n"); +- sbat_var = SBAT_VAR_PREVIOUS; ++ sbat_var = sbat_var_previous; + break; + case SBAT_POLICY_RESET: + if (secure_mode()) { + console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n"); +- sbat_var = SBAT_VAR_PREVIOUS; ++ sbat_var = sbat_var_previous; + } else { + dprint(L"Custom SBAT policy: reset OK\n"); + reset_sbat = true; +@@ -438,7 +449,7 @@ set_sbat_uefi_variable(void) + default: + console_error(L"SBAT policy state %llu is invalid", + EFI_INVALID_PARAMETER); +- sbat_var = SBAT_VAR_PREVIOUS; ++ sbat_var = sbat_var_previous; + clear_sbat_policy(); + break; + } +diff --git a/sbat_var.S b/sbat_var.S +new file mode 100644 +index 0000000..a115077 +--- /dev/null ++++ b/sbat_var.S +@@ -0,0 +1,20 @@ ++// SPDX-License-Identifier: BSD-2-Clause-Patent ++ ++#include "include/sbat_var_defs.h" ++ ++ .section .sbatlevel, "a", %progbits ++ .balignl 4, 0 ++ .4byte 0 /* format version for external parsers */ ++ .globl sbat_var_payload_header ++ .type sbat_var_payload_header, %object ++ .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header ++sbat_var_payload_header: ++ .4byte .Lsbat_var_previous - sbat_var_payload_header ++ .4byte .Lsbat_var_latest - sbat_var_payload_header ++.Lsbat_var_payload_header_end: ++ .balign 1, 0 ++.Lsbat_var_previous: ++ .asciz SBAT_VAR_PREVIOUS ++ .balign 1, 0 ++.Lsbat_var_latest: ++ .asciz SBAT_VAR_LATEST +diff --git a/shim.h b/shim.h +index b5272b9..7e9d10e 100644 +--- a/shim.h ++++ b/shim.h +@@ -179,6 +179,7 @@ + #include "include/pe.h" + #include "include/replacements.h" + #include "include/sbat.h" ++#include "include/sbat_var_defs.h" + #if defined(OVERRIDE_SECURITY_POLICY) + #include "include/security_policy.h" + #endif +-- +2.35.3 + + +From 092c2b2bbed950727e41cf450b61c794881c33e7 Mon Sep 17 00:00:00 2001 +From: Eric Snowberg +Date: Fri, 17 Jun 2022 12:37:28 -0400 +Subject: [PATCH 02/12] Reference MokListRT instead of MokList + +When calling back into shim from grub, the MokListRT may contain additional +entries not available in the original MokList, an example being the certs +included via user_cert. Use the MokListRT instead when calling check_db_cert +and check_db_hash. + +Signed-off-by: Eric Snowberg +--- + shim.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/shim.c b/shim.c +index fdd205e..27b74ce 100644 +--- a/shim.c ++++ b/shim.c +@@ -397,22 +397,22 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert, + } + #endif + +- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash, ++ if (check_db_hash(L"MokListRT", SHIM_LOCK_GUID, sha256hash, + SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID) + == DATA_FOUND) { + verification_method = VERIFIED_BY_HASH; + update_verification_method(VERIFIED_BY_HASH); + return EFI_SUCCESS; + } else { +- LogError(L"check_db_hash(MokList, sha256hash) != DATA_FOUND\n"); ++ LogError(L"check_db_hash(MokListRT, sha256hash) != DATA_FOUND\n"); + } +- if (cert && check_db_cert(L"MokList", SHIM_LOCK_GUID, cert, sha256hash) ++ if (cert && check_db_cert(L"MokListRT", SHIM_LOCK_GUID, cert, sha256hash) + == DATA_FOUND) { + verification_method = VERIFIED_BY_CERT; + update_verification_method(VERIFIED_BY_CERT); + return EFI_SUCCESS; + } else if (cert) { +- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n"); ++ LogError(L"check_db_cert(MokListRT, sha256hash) != DATA_FOUND\n"); + } + + update_verification_method(VERIFIED_BY_NOTHING); +-- +2.35.3 + + +From 14d63398298c8de23036a4cf61594108b7345863 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 23 Aug 2022 12:07:16 -0400 +Subject: [PATCH 05/12] Discard load-options that start with a NUL + +In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI +LoadOptions that are just NUL characters."), a check was added to +discard load options that are entirely NUL. We now see some firmwares +that start LoadOptions with a NUL, and then follow it with garbage (path +to directory containing loaders). Widen the check to just discard +anything that starts with a NUL. + +Resolves: #490 +Related: #95 +See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005 +Signed-off-by: Robbie Harwood +--- + include/ucs2.h | 18 ------------------ + load-options.c | 7 ++++++- + 2 files changed, 6 insertions(+), 19 deletions(-) + +diff --git a/include/ucs2.h b/include/ucs2.h +index ee038ce..87eab32 100644 +--- a/include/ucs2.h ++++ b/include/ucs2.h +@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject) + return ret; + } + +-/* +- * Test if an entire buffer is nothing but NUL characters. This +- * implementation "gracefully" ignores the difference between the +- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL. +- */ +-static inline bool +-__attribute__((__unused__)) +-is_all_nuls(UINT8 *data, UINTN data_size) +-{ +- UINTN i; +- +- for (i = 0; i < data_size; i++) { +- if (data[i] != 0) +- return false; +- } +- return true; +-} +- + #endif /* SHIM_UCS2_H */ +diff --git a/load-options.c b/load-options.c +index c6bb742..a8c6e1a 100644 +--- a/load-options.c ++++ b/load-options.c +@@ -404,8 +404,13 @@ parse_load_options(EFI_LOADED_IMAGE *li) + + /* + * Apparently sometimes we get L"\0\0"? Which isn't useful at all. ++ * ++ * Possibly related, but some boards have additional data before the ++ * size which is garbage (it's a weird path to the directory ++ * containing the loaders). Known boards that do this: Kontron VX3040 ++ * (AMI), ASUS B85M-E, and at least one "older Dell laptop". + */ +- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize)) ++ if (((CHAR16 *)li->LoadOptions)[0] == 0) + return EFI_SUCCESS; + + /* +-- +2.35.3 + + +From 5c537b3d0cf8c393dad2e61d49aade68f3af1401 Mon Sep 17 00:00:00 2001 +From: dann frazier +Date: Tue, 6 Sep 2022 09:28:22 -0600 +Subject: [PATCH 06/12] shim: Flush the memory region from i-cache before + execution + +We've seen crashes in early GRUB code on an ARM Cortex-A72-based +platform that point at seemingly harmless instructions. Flushing +the i-cache of those instructions prior to executing has been +shown to avoid the problem, which has parallels with this story: + https://www.mail-archive.com/osv-dev@googlegroups.com/msg06203.html + +Add a cache flushing utility function and provide an implementation +using a GCC intrinsic. This will need to be extended to support other +compilers. Note that this intrinsic is a no-op for x86 platforms. + +This fixes issue #498. + +Signed-off-by: dann frazier +--- + include/compiler.h | 6 ++++++ + pe.c | 3 +++ + 2 files changed, 9 insertions(+) + +diff --git a/include/compiler.h b/include/compiler.h +index b4bf103..b0d595f 100644 +--- a/include/compiler.h ++++ b/include/compiler.h +@@ -192,5 +192,11 @@ + */ + #define unreachable() __builtin_unreachable() + ++#if defined(__GNUC__) ++#define cache_invalidate(begin, end) __builtin___clear_cache(begin, end) ++#else /* __GNUC__ */ ++#error shim has no cache_invalidate() implementation for this compiler ++#endif /* __GNUC__ */ ++ + #endif /* !COMPILER_H_ */ + // vim:fenc=utf-8:tw=75:et +diff --git a/pe.c b/pe.c +index ba3e2bb..f94530a 100644 +--- a/pe.c ++++ b/pe.c +@@ -1196,6 +1196,9 @@ handle_image (void *data, unsigned int datasize, + + CopyMem(buffer, data, context.SizeOfHeaders); + ++ /* Flush the instruction cache for the region holding the image */ ++ cache_invalidate(buffer, buffer + context.ImageSize); ++ + *entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); + if (!*entry_point) { + perror(L"Entry point is invalid\n"); +-- +2.35.3 + + +From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001 +From: Eric Snowberg +Date: Wed, 2 Nov 2022 10:39:43 -0600 +Subject: [PATCH 07/12] load_cert_file: Fix stack issue + +0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two +new problems. First it incorrectly assumes li.FilePath is a string. +Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found +that not all archectures can handle this being on the stack. + +The shim_li variable will be setup properly from the read_image +call. Use the global shim_li variable instead when calling +verify_image. + +Signed-off-by: Eric Snowberg +--- + shim.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 27b74ce..0d919ce 100644 +--- a/shim.c ++++ b/shim.c +@@ -1395,7 +1395,6 @@ EFI_STATUS + load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) + { + EFI_STATUS efi_status; +- EFI_LOADED_IMAGE li; + PE_COFF_LOADER_IMAGE_CONTEXT context; + EFI_IMAGE_SECTION_HEADER *Section; + EFI_SIGNATURE_LIST *certlist; +@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) + if (EFI_ERROR(efi_status)) + return efi_status; + +- memset(&li, 0, sizeof(li)); +- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath))); +- +- efi_status = verify_image(data, datasize, &li, &context); ++ efi_status = verify_image(data, datasize, shim_li, &context); + if (EFI_ERROR(efi_status)) + return efi_status; + +-- +2.35.3 + + +From ea4911c2f3ce8f8f703a1476febac86bb16b00fd Mon Sep 17 00:00:00 2001 +From: Eric Snowberg +Date: Wed, 2 Nov 2022 10:45:23 -0600 +Subject: [PATCH 08/12] load_cert_file: Use EFI RT memory function + +Use the EFI RT memory function CopyMem instead of memcpy in load_cert_file. + +Signed-off-by: Eric Snowberg +--- + shim.