Skip to content
Snippets Groups Projects
Verified Commit f3c01ea0 authored by Sherif Nagy's avatar Sherif Nagy
Browse files

Clean up

parent fd0b6cb3
No related branches found
No related tags found
No related merge requests found
Showing
with 0 additions and 1110 deletions
From 1d50318f448b73b072724eb6664d311e6084a446 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 10 Apr 2018 12:36:34 -0400
Subject: [PATCH 01/62] Make some things dprint() instead of console_print()
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: dad59f8c0f36
---
shim.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index 00155346c12..ff0817009cd 100644
--- a/shim.c
+++ b/shim.c
@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
if (!dppath)
return 0;
- console_print(L"dppath: %s\n", dppath);
- console_print(L"path: %s\n", path);
+ dprint(L"dppath: %s\n", dppath);
+ dprint(L"path: %s\n", path);
if (StrnCaseCmp(dppath, path, len))
ret = 0;
--
2.26.2
From 32f71225382ddb7dd1ad51f584bc3d42a7ee39d1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 12 Apr 2018 13:24:48 -0400
Subject: [PATCH 02/62] Makefiles: ensure -m32 gets propogated to our gcc
parameter queries
'gcc -print-file-name=include' and 'gcc -print-libgcc-file-name' both
need -m32 when we're building 32-on-64 on some distros, so ensure that
gets propogated correctly.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: 104d6e54ac7
---
Make.defaults | 66 ++++++++++++++++++++++++++-------------------------
1 file changed, 34 insertions(+), 32 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index e11ab5a7f2c..bbfc1d7f77b 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -33,66 +33,46 @@ EFI_INCLUDES = -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
-I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \
-I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd)
-LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
-EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
-
EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
-CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
- -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
- -Werror=sign-compare -ffreestanding -std=gnu89 \
- -I$(shell $(CC) -print-file-name=include) \
- "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
- "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
- $(EFI_INCLUDES)
-
CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,)
COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
-ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
- CFLAGS += -DOVERRIDE_SECURITY_POLICY
-endif
-
-ifneq ($(origin ENABLE_HTTPBOOT), undefined)
- CFLAGS += -DENABLE_HTTPBOOT
-endif
-
-ifneq ($(origin REQUIRE_TPM), undefined)
- CFLAGS += -DREQUIRE_TPM
-endif
-
ifeq ($(ARCH),x86_64)
- CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
- $(CLANG_BUGS) -m64 \
- -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
- -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096
+ ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+ $(CLANG_BUGS) -m64 \
+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
+ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \
+ -DPAGE_SIZE=4096
LIBDIR ?= $(prefix)/lib64
ARCH_SUFFIX ?= x64
ARCH_SUFFIX_UPPER ?= X64
ARCH_LDFLAGS ?=
endif
ifeq ($(ARCH),ia32)
- CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
- $(CLANG_BUGS) -m32 \
- -DMDE_CPU_IA32 -DPAGE_SIZE=4096
+ ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+ $(CLANG_BUGS) -m32 \
+ -DMDE_CPU_IA32 -DPAGE_SIZE=4096
LIBDIR ?= $(prefix)/lib
ARCH_SUFFIX ?= ia32
ARCH_SUFFIX_UPPER ?= IA32
ARCH_LDFLAGS ?=
+ ARCH_CFLAGS ?= -m32
endif
ifeq ($(ARCH),aarch64)
- CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
+ ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
LIBDIR ?= $(prefix)/lib64
ARCH_SUFFIX ?= aa64
ARCH_SUFFIX_UPPER ?= AA64
FORMAT := -O binary
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ ARCH_CFLAGS ?=
endif
