Accepting request 1035798 from home:joeyli:branches:devel:openSUSE:Factory
Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127) OBS-URL: https://build.opensuse.org/request/show/1035798 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=194
This commit is contained in:
parent
63e4498fc9
commit
e8b8c97820
240
shim-Enable-TDX-measurement-to-RTMR-register.patch
Normal file
240
shim-Enable-TDX-measurement-to-RTMR-register.patch
Normal file
@ -0,0 +1,240 @@
|
||||
From 4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Mon Sep 17 00:00:00 2001
|
||||
From: Lu Ken <ken.lu@intel.com>
|
||||
Date: Sun, 22 May 2022 16:02:20 +0800
|
||||
Subject: [PATCH] Enable TDX measurement to RTMR register
|
||||
|
||||
Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine
|
||||
Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a
|
||||
new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD
|
||||
runs in a CPU mode that is designed to protect the confidentiality of
|
||||
its memory contents and its CPU state from any other software, including
|
||||
the hosting Virtual Machine Monitor (VMM).
|
||||
|
||||
Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX
|
||||
implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla
|
||||
for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625.
|
||||
|
||||
To support CC measurement/attestation with Intel TDX technology, these 4
|
||||
RTMR registers will be extended by TDX service like TPM/TPM2 PCR:
|
||||
|
||||
- RTMR[0] for TDVF configuration
|
||||
- RTMR[1] for the TD OS loader and kernel
|
||||
- RTMR[2] for the OS application
|
||||
- RTMR[3] reserved for special usage only
|
||||
|
||||
Add a TDX Implementation for CC Measurement protocol along with
|
||||
TPM/TPM2 protocol.
|
||||
|
||||
References:
|
||||
[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf
|
||||
[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
|
||||
[3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
|
||||
|
||||
Signed-off-by: Lu Ken <ken.lu@intel.com>
|
||||
[rharwood: style pass on code and commit message]
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
include/cc.h | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
include/guid.h | 1 +
|
||||
lib/guid.c | 1 +
|
||||
shim.h | 1 +
|
||||
tpm.c | 48 ++++++++++++++++++++++++++++
|
||||
5 files changed, 136 insertions(+)
|
||||
create mode 100644 include/cc.h
|
||||
|
||||
diff --git a/include/cc.h b/include/cc.h
|
||||
new file mode 100644
|
||||
index 0000000..8b12720
|
||||
--- /dev/null
|
||||
+++ b/include/cc.h
|
||||
@@ -0,0 +1,85 @@
|
||||
+// SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+#ifndef SHIM_CC_H
|
||||
+#define SHIM_CC_H
|
||||
+
|
||||
+typedef struct {
|
||||
+ uint8_t Major;
|
||||
+ uint8_t Minor;
|
||||
+} EFI_CC_VERSION;
|
||||
+
|
||||
+#define EFI_CC_TYPE_NONE 0
|
||||
+#define EFI_CC_TYPE_SEV 1
|
||||
+#define EFI_CC_TYPE_TDX 2
|
||||
+
|
||||
+typedef struct {
|
||||
+ uint8_t Type;
|
||||
+ uint8_t SubType;
|
||||
+} EFI_CC_TYPE;
|
||||
+
|
||||
+typedef uint32_t EFI_CC_EVENT_LOG_BITMAP;
|
||||
+typedef uint32_t EFI_CC_EVENT_LOG_FORMAT;
|
||||
+typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP;
|
||||
+typedef uint32_t EFI_CC_MR_INDEX;
|
||||
+
|
||||
+#define TDX_MR_INDEX_MRTD 0
|
||||
+#define TDX_MR_INDEX_RTMR0 1
|
||||
+#define TDX_MR_INDEX_RTMR1 2
|
||||
+#define TDX_MR_INDEX_RTMR2 3
|
||||
+#define TDX_MR_INDEX_RTMR3 4
|
||||
+
|
||||
+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
|
||||
+#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004
|
||||
+#define EFI_CC_EVENT_HEADER_VERSION 1
|
||||
+
|
||||
+typedef struct tdEFI_CC_EVENT_HEADER {
|
||||
+ uint32_t HeaderSize;
|
||||
+ uint16_t HeaderVersion;
|
||||
+ EFI_CC_MR_INDEX MrIndex;
|
||||
+ uint32_t EventType;
|
||||
+} __attribute__((packed)) EFI_CC_EVENT_HEADER;
|
||||
+
|
||||
+typedef struct tdEFI_CC_EVENT {
|
||||
+ uint32_t Size;
|
||||
+ EFI_CC_EVENT_HEADER Header;
|
||||
+ uint8_t Event[1];
|
||||
+} __attribute__((packed)) EFI_CC_EVENT;
|
||||
+
|
||||
+typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY {
|
||||
+ uint8_t Size;
|
||||
+ EFI_CC_VERSION StructureVersion;
|
||||
+ EFI_CC_VERSION ProtocolVersion;
|
||||
+ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
|
||||
+ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs;
|
||||
+ EFI_CC_TYPE CcType;
|
||||
+} EFI_CC_BOOT_SERVICE_CAPABILITY;
|
||||
+
|
||||
+struct efi_cc_protocol
|
||||
+{
|
||||
+ EFI_STATUS (EFIAPI *get_capability) (
|
||||
+ struct efi_cc_protocol *this,
|
||||
+ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
|
||||
+ EFI_STATUS (EFIAPI *get_event_log) (
|
||||
+ struct efi_cc_protocol *this,
|
||||
+ EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
|
||||
+ EFI_PHYSICAL_ADDRESS *EventLogLocation,
|
||||
+ EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