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/shim.c b/shim.c +index 0d919ce..4437898 100644 +--- a/shim.c ++++ b/shim.c +@@ -1429,8 +1429,8 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) + user_cert_size += certlist->SignatureListSize;; + user_cert = ReallocatePool(user_cert, original, + user_cert_size); +- memcpy(user_cert + original, pointer, +- certlist->SignatureListSize); ++ CopyMem(user_cert + original, pointer, ++ certlist->SignatureListSize); + } + } + FreePool(data); +-- +2.35.3 + + +From 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Mon Sep 17 00:00:00 2001 +From: Nicholas Bishop +Date: Thu, 6 Oct 2022 16:08:56 -0400 +Subject: [PATCH 09/12] Add -malign-double to IA32 compiler flags + +This changes the alignment of UINT64 data to 8 bytes on IA32, which +matches EDK2's understanding of alignment. In particular this change +affects the offset where shim writes `EFI_LOADED_IMAGE.ImageSize`. + +Fixes https://github.com/rhboot/shim/issues/515 + +Signed-off-by: Nicholas Bishop +--- + Make.defaults | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Make.defaults b/Make.defaults +index dfed9c4..c46164a 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -71,7 +71,7 @@ ifeq ($(ARCH),x86_64) + endif + ifeq ($(ARCH),ia32) + ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ +- $(CLANG_BUGS) -m32 \ ++ $(CLANG_BUGS) -m32 -malign-double \ + -DMDE_CPU_IA32 -DPAGE_SIZE=4096 + ARCH_GNUEFI ?= ia32 + ARCH_SUFFIX ?= ia32 +-- +2.35.3 + + +From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001 +From: Arthur Gautier +Date: Fri, 21 Oct 2022 13:20:45 -0700 +Subject: [PATCH 12/12] mok: remove MokListTrusted from PCR 7 + +MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of +MokListTrusted does not alter the behavior of secure boot so, as per +https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36 +(section 3.3.4 PCR usage) so it should not be factored in the value of +PCR 7. + +See: + https://github.com/rhboot/shim/pull/423 + https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f + +Fixes https://github.com/rhboot/shim/issues/484 +Fixes https://github.com/rhboot/shim/issues/492 + +Signed-off-by: Arthur Gautier +--- + mok.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/mok.c b/mok.c +index 63ddfca..9811b35 100644 +--- a/mok.c ++++ b/mok.c +@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = { + EFI_VARIABLE_NON_VOLATILE, + .no_attr = EFI_VARIABLE_RUNTIME_ACCESS, + .flags = MOK_MIRROR_DELETE_FIRST | +- MOK_VARIABLE_MEASURE | + MOK_VARIABLE_INVERSE | + MOK_VARIABLE_LOG, + .pcr = 14, +-- +2.35.3 + diff --git a/shim.changes b/shim.changes index 8e2032c..6c5139f 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Nov 15 08:06:24 UTC 2022 - Joey Lee + +- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following + patches between 15.6 with aa1b289a1a (jsc#PED-127): + aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7 + 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags + ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function + 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue + 5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution + 14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL + 092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList + 0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable + +------------------------------------------------------------------- +Tue Nov 15 08:06:05 UTC 2022 - Joey Lee + +- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support + enhance shim measurement to TD RTMR. (jsc#PED-1273) + +------------------------------------------------------------------- +Tue Nov 15 07:53:59 UTC 2022 - Joey Lee + +- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec + and shim.changes: (jsc#PED-127) + - Add some change log from SLE shim.changes to Factory shim.changes + Those messages are added "(sync shim.changes from SLE)" tag. + - Add the following changes to shim.spec + - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch + on openSUSE. + - Enable the AArch64 signature check for SLE: + # AArch64 signature + signature=%{SOURCE13} + ------------------------------------------------------------------- Thu Sep 29 02:42:35 UTC 2022 - Michael Chang @@ -192,6 +226,11 @@ Tue Apr 12 06:35:16 UTC 2022 - Ludwig Nussel - use common SBAT values (boo#1193282) +------------------------------------------------------------------- +Thu Jul 15 08:13:26 UTC 2021 - Johannes Segitz + +- Update the SLE signatures (sync shim.changes from