ifeq ($(ARCH),arm)
- CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
+ ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
LIBDIR ?= $(prefix)/lib
ARCH_SUFFIX ?= arm
ARCH_SUFFIX_UPPER ?= ARM
@@ -101,6 +81,28 @@ ifeq ($(ARCH),arm)
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
+CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+ -Werror=sign-compare -ffreestanding -std=gnu89 \
+ -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \
+ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+ $(EFI_INCLUDES) $(ARCH_CFLAGS)
+
+ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
+ CFLAGS += -DOVERRIDE_SECURITY_POLICY
+endif
+
+ifneq ($(origin ENABLE_HTTPBOOT), undefined)
+ CFLAGS += -DENABLE_HTTPBOOT
+endif
+
+ifneq ($(origin REQUIRE_TPM), undefined)
+ CFLAGS += -DREQUIRE_TPM
+endif
+
+LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
+EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
FORMAT ?= --target efi-app-$(ARCH)
EFI_PATH ?= $(LIBDIR)/gnuefi
--
2.26.2
From 74718677945b1ab825130b317c63f5002876e772 Mon Sep 17 00:00:00 2001
From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date: Thu, 5 Jul 2018 11:28:12 -0400
Subject: [PATCH 03/62] Let MokManager follow a MokTimeout var for timeout
length for the prompt
This timeout can have the values [-1,0..0x7fff]; where -1 means "no timeout",
with MokManager going directly to the menu, and is capped to 0x7fff to avoid
unecessary long timeouts. The default remains 10, which will be used whenever
the MokTimeout variable isn't set.
Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Upstream-commit-id: 93708c11083
---
MokManager.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/MokManager.c b/MokManager.c
index 7e40a38f1d1..0767e4a6cde 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -40,6 +40,10 @@ typedef struct {
CHAR16 Password[SB_PASSWORD_LEN];
} __attribute__ ((packed)) MokDBvar;
+typedef struct {
+ INT32 Timeout;
+} __attribute__ ((packed)) MokTimeoutvar;
+
static EFI_STATUS get_sha1sum(void *Data, int DataSize, UINT8 * hash)
{
EFI_STATUS efi_status;
@@ -2041,7 +2045,24 @@ static int draw_countdown()
UINTN cols, rows;
CHAR16 *title[2];
CHAR16 *message = L"Press any key to perform MOK management";
- int timeout = 10, wait = 10000000;
+ void *MokTimeout = NULL;
+ MokTimeoutvar *var;
+ UINTN MokTimeoutSize = 0;
+ int timeout, wait = 10000000;
+
+ efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout,
+ &MokTimeoutSize, SHIM_LOCK_GUID);
+ if (EFI_ERROR(efi_status)) {
+ timeout = 10;
+ } else {
+ var = MokTimeout;
+ timeout = (int)var->Timeout;
+ FreePool(MokTimeout);
+ LibDeleteVariable(L"MokTimeout", &SHIM_LOCK_GUID);
+ }
+
+ if (timeout < 0)
+ return timeout;
console_save_and_set_mode(&SavedMode);
--
2.26.2
From 8a66f5571bb059d2692e804f4ba9817e978dd103 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 28 May 2018 16:05:38 +0800
Subject: [PATCH 04/62] httpboot: return EFI_NOT_FOUND when it fails to find
the NIC handle
httpboot_fetch_buffer() should return EFI_NOT_FOUND to reflect the error
status when get_nic_handle() returns NULL.
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 2be5c7dc4b0
---
httpboot.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/httpboot.c b/httpboot.c
index 4cfa3aab3b7..d656073c633 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -715,6 +715,7 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
also supports the HTTP service binding protocol */
nic = get_nic_handle(&mac_addr);
if (!nic) {
+ efi_status = EFI_NOT_FOUND;
goto error;
}
--
2.26.2
From 0ba6c87bdf55f749a0ec1c3b0fd24ebb8200d537 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 28 May 2018 17:24:30 +0800
Subject: [PATCH 05/62] httpboot: print more messages when it fails to set IP
We previously only print the return status and it may not be clear
enough in some situations. Print the IP address and the gateway to help
the user to identify the possible errors.