|
||||
+ BOOLEAN *EventLogTruncated);
|
||||
+ EFI_STATUS (EFIAPI *hash_log_extend_event) (
|
||||
+ struct efi_cc_protocol *this,
|
||||
+ uint64_t Flags,
|
||||
+ EFI_PHYSICAL_ADDRESS DataToHash,
|
||||
+ uint64_t DataToHashLen,
|
||||
+ EFI_CC_EVENT *EfiCcEvent);
|
||||
+ EFI_STATUS (EFIAPI *map_pcr_to_mr_index) (
|
||||
+ struct efi_cc_protocol *this,
|
||||
+ uint32_t PcrIndex,
|
||||
+ EFI_CC_MR_INDEX *MrIndex);
|
||||
+};
|
||||
+
|
||||
+typedef struct efi_cc_protocol efi_cc_protocol_t;
|
||||
+
|
||||
+#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010
|
||||
+
|
||||
+#endif /* SHIM_CC_H */
|
||||
+// vim:fenc=utf-8:tw=75
|
||||
diff --git a/include/guid.h b/include/guid.h
|
||||
index d9910ff..dad63f0 100644
|
||||
--- a/include/guid.h
|
||||
+++ b/include/guid.h
|
||||
@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID;
|
||||
extern EFI_GUID EFI_LOADED_IMAGE_GUID;
|
||||
extern EFI_GUID EFI_TPM_GUID;
|
||||
extern EFI_GUID EFI_TPM2_GUID;
|
||||
+extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID;
|
||||
extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
|
||||
extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
|
||||
extern EFI_GUID SECURITY_PROTOCOL_GUID;
|
||||
diff --git a/lib/guid.c b/lib/guid.c
|
||||
index e100c92..904629e 100644
|
||||
--- a/lib/guid.c
|
||||
+++ b/lib/guid.c
|
||||
@@ -28,6 +28,7 @@ EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48,
|
||||
EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID;
|
||||
EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } };
|
||||
EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } };
|
||||
+EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID = { 0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } };
|
||||
EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } };
|
||||
EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL;
|
||||
EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } };
|
||||
diff --git a/shim.h b/shim.h
|
||||
index 7e9d10e..14824c6 100644
|
||||
--- a/shim.h
|
||||
+++ b/shim.h
|
||||
@@ -186,6 +186,7 @@
|
||||
#include "include/simple_file.h"
|
||||
#include "include/str.h"
|
||||
#include "include/tpm.h"
|
||||
+#include "include/cc.h"
|
||||
#include "include/ucs2.h"
|
||||
#include "include/variables.h"
|
||||
#include "include/hexdump.h"
|
||||
diff --git a/tpm.c b/tpm.c
|
||||
index 41f3665..388f8d1 100644
|
||||
--- a/tpm.c
|
||||
+++ b/tpm.c
|
||||
@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
|
||||
+static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
|
||||
+ UINT8 pcr, const CHAR8 *log, UINTN logsize,
|
||||
+ UINT32 type, BOOLEAN is_pe_image)
|
||||
+{
|
||||
+ EFI_STATUS efi_status;
|
||||
+ EFI_CC_EVENT *event;
|
||||
+ efi_cc_protocol_t *cc;
|
||||
+ EFI_CC_MR_INDEX mr;
|
||||
+ uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0;
|
||||
+
|
||||
+ efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID,
|
||||
+ (VOID **)&cc);
|
||||
+ if (EFI_ERROR(efi_status) || !cc)
|
||||
+ return EFI_SUCCESS;
|
||||
+
|
||||
+ efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr);
|
||||
+ if (EFI_ERROR(efi_status))
|
||||
+ return EFI_NOT_FOUND;
|
||||
+
|
||||
+ UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize;
|
||||
+
|
||||
+ event = AllocatePool(event_size);
|
||||
+ if (!event) {
|
||||
+ perror(L"Unable to allocate event structure\n");
|
||||
+ return EFI_OUT_OF_RESOURCES;
|
||||
+ }
|
||||
+
|
||||
+ event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER);
|
||||
+ event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
|
||||
+ event->Header.MrIndex = mr;
|
||||
+ event->Header.EventType = type;
|
||||
+ event->Size = event_size;
|
||||
+ CopyMem(event->Event, (VOID *)log, logsize);
|
||||
+ efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size,
|
||||
+ event);
|
||||
+ FreePool(event);
|
||||
+ return efi_status;
|
||||
+}
|
||||
+
|
||||
static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
|
||||
UINT8 pcr, const CHAR8 *log, UINTN logsize,
|
||||
UINT32 type, CHAR8 *hash)
|
||||
@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
|
||||
BOOLEAN old_caps;
|
||||
EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
|
||||
|
||||
+ /* CC guest like TDX or SEV will measure the buffer and log the event,
|
||||
+ extend the result into a specific CC MR like TCG's PCR. It could
|
||||
+ coexists with TCG's TPM 1.2 and TPM 2.
|
||||
+ */
|
||||
+ efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type,
|
||||
+ (hash != NULL));
|
||||
+ if (EFI_ERROR(efi_status))
|
||||
+ return efi_status;
|
||||
+
|
||||
efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps);
|
||||
if (EFI_ERROR(efi_status)) {
|
||||
#ifdef REQUIRE_TPM
|
||||
--
|
||||
2.35.3
|
||||
|
@ -22,10 +22,10 @@ The state will store in use_openSUSE_cert, a volatile RT variable.