SLE) + ------------------------------------------------------------------- Thu Jul 1 04:07:03 UTC 2021 - Gary Ching-Pang Lin @@ -201,6 +240,40 @@ Thu Jul 1 04:07:03 UTC 2021 - Gary Ching-Pang Lin ------------------------------------------------------------------- Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin +(sync shim.changes from SLE) +- Split the keys in vendor-dbx.bin to vendor-dbx-sles and + vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce + the size of MokListXRT (bsc#1185261) + + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz +- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch + to handle ignore_db and user_insecure_mode correctly + (bsc#1185441, bsc#1187071) +- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the + maximum variable size check for u-boot (bsc#1185621) + + Also drop AArch64 suse-signed shim since we merged this patch +- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax + the check for import_mok_state() when Secure Boot is off. + (bsc#1185261) +- Add shim-bsc1185232-relax-loadoptions-length-check.patch to + ignore the odd LoadOptions length (bsc#1185232) +- shim-install: reset def_shim_efi to "shim.efi" if the given + file doesn't exist +- Add shim-fix-aa64-relsz.patch to fix the size of rela sections + for AArch64 + Fix: https://github.com/rhboot/shim/issues/371 +- Add shim-disable-export-vendor-dbx.patch to disable exporting + vendor-dbx to MokListXRT since writing a large RT variable + could crash some machines (bsc#1185261) +- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the + potential crash when calling QueryVariableInfo in EFI 1.10 + machines (bsc#1187260) +- Add shim-bsc1185232-fix-config-table-copying.patch to avoid + buffer overflow when copying data to the MOK config table + (bsc#1185232) + +------------------------------------------------------------------- +Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin + - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) @@ -255,6 +328,12 @@ Fri May 7 08:33:49 UTC 2021 - Gary Ching-Pang Lin - shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464) +------------------------------------------------------------------- +Thu May 6 06:45:39 UTC 2021 - Gary Ching-Pang Lin + +- Include suse-signed shim for AArch64 (bsc#1185621) + (sync shim.changes from SLE) + ------------------------------------------------------------------- Thu May 6 03:18:32 UTC 2021 - Gary Ching-Pang Lin @@ -276,6 +355,16 @@ Wed Apr 28 09:28:30 UTC 2021 - Gary Ching-Pang Lin the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz +------------------------------------------------------------------- +Thu Apr 22 03:26:48 UTC 2021 - Gary Ching-Pang Lin + +- Enable the AArch64 signature check for SLE (sync shim.changes from SLE) + +------------------------------------------------------------------- +Wed Apr 21 05:44:35 UTC 2021 - Johannes Segitz + +- Update the SLE signatures (sync shim.changes from SLE) + ------------------------------------------------------------------- Thu Apr 8 08:44:27 UTC 2021 - Gary Ching-Pang Lin diff --git a/shim.spec b/shim.spec index f8aeac5..f3622ef 100644 --- a/shim.spec +++ b/shim.spec @@ -77,6 +77,10 @@ Patch4: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch Patch5: remove_build_id.patch # PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 glin@suse.com -- Disable exporting vendor-dbx to MokListXRT Patch6: shim-disable-export-vendor-dbx.patch +# PATCH-FIX-UPSTREAM shim-Enable-TDX-measurement-to-RTMR-register.patch jsc#PED-1273 jlee@suse.com -- Impl: [TDX Guest] TDX: Enhance shim measurement to TD RTMR +Patch7: shim-Enable-TDX-measurement-to-RTMR-register.patch +# PATCH-FIX-UPSTREAM shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch jsc#PED-127 jlee@suse.com -- Impl: Upgrade shim in SLE 15-SP5 and openSUSE TW for some issues +Patch8: shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch # PATCH-FIX-OPENSUSE shim-bsc1198101-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not Patch100: shim-bsc1198101-opensuse-cert-prompt.patch BuildRequires: dos2unix @@ -124,7 +128,11 @@ The source code of UEFI shim loader %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0 %patch100 -p1 +%endif %build # generate the vendor SBAT metadata @@ -189,9 +197,7 @@ for suffix in "${suffixes[@]}"; do signature=%{SOURCE11} %else # AArch64 signature - # Disable AArch64 signature attachment temporarily - # until we get a real one. - #signature=%{SOURCE13} + signature=%{SOURCE13} %endif elif test "$suffix" = "devel"; then cert=%{_sourcedir}/_projectcert.crt