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 3abe94516c7
---
httpboot.c | 45 +++++++++++++++++++++++++++++++++++++++++----
1 file changed, 41 insertions(+), 4 deletions(-)
diff --git a/httpboot.c b/httpboot.c
index d656073c633..6f27b01bf71 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -311,6 +311,20 @@ is_unspecified_addr (EFI_IPv6_ADDRESS ip6)
return TRUE;
}
+static inline void
+print_ip6_addr(EFI_IPv6_ADDRESS ip6addr)
+{
+ perror(L"%x:%x:%x:%x:%x:%x:%x:%x\n",
+ ip6addr.Addr[0] << 8 | ip6addr.Addr[1],
+ ip6addr.Addr[2] << 8 | ip6addr.Addr[3],
+ ip6addr.Addr[4] << 8 | ip6addr.Addr[5],
+ ip6addr.Addr[6] << 8 | ip6addr.Addr[7],
+ ip6addr.Addr[8] << 8 | ip6addr.Addr[9],
+ ip6addr.Addr[10] << 8 | ip6addr.Addr[11],
+ ip6addr.Addr[12] << 8 | ip6addr.Addr[13],
+ ip6addr.Addr[14] << 8 | ip6addr.Addr[15]);
+}
+
static EFI_STATUS
set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
{
@@ -329,8 +343,12 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
ip6.IsAnycast = FALSE;
efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeManualAddress,
sizeof(ip6), &ip6);
- if (EFI_ERROR(efi_status))
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Failed to set IPv6 Address:\nIP: ");
+ print_ip6_addr(ip6.Address);
+ perror(L"Prefix Length: %u\n", ip6.PrefixLength);
return efi_status;
+ }
gateway = ip6node->GatewayIpAddress;
if (is_unspecified_addr(gateway))
@@ -338,12 +356,23 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeGateway,
sizeof(gateway), &gateway);
- if (EFI_ERROR(efi_status))
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Failed to set IPv6 Gateway:\nIP: ");
+ print_ip6_addr(gateway);
return efi_status;
+ }
return EFI_SUCCESS;
}
+static inline void
+print_ip4_addr(EFI_IPv4_ADDRESS ip4addr)
+{
+ perror(L"%u.%u.%u.%u\n",
+ ip4addr.Addr[0], ip4addr.Addr[1],
+ ip4addr.Addr[2], ip4addr.Addr[3]);
+}
+
static EFI_STATUS
set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
{
@@ -361,14 +390,22 @@ set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
ip4.SubnetMask = ip4node->SubnetMask;
efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeManualAddress,
sizeof(ip4), &ip4);
- if (EFI_ERROR(efi_status))
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Failed to Set IPv4 Address:\nIP: ");
+ print_ip4_addr(ip4.Address);
+ perror(L"Mask: ");
+ print_ip4_addr(ip4.SubnetMask);
return efi_status;
+ }
gateway = ip4node->GatewayIpAddress;
efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeGateway,
sizeof(gateway), &gateway);
- if (EFI_ERROR(efi_status))
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Failed to Set IPv4 Gateway:\nGateway: ");
+ print_ip4_addr(gateway);
return efi_status;
+ }
return EFI_SUCCESS;
}
--
2.26.2
From 80e52895f206fcb40a60f031e7b721627bb193ca Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 28 May 2018 17:42:56 +0800
Subject: [PATCH 06/62] httpboot: allow the IPv4 gateway to be empty
The gateway is not mandatory.