|
||||
shim.h | 1 +
|
||||
3 files changed, 71 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: shim-15.6~rc1+77144e5a/mok.c
|
||||
Index: shim-15.6/mok.c
|
||||
===================================================================
|
||||
--- shim-15.6~rc1+77144e5a.orig/mok.c
|
||||
+++ shim-15.6~rc1+77144e5a/mok.c
|
||||
--- shim-15.6.orig/mok.c
|
||||
+++ shim-15.6/mok.c
|
||||
@@ -46,7 +46,8 @@ static EFI_STATUS check_mok_request(EFI_
|
||||
check_var(L"MokPW") || check_var(L"MokAuth") ||
|
||||
check_var(L"MokDel") || check_var(L"MokDB") ||
|
||||
@ -46,10 +46,10 @@ Index: shim-15.6~rc1+77144e5a/mok.c
|
||||
return VENDOR_ADDEND_NONE;
|
||||
}
|
||||
|
||||
Index: shim-15.6~rc1+77144e5a/shim.c
|
||||
Index: shim-15.6/shim.c
|
||||
===================================================================
|
||||
--- shim-15.6~rc1+77144e5a.orig/shim.c
|
||||
+++ shim-15.6~rc1+77144e5a/shim.c
|
||||
--- shim-15.6.orig/shim.c
|
||||
+++ shim-15.6/shim.c
|
||||
@@ -496,6 +496,8 @@ verify_one_signature(WIN_CERTIFICATE_EFI
|
||||
}
|
||||
|
||||
@ -59,7 +59,7 @@ Index: shim-15.6~rc1+77144e5a/shim.c
|
||||
#if defined(ENABLE_SHIM_CERT)
|
||||
/*
|
||||
* Check against the shim build key
|
||||
@@ -1572,6 +1574,69 @@ shim_fini(void)
|
||||
@@ -1568,6 +1570,69 @@ shim_fini(void)
|
||||
console_fini();
|
||||
}
|
||||
|
||||
@ -129,7 +129,7 @@ Index: shim-15.6~rc1+77144e5a/shim.c
|
||||
extern EFI_STATUS
|
||||
efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab);
|
||||
|
||||
@@ -1712,6 +1777,9 @@ efi_main (EFI_HANDLE passed_image_handle
|
||||
@@ -1708,6 +1773,9 @@ efi_main (EFI_HANDLE passed_image_handle
|
||||
*/
|
||||
debug_hook();
|
||||
|
||||
@ -139,10 +139,10 @@ Index: shim-15.6~rc1+77144e5a/shim.c
|
||||
efi_status = set_sbat_uefi_variable();
|
||||
if (EFI_ERROR(efi_status) && secure_mode()) {
|
||||
perror(L"%s variable initialization failed\n", SBAT_VAR_NAME);
|
||||
Index: shim-15.6~rc1+77144e5a/MokManager.c
|
||||
Index: shim-15.6/MokManager.c
|
||||
===================================================================
|
||||
--- shim-15.6~rc1+77144e5a.orig/MokManager.c
|
||||
+++ shim-15.6~rc1+77144e5a/MokManager.c
|
||||
--- shim-15.6.orig/MokManager.c
|
||||
+++ shim-15.6/MokManager.c
|
||||
@@ -1864,6 +1864,36 @@ mokpw_done:
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
@ -280,10 +280,10 @@ Index: shim-15.6~rc1+77144e5a/MokManager.c
|
||||
LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
|
||||
LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID);
|
||||
LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
|
||||
Index: shim-15.6~rc1+77144e5a/globals.c
|
||||
Index: shim-15.6/globals.c
|
||||
===================================================================
|
||||
--- shim-15.6~rc1+77144e5a.orig/globals.c
|
||||
+++ shim-15.6~rc1+77144e5a/globals.c
|
||||
--- shim-15.6.orig/globals.c
|
||||
+++ shim-15.6/globals.c
|
||||
@@ -25,6 +25,7 @@ UINT8 *build_cert;
|
||||
*/
|
||||
verification_method_t verification_method;
|
||||
@ -292,11 +292,11 @@ Index: shim-15.6~rc1+77144e5a/globals.c
|
||||
|
||||
UINT8 user_insecure_mode;
|
||||
UINT8 ignore_db;
|
||||
Index: shim-15.6~rc1+77144e5a/shim.h
|
||||
Index: shim-15.6/shim.h
|
||||
===================================================================
|
||||
--- shim-15.6~rc1+77144e5a.orig/shim.h
|
||||
+++ shim-15.6~rc1+77144e5a/shim.h
|
||||
@@ -268,6 +268,7 @@ extern UINT8 mok_policy;
|
||||
--- shim-15.6.orig/shim.h
|
||||
+++ shim-15.6/shim.h
|
||||
@@ -270,6 +270,7 @@ extern UINT8 mok_policy;
|
||||
extern UINT8 in_protocol;
|
||||
extern void *load_options;
|
||||
extern UINT32 load_options_size;
|
||||
|
672
shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
Normal file
672
shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
Normal file
@ -0,0 +1,672 @@
|
||||
From 0eb07e11b20680200d3ce9c5bc59299121a75388 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Coulson <chris.coulson@canonical.com>
|
||||
Date: Tue, 31 May 2022 22:21:26 +0100
|
||||
Subject: [PATCH 01/12] Make SBAT variable payload introspectable
|
||||
|
||||
Given a set of EFI variables and boot assets, it should be possible
|
||||
to compute what the value of PCR 7 will be on the next boot.
|
||||
|
||||
As shim manages the contents of the SbatLevel variable and this is
|
||||
measured to PCR 7, export the payloads that shim contains in a new
|
||||
COFF section (.sbatlevel) so that it can be introspected by code
|
||||
outside of shim.
|
||||
|
||||
The new section works a bit like .vendor_cert - it contains a header
|
||||
and then the payload. In this case, the header contains no size fields
|
||||
because the strings are NULL terminated. Shim uses this new section
|
||||
internally in set_sbat_uefi_variable.
|
||||
|
||||
The .sbatlevel section starts with a 4 byte version field which is
|
||||
not used by shim but may be useful for external auditors if the
|
||||
format of the section contents change in the future.
