forked from pool/grub2
be3181b1eb
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch OBS-URL: https://build.opensuse.org/request/show/876326 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=374
97 lines
3.2 KiB
Diff
97 lines
3.2 KiB
Diff
From 3b60f205de1450ed6bbe8655bfb59ea0dac4ad78 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Date: Thu, 3 Dec 2020 16:01:45 +0100
|
|
Subject: [PATCH 02/46] efi: Make shim_lock GUID and protocol type public
|
|
|
|
The GUID will be used to properly detect and report UEFI Secure Boot
|
|
status to the x86 Linux kernel. The functionality will be added by
|
|
subsequent patches. The shim_lock protocol type is made public for
|
|
completeness.
|
|
|
|
Additionally, fix formatting of four preceding GUIDs.
|
|
|
|
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/commands/efi/shim_lock.c | 12 ------------
|
|
include/grub/efi/api.h | 19 +++++++++++++++----
|
|
2 files changed, 15 insertions(+), 16 deletions(-)
|
|
|
|
diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
|
|
index 764098cfc..d8f52d721 100644
|
|
--- a/grub-core/commands/efi/shim_lock.c
|
|
+++ b/grub-core/commands/efi/shim_lock.c
|
|
@@ -27,18 +27,6 @@
|
|
|
|
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
|
-#define GRUB_EFI_SHIM_LOCK_GUID \
|
|
- { 0x605dab50, 0xe046, 0x4300, \
|
|
- { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
|
|
- }
|
|
-
|
|
-struct grub_efi_shim_lock_protocol
|
|
-{
|
|
- grub_efi_status_t
|
|
- (*verify) (void *buffer, grub_uint32_t size);
|
|
-};
|
|
-typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t;
|
|
-
|
|
static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
|
|
static grub_efi_shim_lock_protocol_t *sl;
|
|
|
|
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
|
|
index 21efee3f3..b5cef9a88 100644
|
|
--- a/include/grub/efi/api.h
|
|
+++ b/include/grub/efi/api.h
|
|
@@ -316,22 +316,27 @@
|
|
|
|
#define GRUB_EFI_SAL_TABLE_GUID \
|
|
{ 0xeb9d2d32, 0x2d88, 0x11d3, \
|
|
- { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \
|
|
+ { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \
|
|
}
|
|
|
|
#define GRUB_EFI_HCDP_TABLE_GUID \
|
|
{ 0xf951938d, 0x620b, 0x42ef, \
|
|
- { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \
|
|
+ { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \
|
|
}
|
|
|
|
#define GRUB_EFI_DEVICE_TREE_GUID \
|
|
{ 0xb1b621d5, 0xf19c, 0x41a5, \
|
|
- { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \
|
|
+ { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \
|
|
}
|
|
|
|
#define GRUB_EFI_VENDOR_APPLE_GUID \
|
|
{ 0x2B0585EB, 0xD8B8, 0x49A9, \
|
|
- { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \
|
|
+ { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \
|
|
+ }
|
|
+
|
|
+#define GRUB_EFI_SHIM_LOCK_GUID \
|
|
+ { 0x605dab50, 0xe046, 0x4300, \
|
|
+ { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
|
|
}
|
|
|
|
#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \
|
|
@@ -1970,6 +1975,12 @@ struct grub_efi_ip6_config_manual_address {
|
|
};
|
|
typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t;
|
|
|
|
+struct grub_efi_shim_lock_protocol
|
|
+{
|
|
+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
|
|
+};
|
|
+typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t;
|
|
+
|
|
#if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \
|
|
|| defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \
|
|
|| defined(__riscv)
|
|
--
|
|
2.26.2
|
|
|