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 69089e9c678
---
httpboot.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/httpboot.c b/httpboot.c
index 6f27b01bf71..16dd6621f66 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -299,7 +299,7 @@ out:
}
static BOOLEAN
-is_unspecified_addr (EFI_IPv6_ADDRESS ip6)
+is_unspecified_ip6addr (EFI_IPv6_ADDRESS ip6)
{
UINT8 i;
@@ -351,7 +351,7 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
}
gateway = ip6node->GatewayIpAddress;
- if (is_unspecified_addr(gateway))
+ if (is_unspecified_ip6addr(gateway))
return EFI_SUCCESS;
efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeGateway,
@@ -365,6 +365,19 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
return EFI_SUCCESS;
}
+static BOOLEAN
+is_unspecified_ip4addr (EFI_IPv4_ADDRESS ip4)
+{
+ UINT8 i;
+
+ for (i = 0; i<4; i++) {
+ if (ip4.Addr[i] != 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
static inline void
print_ip4_addr(EFI_IPv4_ADDRESS ip4addr)
{
@@ -399,6 +412,9 @@ set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
}
gateway = ip4node->GatewayIpAddress;
+ if (is_unspecified_ip4addr(gateway))
+ return EFI_SUCCESS;
+
efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeGateway,
sizeof(gateway), &gateway);
if (EFI_ERROR(efi_status)) {
--
2.26.2
From c2f645c7cd9872585e7b4522b01c368bb545258b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 28 May 2018 18:03:39 +0800
Subject: [PATCH 07/62] httpboot: show the error message for the ChildHandle
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 0fd3c7e8518
---
httpboot.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/httpboot.c b/httpboot.c
index 16dd6621f66..3622e85867c 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -696,8 +696,10 @@ http_fetch (EFI_HANDLE image, EFI_HANDLE device,
/* Set the handle to NULL to request a new handle */
http_handle = NULL;
efi_status = service->CreateChild(service, &http_handle);
- if (EFI_ERROR(efi_status))
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Failed to create the ChildHandle\n");
return efi_status;
+ }
/* Get the http protocol */
efi_status = gBS->HandleProtocol(http_handle, &EFI_HTTP_PROTOCOL_GUID,
--
2.26.2
From 409b59af29b8749207a527c91dccba7eee98232b Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 23 May 2018 15:15:56 +0800
Subject: [PATCH 08/62] Fix typo in debug path in shim.h
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: a98c20bbdbb
---
shim.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/shim.h b/shim.h
index a25a660df6a..2b359d821e3 100644
--- a/shim.h
+++ b/shim.h
@@ -43,7 +43,7 @@
#define EFI_ARCH L"x64"
#endif
#ifndef DEBUGDIR
-#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/x64/"
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/x64/"
#endif
#endif
@@ -58,7 +58,7 @@
#define EFI_ARCH L"ia32"
#endif
#ifndef DEBUGDIR
-#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/ia32/"
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/ia32/"
#endif
#endif
@@ -73,7 +73,7 @@
#define EFI_ARCH L"aa64"
#endif
#ifndef DEBUGDIR
-#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/aa64/"
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/aa64/"
#endif
#endif
@@ -88,7 +88,7 @@
#define EFI_ARCH L"arm"
#endif
#ifndef DEBUGDIR
-#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/arm/"
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/arm/"
#endif
#endif
--
2.26.2
From 85c837d67fef9cd831a3126398ed8da1421f61c5 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Fri, 11 May 2018 16:59:03 +0800
Subject: [PATCH 09/62] MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
When writing MokList with EFI_VARIABLE_APPEND_WRITE, some HP laptops
may just return EFI_SUCCESS without writing the content into the flash,
so we have no way to detect if MokList is updated or not. Now we always
read MokList first and write it back with the new content.
https://github.com/rhboot/shim/issues/105
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: f442c8424b4
---
MokManager.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/MokManager.c b/MokManager.c
index 0767e4a6cde..df9b6fe6912 100644
--- a/MokManager.c
+++ b/MokManager.c
@@ -880,14 +880,9 @@ static EFI_STATUS write_db(CHAR16 * db_name, void *MokNew, UINTN MokNewSize)
UINTN old_size;
UINTN new_size;
- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_APPEND_WRITE,
- MokNewSize, MokNew);
- if (!EFI_ERROR(efi_status) || efi_status != EFI_INVALID_PARAMETER) {
- return efi_status;
- }
+ /* Do not use EFI_VARIABLE_APPEND_WRITE due to faulty firmwares.