|
||||
|
||||
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
|
||||
---
|
||||
Makefile | 7 ++++---
|
||||
elf_aarch64_efi.lds | 4 ++++
|
||||
elf_ia32_efi.lds | 4 ++++
|
||||
elf_ia64_efi.lds | 4 ++++
|
||||
elf_x86_64_efi.lds | 4 ++++
|
||||
include/sbat.h | 32 --------------------------------
|
||||
include/sbat_var_defs.h | 38 ++++++++++++++++++++++++++++++++++++++
|
||||
include/test.mk | 2 +-
|
||||
sbat.c | 21 ++++++++++++++++-----
|
||||
sbat_var.S | 20 ++++++++++++++++++++
|
||||
shim.h | 1 +
|
||||
11 files changed, 96 insertions(+), 41 deletions(-)
|
||||
create mode 100644 include/sbat_var_defs.h
|
||||
create mode 100644 sbat_var.S
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 24ac314..866611c 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -38,9 +38,9 @@ CFLAGS += -DENABLE_SHIM_CERT
|
||||
else
|
||||
TARGETS += $(MMNAME) $(FBNAME)
|
||||
endif
|
||||
-OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o
|
||||
+OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o
|
||||
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
|
||||
-ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S
|
||||
+ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S
|
||||
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o
|
||||
ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
|
||||
FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o
|
||||
@@ -253,7 +253,7 @@ endif
|
||||
$(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
|
||||
-j .dynamic -j .rodata -j .rel* \
|
||||
-j .rela* -j .dyn -j .reloc -j .eh_frame \
|
||||
- -j .vendor_cert -j .sbat \
|
||||
+ -j .vendor_cert -j .sbat -j .sbatlevel \
|
||||
$(FORMAT) $< $@
|
||||
./post-process-pe -vv $@
|
||||
|
||||
@@ -269,6 +269,7 @@ endif
|
||||
$(OBJCOPY) -D -j .text -j .sdata -j .data \
|
||||
-j .dynamic -j .rodata -j .rel* \
|
||||
-j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \
|
||||
+ -j .sbatlevel \
|
||||
-j .debug_info -j .debug_abbrev -j .debug_aranges \
|
||||
-j .debug_line -j .debug_str -j .debug_ranges \
|
||||
-j .note.gnu.build-id \
|
||||
diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds
|
||||
index 60c55ba..0861f5e 100644
|
||||
--- a/elf_aarch64_efi.lds
|
||||
+++ b/elf_aarch64_efi.lds
|
||||
@@ -34,6 +34,10 @@ SECTIONS
|
||||
.data.ident : {
|
||||
*(.data.ident)
|
||||
}
|
||||
+ . = ALIGN(4096);
|
||||
+ .sbatlevel : {
|
||||
+ *(.sbatlevel)
|
||||
+ }
|
||||
|
||||
. = ALIGN(4096);
|
||||
.data :
|
||||
diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
|
||||
index 497a3a1..e8da91b 100644
|
||||
--- a/elf_ia32_efi.lds
|
||||
+++ b/elf_ia32_efi.lds
|
||||
@@ -28,6 +28,10 @@ SECTIONS
|
||||
.data.ident : {
|
||||
*(.data.ident)
|
||||
}
|
||||
+ . = ALIGN(4096);
|
||||
+ .sbatlevel : {
|
||||
+ *(.sbatlevel)
|
||||
+ }
|
||||
|
||||
. = ALIGN(4096);
|
||||
.data :
|
||||
diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds
|
||||
index 2669b85..a219560 100644
|
||||
--- a/elf_ia64_efi.lds
|
||||
+++ b/elf_ia64_efi.lds
|
||||
@@ -34,6 +34,10 @@ SECTIONS
|
||||
.data.ident : {
|
||||
*(.data.ident)
|
||||
}
|
||||
+ . = ALIGN(4096);
|
||||
+ .sbatlevel : {
|
||||
+ *(.sbatlevel)
|
||||
+ }
|
||||
|
||||
. = ALIGN(4096);
|
||||
.data :
|
||||
diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
|
||||
index bcc6527..39aff6b 100644
|
||||
--- a/elf_x86_64_efi.lds
|
||||
+++ b/elf_x86_64_efi.lds
|
||||
@@ -35,6 +35,10 @@ SECTIONS
|
||||
.data.ident : {
|
||||
*(.data.ident)
|
||||
}
|
||||
+ . = ALIGN(4096);
|
||||
+ .sbatlevel : {
|
||||
+ *(.sbatlevel)
|
||||
+ }
|
||||
|
||||
. = ALIGN(4096);
|
||||
.data :
|
||||
diff --git a/include/sbat.h b/include/sbat.h
|
||||
index aca4359..c94c4fb 100644
|
||||
--- a/include/sbat.h
|
||||
+++ b/include/sbat.h
|
||||
@@ -6,38 +6,6 @@
|
||||
#ifndef SBAT_H_
|
||||
#define SBAT_H_
|
||||
|
||||
-#define SBAT_VAR_SIG "sbat,"
|
||||
-#define SBAT_VAR_VERSION "1,"
|
||||
-#define SBAT_VAR_ORIGINAL_DATE "2021030218"
|
||||
-#define SBAT_VAR_ORIGINAL \
|
||||
- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
|
||||
-
|
||||
-#if defined(ENABLE_SHIM_DEVEL)
|
||||
-#define SBAT_VAR_PREVIOUS_DATE "2022020101"
|
||||
-#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
|
||||
-#define SBAT_VAR_PREVIOUS \
|
||||
- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
|
||||
- SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
-
|
||||
-#define SBAT_VAR_LATEST_DATE "2022050100"
|
||||
-#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
|
||||
-#define SBAT_VAR_LATEST \
|
||||
- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
|
||||
- SBAT_VAR_LATEST_REVOCATIONS
|
||||
-#else /* !ENABLE_SHIM_DEVEL */
|
||||
-#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
|
||||
-#define SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
-#define SBAT_VAR_PREVIOUS \
|
||||
- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
|
||||
- SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
-
|
||||
-#define SBAT_VAR_LATEST_DATE "2022052400"
|
||||
-#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
|
||||
-#define SBAT_VAR_LATEST \
|
||||
- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
|
||||
- SBAT_VAR_LATEST_REVOCATIONS
|
||||
-#endif /* ENABLE_SHIM_DEVEL */
|
||||
-
|
||||
#define UEFI_VAR_NV_BS \
|
||||
(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
|
||||
#define UEFI_VAR_NV_BS_RT \
|
||||
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
|
||||
new file mode 100644
|
||||
index 0000000..c656b56
|
||||
--- /dev/null
|
||||
+++ b/include/sbat_var_defs.h
|
||||
@@ -0,0 +1,38 @@
|
||||
+// SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+#ifndef SBAT_VAR_DEFS_H_
|
||||
+#define SBAT_VAR_DEFS_H_
|
||||
+
|
||||
+#define SBAT_VAR_SIG "sbat,"
|
||||
+#define SBAT_VAR_VERSION "1,"
|
||||
+#define SBAT_VAR_ORIGINAL_DATE "2021030218"
|
||||
+#define SBAT_VAR_ORIGINAL \
|
||||
+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
|
||||
+
|
||||
+#if defined(ENABLE_SHIM_DEVEL)