+ * ref: https://github.com/rhboot/shim/issues/55
+ * https://github.com/rhboot/shim/issues/105 */
efi_status = get_variable_attr(db_name, (UINT8 **)&old_data, &old_size,
SHIM_LOCK_GUID, &attributes);
--
2.26.2
From 956717e2b375d7c7f0faafec8f12a7692708eb9a Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Wed, 23 May 2018 12:32:37 +0200
Subject: [PATCH 10/62] shim: Extend invalid reloc size warning message
Knowing the value of the reloc directory size is helpful for debugging,
cf. issue #131 [1],
[1]: https://github.com/rhboot/shim/issues/131
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Upstream-commit-id: dd3230d07f3
---
shim.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index ff0817009cd..05fc65005d1 100644
--- a/shim.c
+++ b/shim.c
@@ -280,8 +280,14 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
while (RelocBase < RelocBaseEnd) {
Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
- if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
- perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock);
+ if (RelocBase->SizeOfBlock == 0) {
+ perror(L"Reloc %d block size 0 is invalid\n", n);
+ return EFI_UNSUPPORTED;
+ } else if (RelocBase->SizeOfBlock > context->RelocDir->Size) {
+ perror(L"Reloc %d block size %d greater than reloc dir"
+ "size %d, which is invalid\n", n,
+ RelocBase->SizeOfBlock,
+ context->RelocDir->Size);
return EFI_UNSUPPORTED;
}
--
2.26.2
From bd97e72f0490b2be766949f448bf6ea3ec2bba1a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 1 Aug 2018 09:58:09 -0500
Subject: [PATCH 11/62] Add GRUB's PCR Usage to README.tpm
This didn't seem to get documented anywhere, and this is as good a place as any.
Upstream-commit-id: 4fab7281a8c
---
README.tpm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/README.tpm b/README.tpm
index b7314f12d57..d9c7c53483b 100644
--- a/README.tpm
+++ b/README.tpm
@@ -19,6 +19,15 @@ PCR7:
- MokSBState will be extended into PCR7 if it is set, logged as
"MokSBState".
+PCR8:
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
+ line and all grub commands (including all of grub.cfg that gets run) are
+ measured into PCR8.
+
+PCR9:
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
+ initramfs, and any multiboot modules loaded are measured into PCR9.
+
PCR14:
- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
set.
--
2.26.2
From c4e3516e303daa42b3381ddd889a90641717f720 Mon Sep 17 00:00:00 2001
From: TanMing <tanminger@TanMing-WorkPC.sh.intel.com>
Date: Tue, 21 Aug 2018 02:25:52 -0400
Subject: [PATCH 12/62] Fix the compile error of mkdir wrong directory.
In Ubuntu 14.04, the following code in old Makefile:
mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
will create a directory named "{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}".
Signed-off-by: Ming Tan <ming.tan@intel.com>
Upstream-commit-id: 39b83455d68
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 115e7f08c0f..3f2105595a6 100644
--- a/Makefile
+++ b/Makefile
@@ -102,11 +102,11 @@ $(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a li
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
Cryptlib/libcryptlib.a:
- mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
+ for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done
$(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile
Cryptlib/OpenSSL/libopenssl.a:
- mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/
+ for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done
$(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile
lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch])
--
2.26.2
From 79be2af5260b1f2e2a4680e74e14da0fdb42b570 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 7 Sep 2018 14:11:02 +0200
Subject: [PATCH 13/62] shim: Properly generate absolute paths from relative
image paths
The generate_path_from_image_path() doesn't properly handle the case when
shim is invoked using a relative path (e.g: from the EFI shell). In that
function, always the last component is stripped from absolute file path
to calculate the dirname, and this is concatenated with the image path.
But if the path is a relative one, the function will wrongly concatenate
the dirname with the relative image path, i.e:
Shell> FS0:
FS0:\> cd EFI
FS0:\EFI\> BOOT\BOOTX64.EFI
Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
start_image() returned Not found
Calculate the image path basename and concatenate that with the dirname.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Maran Wilson maran.wilson@oracle.com
Tested-by: Maran Wilson maran.wilson@oracle.com
Upstream-commit-id: a625fa5096c
---
shim.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/shim.c b/shim.c
index 05fc65005d1..5ab23d03db4 100644
--- a/shim.c
+++ b/shim.c
@@ -1610,9 +1610,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
bootpath[j] = '\0';
}
- while (*ImagePath == '\\')
- ImagePath++;
+ for (i = 0, last = 0; i < StrLen(ImagePath); i++)
+ if (ImagePath[i] == '\\')
+ last = i + 1;
+ ImagePath = ImagePath + last;
*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
if (!*PathName) {
--
2.26.2
From 818a0dbd247f7c83d844febfa0a037b396d22701 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 7 Sep 2018 15:10:51 +0200
Subject: [PATCH 14/62] shim: Prevent shim to set itself as a second stage
loader
When shim is invoked from a relative path (e.g: from the UEFI shell), the
Loaded Image handle LoadOptions can be set to the binary relative path.
But the is_our_path() function only checks if LoadOptions is set to the
absolute path of shim to ignore it. So if a relative path is there, shim
would set itself as the secondary loader and invoke itself in a loop.
To prevent that, use the path in LoadOptions to calculate the absolute
path and compare it with the one in the Loader Image handle FilePath.
Resolves: bz#1622485
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Maran Wilson maran.wilson@oracle.com
Tested-by: Maran Wilson maran.wilson@oracle.com
Upstream-commit-id: e563bc3dcd1
---
shim.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/shim.c b/shim.c
index 5ab23d03db4..ae03da7eddf 100644
--- a/shim.c
+++ b/shim.c
@@ -2086,21 +2086,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
return EFI_SUCCESS;
}
-static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
+static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
{
CHAR16 *dppath = NULL;
+ CHAR16 *PathName = NULL;
+ EFI_STATUS efi_status;
int ret = 1;
dppath = DevicePathToStr(li->FilePath);
if (!dppath)
return 0;
+ efi_status = generate_path_from_image_path(li, path, &PathName);
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Unable to generate path %s: %r\n", path,
+ efi_status);
+ goto done;
+ }
+
dprint(L"dppath: %s\n", dppath);
dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, path, len))
+ if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
ret = 0;
+done:
FreePool(dppath);
+ FreePool(PathName);
return ret;
}
@@ -2289,7 +2300,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
* which is just cruel... So yeah, just don't use it.
*/
- if (strings == 1 && is_our_path(li, start, loader_len))
+ if (strings == 1 && is_our_path(li, start))
return EFI_SUCCESS;
/*
--
2.26.2
From 3d04aef8d80293d701f7efee6b5300f9f528ddfc Mon Sep 17 00:00:00 2001
From: Maran Wilson <maran.wilson@oracle.com>
Date: Tue, 7 Aug 2018 15:32:29 -0700
Subject: [PATCH 15/62] Fix for "Section 0 has negative size" error when
loading fbaa64.efi
The current code is incorrectly failing to load the fbaa64.efi image found
in Arm servers even though the UEFI shell code is able to properly load
and execute the same image.
The problem is due to the presence of a section header that has zero size
and address and marked "discardable" in the fbaa64.efi image.
Although there is already a check further down in the code to look for
the discardable bit and skip further verification checks if set, we never
get to that point due to the "end < base" check at the start of the loop.