|
||||
+#define SBAT_VAR_PREVIOUS_DATE "2022020101"
|
||||
+#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
|
||||
+#define SBAT_VAR_PREVIOUS \
|
||||
+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
|
||||
+ SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
+
|
||||
+#define SBAT_VAR_LATEST_DATE "2022050100"
|
||||
+#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
|
||||
+#define SBAT_VAR_LATEST \
|
||||
+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
|
||||
+ SBAT_VAR_LATEST_REVOCATIONS
|
||||
+#else /* !ENABLE_SHIM_DEVEL */
|
||||
+#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
|
||||
+#define SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
+#define SBAT_VAR_PREVIOUS \
|
||||
+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
|
||||
+ SBAT_VAR_PREVIOUS_REVOCATIONS
|
||||
+
|
||||
+#define SBAT_VAR_LATEST_DATE "2022052400"
|
||||
+#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
|
||||
+#define SBAT_VAR_LATEST \
|
||||
+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
|
||||
+ SBAT_VAR_LATEST_REVOCATIONS
|
||||
+#endif /* ENABLE_SHIM_DEVEL */
|
||||
+
|
||||
+#endif /* !SBAT_VAR_DEFS_H_ */
|
||||
diff --git a/include/test.mk b/include/test.mk
|
||||
index e965c60..c0e2409 100644
|
||||
--- a/include/test.mk
|
||||
+++ b/include/test.mk
|
||||
@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
|
||||
test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
|
||||
test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
|
||||
|
||||
-test-sbat_FILES = csv.c lib/variables.c lib/guid.c
|
||||
+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
|
||||
test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
|
||||
|
||||
test-str_FILES = lib/string.c
|
||||
diff --git a/sbat.c b/sbat.c
|
||||
index f1d6e98..a08c5b2 100644
|
||||
--- a/sbat.c
|
||||
+++ b/sbat.c
|
||||
@@ -5,6 +5,11 @@
|
||||
|
||||
#include "shim.h"
|
||||
|
||||
+extern struct {
|
||||
+ UINT32 previous_offset;
|
||||
+ UINT32 latest_offset;
|
||||
+} sbat_var_payload_header;
|
||||
+
|
||||
EFI_STATUS
|
||||
parse_sbat_section(char *section_base, size_t section_size,
|
||||
size_t *n_entries,
|
||||
@@ -399,6 +404,9 @@ set_sbat_uefi_variable(void)
|
||||
EFI_STATUS efi_status = EFI_SUCCESS;
|
||||
UINT32 attributes = 0;
|
||||
|
||||
+ char *sbat_var_previous;
|
||||
+ char *sbat_var_latest;
|
||||
+
|
||||
UINT8 *sbat = NULL;
|
||||
UINT8 *sbat_policy = NULL;
|
||||
UINTN sbatsize = 0;
|
||||
@@ -407,27 +415,30 @@ set_sbat_uefi_variable(void)
|
||||
char *sbat_var = NULL;
|
||||
bool reset_sbat = false;
|
||||
|
||||
+ sbat_var_previous = (char *)&sbat_var_payload_header + sbat_var_payload_header.previous_offset;
|
||||
+ sbat_var_latest = (char *)&sbat_var_payload_header + sbat_var_payload_header.latest_offset;
|
||||
+
|
||||
efi_status = get_variable_attr(SBAT_POLICY, &sbat_policy,
|
||||
&sbat_policysize, SHIM_LOCK_GUID,
|
||||
&attributes);
|
||||
if (EFI_ERROR(efi_status)) {
|
||||
dprint("Default sbat policy: previous\n");
|
||||
- sbat_var = SBAT_VAR_PREVIOUS;
|
||||
+ sbat_var = sbat_var_previous;
|
||||
} else {
|
||||
switch (*sbat_policy) {
|
||||
case SBAT_POLICY_LATEST:
|
||||
dprint("Custom sbat policy: latest\n");
|
||||
- sbat_var = SBAT_VAR_LATEST;
|
||||
+ sbat_var = sbat_var_latest;
|
||||
clear_sbat_policy();
|
||||
break;
|
||||
case SBAT_POLICY_PREVIOUS:
|
||||
dprint("Custom sbat policy: previous\n");
|
||||
- sbat_var = SBAT_VAR_PREVIOUS;
|
||||
+ sbat_var = sbat_var_previous;
|
||||
break;
|
||||
case SBAT_POLICY_RESET:
|
||||
if (secure_mode()) {
|
||||
console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n");
|
||||
- sbat_var = SBAT_VAR_PREVIOUS;
|
||||
+ sbat_var = sbat_var_previous;
|
||||
} else {
|
||||
dprint(L"Custom SBAT policy: reset OK\n");
|
||||
reset_sbat = true;
|
||||
@@ -438,7 +449,7 @@ set_sbat_uefi_variable(void)
|
||||
default:
|
||||
console_error(L"SBAT policy state %llu is invalid",
|
||||
EFI_INVALID_PARAMETER);
|
||||
- sbat_var = SBAT_VAR_PREVIOUS;
|
||||
+ sbat_var = sbat_var_previous;
|
||||
clear_sbat_policy();
|
||||
break;
|
||||
}
|
||||
diff --git a/sbat_var.S b/sbat_var.S
|
||||
new file mode 100644
|
||||
index 0000000..a115077
|
||||
--- /dev/null
|
||||
+++ b/sbat_var.S
|
||||
@@ -0,0 +1,20 @@
|
||||
+// SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+#include "include/sbat_var_defs.h"
|
||||
+
|
||||
+ .section .sbatlevel, "a", %progbits
|
||||
+ .balignl 4, 0
|
||||
+ .4byte 0 /* format version for external parsers */
|
||||
+ .globl sbat_var_payload_header
|
||||
+ .type sbat_var_payload_header, %object
|
||||
+ .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header
|
||||
+sbat_var_payload_header:
|
||||
+ .4byte .Lsbat_var_previous - sbat_var_payload_header
|
||||
+ .4byte .Lsbat_var_latest - sbat_var_payload_header
|
||||
+.Lsbat_var_payload_header_end:
|
||||
+ .balign 1, 0
|
||||
+.Lsbat_var_previous:
|
||||
+ .asciz SBAT_VAR_PREVIOUS
|
||||
+ .balign 1, 0
|
||||
+.Lsbat_var_latest:
|
||||
+ .asciz SBAT_VAR_LATEST
|
||||
diff --git a/shim.h b/shim.h
|
||||
index b5272b9..7e9d10e 100644
|
||||
--- a/shim.h
|
||||
+++ b/shim.h
|
||||
@@ -179,6 +179,7 @@
|
||||
#include "include/pe.h"
|
||||
#include "include/replacements.h"
|
||||
#include "include/sbat.h"
|
||||
+#include "include/sbat_var_defs.h"
|
||||
#if defined(OVERRIDE_SECURITY_POLICY)
|
||||
#include "include/security_policy.h"
|
||||
#endif
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From 092c2b2bbed950727e41cf450b61c794881c33e7 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
Date: Fri, 17 Jun 2022 12:37:28 -0400
|
||||
Subject: [PATCH 02/12] Reference MokListRT instead of MokList
|
||||
|
||||
When calling back into shim from grub, the MokListRT may contain additional
|
||||
entries not available in the original MokList, an example being the certs
|
||||
included via user_cert. Use the MokListRT instead when calling check_db_cert
|
||||
and check_db_hash.
|
||||
|
||||
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
---
|
||||
shim.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/shim.c b/shim.c
|
||||
index fdd205e..27b74ce 100644
|
||||
--- a/shim.c
|
||||
+++ b/shim.c
|
||||
@@ -397,22 +397,22 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
|
||||
}
|
||||
#endif
|
||||
|
||||
- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash,
|
||||
+ if (check_db_hash(L"MokListRT", SHIM_LOCK_GUID, sha256hash,
|
||||
SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID)
|
||||
== DATA_FOUND) {
|
||||
verification_method = VERIFIED_BY_HASH;
|
||||
update_verification_method(VERIFIED_BY_HASH);
|
||||
return EFI_SUCCESS;
|
||||
} else {
|
||||
- LogError(L"check_db_hash(MokList, sha256hash) != DATA_FOUND\n");
|
||||
+ LogError(L"check_db_hash(MokListRT, sha256hash) != DATA_FOUND\n");
|
||||
}
|
||||
- if (cert && check_db_cert(L"MokList", SHIM_LOCK_GUID, cert, sha256hash)
|
||||
+ if (cert && check_db_cert(L"MokListRT", SHIM_LOCK_GUID, cert, sha256hash)
|
||||
== DATA_FOUND) {
|
||||
verification_method = VERIFIED_BY_CERT;
|
||||
update_verification_method(VERIFIED_BY_CERT);
|
||||
return EFI_SUCCESS;
|
||||
} else if (cert) {
|
||||
- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n");
|
||||
+ LogError(L"check_db_cert(MokListRT, sha256hash) != DATA_FOUND\n");
|
||||
}
|
||||
|
||||
update_verification_method(VERIFIED_BY_NOTHING);
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From 14d63398298c8de23036a4cf61594108b7345863 Mon Sep 17 00:00:00 2001
|
||||
From: Robbie Harwood <rharwood@redhat.com>
|
||||
Date: Tue, 23 Aug 2022 12:07:16 -0400
|
||||
Subject: [PATCH 05/12] Discard load-options that start with a NUL
|
||||
|
||||
In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI
|
||||
LoadOptions that are just NUL characters."), a check was added to
|
||||
discard load options that are entirely NUL. We now see some firmwares
|
||||
that start LoadOptions with a NUL, and then follow it with garbage (path
|
||||
to directory containing loaders). Widen the check to just discard
|
||||
anything that starts with a NUL.
|
||||
|
||||
Resolves: #490
|
||||
Related: #95
|
||||
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005
|
||||
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
||||
---
|
||||
include/ucs2.h | 18 ------------------
|
||||
load-options.c | 7 ++++++-
|
||||
2 files changed, 6 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/include/ucs2.h b/include/ucs2.h
|
||||
index ee038ce..87eab32 100644
|
||||
--- a/include/ucs2.h
|
||||
+++ b/include/ucs2.h
|
||||
@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject)
|
||||
return ret;
|
||||
}
|
||||
|
||||
-/*
|
||||
- * Test if an entire buffer is nothing but NUL characters. This
|
||||
- * implementation "gracefully" ignores the difference between the
|
||||
- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL.
|
||||
- */
|
||||
-static inline bool
|
||||
-__attribute__((__unused__))
|
||||
-is_all_nuls(UINT8 *data, UINTN data_size)
|
||||
-{
|
||||
- UINTN i;
|
||||
-
|
||||
- for (i = 0; i < data_size; i++) {
|
||||
- if (data[i] != 0)
|
||||
- return false;
|
||||
- }
|
||||
- return true;
|
||||
-}
|
||||
-
|
||||
#endif /* SHIM_UCS2_H */
|
||||
diff --git a/load-options.c b/load-options.c
|
||||
index c6bb742..a8c6e1a 100644
|
||||
--- a/load-options.c
|
||||
+++ b/load-options.c
|
||||
@@ -404,8 +404,13 @@ parse_load_options(EFI_LOADED_IMAGE *li)
|
||||
|
||||
/*
|
||||
* Apparently sometimes we get L"\0\0"? Which isn't useful at all.
|
||||
+ *
|
||||
+ * Possibly related, but some boards have additional data before the
|
||||
+ * size which is garbage (it's a weird path to the directory
|
||||
+ * containing the loaders). Known boards that do this: Kontron VX3040
|
||||
+ * (AMI), ASUS B85M-E, and at least one "older Dell laptop".
|
||||
*/
|
||||
- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize))
|
||||
+ if (((CHAR16 *)li->LoadOptions)[0] == 0)
|
||||
return EFI_SUCCESS;
|
||||
|
||||
/*
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From 5c537b3d0cf8c393dad2e61d49aade68f3af1401 Mon Sep 17 00:00:00 2001
|
||||
From: dann frazier <dann.frazier@canonical.com>
|
||||
Date: Tue, 6 Sep 2022 09:28:22 -0600
|
||||
Subject: [PATCH 06/12] shim: Flush the memory region from i-cache before
|
||||
execution
|
||||
|
||||
We've seen crashes in early GRUB code on an ARM Cortex-A72-based
|
||||
platform that point at seemingly harmless instructions. Flushing
|
||||
the i-cache of those instructions prior to executing has been
|
||||
shown to avoid the problem, which has parallels with this story:
|
||||
https://www.mail-archive.com/osv-dev@googlegroups.com/msg06203.html
|
||||
|
||||
Add a cache flushing utility function and provide an implementation
|
||||
using a GCC intrinsic. This will need to be extended to support other
|
||||
compilers. Note that this intrinsic is a no-op for x86 platforms.
|
||||
|
||||
This fixes issue #498.