Here is a dump of the fbaa64.efi image as compiled on an Arm machine
from the latest code in this repo:
% # First I used hexedit to change header byte from 'AA' to '86'
% # so that objdump was able to correctly parse the file:
% objdump -x -m aarch64 fbaa64.efi
fbaa64.efi: file format pei-x86-64
fbaa64.efi
architecture: i386:x86-64, flags 0x00000103:
HAS_RELOC, EXEC_P, D_PAGED
start address 0x0000000000000148
Characteristics 0x20e
executable
line numbers stripped
symbols stripped
debugging information removed
Time/Date Wed Dec 31 16:00:00 1969
Magic 020b (PE32+)
MajorLinkerVersion 2
MinorLinkerVersion 20
SizeOfCode 000b15d0
SizeOfInitializedData 00000000
SizeOfUninitializedData 00000000
AddressOfEntryPoint 0000000000000148
BaseOfCode 0000000000000148
ImageBase 0000000000000000
SectionAlignment 0000000000000020
FileAlignment 0000000000000008
MajorOSystemVersion 0
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 0
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 000b1718
SizeOfHeaders 00000148
CheckSum 00000000
Subsystem 0000000a (EFI application)
DllCharacteristics 00000000
SizeOfStackReserve 0000000000000000
SizeOfStackCommit 0000000000000000
SizeOfHeapReserve 0000000000000000
SizeOfHeapCommit 0000000000000000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000006
The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 0000000000000000 00000000 Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000000000 00000000 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved
Sections:
Idx Name Size VMA LMA File off Algn
0 .reloc 00000000 0000000000000000 0000000000000000 00000000 2**0
ALLOC, LOAD, READONLY, DATA
1 .text 000b15d0 0000000000000148 0000000000000148 00000148 2**4
CONTENTS, ALLOC, LOAD, CODE
SYMBOL TABLE:
no symbols
Signed-off-by: Maran Wilson <maran.wilson@oracle.com>
Reviewed-by: Aaron Young <aaron.young@oracle.com>
Reviewed-by: Jack Schwartz <jack.schwartz@oracle.com>
Upstream-commit-id: 6df7a8f5609
---
shim.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/shim.c b/shim.c
index ae03da7eddf..d980cadacfc 100644
--- a/shim.c
+++ b/shim.c
@@ -1347,6 +1347,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
*/
Section = context.FirstSection;
for (i = 0; i < context.NumberOfSections; i++, Section++) {
+ /* Don't try to copy discardable sections with zero size */
+ if ((Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) &&
+ !Section->Misc.VirtualSize)
+ continue;
+
base = ImageAddress (buffer, context.ImageSize,
Section->VirtualAddress);
end = ImageAddress (buffer, context.ImageSize,
--
2.26.2
From d5b72b322d5b7c6c115833c518e1aa5798076309 Mon Sep 17 00:00:00 2001
From: dann frazier <dann.frazier@canonical.com>
Date: Mon, 14 Jan 2019 15:25:11 -0700
Subject: [PATCH 16/62] Fix apparent typo in ARM 32-on-64 code
The architecture is aarch64, not arch64.
Fixes: 750584c20775 ("Make 64-on-32 maybe work on x86_64.")