|
||||
|
||||
Signed-off-by: dann frazier <dann.frazier@canonical.com>
|
||||
---
|
||||
include/compiler.h | 6 ++++++
|
||||
pe.c | 3 +++
|
||||
2 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/include/compiler.h b/include/compiler.h
|
||||
index b4bf103..b0d595f 100644
|
||||
--- a/include/compiler.h
|
||||
+++ b/include/compiler.h
|
||||
@@ -192,5 +192,11 @@
|
||||
*/
|
||||
#define unreachable() __builtin_unreachable()
|
||||
|
||||
+#if defined(__GNUC__)
|
||||
+#define cache_invalidate(begin, end) __builtin___clear_cache(begin, end)
|
||||
+#else /* __GNUC__ */
|
||||
+#error shim has no cache_invalidate() implementation for this compiler
|
||||
+#endif /* __GNUC__ */
|
||||
+
|
||||
#endif /* !COMPILER_H_ */
|
||||
// vim:fenc=utf-8:tw=75:et
|
||||
diff --git a/pe.c b/pe.c
|
||||
index ba3e2bb..f94530a 100644
|
||||
--- a/pe.c
|
||||
+++ b/pe.c
|
||||
@@ -1196,6 +1196,9 @@ handle_image (void *data, unsigned int datasize,
|
||||
|
||||
CopyMem(buffer, data, context.SizeOfHeaders);
|
||||
|
||||
+ /* Flush the instruction cache for the region holding the image */
|
||||
+ cache_invalidate(buffer, buffer + context.ImageSize);
|
||||
+
|
||||
*entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint);
|
||||
if (!*entry_point) {
|
||||
perror(L"Entry point is invalid\n");
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001
|
||||
From: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
Date: Wed, 2 Nov 2022 10:39:43 -0600
|
||||
Subject: [PATCH 07/12] load_cert_file: Fix stack issue
|
||||
|
||||
0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two
|
||||
new problems. First it incorrectly assumes li.FilePath is a string.
|
||||
Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found
|
||||
that not all archectures can handle this being on the stack.
|
||||
|
||||
The shim_li variable will be setup properly from the read_image
|
||||
call. Use the global shim_li variable instead when calling
|
||||
verify_image.
|
||||
|
||||
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
---
|
||||
shim.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/shim.c b/shim.c
|
||||
index 27b74ce..0d919ce 100644
|
||||
--- a/shim.c
|
||||
+++ b/shim.c
|
||||
@@ -1395,7 +1395,6 @@ EFI_STATUS
|
||||
load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
|
||||
{
|
||||
EFI_STATUS efi_status;
|
||||
- EFI_LOADED_IMAGE li;
|
||||
PE_COFF_LOADER_IMAGE_CONTEXT context;
|
||||
EFI_IMAGE_SECTION_HEADER *Section;
|
||||
EFI_SIGNATURE_LIST *certlist;
|
||||
@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
|
||||
if (EFI_ERROR(efi_status))
|
||||
return efi_status;
|
||||
|
||||
- memset(&li, 0, sizeof(li));
|
||||
- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath)));
|
||||
-
|
||||
- efi_status = verify_image(data, datasize, &li, &context);
|
||||
+ efi_status = verify_image(data, datasize, shim_li, &context);
|
||||
if (EFI_ERROR(efi_status))
|
||||
return efi_status;
|
||||
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From ea4911c2f3ce8f8f703a1476febac86bb16b00fd Mon Sep 17 00:00:00 2001
|
||||
From: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
Date: Wed, 2 Nov 2022 10:45:23 -0600
|
||||
Subject: [PATCH 08/12] load_cert_file: Use EFI RT memory function
|
||||
|
||||
Use the EFI RT memory function CopyMem instead of memcpy in load_cert_file.
|
||||
|
||||
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
|
||||
---
|
||||
shim.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/shim.c b/shim.c
|
||||
index 0d919ce..4437898 100644
|
||||
--- a/shim.c
|
||||
+++ b/shim.c
|
||||
@@ -1429,8 +1429,8 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
|
||||
user_cert_size += certlist->SignatureListSize;;
|
||||
user_cert = ReallocatePool(user_cert, original,
|
||||
user_cert_size);
|
||||
- memcpy(user_cert + original, pointer,
|
||||
- certlist->SignatureListSize);
|
||||
+ CopyMem(user_cert + original, pointer,
|
||||
+ certlist->SignatureListSize);
|
||||
}
|
||||
}
|
||||
FreePool(data);
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Mon Sep 17 00:00:00 2001
|
||||
From: Nicholas Bishop <nicholasbishop@google.com>
|
||||
Date: Thu, 6 Oct 2022 16:08:56 -0400
|
||||
Subject: [PATCH 09/12] Add -malign-double to IA32 compiler flags
|
||||
|
||||
This changes the alignment of UINT64 data to 8 bytes on IA32, which
|
||||
matches EDK2's understanding of alignment. In particular this change
|
||||
affects the offset where shim writes `EFI_LOADED_IMAGE.ImageSize`.
|
||||
|
||||
Fixes https://github.com/rhboot/shim/issues/515
|
||||
|
||||
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
|
||||
---
|
||||
Make.defaults | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Make.defaults b/Make.defaults
|
||||
index dfed9c4..c46164a 100644
|
||||
--- a/Make.defaults
|
||||
+++ b/Make.defaults
|
||||
@@ -71,7 +71,7 @@ ifeq ($(ARCH),x86_64)
|
||||
endif
|
||||
ifeq ($(ARCH),ia32)
|
||||
ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
|
||||
- $(CLANG_BUGS) -m32 \
|
||||
+ $(CLANG_BUGS) -m32 -malign-double \
|
||||
-DMDE_CPU_IA32 -DPAGE_SIZE=4096
|
||||
ARCH_GNUEFI ?= ia32
|
||||
ARCH_SUFFIX ?= ia32
|
||||
--
|
||||
2.35.3
|
||||
|
||||
|
||||
From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001
|
||||
From: Arthur Gautier <arthur.gautier@arista.com>
|
||||
Date: Fri, 21 Oct 2022 13:20:45 -0700
|
||||
Subject: [PATCH 12/12] mok: remove MokListTrusted from PCR 7
|
||||
|
||||
MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
|
||||
MokListTrusted does not alter the behavior of secure boot so, as per
|
||||
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
|
||||
(section 3.3.4 PCR usage) so it should not be factored in the value of
|
||||
PCR 7.
|
||||
|
||||
See:
|
||||
https://github.com/rhboot/shim/pull/423
|
||||
https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f
|
||||
|
||||
Fixes https://github.com/rhboot/shim/issues/484
|
||||
Fixes https://github.com/rhboot/shim/issues/492
|
||||
|
||||
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
|
||||
---
|
||||
mok.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/mok.c b/mok.c
|
||||
index 63ddfca..9811b35 100644
|
||||
--- a/mok.c
|
||||
+++ b/mok.c
|
||||
@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
|
||||
EFI_VARIABLE_NON_VOLATILE,
|
||||
.no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
.flags = MOK_MIRROR_DELETE_FIRST |
|
||||
- MOK_VARIABLE_MEASURE |
|
||||
MOK_VARIABLE_INVERSE |
|
||||
MOK_VARIABLE_LOG,
|
||||
.pcr = 14,
|
||||
--
|
||||
2.35.3
|
||||
|
89
shim.changes
89
shim.changes
@ -1,3 +1,37 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 08:06:24 UTC 2022 - Joey Lee <jlee@suse.com>
|
||||
|
||||
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
|
||||
patches between 15.6 with aa1b289a1a (jsc#PED-127):
|
||||
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
|
||||
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
|
||||
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
|
||||
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
|
||||
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
|
||||
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
|
||||
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
|
||||
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 08:06:05 UTC 2022 - Joey Lee <jlee@suse.com>
|
||||
|
||||
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
|
||||
enhance shim measurement to TD RTMR. (jsc#PED-1273)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 07:53:59 UTC 2022 - Joey Lee <jlee@suse.com>
|
||||
|
||||
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
|
||||
and shim.changes: (jsc#PED-127)
|
||||
- Add some change log from SLE shim.changes to Factory shim.changes
|
||||
Those messages are added "(sync shim.changes from SLE)" tag.
|
||||
- Add the following changes to shim.spec
|
||||
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
|
||||
on openSUSE.
|
||||
- Enable the AArch64 signature check for SLE:
|
||||
# AArch64 signature
|
||||
signature=%{SOURCE13}
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 29 02:42:35 UTC 2022 - Michael Chang <mchang@suse.com>
|
||||
|
||||
@ -192,6 +226,11 @@ Tue Apr 12 06:35:16 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
|
||||
|
||||
- use common SBAT values (boo#1193282)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 15 08:13:26 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update the SLE signatures (sync shim.changes from SLE)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 1 04:07:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
@ -201,6 +240,40 @@ Thu Jul 1 04:07:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
(sync shim.changes from SLE)
|
||||
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
|
||||
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
|
||||
the size of MokListXRT (bsc#1185261)
|
||||
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
|
||||
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
|
||||
to handle ignore_db and user_insecure_mode correctly
|
||||
(bsc#1185441, bsc#1187071)
|
||||
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
|
||||
maximum variable size check for u-boot (bsc#1185621)
|
||||
+ Also drop AArch64 suse-signed shim since we merged this patch
|
||||
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
|
||||
the check for import_mok_state() when Secure Boot is off.
|
||||
(bsc#1185261)
|
||||
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
|
||||
ignore the odd LoadOptions length (bsc#1185232)
|
||||
- shim-install: reset def_shim_efi to "shim.efi" if the given
|
||||
file doesn't exist
|
||||
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
|
||||
for AArch64
|
||||
Fix: https://github.com/rhboot/shim/issues/371
|
||||
- Add shim-disable-export-vendor-dbx.patch to disable exporting
|
||||
vendor-dbx to MokListXRT since writing a large RT variable
|
||||
could crash some machines (bsc#1185261)
|
||||
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
|
||||
potential crash when calling QueryVariableInfo in EFI 1.10
|
||||
machines (bsc#1187260)
|
||||
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
|
||||
buffer overflow when copying data to the MOK config table
|
||||
(bsc#1185232)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
|
||||
buffer overflow when copying data to the MOK config table
|
||||
(bsc#1185232)
|
||||
@ -255,6 +328,12 @@ Fri May 7 08:33:49 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
- shim-install: always assume "removable" for Azure to avoid the
|
||||
endless reset loop (bsc#1185464)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 6 06:45:39 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Include suse-signed shim for AArch64 (bsc#1185621)
|
||||
(sync shim.changes from SLE)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 6 03:18:32 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
@ -276,6 +355,16 @@ Wed Apr 28 09:28:30 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
the size of MokListXRT (bsc#1185261)
|
||||
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 22 03:26:48 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 21 05:44:35 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Update the SLE signatures (sync shim.changes from SLE)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 8 08:44:27 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
|
12
shim.spec
12
shim.spec
@ -77,6 +77,10 @@ Patch4: shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
|
||||
Patch5: remove_build_id.patch
|
||||
# PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 glin@suse.com -- Disable exporting vendor-dbx to MokListXRT
|
||||
Patch6: shim-disable-export-vendor-dbx.patch
|
||||
# PATCH-FIX-UPSTREAM shim-Enable-TDX-measurement-to-RTMR-register.patch jsc#PED-1273 jlee@suse.com -- Impl: [TDX Guest] TDX: Enhance shim measurement to TD RTMR
|
||||
Patch7: shim-Enable-TDX-measurement-to-RTMR-register.patch
|
||||
# PATCH-FIX-UPSTREAM shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch jsc#PED-127 jlee@suse.com -- Impl: Upgrade shim in SLE 15-SP5 and openSUSE TW for some issues
|
||||
Patch8: shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
|
||||
# PATCH-FIX-OPENSUSE shim-bsc1198101-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
|
||||
Patch100: shim-bsc1198101-opensuse-cert-prompt.patch
|
||||
BuildRequires: dos2unix
|
||||
@ -124,7 +128,11 @@ The source code of UEFI shim loader
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0
|
||||
%patch100 -p1
|
||||
%endif
|
||||
|
||||
%build
|
||||
# generate the vendor SBAT metadata
|
||||
@ -189,9 +197,7 @@ for suffix in "${suffixes[@]}"; do
|
||||
signature=%{SOURCE11}
|
||||
%else
|
||||
# AArch64 signature
|
||||
# Disable AArch64 signature attachment temporarily
|
||||
# until we get a real one.
|
||||
#signature=%{SOURCE13}
|
||||
signature=%{SOURCE13}
|
||||
%endif
|
||||
elif test "$suffix" = "devel"; then
|
||||
cert=%{_sourcedir}/_projectcert.crt
|
||||
|
Loading…
Reference in New Issue
Block a user