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Upstream-commit-id: e9f67aaa75a
---
shim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index d980cadacfc..e4d4fea226d 100644
--- a/shim.c
+++ b/shim.c
@@ -150,7 +150,7 @@ allow_32_bit(void)
#endif
#elif defined(__i386__) || defined(__i686__)
return 1;
-#elif defined(__arch64__)
+#elif defined(__aarch64__)
return 0;
#else /* assuming everything else is 32-bit... */
return 1;
--
2.26.2
From 8544018093b8aa4311b1e970f8396140c22ede0b Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Mon, 14 Jan 2019 19:29:34 +0000
Subject: [PATCH 17/62] Makefile: do not run git on clean if there's no .git
directory
When building in minimal chroot on build workers, like in Debian (where
make clean is called at the beginning of the build process), git will
not be available. Skip the git clean.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Upstream-commit-id: be352762a01
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 3f2105595a6..fd7e83dc764 100644
--- a/Makefile
+++ b/Makefile
@@ -225,7 +225,7 @@ clean-shim-objs:
@rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME)
@rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid
@rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa]
- @git clean -f -d -e 'Cryptlib/OpenSSL/*'
+ @if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi
clean: clean-shim-objs
$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
--
2.26.2
From 7f080b30f3c3718d6b2533f62a50f373fd2cda21 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Thu, 10 Jan 2019 23:34:11 +0100
Subject: [PATCH 18/62] Make.default: use correct flags to disable unaligned
access for 32 bit ARM
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The GCC flag to disable unaligned access on 32bit ARM is
-mno-unaligned-access, not -mstrict-align (which is used on aarch64):
https://lkml.org/lkml/2018/8/3/294
Otherwise build dies with:
arm-linux-gnueabihf-gcc: error: unrecognized command line option
‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream-commit-id: 41b93358e8c
---
Make.defaults | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Make.defaults b/Make.defaults
index bbfc1d7f77b..09807bd8108 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -72,7 +72,7 @@ ifeq ($(ARCH),aarch64)
ARCH_CFLAGS ?=
endif
ifeq ($(ARCH),arm)
- ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
+ ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
LIBDIR ?= $(prefix)/lib
ARCH_SUFFIX ?= arm
ARCH_SUFFIX_UPPER ?= ARM
--
2.26.2
From ee832f21c6706d6b3890d82f9d8bcb2bd249ee04 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Fri, 11 Jan 2019 09:17:42 +0100
Subject: [PATCH 19/62] Cryptlib: fix build on 32bit ARM
Pass MDE_CPU_ARM, similar to how it is done for the other supported
architectures, otherwise the build fails in:
Cryptlib/Include/OpenSslSupport.h:55:2: error:
#error Unknown target architecture
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream-commit-id: cb83c14628b
---
Cryptlib/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 2aa569594a0..5c098f34cec 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -19,6 +19,9 @@ endif
ifeq ($(ARCH),aarch64)
CFLAGS += -DMDE_CPU_AARCH64
endif
+ifeq ($(ARCH),arm)
+ CFLAGS += -DMDE_CPU_ARM
+endif
LDFLAGS = -nostdlib -znocombreloc
TARGET = libcryptlib.a
--
2.26.2
From ac0400b20264ef67b67891d2216edd3fe20e5571 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Mon, 5 Nov 2018 14:51:16 +0100
Subject: [PATCH 20/62] Make sure that MOK variables always get mirrored
Without this, if a Mok variable doesn't exist in Boot Services, it will also
not be copied to Runtime, even if we have data to be added to it (vendor cert).
This patch makes sure that if we have extra data to append, we still mirror
the variable.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Upstream-commit-id: 9ab0d796bdc
---
mok.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/mok.c b/mok.c
index 38675211e0e..00dd1ad3034 100644
--- a/mok.c
+++ b/mok.c
@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
UINT32 attrs = 0;
BOOLEAN delete = FALSE, present, addend;
+ addend = (v->addend_source && v->addend_size &&
+ *v->addend_source && *v->addend_size)
+ ? TRUE : FALSE;
+
efi_status = get_variable_attr(v->name,
&v->data, &v->data_size,
*v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND)
+ if (efi_status == EFI_NOT_FOUND) {
+ if (v->rtname && addend) {
+ efi_status = mirror_one_mok_variable(v);
+ if (EFI_ERROR(efi_status) &&
+ ret != EFI_SECURITY_VIOLATION)
+ ret = efi_status;
+ }
+ /*
+ * after possibly adding, we can continue, no
+ * further checks to be done.
+ */
continue;
+ }
if (EFI_ERROR(efi_status)) {
perror(L"Could not verify %s: %r\n", v->name,
efi_status);
@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
}
present = (v->data && v->data_size) ? TRUE : FALSE;
- addend = (v->addend_source && v->addend_size &&
- *v->addend_source && *v->addend_size)
- ? TRUE : FALSE;
if (v->flags & MOK_VARIABLE_MEASURE && present) {
/*
--
2.26.2
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment