diff -Nru shim-15+1533136590.3beb971/Cryptlib/0001-Cryptlib-update-for-efi-build.patch shim-15+1552672080.a4a1fbe/Cryptlib/0001-Cryptlib-update-for-efi-build.patch --- shim-15+1533136590.3beb971/Cryptlib/0001-Cryptlib-update-for-efi-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/0001-Cryptlib-update-for-efi-build.patch 2019-09-10 08:54:35.000000000 +0000 @@ -0,0 +1,61 @@ +From ca76f590848a50a7b9f98ba562aabe7919c8b40f Mon Sep 17 00:00:00 2001 +From: "dunno@dunno" +Date: Tue, 9 Oct 2018 10:40:06 -0400 +Subject: [PATCH 1/4] Cryptlib: update for efi build + +--- + Cryptlib/SysCall/CrtWrapper.c | 14 -------------- + Cryptlib/SysCall/TimerWrapper.c | 4 +--- + 2 files changed, 1 insertion(+), 17 deletions(-) + +diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c +index 9510a4a383e..0b9f9e72f76 100644 +--- a/Cryptlib/SysCall/CrtWrapper.c ++++ b/Cryptlib/SysCall/CrtWrapper.c +@@ -384,20 +384,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) + return 0; + } + +-// +-// -- Dummy OpenSSL Support Routines -- +-// +- +-int BIO_printf (void *bio, const char *format, ...) +-{ +- return 0; +-} +- +-int BIO_snprintf(char *buf, size_t n, const char *format, ...) +-{ +- return 0; +-} +- + #ifdef __GNUC__ + + typedef +diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c +index 5f9b0c20d75..1ef3731faed 100644 +--- a/Cryptlib/SysCall/TimerWrapper.c ++++ b/Cryptlib/SysCall/TimerWrapper.c +@@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include + #include +-#include + + // + // -- Time Management Routines -- +@@ -80,7 +78,7 @@ time_t time (time_t *timer) + // + // Get the current time and date information + // +- Status = gRT->GetTime (&Time, NULL); ++ Status = uefi_call_wrapper(gRT->GetTime, 2, &Time, NULL); + if (EFI_ERROR (Status) || (Time.Year < 1970)) { + return 0; + } +-- +2.17.1 + diff -Nru shim-15+1533136590.3beb971/Cryptlib/0002-Cryptlib-work-around-new-CA-rules.patch shim-15+1552672080.a4a1fbe/Cryptlib/0002-Cryptlib-work-around-new-CA-rules.patch --- shim-15+1533136590.3beb971/Cryptlib/0002-Cryptlib-work-around-new-CA-rules.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/0002-Cryptlib-work-around-new-CA-rules.patch 2019-09-10 08:54:35.000000000 +0000 @@ -0,0 +1,69 @@ +From 18f2f93416a3c35111225edb55ac40ffc1181a52 Mon Sep 17 00:00:00 2001 +From: "dunno@dunno" +Date: Tue, 9 Oct 2018 10:40:06 -0400 +Subject: [PATCH 3/4] Cryptlib: work around new CA rules + +--- + Cryptlib/Pk/CryptPkcs7Verify.c | 39 ++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c +index fe8e5950f9f..219c2bb1096 100644 +--- a/Cryptlib/Pk/CryptPkcs7Verify.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -30,6 +30,43 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; + ++BOOLEAN ca_warning; ++ ++void ++clear_ca_warning() ++{ ++ ca_warning = FALSE; ++} ++ ++BOOLEAN ++get_ca_warning() ++{ ++ return ca_warning; ++} ++ ++int ++X509VerifyCb ( ++ IN int Status, ++ IN X509_STORE_CTX *Context ++ ) ++{ ++ INTN Error; ++ ++ Error = (INTN) X509_STORE_CTX_get_error (Context); ++ ++ if (Error == X509_V_ERR_INVALID_CA) { ++ /* Due to the historical reason, we have to relax the the x509 v3 extension ++ * check to allow the CA certificates without the CA flag in the basic ++ * constraints or KeyCertSign in the key usage to be loaded. In the future, ++ * this callback should be removed to enforce the proper check. */ ++ ca_warning = TRUE; ++ ++ return 1; ++ } ++ ++ return Status; ++} ++ + /** + Check input P7Data is a wrapped ContentInfo structure or not. If not construct + a new structure to wrap P7Data. +@@ -866,6 +903,8 @@ Pkcs7Verify ( + goto _Exit; + } + ++ X509_STORE_set_verify_cb (CertStore, X509VerifyCb); ++ + // + // For generic PKCS#7 handling, InData may be NULL if the content is present + // in PKCS#7 structure. So ignore NULL checking here. +-- +2.17.1 + diff -Nru shim-15+1533136590.3beb971/Cryptlib/0003-Cryptlib-Pk-CryptX509.c-Fix-RETURN_-to-be-EFI_.patch shim-15+1552672080.a4a1fbe/Cryptlib/0003-Cryptlib-Pk-CryptX509.c-Fix-RETURN_-to-be-EFI_.patch --- shim-15+1533136590.3beb971/Cryptlib/0003-Cryptlib-Pk-CryptX509.c-Fix-RETURN_-to-be-EFI_.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/0003-Cryptlib-Pk-CryptX509.c-Fix-RETURN_-to-be-EFI_.patch 2019-09-10 08:54:35.000000000 +0000 @@ -0,0 +1,101 @@ +From c3edecb4a79fd8ceadf7653e1c9ae38979df2d6d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 9 Oct 2018 11:18:12 -0400 +Subject: [PATCH 4/4] Cryptlib: Pk/CryptX509.c: Fix RETURN_* to be EFI_* + +Signed-off-by: Peter Jones +--- + Cryptlib/Pk/CryptX509.c | 28 +++++++++++++++------------- + 1 file changed, 15 insertions(+), 13 deletions(-) + +diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c +index 75337ed32bb..bca97630555 100644 +--- a/Cryptlib/Pk/CryptX509.c ++++ b/Cryptlib/Pk/CryptX509.c +@@ -311,19 +311,19 @@ _Exit: + If CommonName is NULL then the amount of space needed + in buffer (including the final null) is returned. + +- @retval RETURN_SUCCESS The certificate CommonName retrieved successfully. +- @retval RETURN_INVALID_PARAMETER If Cert is NULL. ++ @retval EFI_SUCCESS The certificate CommonName retrieved successfully. ++ @retval EFI_INVALID_PARAMETER If Cert is NULL. + If CommonNameSize is NULL. + If CommonName is not NULL and *CommonNameSize is 0. + If Certificate is invalid. +- @retval RETURN_NOT_FOUND If no CommonName entry exists. +- @retval RETURN_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size ++ @retval EFI_NOT_FOUND If no CommonName entry exists. ++ @retval EFI_BUFFER_TOO_SMALL If the CommonName is NULL. The required buffer size + (including the final null) is returned in the + CommonNameSize parameter. +- @retval RETURN_UNSUPPORTED The operation is not supported. ++ @retval EFI_UNSUPPORTED The operation is not supported. + + **/ +-RETURN_STATUS ++EFI_STATUS + EFIAPI + X509GetCommonName ( + IN CONST UINT8 *Cert, +@@ -332,7 +332,7 @@ X509GetCommonName ( + IN OUT UINTN *CommonNameSize + ) + { +- RETURN_STATUS ReturnStatus; ++ EFI_STATUS ReturnStatus; + BOOLEAN Status; + X509 *X509Cert; + X509_NAME *X509Name; +@@ -342,7 +342,7 @@ X509GetCommonName ( + ASN1_STRING *EntryData; + UINT8 *UTF8Name; + +- ReturnStatus = RETURN_INVALID_PARAMETER; ++ ReturnStatus = EFI_INVALID_PARAMETER; + UTF8Name = NULL; + + // +@@ -389,7 +389,7 @@ X509GetCommonName ( + // No CommonName entry exists in X509_NAME object + // + *CommonNameSize = 0; +- ReturnStatus = RETURN_NOT_FOUND; ++ ReturnStatus = EFI_NOT_FOUND; + goto _Exit; + } + +@@ -399,7 +399,7 @@ X509GetCommonName ( + // Fail to retrieve name entry data + // + *CommonNameSize = 0; +- ReturnStatus = RETURN_NOT_FOUND; ++ ReturnStatus = EFI_NOT_FOUND; + goto _Exit; + } + +@@ -411,18 +411,18 @@ X509GetCommonName ( + // Fail to convert the commonName string + // + *CommonNameSize = 0; +- ReturnStatus = RETURN_INVALID_PARAMETER; ++ ReturnStatus = EFI_INVALID_PARAMETER; + goto _Exit; + } + + if (CommonName == NULL) { + *CommonNameSize = Length + 1; +- ReturnStatus = RETURN_BUFFER_TOO_SMALL; ++ ReturnStatus = EFI_BUFFER_TOO_SMALL; + } else { + *CommonNameSize = MIN ((UINTN)Length, *CommonNameSize - 1) + 1; + CopyMem (CommonName, UTF8Name, *CommonNameSize - 1); + CommonName[*CommonNameSize - 1] = '\0'; +- ReturnStatus = RETURN_SUCCESS; ++ ReturnStatus = EFI_SUCCESS; + } + + _Exit: +-- +2.17.1 + diff -Nru shim-15+1533136590.3beb971/Cryptlib/ca-check-workaround.patch shim-15+1552672080.a4a1fbe/Cryptlib/ca-check-workaround.patch --- shim-15+1533136590.3beb971/Cryptlib/ca-check-workaround.patch 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/ca-check-workaround.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ -diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c -index bf24e92..cbd9669 100644 ---- a/Cryptlib/Pk/CryptPkcs7Verify.c -+++ b/Cryptlib/Pk/CryptPkcs7Verify.c -@@ -30,6 +30,43 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 }; - -+BOOLEAN ca_warning; -+ -+void -+clear_ca_warning() -+{ -+ ca_warning = FALSE; -+} -+ -+BOOLEAN -+get_ca_warning() -+{ -+ return ca_warning; -+} -+ -+int -+X509VerifyCb ( -+ IN int Status, -+ IN X509_STORE_CTX *Context -+ ) -+{ -+ INTN Error; -+ -+ Error = (INTN) X509_STORE_CTX_get_error (Context); -+ -+ if (Error == X509_V_ERR_INVALID_CA) { -+ /* Due to the historical reason, we have to relax the the x509 v3 extension -+ * check to allow the CA certificates without the CA flag in the basic -+ * constraints or KeyCertSign in the key usage to be loaded. In the future, -+ * this callback should be removed to enforce the proper check. */ -+ ca_warning = TRUE; -+ -+ return 1; -+ } -+ -+ return Status; -+} -+ - /** - Check input P7Data is a wrapped ContentInfo structure or not. If not construct - a new structure to wrap P7Data. -@@ -858,6 +895,8 @@ Pkcs7Verify ( - goto _Exit; - } - -+ X509_STORE_set_verify_cb (CertStore, X509VerifyCb); -+ - // - // For generic PKCS#7 handling, InData may be NULL if the content is present - // in PKCS#7 structure. So ignore NULL checking here. --- -2.14.2 - diff -Nru shim-15+1533136590.3beb971/Cryptlib/Cryptlib.diff shim-15+1552672080.a4a1fbe/Cryptlib/Cryptlib.diff --- shim-15+1533136590.3beb971/Cryptlib/Cryptlib.diff 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/Cryptlib.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h -index 99ea347..f11cffe 100644 ---- a/Cryptlib/Include/openssl/e_os2.h -+++ b/Cryptlib/Include/openssl/e_os2.h -@@ -234,6 +234,7 @@ extern "C" { - - /* Standard integer types */ - # if defined(OPENSSL_SYS_UEFI) -+#include - typedef INT8 int8_t; - typedef UINT8 uint8_t; - typedef INT16 int16_t; -diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c -index f390e0d..65e9938 100644 ---- a/Cryptlib/SysCall/BaseMemAllocation.c -+++ b/Cryptlib/SysCall/BaseMemAllocation.c -@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size) - // BUG: hardcode OldSize == size! We have no any knowledge about - // memory size of original pointer ptr. - // -- return ReallocatePool ((UINTN) size, (UINTN) size, ptr); -+ return ReallocatePool (ptr, (UINTN) size, (UINTN) size); - } - - /* De-allocates or frees a memory block */ -diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c -index 20c9656..7878953 100644 ---- a/Cryptlib/SysCall/CrtWrapper.c -+++ b/Cryptlib/SysCall/CrtWrapper.c -@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) - return 0; - } - --// --// -- Dummy OpenSSL Support Routines -- --// -- --int BIO_printf (void *bio, const char *format, ...) --{ -- return 0; --} -- --int BIO_snprintf(char *buf, size_t n, const char *format, ...) --{ -- return 0; --} -- - #ifdef __GNUC__ - - typedef -diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c -index 581b8fb..04fe4ef 100644 ---- a/Cryptlib/SysCall/TimerWrapper.c -+++ b/Cryptlib/SysCall/TimerWrapper.c -@@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - --#include - #include --#include - - // - // -- Time Management Routines -- -@@ -79,7 +77,7 @@ time_t time (time_t *timer) - // - // Get the current time and date information - // -- gRT->GetTime (&Time, NULL); -+ uefi_call_wrapper(RT->GetTime, 2, &Time, NULL); - - // - // Years Handling diff -Nru shim-15+1533136590.3beb971/Cryptlib/Makefile shim-15+1552672080.a4a1fbe/Cryptlib/Makefile --- shim-15+1533136590.3beb971/Cryptlib/Makefile 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/Makefile 2019-09-10 08:54:35.000000000 +0000 @@ -19,6 +19,9 @@ ifeq ($(ARCH),aarch64) CFLAGS += -DMDE_CPU_AARCH64 endif +ifeq ($(ARCH),arm) + CFLAGS += -DMDE_CPU_ARM +endif LDFLAGS = -nostdlib -znocombreloc TARGET = libcryptlib.a diff -Nru shim-15+1533136590.3beb971/Cryptlib/OpenSSL/0001-OpenSSL-bio-b_print-disable-SSE.patch shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/0001-OpenSSL-bio-b_print-disable-SSE.patch --- shim-15+1533136590.3beb971/Cryptlib/OpenSSL/0001-OpenSSL-bio-b_print-disable-SSE.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/0001-OpenSSL-bio-b_print-disable-SSE.patch 2019-09-10 08:54:35.000000000 +0000 @@ -0,0 +1,82 @@ +From df6b5abd698dc400c599dccb3656ad23591c65b0 Mon Sep 17 00:00:00 2001 +From: "dunno@dunno" +Date: Tue, 9 Oct 2018 10:40:06 -0400 +Subject: [PATCH 1/3] OpenSSL: bio/b_print(): disable SSE + +--- + Cryptlib/OpenSSL/crypto/bio/b_print.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c +index cdfe05f93ca..6a23c25e168 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c +@@ -31,8 +31,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); + static int fmtint(char **, char **, size_t *, size_t *, + int64_t, int, int, int, int); ++#ifndef OPENSSL_SYS_UEFI + static int fmtfp(char **, char **, size_t *, size_t *, + LDOUBLE, int, int, int, int); ++#endif + static int doapr_outch(char **, char **, size_t *, size_t *, int); + static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, +@@ -87,7 +89,9 @@ _dopr(char **sbuffer, + { + char ch; + int64_t value; ++#ifndef OPENSSL_SYS_UEFI + LDOUBLE fvalue; ++#endif + char *strvalue; + int min; + int max; +@@ -190,10 +194,12 @@ _dopr(char **sbuffer, + cflags = DP_C_LLONG; + ch = *format++; + break; ++#ifndef OPENSSL_SYS_UEFI + case 'L': + cflags = DP_C_LDOUBLE; + ch = *format++; + break; ++#endif + default: + break; + } +@@ -247,6 +253,7 @@ _dopr(char **sbuffer, + min, max, flags)) + return 0; + break; ++#ifndef OPENSSL_SYS_UEFI + case 'f': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg(args, LDOUBLE); +@@ -280,6 +287,7 @@ _dopr(char **sbuffer, + flags, G_FORMAT)) + return 0; + break; ++#endif + case 'c': + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) +@@ -512,6 +520,7 @@ fmtint(char **sbuffer, + return 1; + } + ++#ifndef OPENSSL_SYS_UEFI + static LDOUBLE abs_val(LDOUBLE value) + { + LDOUBLE result = value; +@@ -798,6 +807,7 @@ fmtfp(char **sbuffer, + } + return 1; + } ++#endif + + #define BUFFER_INC 1024 + +-- +2.17.1 + diff -Nru shim-15+1533136590.3beb971/Cryptlib/OpenSSL/0002-OpenSSL-Pk7-smime-add-an-error-message.patch shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/0002-OpenSSL-Pk7-smime-add-an-error-message.patch --- shim-15+1533136590.3beb971/Cryptlib/OpenSSL/0002-OpenSSL-Pk7-smime-add-an-error-message.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/0002-OpenSSL-Pk7-smime-add-an-error-message.patch 2019-09-10 08:54:35.000000000 +0000 @@ -0,0 +1,24 @@ +From ea1a0b530ac3b6b9f583a04d17a573e34a7508c8 Mon Sep 17 00:00:00 2001 +From: "dunno@dunno" +Date: Tue, 9 Oct 2018 10:40:06 -0400 +Subject: [PATCH 2/3] OpenSSL: Pk7/smime: add an error message + +--- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index 44187230ef0..5e2107e969d 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -425,6 +425,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + + if (!sk_X509_push(signers, signer)) { + sk_X509_free(signers); ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); + return NULL; + } + } +-- +2.17.1 + diff -Nru shim-15+1533136590.3beb971/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch --- shim-15+1533136590.3beb971/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,70 +0,0 @@ -diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c -index e91ab6d..f33caa2 100644 ---- a/Cryptlib/OpenSSL/crypto/bio/b_print.c -+++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c -@@ -51,8 +51,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); - static int fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); -+#ifndef OPENSSL_SYS_UEFI - static int fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int, int); -+#endif - static int doapr_outch(char **, char **, size_t *, size_t *, int); - static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, -@@ -107,7 +109,9 @@ _dopr(char **sbuffer, - { - char ch; - LLONG value; -+#ifndef OPENSSL_SYS_UEFI - LDOUBLE fvalue; -+#endif - char *strvalue; - int min; - int max; -@@ -210,10 +214,12 @@ _dopr(char **sbuffer, - cflags = DP_C_LLONG; - ch = *format++; - break; -+#ifndef OPENSSL_SYS_UEFI - case 'L': - cflags = DP_C_LDOUBLE; - ch = *format++; - break; -+#endif - default: - break; - } -@@ -267,6 +273,7 @@ _dopr(char **sbuffer, - min, max, flags)) - return 0; - break; -+#ifndef OPENSSL_SYS_UEFI - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); -@@ -298,6 +305,7 @@ _dopr(char **sbuffer, - flags, G_FORMAT)) - return 0; - break; -+#endif - case 'c': - if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) -@@ -530,6 +538,7 @@ fmtint(char **sbuffer, - return 1; - } - -+#ifndef OPENSSL_SYS_UEFI - static LDOUBLE abs_val(LDOUBLE value) - { - LDOUBLE result = value; -@@ -816,6 +825,7 @@ fmtfp(char **sbuffer, - } - return 1; - } -+#endif - - #define BUFFER_INC 1024 - diff -Nru shim-15+1533136590.3beb971/Cryptlib/OpenSSL/openssl-pk7-smime-error-message.patch shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/openssl-pk7-smime-error-message.patch --- shim-15+1533136590.3beb971/Cryptlib/OpenSSL/openssl-pk7-smime-error-message.patch 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/openssl-pk7-smime-error-message.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -index 4418723..5e2107e 100644 ---- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c -@@ -425,6 +425,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - - if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); -+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); - return NULL; - } - } diff -Nru shim-15+1533136590.3beb971/Cryptlib/OpenSSL/update.sh shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/update.sh --- shim-15+1533136590.3beb971/Cryptlib/OpenSSL/update.sh 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/OpenSSL/update.sh 2019-09-10 08:54:35.000000000 +0000 @@ -1,8 +1,31 @@ #/bin/sh + +set -eu + +usage() { + echo usage: ./update.sh DIRECTORY 1>&2 + exit 1 +} + +[[ $# -eq 1 ]] || usage +[[ -n "${1}" ]] || usage + DIR=$1 + +WORK_PATH=$PWD OPENSSLLIB_PATH=$DIR/CryptoPkg/Library/OpensslLib OPENSSL_PATH=$OPENSSLLIB_PATH/openssl +cd $OPENSSLLIB_PATH +perl -I. -Iopenssl/ process_files.pl +cd $DIR +git add -A CryptoPkg +git add CryptoPkg/Library/OpensslLib/openssl/include/openssl/opensslconf.h +git add CryptoPkg/Library/OpensslLib/openssl/configdata.pm +git add CryptoPkg/Library/OpensslLib/openssl/Makefile +git commit -m "Update openssl configs" +cd $WORK_PATH + cp $OPENSSLLIB_PATH/buildinf.h buildinf.h cp $OPENSSL_PATH/e_os.h e_os.h @@ -50,6 +73,7 @@ dso err evp + fips hmac kdf lhash @@ -83,5 +107,10 @@ find . -name "*.[ch]" -exec chmod -x {} \; -patch -p3 < openssl-bio-b_print-disable-sse.patch -patch -p3 < openssl-pk7-smime-error-message.patch +git add -A . +git commit -m "Update OpenSSL" + +git config --local --add am.keepcr true +git am \ + 0001-OpenSSL-bio-b_print-disable-SSE.patch \ + 0002-OpenSSL-Pk7-smime-add-an-error-message.patch diff -Nru shim-15+1533136590.3beb971/Cryptlib/opensslconf-diff.patch shim-15+1552672080.a4a1fbe/Cryptlib/opensslconf-diff.patch --- shim-15+1533136590.3beb971/Cryptlib/opensslconf-diff.patch 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/opensslconf-diff.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h -index 1917d7a..c73d03a 100644 ---- a/Cryptlib/Include/openssl/opensslconf.h -+++ b/Cryptlib/Include/openssl/opensslconf.h -@@ -47,6 +47,9 @@ extern "C" { - #ifndef OPENSSL_NO_CT - # define OPENSSL_NO_CT - #endif -+#ifndef OPENSSL_NO_DES -+# define OPENSSL_NO_DES -+#endif - #ifndef OPENSSL_NO_DSA - # define OPENSSL_NO_DSA - #endif -@@ -59,6 +62,9 @@ extern "C" { - #ifndef OPENSSL_NO_MD2 - # define OPENSSL_NO_MD2 - #endif -+#ifndef OPENSSL_NO_MD4 -+# define OPENSSL_NO_MD4 -+#endif - #ifndef OPENSSL_NO_MDC2 - # define OPENSSL_NO_MDC2 - #endif diff -Nru shim-15+1533136590.3beb971/Cryptlib/update.sh shim-15+1552672080.a4a1fbe/Cryptlib/update.sh --- shim-15+1533136590.3beb971/Cryptlib/update.sh 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Cryptlib/update.sh 2019-09-10 08:54:35.000000000 +0000 @@ -1,6 +1,36 @@ #!/bin/bash -DIR=$1 +set -eu + +usage() { + echo usage: ./update.sh DIRECTORY 1>&2 + exit 1 +} + +test_dir() { + if [[ -d "${1}/CryptoPkg/Library/BaseCryptLib/" ]] && \ + [[ -d "${1}/CryptoPkg/Library/Include/internal/" ]] && \ + [[ -d "${1}/CryptoPkg/Library/OpensslLib/openssl/" ]] ; then + DIR="$(realpath "${1}")" + return 0 + fi + return 1 +} + +TAG=$(mktemp -p shim -t -u 'shim-tag-XXXXXXXXXX' | cut -d/ -f2) +git tag "${TAG}" + +git list --topo-order --reverse openssl-rebase-helper-start^..openssl-rebase-helper-end | cut -d\ -f1 | xargs git cherry-pick + +if [[ $# -eq 1 ]] ; then + test_dir "${1}" || usage +else + test_dir .. || usage +fi + +cd OpenSSL +./update.sh $DIR +cd .. cp $DIR/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h InternalCryptLib.h cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c Hash/CryptMd4Null.c @@ -34,6 +64,19 @@ cp $DIR/CryptoPkg/Library/Include/openssl/opensslconf.h Include/openssl/ -patch -p2 Fri, 20 Mar 2020 16:19:14 +0100 + +shim (15+1552672080.a4a1fbe-0ubuntu1) eoan; urgency=medium + + * New upstream snapshot 15+1552672080.a4a1fbe. + * debian/patches/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch, + debian/patches/fixup_git.patch: drop patches included in upstream. + * debian/patches/MokManager-avoid-unaligned.patch: Fix compilation with GCC9: + avoid -Werror=address-of-packed-member errors in MokManager. + * debian/patches/tpm-correctness-1.patch, + debian/patches/tpm-correctness-2.patch: fix issues in TPM calls to ensure + the measurements are consistent with what is entered in the TPM event log. + * debian/patches/tpm-correctness-3.patch: Don't log duplicate identical + TPM events. + * debian/patches/MokManager-hidpi-support.patch: Do a little bit more to + try to get a more usable screen resolution for MokManager when running on + HiDPI screens; by trying to detect such cases and switching to mode 0. + * debian/rules: update COMMIT_ID explicitly for this new snapshot. + + -- Mathieu Trudel-Lapierre Fri, 11 Oct 2019 16:32:32 -0400 + +shim (15+1533136590.3beb971-0ubuntu2) eoan; urgency=medium + + * debian/copyright: Update upstream source location. + * d/p/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch: Fix + NULL pointer dereferences that lead to an exception error on arm64. + (LP: #1811722) + * d/p/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch: Fix NULL + pointer dereference when calling OBJ_create() that leads to an + exception error on arm64. (LP: #1811901) + * debian/rules: Fix syntax of else statement when setting EFI_ARCH. + + -- dann frazier Tue, 30 Apr 2019 12:45:02 -0600 + shim (15+1533136590.3beb971-0ubuntu1) cosmic; urgency=medium [ Steve Langasek ] diff -Nru shim-15+1533136590.3beb971/debian/copyright shim-15+1552672080.a4a1fbe/debian/copyright --- shim-15+1533136590.3beb971/debian/copyright 2018-08-21 18:22:40.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/copyright 2020-03-20 15:19:14.000000000 +0000 @@ -1,7 +1,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: shim Upstream-Contact: Matthew Garrett -Source: https://github.com/mjg59/shim.git +Source: https://github.com/rhboot/shim Files: * Copyright: 2012-2013 Red Hat, Inc diff -Nru shim-15+1533136590.3beb971/debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch shim-15+1552672080.a4a1fbe/debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch --- shim-15+1533136590.3beb971/debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,39 @@ +From 3a9e237b1baddf0d3192755406befb3e9fa5ca80 Mon Sep 17 00:00:00 2001 +From: dann frazier +Date: Thu, 7 Mar 2019 19:55:42 -0700 +Subject: [PATCH] Fix OBJ_create() to tolerate a NULL sn and ln + +From: https://github.com/openssl/openssl/commit/f13615c5b828aeb8e3d9bf2545c803633d1c684f + +Apply an upstream patch from OpenSSL to tolerate a NULL sn. This avoids +a NULL pointer reference in shim.c:verify_eku(). This was discovered +because it causes a crash on ARM where, unlike x86, it does not necessarily +have memory mapped at 0x0. + +Fixes: 6c180c6004ac ("shim: verify Extended Key Usage flags") +Signed-off-by: dann frazier + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1811901 +Forwarded: https://github.com/rhboot/shim/pull/174 +Last-Update: 2019-03-08 +--- + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +index 259851b..9b850ed 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -685,7 +685,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) + int ok = 0; + + /* Check to see if short or long name already present */ +- if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { ++ if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef) ++ || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) { + OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); + return 0; + } +-- +2.20.1 + diff -Nru shim-15+1533136590.3beb971/debian/patches/fix-path-checks.patch shim-15+1552672080.a4a1fbe/debian/patches/fix-path-checks.patch --- shim-15+1533136590.3beb971/debian/patches/fix-path-checks.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/fix-path-checks.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,23 @@ +From 1870bae796022f8bbf60465352eac329ff1d6ffd Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 5 Sep 2019 10:36:23 -0400 +Subject: [PATCH] Fix a use of strlen() instead of Strlen() + +Signed-off-by: Peter Jones +Origin: upstream, https://github.com/rhboot/shim/commit/1870bae796022f8bbf60465352eac329ff1d6ffd +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1864223 +--- + src/shim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/shim.c ++++ b/shim.c +@@ -2148,7 +2148,7 @@ static int is_our_path(EFI_LOADED_IMAGE + + dprint(L"dppath: %s\n", dppath); + dprint(L"path: %s\n", path); +- if (StrnCaseCmp(dppath, PathName, strlen(dppath))) ++ if (StrnCaseCmp(dppath, PathName, StrLen(dppath))) + ret = 0; + + done: diff -Nru shim-15+1533136590.3beb971/debian/patches/fixup_git.patch shim-15+1552672080.a4a1fbe/debian/patches/fixup_git.patch --- shim-15+1533136590.3beb971/debian/patches/fixup_git.patch 2018-08-21 18:22:40.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/fixup_git.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -From: Mathieu Trudel-Lapierre -Subject: We're not in a git tree, don't try to git clean. - ---- - Makefile | 1 - - 1 file changed, 1 deletion(-) - -Index: b/Makefile -=================================================================== ---- a/Makefile -+++ b/Makefile -@@ -225,7 +225,6 @@ clean-shim-objs: - @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) - @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid - @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa] -- @git clean -f -d -e 'Cryptlib/OpenSSL/*' - - clean: clean-shim-objs - $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean diff -Nru shim-15+1533136590.3beb971/debian/patches/MokManager-avoid-unaligned.patch shim-15+1552672080.a4a1fbe/debian/patches/MokManager-avoid-unaligned.patch --- shim-15+1533136590.3beb971/debian/patches/MokManager-avoid-unaligned.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/MokManager-avoid-unaligned.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,102 @@ +From 81c5570b429d69ac314e9b40186e65030055a23e Mon Sep 17 00:00:00 2001 +From: Jonas Witschel +Date: Thu, 5 Sep 2019 10:39:37 +0200 +Subject: [PATCH] MokManager: avoid -Werror=address-of-packed-member +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When compiling with GCC 9, there are a couple of errors of the form + +MokManager.c: In function ‘write_back_mok_list’: +MokManager.c:1056:19: error: taking address of packed member of ‘struct ’ may result in an unaligned pointer value [-Werror=address-of-packed-member] + 1056 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) + | ^~~~~~~~~~~~~~~ + +Copying the member of the packed struct to a temporary variable and +pointing to that variable solves the problem. +--- + MokManager.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index d69b4dbe..d9f762ee 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1038,6 +1038,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + EFI_STATUS efi_status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *CertData; ++ EFI_GUID type; + void *Data = NULL, *ptr; + INTN DataSize = 0; + int i; +@@ -1053,7 +1054,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + continue; + + DataSize += sizeof(EFI_SIGNATURE_LIST); +- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) ++ type = list[i].Type; /* avoid -Werror=address-of-packed-member */ ++ if (CompareGuid(&type, &X509_GUID) == 0) + DataSize += sizeof(EFI_GUID); + DataSize += list[i].MokSize; + } +@@ -1075,7 +1077,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + CertList->SignatureType = list[i].Type; + CertList->SignatureHeaderSize = 0; + +- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) { ++ if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) { + CertList->SignatureListSize = list[i].MokSize + + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); + CertList->SignatureSize = +@@ -1113,10 +1115,12 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + static void delete_cert(void *key, UINT32 key_size, + MokListNode * mok, INTN mok_num) + { ++ EFI_GUID type; + int i; + + for (i = 0; i < mok_num; i++) { +- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0) ++ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */ ++ if (CompareGuid(&type, &X509_GUID) != 0) + continue; + + if (mok[i].MokSize == key_size && +@@ -1158,6 +1162,7 @@ static void mem_move(void *dest, void *src, UINTN size) + static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, + MokListNode * mok, INTN mok_num) + { ++ EFI_GUID type; + UINT32 sig_size; + UINT32 list_num; + int i, del_ind; +@@ -1167,7 +1172,8 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, + sig_size = hash_size + sizeof(EFI_GUID); + + for (i = 0; i < mok_num; i++) { +- if ((CompareGuid(&(mok[i].Type), &Type) != 0) || ++ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */ ++ if ((CompareGuid(&type, &Type) != 0) || + (mok[i].MokSize < sig_size)) + continue; + +@@ -1223,6 +1229,7 @@ static void delete_hash_list(EFI_GUID Type, void *hash_list, UINT32 list_size, + static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) + { + EFI_STATUS efi_status; ++ EFI_GUID type; + CHAR16 *db_name; + CHAR16 *auth_name; + CHAR16 *err_strs[] = { NULL, NULL, NULL }; +@@ -1331,7 +1338,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) + + /* Search and destroy */ + for (i = 0; i < del_num; i++) { +- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) { ++ type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */ ++ if (CompareGuid(&type, &X509_GUID) == 0) { + delete_cert(del_key[i].Mok, del_key[i].MokSize, + mok, mok_num); + } else if (is_sha2_hash(del_key[i].Type)) { diff -Nru shim-15+1533136590.3beb971/debian/patches/MokManager-hidpi-support.patch shim-15+1552672080.a4a1fbe/debian/patches/MokManager-hidpi-support.patch --- shim-15+1533136590.3beb971/debian/patches/MokManager-hidpi-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/MokManager-hidpi-support.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,134 @@ +From 87b983069b03268ecf8d34d29e4f069f0914fd2e Mon Sep 17 00:00:00 2001 +From: Ivan Hu +Date: Fri, 10 May 2019 17:50:12 +0800 +Subject: [PATCH] MokManager: console mode modification for hi-dpi screen + devices + +There are lots of hi-dpi laptops nowadays, as doing mok enrollment, the font +is too small to see. +https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1822043 + +This patch checks if the resolution is larger than Full HD (1920x1080) and +current console output columns and rows is in a good mode. Then swith the +console output to a better mode. + +Signed-off-by: Ivan Hu +--- + MokManager.c | 2 ++ + include/console.h | 2 ++ + lib/console.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 80 insertions(+) + +diff --git a/MokManager.c b/MokManager.c +index d69b4dbe..5c991590 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -2491,6 +2491,8 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE * systab) + + setup_rand(); + ++ console_mode_handle(); ++ + efi_status = check_mok_request(image_handle); + + console_fini(); +diff --git a/include/console.h b/include/console.h +index bd75eb54..7151b32e 100644 +--- a/include/console.h ++++ b/include/console.h +@@ -40,6 +40,8 @@ int + console_countdown(CHAR16* title, const CHAR16* message, int timeout); + void + console_reset(void); ++void ++console_mode_handle(void); + #define NOSEL 0x7fffffff + + typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL EFI_CONSOLE_CONTROL_PROTOCOL; +diff --git a/lib/console.c b/lib/console.c +index faf876da..56a7fa4b 100644 +--- a/lib/console.c ++++ b/lib/console.c +@@ -484,6 +484,82 @@ console_countdown(CHAR16* title, const CHAR16* message, int timeout) + return timeout; + } + ++#define HORIZONTAL_MAX_OK 1920 ++#define VERTICAL_MAX_OK 1080 ++#define COLUMNS_MAX_OK 200 ++#define ROWS_MAX_OK 100 ++ ++void ++console_mode_handle(VOID) ++{ ++ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; ++ EFI_GRAPHICS_OUTPUT_PROTOCOL *gop; ++ EFI_GUID gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID; ++ EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *Info; ++ ++ UINTN mode_set; ++ UINTN rows, columns; ++ EFI_STATUS efi_status = EFI_SUCCESS; ++ ++ efi_status = gBS->LocateProtocol(&gop_guid, NULL, (void **)&gop); ++ if (EFI_ERROR(efi_status)) { ++ console_error(L"Locate graphic output protocol fail", efi_status); ++ return; ++ } ++ ++ Info = gop->Mode->Info; ++ ++ /* Start verifying if we are in a resolution larger than Full HD ++ * (1920x1080). If we're not, assume we're in a good mode and do not ++ * try to change it. */ ++ if (Info->HorizontalResolution <= HORIZONTAL_MAX_OK && ++ Info->VerticalResolution <= VERTICAL_MAX_OK) ++ /* keep original mode and return */ ++ return; ++ ++ efi_status = co->QueryMode(co, co->Mode->Mode, &columns, &rows); ++ if (EFI_ERROR(efi_status)) { ++ console_error(L"Console query mode fail", efi_status); ++ return; ++ } ++ ++ /* Verify current console output to check if the character columns and ++ * rows in a good mode. */ ++ if (columns <= COLUMNS_MAX_OK && rows <= ROWS_MAX_OK) ++ /* keep original mode and return */ ++ return; ++ ++ if (!console_text_mode) ++ setup_console(1); ++ ++ co->Reset(co, TRUE); ++ ++ /* If we reached here, then we have a high resolution screen and the text ++ * too small. Try to switch to a better mode. Mode number 2 is first non ++ * standard mode, which is provided by the device manufacturer, so it should ++ * be a good mode. */ ++ if (co->Mode->MaxMode > 2) ++ mode_set = 2; ++ else ++ mode_set = 0; ++ ++ efi_status = co->SetMode(co, mode_set); ++ if (EFI_ERROR(efi_status) && mode_set != 0) { ++ /* Set to 0 mode which is required that all output devices ++ * support at least 80x25 text mode. */ ++ mode_set = 0; ++ efi_status = co->SetMode(co, mode_set); ++ } ++ ++ co->ClearScreen(co); ++ ++ if (EFI_ERROR(efi_status)) { ++ console_error(L"Console set mode fail", efi_status); ++ } ++ ++ return; ++} ++ + #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) + + /* Copy of gnu-efi-3.0 with the added secure boot strings */ diff -Nru shim-15+1533136590.3beb971/debian/patches/series shim-15+1552672080.a4a1fbe/debian/patches/series --- shim-15+1533136590.3beb971/debian/patches/series 2018-08-21 18:22:40.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/series 2020-03-20 15:19:14.000000000 +0000 @@ -1 +1,7 @@ -fixup_git.patch +Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch +MokManager-avoid-unaligned.patch +tpm-correctness-1.patch +tpm-correctness-2.patch +tpm-correctness-3.patch +MokManager-hidpi-support.patch +fix-path-checks.patch diff -Nru shim-15+1533136590.3beb971/debian/patches/tpm-correctness-1.patch shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-1.patch --- shim-15+1533136590.3beb971/debian/patches/tpm-correctness-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-1.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,31 @@ +From 6698e19252aa555cd18154a1c43543bbce78d8c6 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Sat, 22 Jun 2019 15:37:29 +0100 +Subject: [PATCH] tpm: Define EFI_VARIABLE_DATA_TREE as packed + +tpm_measure_variable() calculates VarLogSize by adding the size of VarName +and VarData to the size of EFI_VARIABLE_DATA_TREE, and then subtracting +the size of the UnicodeName and VariableData members. This results in a +calculation that is 5 bytes larger than necessary because it doesn't take +in to account the padding of these members. The effect of this is that +shim measures an additional 5 zero bytes when measuring UEFI variables +(at least on 64-bit architectures). + +Byte packing EFI_VARIABLE_DATA_TREE fixes this. +--- + tpm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tpm.c b/tpm.c +index 516fb876..c0617bb4 100644 +--- a/tpm.c ++++ b/tpm.c +@@ -233,7 +233,7 @@ typedef struct { + UINT64 VariableDataLength; + CHAR16 UnicodeName[1]; + INT8 VariableData[1]; +-} EFI_VARIABLE_DATA_TREE; ++} __attribute__ ((packed)) EFI_VARIABLE_DATA_TREE; + + static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData) + { diff -Nru shim-15+1533136590.3beb971/debian/patches/tpm-correctness-2.patch shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-2.patch --- shim-15+1533136590.3beb971/debian/patches/tpm-correctness-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-2.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,39 @@ +From 8365ca2f3f3860daf1c7f01934c0d5c39d33a6e8 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Sat, 22 Jun 2019 15:33:03 +0100 +Subject: [PATCH] tpm: Fix off-by-one error when calculating event size + +tpm_log_event_raw() allocates a buffer for the EFI_TCG2_EVENT structure +that is one byte larger than necessary, and sets event->Size accordingly. +The result of this is that the event data recorded in the log differs +from the data that is measured to the TPM (it has an extra zero byte +at the end). +--- + tpm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tpm.c b/tpm.c +index f07362c7..516fb876 100644 +--- a/tpm.c ++++ b/tpm.c +@@ -131,8 +131,10 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, + #endif + } else if (tpm2) { + EFI_TCG2_EVENT *event; ++ UINTN event_size = sizeof(*event) - sizeof(event->Event) + ++ logsize; + +- event = AllocatePool(sizeof(*event) + logsize); ++ event = AllocatePool(event_size); + if (!event) { + perror(L"Unable to allocate event structure\n"); + return EFI_OUT_OF_RESOURCES; +@@ -142,7 +144,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, + event->Header.HeaderVersion = 1; + event->Header.PCRIndex = pcr; + event->Header.EventType = type; +- event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1; ++ event->Size = event_size; + CopyMem(event->Event, (VOID *)log, logsize); + if (hash) { + /* TPM 2 systems will generate the appropriate hash diff -Nru shim-15+1533136590.3beb971/debian/patches/tpm-correctness-3.patch shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-3.patch --- shim-15+1533136590.3beb971/debian/patches/tpm-correctness-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/patches/tpm-correctness-3.patch 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,26 @@ +From db3f3bf152e454f70e6aba799e760863ab30c1d4 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 26 Sep 2019 20:01:01 +0100 +Subject: [PATCH] tpm: Don't log duplicate identical events + +According to the comment in tpm_measure_variable ("Don't measure something that we've already measured"), shim +shouldn't measure duplicate events if they are identical, which also aligns with section 2.3.4.8 of the TCG PC +Client Platform Firmware Profile Specification ("If it has been measured previously, it MUST NOT be measured +again"). This is currently broken because tpm_data_measured() uses the return value of CompareGuid() incorrectly. +--- + tpm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tpm.c b/tpm.c +index f07362c7..1e41bb27 100644 +--- a/tpm.c ++++ b/tpm.c +@@ -239,7 +239,7 @@ static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN Var + + for (i=0; i +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 3. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import subprocess +import sys +import unittest + +from uefi_tests_base import UEFITestsBase + + +class SanityTests(UEFITestsBase): + ''' + Sanity checks for uefi tests + ''' + + def testArchitectureSuffixes(self): + """Ensure sanity of our concept of architecture suffixes for UEFI""" + + machine = subprocess.check_output(['uname', '-m']).rstrip().decode('utf-8') + if machine == 'x86_64': + self.assertEquals('x64', self.arch_suffix) + self.assertEquals('x86_64-efi', self.grub_arch) + self.assertEquals('qemu-system-x86_64', self.qemu_arch) + elif machine == 'aarch64': + self.assertEquals('aa64', self.arch_suffix) + self.assertEquals('arm64-efi', self.grub_arch) + self.assertEquals('qemu-system-aarch64', self.qemu_arch) + + def testQemuAvailable(self): + """Ensure QEMU is available for this architecture""" + try: + out = subprocess.run([self.qemu_arch, '-version'], stdout=None) + out.check_returncode() + except: + raise UEFINotAvailable(feature="qemu", arch=self.arch_machine, + details="%s failed to run" % self.qemu_arch) + + +unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=2)) diff -Nru shim-15+1533136590.3beb971/debian/tests/05_signature_tests.py shim-15+1552672080.a4a1fbe/debian/tests/05_signature_tests.py --- shim-15+1533136590.3beb971/debian/tests/05_signature_tests.py 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/tests/05_signature_tests.py 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,89 @@ +# +# UEFI signature validation +# +# Copyright (C) 2019 Canonical, Ltd. +# Author: Mathieu Trudel-Lapierre +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 3. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os +import subprocess +import sys +import unittest +import tempfile + +from pathlib import Path + +from uefi_tests_base import UEFITestsBase + + +class TestSignatures(UEFITestsBase): + """ + Validate UEFI signatures for common problems + """ + @classmethod + def setUpClass(klass): + UEFITestsBase.setUpClass() + + + def testInstalledGrubIsSigned(self): + """Check that the GRUB copy we installed is correctly signed""" + installed_grub_file = Path(self.signed_grub_path) + self.assertTrue(installed_grub_file.exists()) + signed_out = subprocess.run(['sbverify', '--list', self.signed_grub_path], + stdout=subprocess.PIPE) + self.assertIn(b'image signature issuers:', signed_out.stdout) + + def testGrubSignatureValid(self): + """Ensure the installed GRUB binary from packaging is signed with the expected key""" + self.assertSignatureOK(self.canonical_ca, self.signed_grub_path) + + def testInstalledShimIsSigned(self): + """Check that the installed shim is signed""" + installed_shim_file = Path(self.signed_shim_path) + self.assertTrue(installed_shim_file.exists()) + signed_out = subprocess.run(['sbverify', '--list', self.signed_shim_path], + stdout=subprocess.PIPE) + self.assertIn(b'image signature issuers:', signed_out.stdout) + + def testHaveSignedShimOnESP(self): + """Verify that packaging has provided a signed shim""" + signed_shim_file = Path(self.installed_shim) + self.assertTrue(signed_shim_file.exists()) + + def testSignaturesExist(self): + """Validate that a binary has non-zero signatures""" + unsigned_out = subprocess.run(['sbverify', '--list', self.unsigned_shim_path], + stderr=subprocess.PIPE, stdout=subprocess.PIPE) + self.assertIn(b'No signature table present', unsigned_out.stderr) + signed_out = subprocess.run(['sbverify', '--list', self.signed_shim_path], + stderr=subprocess.PIPE, stdout=subprocess.PIPE) + self.assertIn(b'image signature issuers:', signed_out.stdout) + + def testSignatureIsReplayable(self): + """Attest that signature is retrievable from a binary and can be replayed""" + with tempfile.TemporaryDirectory() as tmpdirname: + subprocess.call(['sbattach', + '--detach', os.path.join(tmpdirname, 'sig.pkcs7'), + self.signed_shim_path]) + pkcs7_certs = subprocess.run(['openssl', 'pkcs7', + '-inform', 'der', + '-in', os.path.join(tmpdirname, 'sig.pkcs7'), + '-print_certs'], + stdout=subprocess.PIPE) + with open(os.path.join(tmpdirname, 'out.crt'), 'ab+') as certstore: + certstore.write(pkcs7_certs.stdout) + self.assertSignatureOK(os.path.join(tmpdirname, 'out.crt'), self.signed_shim_path) + + +unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=2)) diff -Nru shim-15+1533136590.3beb971/debian/tests/10_uefi_boot_tests.py shim-15+1552672080.a4a1fbe/debian/tests/10_uefi_boot_tests.py --- shim-15+1533136590.3beb971/debian/tests/10_uefi_boot_tests.py 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/tests/10_uefi_boot_tests.py 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,51 @@ +# +# UEFI boot testing +# +# Copyright (C) 2019 Canonical, Ltd. +# Author: Mathieu Trudel-Lapierre +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 3. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import subprocess +import sys +import unittest + +from uefi_tests_base import UEFITestsBase, UEFINotAvailable, UEFIVirtualMachine + + +class UEFIBootTests(UEFITestsBase): + """ + Validate UEFI signatures for common problems + """ + @classmethod + def setUpClass(klass): + UEFITestsBase.setUpClass() + klass.base_image = UEFIVirtualMachine(arch=klass.image_arch) + #klass.base_image.prepare() + + def testCanary(self): + """Validate that a control/canary (unchanged) image boots fine""" + canary = UEFIVirtualMachine(self.base_image) + canary.run() + self.assertBoots(canary) + + def testNewShim(self): + """Validate that a new SHIM binary on the image will boot""" + new_shim = UEFIVirtualMachine(self.base_image) + new_shim.update(src='/usr/lib/shim/shimx64.efi.signed', dst='/boot/efi/EFI/ubuntu/shimx64.efi') + new_shim.update(src='/usr/lib/shim/shimx64.efi.signed', dst='/boot/efi/EFI/BOOT/BOOTX64.efi') + new_shim.run() + self.assertBoots(new_shim) + + +unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=2)) diff -Nru shim-15+1533136590.3beb971/debian/tests/control shim-15+1552672080.a4a1fbe/debian/tests/control --- shim-15+1533136590.3beb971/debian/tests/control 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/tests/control 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,29 @@ +Test-Command: python3 debian/tests/01_sanity_tests.py +Depends: @, + qemu-system-arm [arm64], + qemu-system-x86 [amd64], +Restrictions: allow-stderr, needs-root, isolation-machine +Features: test-name=sanity + +Test-Command: python3 debian/tests/05_signature_tests.py +Depends: @, + sbsigntool, + grub-efi-arm64-signed [arm64], + grub-efi-amd64-signed [amd64], +Restrictions: allow-stderr, needs-root, isolation-machine +Features: test-name=signatures + +Test-Command: python3 debian/tests/10_uefi_boot_tests.py +Depends: @, + autopkgtest, + genisoimage, + qemu-utils, + sbsigntool, + qemu-system-arm [arm64], + qemu-system-x86 [amd64], + ovmf [amd64], + qemu-efi-aarch64 [arm64], + grub-efi-arm64-signed [arm64], + grub-efi-amd64-signed [amd64], +Restrictions: allow-stderr, needs-root, isolation-machine +Features: test-name=boot-test diff -Nru shim-15+1533136590.3beb971/debian/tests/uefi_tests_base.py shim-15+1552672080.a4a1fbe/debian/tests/uefi_tests_base.py --- shim-15+1533136590.3beb971/debian/tests/uefi_tests_base.py 1970-01-01 00:00:00.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/debian/tests/uefi_tests_base.py 2020-03-20 15:19:14.000000000 +0000 @@ -0,0 +1,241 @@ +# +# UEFI validation/integration tests +# +# Copyright (C) 2019 Canonical, Ltd. +# Author: Mathieu Trudel-Lapierre +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 3. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import lsb_release +import os +import shutil +import stat +import subprocess +import tempfile +from time import sleep +import unittest + + +class UEFINotAvailable(Exception): + """Exception class for unavailable UEFI features""" + def __init__(self, feature=None, arch=None, details=None): + self.message = "UEFI is not available" + if arch and feature: + self.message = "%s is not available on %s" % (feature, arch) + elif feature: + self.message = "%s is not available" % feature + if details: + self.message = self.message + ": %s" % details + + def __str__(self): + return repr(self.message) + +class UEFITestsBase(unittest.TestCase): + ''' + Common functionality for shim test cases + ''' + + @classmethod + def setUpClass(klass): + klass.arch_machine = os.uname().machine + klass.arch_suffix = '' + klass.grub_arch = '' + klass.qemu_arch = '' + if klass.arch_machine == 'x86_64': + klass.image_arch = 'amd64' + klass.arch_suffix = 'x64' + klass.grub_arch = 'x86_64-efi' + klass.qemu_arch = 'qemu-system-x86_64' + elif klass.arch_machine == 'aarch64': + klass.image_arch = 'arm64' + klass.arch_suffix = 'aa64' + klass.grub_arch = 'arm64-efi' + klass.qemu_arch = 'qemu-system-aarch64' + else: + raise UEFINotAvailable(feature='any UEFI Shim features', arch=klass.arch_machine) + + # Base paths for the ESP. + klass.uefi_base_dir = os.path.join('/', 'boot', 'efi', 'EFI') + klass.uefi_boot_dir = os.path.join(klass.uefi_base_dir, 'BOOT') + klass.uefi_install_dir = os.path.join(klass.uefi_base_dir, 'ubuntu') + + # CAs for signature validation + klass.canonical_ca = os.path.join('/usr/share/grub', 'canonical-uefi-ca.crt') + + # Shim paths + klass.shim_pkg_dir = os.path.join('/', 'usr', 'lib', 'shim') + klass.unsigned_shim_path = os.path.join(klass.shim_pkg_dir, 'shim%s.efi' % klass.arch_suffix) + klass.signed_shim_path = os.path.join(klass.shim_pkg_dir, 'shim%s.efi.signed' % klass.arch_suffix) + klass.installed_shim = os.path.join(klass.uefi_install_dir, 'shim%s.efi' % klass.arch_suffix) + klass.removable_shim = os.path.join(klass.uefi_boot_dir, 'boot%s.efi' % klass.arch_suffix) + + # GRUB paths + klass.grub_pkg_dir = os.path.join('/', 'usr', 'lib', 'grub', "%s-signed" % klass.grub_arch) + klass.signed_grub_path = os.path.join(klass.grub_pkg_dir, 'grub%s.efi.signed' % klass.arch_suffix) + klass.installed_grub = os.path.join(klass.uefi_install_dir, 'grub%s.efi' % klass.arch_suffix) + + # OMVF paths + if klass.arch_machine == 'x86_64': + klass.uefi_code_path = '/usr/share/OVMF/OVMF_CODE.ms.fd' + klass.uefi_vars_path = '/usr/share/OVMF/OVMF_VARS.ms.fd' + elif klass.arch_machine == 'aarch64': + klass.uefi_code_path = '/usr/share/AAVMF/AAVMF_CODE.fd' + klass.uefi_vars_path = '/usr/share/AAVMF/AAVMF_VARS.fd' + + subprocess.run(['modprobe', 'nbd']) + + @classmethod + def tearDownClass(klass): + pass + + def tearDown(self): + pass + + def setUp(self): + pass + + + # + # Internal implementation details + # + + @classmethod + def poll_text(klass, logpath, string, timeout=50): + '''Poll log file for a given string with a timeout. + + Timeout is given in deciseconds. + ''' + log = '' + while timeout > 0: + if os.path.exists(logpath): + break + timeout -= 1 + sleep(0.1) + assert timeout > 0, 'Timed out waiting for file %s to appear' % logpath + + with open(logpath) as f: + while timeout > 0: + line = f.readline() + if line: + log += line + if string in line: + break + continue + timeout -= 1 + sleep(0.1) + + assert timeout > 0, 'Timed out waiting for "%s":\n------------\n%s\n-------\n' % (string, log) + + + def assertSignatureOK(self, expected_signature, binary): + result = subprocess.check_call(['sbverify', '--cert', expected_signature, binary]) + self.assertEquals(0, result) + + + def assertBoots(self, vm=None): + '''Assert that the VM is booted and ready for use''' + self.assertTrue(vm.ready()) + + +DEFAULT_METADATA = 'instance-id: nocloud\nlocal-hostname: autopkgtest\n' + +DEFAULT_USERDATA = """#cloud-config +locale: en_US.UTF-8 +password: ubuntu +chpasswd: { expire: False } +ssh_pwauth: True +manage_etc_hosts: True +runcmd: + - (while [ ! -e /var/lib/cloud/instance/boot-finished ]; do sleep 1; done; + shutdown -P now) & +""" + +# +# VM management tools +# +class UEFIVirtualMachine(UEFITestsBase): + + def __init__(self, base=None, arch=None): + self.autopkgtest_dir = tempfile.TemporaryDirectory() + os.makedirs(os.path.join(self.autopkgtest_dir.name, 'img')) + self.arch = arch + self.release = lsb_release.get_os_release()['CODENAME'] + self.path = tempfile.mkstemp(dir=self.autopkgtest_dir.name)[1] + if not base: + subprocess.run(['wget', + 'http://cloud-images.ubuntu.com/%s/current/%s-server-cloudimg-%s.img' + % (self.release, self.release, self.arch), + '-O', '%s/base.img' % self.autopkgtest_dir.name]) + else: + self.arch = base.arch + shutil.copy(base.path, os.path.join(self.autopkgtest_dir.name, 'base.img')) + shutil.copy(os.path.join(self.autopkgtest_dir.name, 'base.img'), self.path) + shutil.copy("%s" % self.uefi_vars_path, "%s.VARS.fd" % self.path) + + def _mount(self): + subprocess.run(['qemu-nbd', '--connect=/dev/nbd0', self.path]) + # nbd doesn't show instantly... + sleep(1) + subprocess.run(['mount', '/dev/nbd0p1', os.path.join(self.autopkgtest_dir.name, 'img')]) + subprocess.run(['mount', '/dev/nbd0p15', os.path.join(self.autopkgtest_dir.name, 'img', 'boot/efi')]) + + def _unmount(self): + subprocess.run(['umount', '/dev/nbd0p15']) + subprocess.run(['umount', '/dev/nbd0p1']) + subprocess.run(['qemu-nbd', '--disconnect', '/dev/nbd0']) + + def prepare(self): + with open(os.path.join(self.autopkgtest_dir.name, 'meta-data'), 'w') as f: + f.write(DEFAULT_METADATA) + with open(os.path.join(self.autopkgtest_dir.name, 'user-data'), 'w') as f: + f.write(DEFAULT_USERDATA) + + subprocess.run(['genisoimage', '-output', 'cloud-init.seed', + '-volid', 'cidata', '-joliet', '-rock', + '-quiet', 'user-data', 'meta-data'], + cwd=self.autopkgtest_dir.name) + + def list(self, path='/etc/'): + self._mount() + subprocess.run(['ls', '-l', os.path.join(self.autopkgtest_dir.name, 'img', path)]) + self._unmount() + + def update(self, src=None, dst=None): + self._mount() + try: + os.makedirs(os.path.join(self.autopkgtest_dir.name, 'img', os.path.dirname(src))) + except FileExistsError: + pass + shutil.copy(src, os.path.join(self.autopkgtest_dir.name, 'img', dst)) + self._unmount() + + def run(self): + self.prepare() + # start qemu-system-$arch, output log to serial and capture to variable + subprocess.run([self.qemu_arch, '-m', '2048', '-nographic', + '-serial', 'mon:stdio', + '-drive', 'file=%s,if=pflash,format=raw,unit=0,readonly=on' % self.uefi_code_path, + '-drive', 'file=%s.VARS.fd,if=pflash,format=raw,unit=1' % self.path, + '-drive', 'file=%s,if=none,id=harddrive0' % self.path, + '-device', 'virtio-blk-pci,drive=harddrive0,bootindex=0', + '-drive', 'file=%s/cloud-init.seed,if=virtio,readonly' % self.autopkgtest_dir.name]) + + def ready(self): + """Returns true if the VM is booted and ready at userland""" + # check captured serial for our marker + self._mount() + result = os.path.exists(os.path.join(self.autopkgtest_dir.name, 'img', '/var/lib/cloud/instances/nocloud/boot-finished')) + self._unmount() + return result + + diff -Nru shim-15+1533136590.3beb971/errlog.c shim-15+1552672080.a4a1fbe/errlog.c --- shim-15+1533136590.3beb971/errlog.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/errlog.c 2019-09-10 08:54:35.000000000 +0000 @@ -14,29 +14,20 @@ VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args) { va_list args2; - UINTN size = 0, size2; CHAR16 **newerrs; - size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func); - va_copy(args2, args); - size2 = VSPrint(NULL, 0, fmt, args2); - va_end(args2); - newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), (nerrs + 3) * sizeof(*errs)); if (!newerrs) return EFI_OUT_OF_RESOURCES; - newerrs[nerrs] = AllocatePool(size*2+2); + newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func); if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; - newerrs[nerrs+1] = AllocatePool(size2*2+2); + va_copy(args2, args); + newerrs[nerrs+1] = VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; - - SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func); - va_copy(args2, args); - VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2); va_end(args2); nerrs += 2; diff -Nru shim-15+1533136590.3beb971/fallback.c shim-15+1552672080.a4a1fbe/fallback.c --- shim-15+1533136590.3beb971/fallback.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/fallback.c 2019-09-10 08:54:35.000000000 +0000 @@ -12,6 +12,8 @@ #include "shim.h" +#define NO_REBOOT L"FB_NO_REBOOT" + EFI_LOADED_IMAGE *this_image = NULL; int @@ -973,6 +975,65 @@ return efi_status; } +static UINT32 +get_fallback_no_reboot(void) +{ + EFI_STATUS efi_status; + UINT32 no_reboot; + UINTN size = sizeof(UINT32); + + efi_status = gRT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID, + NULL, &size, &no_reboot); + if (!EFI_ERROR(efi_status)) { + return no_reboot; + } + return 0; +} + +static EFI_STATUS +set_fallback_no_reboot(void) +{ + EFI_STATUS efi_status; + UINT32 no_reboot = 1; + efi_status = gRT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID, + EFI_VARIABLE_NON_VOLATILE + | EFI_VARIABLE_BOOTSERVICE_ACCESS + | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(UINT32), &no_reboot); + return efi_status; +} + +static int +draw_countdown(void) +{ + CHAR16 *title = L"Boot Option Restoration"; + CHAR16 *message = L"Press any key to stop system reset"; + int timeout; + + timeout = console_countdown(title, message, 5); + + return timeout; +} + +static int +get_user_choice(void) +{ + int choice; + CHAR16 *title[] = {L"Boot Option Restored", NULL}; + CHAR16 *menu_strings[] = { + L"Reset system", + L"Continue boot", + L"Always continue boot", + NULL + }; + + do { + choice = console_select(title, menu_strings, 0); + } while (choice < 0 || choice > 2); + + return choice; +} + extern EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab); @@ -1039,6 +1100,26 @@ VerbosePrint(L"tpm not present, starting the first image\n"); try_start_first_option(image); } else { + if (get_fallback_no_reboot() == 1) { + VerbosePrint(L"NO_REBOOT is set, starting the first image\n"); + try_start_first_option(image); + } + + int timeout = draw_countdown(); + if (timeout == 0) + goto reset; + + int choice = get_user_choice(); + if (choice == 0) { + goto reset; + } else if (choice == 2) { + efi_status = set_fallback_no_reboot(); + if (EFI_ERROR(efi_status)) + goto reset; + } + VerbosePrint(L"tpm present, starting the first image\n"); + try_start_first_option(image); +reset: VerbosePrint(L"tpm present, resetting system\n"); } diff -Nru shim-15+1533136590.3beb971/.gitignore shim-15+1552672080.a4a1fbe/.gitignore --- shim-15+1533136590.3beb971/.gitignore 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/.gitignore 2019-09-10 08:54:35.000000000 +0000 @@ -24,6 +24,7 @@ *.srl *.srl.old *.tar.* +*.hash version.c cov-int/ scan-results/ diff -Nru shim-15+1533136590.3beb971/include/console.h shim-15+1552672080.a4a1fbe/include/console.h --- shim-15+1533136590.3beb971/include/console.h 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/include/console.h 2019-09-10 08:54:35.000000000 +0000 @@ -33,6 +33,12 @@ void console_notify(CHAR16 *string); void +console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); +void +console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); +int +console_countdown(CHAR16* title, const CHAR16* message, int timeout); +void console_reset(void); #define NOSEL 0x7fffffff diff -Nru shim-15+1533136590.3beb971/lib/console.c shim-15+1552672080.a4a1fbe/lib/console.c --- shim-15+1533136590.3beb971/lib/console.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/lib/console.c 2019-09-10 08:54:35.000000000 +0000 @@ -409,6 +409,81 @@ console_alertbox(str_arr); } +void +console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + + if (!SavedMode) { + console_print(L"Invalid parameter: SavedMode\n"); + return; + } + + CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); + co->EnableCursor(co, FALSE); + co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); +} + +void +console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + + co->EnableCursor(co, SavedMode->CursorVisible); + co->SetCursorPosition(co, SavedMode->CursorColumn, + SavedMode->CursorRow); + co->SetAttribute(co, SavedMode->Attribute); +} + +int +console_countdown(CHAR16* title, const CHAR16* message, int timeout) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; + SIMPLE_TEXT_OUTPUT_MODE SavedMode; + EFI_INPUT_KEY key; + EFI_STATUS efi_status; + UINTN cols, rows; + CHAR16 *titles[2]; + int wait = 10000000; + + console_save_and_set_mode(&SavedMode); + + titles[0] = title; + titles[1] = NULL; + + console_print_box_at(titles, -1, 0, 0, -1, -1, 1, 1); + + co->QueryMode(co, co->Mode->Mode, &cols, &rows); + + console_print_at((cols - StrLen(message)) / 2, rows / 2, message); + while (1) { + if (timeout > 1) + console_print_at(2, rows - 3, + L"Booting in %d seconds ", + timeout); + else if (timeout) + console_print_at(2, rows - 3, + L"Booting in %d second ", + timeout); + + efi_status = WaitForSingleEvent(ci->WaitForKey, wait); + if (efi_status != EFI_TIMEOUT) { + /* Clear the key in the queue */ + ci->ReadKeyStroke(ci, &key); + break; + } + + timeout--; + if (!timeout) + break; + } + + console_restore_mode(&SavedMode); + + return timeout; +} + #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) /* Copy of gnu-efi-3.0 with the added secure boot strings */ diff -Nru shim-15+1533136590.3beb971/Make.defaults shim-15+1552672080.a4a1fbe/Make.defaults --- shim-15+1533136590.3beb971/Make.defaults 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Make.defaults 2019-09-10 08:54:35.000000000 +0000 @@ -50,6 +50,7 @@ ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 ARCH_LDFLAGS ?= + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),ia32) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ @@ -60,6 +61,7 @@ ARCH_SUFFIX_UPPER ?= IA32 ARCH_LDFLAGS ?= ARCH_CFLAGS ?= -m32 + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),aarch64) ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align @@ -70,15 +72,17 @@ SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ARCH_CFLAGS ?= + TIMESTAMP_LOCATION := 72 endif ifeq ($(ARCH),arm) - ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align + ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access LIBDIR ?= $(prefix)/lib ARCH_SUFFIX ?= arm ARCH_SUFFIX_UPPER ?= ARM FORMAT := -O binary SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + TIMESTAMP_LOCATION := 72 endif CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ diff -Nru shim-15+1533136590.3beb971/Makefile shim-15+1552672080.a4a1fbe/Makefile --- shim-15+1533136590.3beb971/Makefile 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/Makefile 2019-09-10 08:54:35.000000000 +0000 @@ -102,11 +102,11 @@ $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a Cryptlib/libcryptlib.a: - mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall} + for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile Cryptlib/OpenSSL/libopenssl.a: - mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/ + for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) @@ -189,11 +189,13 @@ ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \ + $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .vendor_cert \ $(FORMAT) $^ $@ + # I am tired of wasting my time fighting binutils timestamp code. + dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@ ifneq ($(origin ENABLE_SHIM_HASH),undefined) %.hash : %.efi @@ -204,7 +206,7 @@ ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data \ + $(OBJCOPY) -D -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ @@ -225,7 +227,7 @@ @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa] - @git clean -f -d -e 'Cryptlib/OpenSSL/*' + @if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi clean: clean-shim-objs $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean diff -Nru shim-15+1533136590.3beb971/mok.c shim-15+1552672080.a4a1fbe/mok.c --- shim-15+1533136590.3beb971/mok.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/mok.c 2019-09-10 08:54:35.000000000 +0000 @@ -68,6 +68,10 @@ */ UINT8 **addend_source; UINT32 *addend_size; +#if defined(ENABLE_SHIM_CERT) + UINT8 **build_cert; + UINT32 *build_cert_size; +#endif /* defined(ENABLE_SHIM_CERT) */ UINT32 yes_attr; UINT32 no_attr; UINT32 flags; @@ -90,6 +94,10 @@ .no_attr = EFI_VARIABLE_RUNTIME_ACCESS, .addend_source = &vendor_cert, .addend_size = &vendor_cert_size, +#if defined(ENABLE_SHIM_CERT) + .build_cert = &build_cert, + .build_cert_size = &build_cert_size, +#endif /* defined(ENABLE_SHIM_CERT) */ .flags = MOK_MIRROR_KEYDB | MOK_VARIABLE_LOG, .pcr = 14, @@ -130,22 +138,54 @@ { NULL, } }; -static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v) +static inline BOOLEAN nonnull(1) +check_vendor_cert(struct mok_state_variable *v) +{ + return (v->addend_source && v->addend_size && + *v->addend_source && *v->addend_size) ? TRUE : FALSE; +} + +#if defined(ENABLE_SHIM_CERT) +static inline BOOLEAN nonnull(1) +check_build_cert(struct mok_state_variable *v) +{ + return (v->build_cert && v->build_cert_size && + *v->build_cert && *v->build_cert_size) ? TRUE : FALSE; +} +#define check_addend(v) (check_vendor_cert(v) || check_build_cert(v)) +#else +#define check_addend(v) check_vendor_cert(v) +#endif /* defined(ENABLE_SHIM_CERT) */ + +static EFI_STATUS nonnull(1) +mirror_one_mok_variable(struct mok_state_variable *v) { EFI_STATUS efi_status = EFI_SUCCESS; void *FullData = NULL; UINTN FullDataSize = 0; uint8_t *p = NULL; - if ((v->flags & MOK_MIRROR_KEYDB) && - v->addend_source && *v->addend_source && - v->addend_size && *v->addend_size) { + if ((v->flags & MOK_MIRROR_KEYDB) && check_addend(v)) { EFI_SIGNATURE_LIST *CertList = NULL; EFI_SIGNATURE_DATA *CertData = NULL; +#if defined(ENABLE_SHIM_CERT) + FullDataSize = v->data_size; + if (check_build_cert(v)) { + FullDataSize += sizeof (*CertList) + + sizeof (EFI_GUID) + + *v->build_cert_size; + } + if (check_vendor_cert(v)) { + FullDataSize += sizeof (*CertList) + + sizeof (EFI_GUID) + + *v->addend_size; + } +#else FullDataSize = v->data_size + sizeof (*CertList) + sizeof (EFI_GUID) + *v->addend_size; +#endif /* defined(ENABLE_SHIM_CERT) */ FullData = AllocatePool(FullDataSize); if (!FullData) { perror(L"Failed to allocate space for MokListRT\n"); @@ -157,6 +197,35 @@ CopyMem(p, v->data, v->data_size); p += v->data_size; } + +#if defined(ENABLE_SHIM_CERT) + if (check_build_cert(v) == FALSE) + goto skip_build_cert; + + CertList = (EFI_SIGNATURE_LIST *)p; + p += sizeof (*CertList); + CertData = (EFI_SIGNATURE_DATA *)p; + p += sizeof (EFI_GUID); + + CertList->SignatureType = EFI_CERT_TYPE_X509_GUID; + CertList->SignatureListSize = *v->build_cert_size + + sizeof (*CertList) + + sizeof (*CertData) + -1; + CertList->SignatureHeaderSize = 0; + CertList->SignatureSize = *v->build_cert_size + + sizeof (EFI_GUID); + + CertData->SignatureOwner = SHIM_LOCK_GUID; + CopyMem(p, *v->build_cert, *v->build_cert_size); + + p += *v->build_cert_size; + + if (check_vendor_cert(v) == FALSE) + goto skip_vendor_cert; +skip_build_cert: +#endif /* defined(ENABLE_SHIM_CERT) */ + CertList = (EFI_SIGNATURE_LIST *)p; p += sizeof (*CertList); CertData = (EFI_SIGNATURE_DATA *)p; @@ -173,6 +242,9 @@ CertData->SignatureOwner = SHIM_LOCK_GUID; CopyMem(p, *v->addend_source, *v->addend_size); +#if defined(ENABLE_SHIM_CERT) +skip_vendor_cert: +#endif /* defined(ENABLE_SHIM_CERT) */ if (v->data && v->data_size) FreePool(v->data); v->data = FullData; @@ -197,6 +269,29 @@ } /* + * Mirror a variable if it has an rtname, and preserve any + * EFI_SECURITY_VIOLATION status at the same time. + */ +static EFI_STATUS nonnull(1) +maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret) +{ + EFI_STATUS efi_status; + if (v->rtname) { + if (v->flags & MOK_MIRROR_DELETE_FIRST) + LibDeleteVariable(v->rtname, v->guid); + + efi_status = mirror_one_mok_variable(v); + if (EFI_ERROR(efi_status)) { + if (ret != EFI_SECURITY_VIOLATION) + ret = efi_status; + perror(L"Could not create %s: %r\n", v->rtname, + efi_status); + } + } + return ret; +} + +/* * Verify our non-volatile MoK state. This checks the variables above * accessable and have valid attributes. If they don't, it removes * them. If any of them can't be removed, our ability to do this is @@ -223,11 +318,20 @@ UINT32 attrs = 0; BOOLEAN delete = FALSE, present, addend; + addend = check_addend(v); + efi_status = get_variable_attr(v->name, &v->data, &v->data_size, *v->guid, &attrs); - if (efi_status == EFI_NOT_FOUND) + if (efi_status == EFI_NOT_FOUND) { + if (addend) + ret = maybe_mirror_one_mok_variable(v, ret); + /* + * after possibly adding, we can continue, no + * further checks to be done. + */ continue; + } if (EFI_ERROR(efi_status)) { perror(L"Could not verify %s: %r\n", v->name, efi_status); @@ -272,9 +376,6 @@ } present = (v->data && v->data_size) ? TRUE : FALSE; - addend = (v->addend_source && v->addend_size && - *v->addend_source && *v->addend_size) - ? TRUE : FALSE; if (v->flags & MOK_VARIABLE_MEASURE && present) { /* @@ -304,15 +405,8 @@ } } - if (v->rtname && present && addend) { - if (v->flags & MOK_MIRROR_DELETE_FIRST) - LibDeleteVariable(v->rtname, v->guid); - - efi_status = mirror_one_mok_variable(v); - if (EFI_ERROR(efi_status) && - ret != EFI_SECURITY_VIOLATION) - ret = efi_status; - } + if (present) + ret = maybe_mirror_one_mok_variable(v, ret); } /* @@ -331,4 +425,4 @@ return ret; } -// vim:fenc=utf-8:tw=75 +// vim:fenc=utf-8:tw=75:noet diff -Nru shim-15+1533136590.3beb971/MokManager.c shim-15+1552672080.a4a1fbe/MokManager.c --- shim-15+1533136590.3beb971/MokManager.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/MokManager.c 2019-09-10 08:54:35.000000000 +0000 @@ -733,30 +733,6 @@ return efi_status; } -static void console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -{ - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - - if (!SavedMode) { - console_print(L"Invalid parameter: SavedMode\n"); - return; - } - - CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); - co->EnableCursor(co, FALSE); - co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); -} - -static void console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -{ - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - - co->EnableCursor(co, SavedMode->CursorVisible); - co->SetCursorPosition(co, SavedMode->CursorColumn, - SavedMode->CursorRow); - co->SetAttribute(co, SavedMode->Attribute); -} - static INTN reset_system() { gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); @@ -2032,24 +2008,17 @@ static int draw_countdown() { - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; - SIMPLE_TEXT_OUTPUT_MODE SavedMode; - EFI_INPUT_KEY key; - EFI_STATUS efi_status; - UINTN cols, rows; - CHAR16 *title[2]; CHAR16 *message = L"Press any key to perform MOK management"; + CHAR16 *title; void *MokTimeout = NULL; MokTimeoutvar *var; UINTN MokTimeoutSize = 0; - int timeout, wait = 10000000; + int timeout = 10; + EFI_STATUS efi_status; efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout, &MokTimeoutSize, SHIM_LOCK_GUID); - if (EFI_ERROR(efi_status)) { - timeout = 10; - } else { + if (!EFI_ERROR(efi_status)) { var = MokTimeout; timeout = (int)var->Timeout; FreePool(MokTimeout); @@ -2059,42 +2028,10 @@ if (timeout < 0) return timeout; - console_save_and_set_mode(&SavedMode); - - title[0] = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); - title[1] = NULL; - - console_print_box_at(title, -1, 0, 0, -1, -1, 1, 1); - - co->QueryMode(co, co->Mode->Mode, &cols, &rows); - - console_print_at((cols - StrLen(message)) / 2, rows / 2, message); - while (1) { - if (timeout > 1) - console_print_at(2, rows - 3, - L"Booting in %d seconds ", - timeout); - else if (timeout) - console_print_at(2, rows - 3, - L"Booting in %d second ", - timeout); - - efi_status = WaitForSingleEvent(ci->WaitForKey, wait); - if (efi_status != EFI_TIMEOUT) { - /* Clear the key in the queue */ - ci->ReadKeyStroke(ci, &key); - break; - } - - timeout--; - if (!timeout) - break; - } - - FreePool(title[0]); - - console_restore_mode(&SavedMode); + title = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); + timeout = console_countdown(title, message, timeout); + FreePool(title); return timeout; } diff -Nru shim-15+1533136590.3beb971/shim.c shim-15+1552672080.a4a1fbe/shim.c --- shim-15+1533136590.3beb971/shim.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/shim.c 2019-09-10 08:54:35.000000000 +0000 @@ -34,6 +34,9 @@ */ #include "shim.h" +#if defined(ENABLE_SHIM_CERT) +#include "shim_cert.h" +#endif /* defined(ENABLE_SHIM_CERT) */ #include @@ -77,6 +80,10 @@ UINT32 vendor_dbx_size; UINT8 *vendor_cert; UINT8 *vendor_dbx; +#if defined(ENABLE_SHIM_CERT) +UINT32 build_cert_size; +UINT8 *build_cert; +#endif /* defined(ENABLE_SHIM_CERT) */ /* * indicator of how an image has been verified @@ -152,7 +159,7 @@ #endif #elif defined(__i386__) || defined(__i686__) return 1; -#elif defined(__arch64__) +#elif defined(__aarch64__) return 0; #else /* assuming everything else is 32-bit... */ return 1; @@ -1377,6 +1384,11 @@ */ Section = context.FirstSection; for (i = 0; i < context.NumberOfSections; i++, Section++) { + /* Don't try to copy discardable sections with zero size */ + if ((Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) && + !Section->Misc.VirtualSize) + continue; + base = ImageAddress (buffer, context.ImageSize, Section->VirtualAddress); end = ImageAddress (buffer, context.ImageSize, @@ -1640,9 +1652,11 @@ bootpath[j] = '\0'; } - while (*ImagePath == '\\') - ImagePath++; + for (i = 0, last = 0; i < StrLen(ImagePath); i++) + if (ImagePath[i] == '\\') + last = i + 1; + ImagePath = ImagePath + last; *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath)); if (!*PathName) { @@ -2114,21 +2128,32 @@ return EFI_SUCCESS; } -static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len) +static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path) { CHAR16 *dppath = NULL; + CHAR16 *PathName = NULL; + EFI_STATUS efi_status; int ret = 1; dppath = DevicePathToStr(li->FilePath); if (!dppath) return 0; + efi_status = generate_path_from_image_path(li, path, &PathName); + if (EFI_ERROR(efi_status)) { + perror(L"Unable to generate path %s: %r\n", path, + efi_status); + goto done; + } + dprint(L"dppath: %s\n", dppath); dprint(L"path: %s\n", path); - if (StrnCaseCmp(dppath, path, len)) + if (StrnCaseCmp(dppath, PathName, strlen(dppath))) ret = 0; +done: FreePool(dppath); + FreePool(PathName); return ret; } @@ -2317,7 +2342,7 @@ * which is just cruel... So yeah, just don't use it. */ - if (strings == 1 && is_our_path(li, start, loader_len)) + if (strings == 1 && is_our_path(li, start)) return EFI_SUCCESS; /* @@ -2574,6 +2599,10 @@ vendor_dbx_size = cert_table.vendor_dbx_size; vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset; vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset; +#if defined(ENABLE_SHIM_CERT) + build_cert_size = sizeof(shim_cert); + build_cert = shim_cert; +#endif /* defined(ENABLE_SHIM_CERT) */ CHAR16 *msgs[] = { L"import_mok_state() failed\n", L"shim_int() failed\n", @@ -2610,7 +2639,17 @@ * boot-services-only state variables are what we think they are. */ efi_status = import_mok_state(image_handle); - if (EFI_ERROR(efi_status)) { + if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) { + /* + * Make copy failures fatal only if secure_mode is enabled, or + * the error was anything else than EFI_INVALID_PARAMETER. + * There are non-secureboot firmware implementations that don't + * reserve enough EFI variable memory to fit the variable. + */ + console_print(L"Importing MOK states has failed: %s: %r\n", + msgs[msg], efi_status); + console_print(L"Continuing boot since secure mode is disabled"); + } else if (EFI_ERROR(efi_status)) { die: console_print(L"Something has gone seriously wrong: %s: %r\n", msgs[msg], efi_status); diff -Nru shim-15+1533136590.3beb971/shim.h shim-15+1552672080.a4a1fbe/shim.h --- shim-15+1533136590.3beb971/shim.h 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/shim.h 2019-09-10 08:54:35.000000000 +0000 @@ -30,6 +30,8 @@ #include +#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__))) + #define min(a, b) ({(a) < (b) ? (a) : (b);}) #ifdef __x86_64__ @@ -120,9 +122,6 @@ #include "include/variables.h" #include "version.h" -#ifdef ENABLE_SHIM_CERT -#include "shim_cert.h" -#endif INTERFACE_DECL(_SHIM_LOCK); @@ -170,6 +169,10 @@ extern UINT32 vendor_dbx_size; extern UINT8 *vendor_cert; extern UINT8 *vendor_dbx; +#if defined(ENABLE_SHIM_CERT) +extern UINT32 build_cert_size; +extern UINT8 *build_cert; +#endif /* defined(ENABLE_SHIM_CERT) */ extern UINT8 user_insecure_mode; extern UINT8 ignore_db; diff -Nru shim-15+1533136590.3beb971/.syntastic_c_config shim-15+1552672080.a4a1fbe/.syntastic_c_config --- shim-15+1533136590.3beb971/.syntastic_c_config 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/.syntastic_c_config 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ --DL_ENDIAN --D_CRT_SECURE_NO_DEPRECATE --D_CRT_NONSTDC_NO_DEPRECATE --DOPENSSL_SMALL_FOOTPRINT --DPEDANTIC --ggdb --O0 --fno-stack-protector --fno-strict-aliasing --fpic --fshort-wchar --Wall --Wsign-compare --Werror --fno-builtin --Werror=sign-compare --ffreestanding --std=gnu89 --nostdinc --I/usr/lib/gcc/x86_64-redhat-linux/7/include --Iinclude --ICryptlib/ --ICryptlib/Include/ --ICryptlib/OpenSSL/ --ICryptlib/OpenSSL/crypto/ --I/usr/include/efi/ --I/usr/include/efi/x86_64/ --I/usr/include/efi/protocol/ --ICryptlib/OpenSSL/crypto/asn1/ --ICryptlib/OpenSSL/crypto/evp/ --ICryptlib/OpenSSL/crypto/modes/ --ICryptlib/OpenSSL/crypto/include/ --iquote -. --mno-mmx --mno-sse --mno-red-zone --nostdinc --maccumulate-outgoing-args --DEFI_FUNCTION_WRAPPER --DGNU_EFI_USE_MS_ABI --DNO_BUILTIN_VA_FUNCS --DMDE_CPU_X64 --DPAGE_SIZE=4096 diff -Nru shim-15+1533136590.3beb971/TODO shim-15+1552672080.a4a1fbe/TODO --- shim-15+1533136590.3beb971/TODO 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/TODO 2019-09-10 08:54:35.000000000 +0000 @@ -22,11 +22,14 @@ - make debuginfo paths configurable - make arch dependent names configurable - Make it easier to avoid CryptPem -- Make an easy strip+implant tool for our embedded cert lists - Post process full path names out of __FILE__ / __BASE_FILE__ entries in the string table :/ -- Make build.log an artifact of building. -- KEK for Mok. (koike expressed an interest in working on this.) +- Reproducible builds: + - Make build.log an artifact of building. + - KEK for Mok. (koike expressed an interest in working on this.) + - Reorder builds to take hashes of mm, fb and insert those in shim + instead of ephemeral certs + - Make an easy strip+implant tool for our embedded cert lists - Detection of fallback.efi boot loops - Some tablet devices seem to always boot the fallback path, ignoring boot variables, so we need to detect that. diff -Nru shim-15+1533136590.3beb971/tpm.c shim-15+1552672080.a4a1fbe/tpm.c --- shim-15+1533136590.3beb971/tpm.c 2018-08-01 15:16:30.000000000 +0000 +++ shim-15+1552672080.a4a1fbe/tpm.c 2019-09-10 08:54:35.000000000 +0000 @@ -70,41 +70,6 @@ return FALSE; } -static inline EFI_TCG2_EVENT_LOG_BITMAP -tpm2_get_supported_logs(efi_tpm2_protocol_t *tpm, - EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps, - BOOLEAN old_caps) -{ - if (old_caps) - return ((TREE_BOOT_SERVICE_CAPABILITY *)caps)->SupportedEventLogs; - - return caps->SupportedEventLogs; -} - -/* - * According to TCG EFI Protocol Specification for TPM 2.0 family, - * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG - * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka - * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the - * internal switch through calling get_event_log() in order to allow - * to retrieve the logs from OS runtime. - */ -static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2, - EFI_TCG2_EVENT_LOG_BITMAP supported_logs) -{ - EFI_TCG2_EVENT_LOG_FORMAT log_fmt; - EFI_PHYSICAL_ADDRESS start; - EFI_PHYSICAL_ADDRESS end; - BOOLEAN truncated; - - if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) - log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; - else - log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; - - return tpm2->get_event_log(tpm2, log_fmt, &start, &end, &truncated); -} - static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, efi_tpm2_protocol_t **tpm2, BOOLEAN *old_caps_p, @@ -166,17 +131,6 @@ #endif } else if (tpm2) { EFI_TCG2_EVENT *event; - EFI_TCG2_EVENT_LOG_BITMAP supported_logs; - - supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps); - - efi_status = trigger_tcg2_final_events_table(tpm2, - supported_logs); - if (EFI_ERROR(efi_status)) { - perror(L"Unable to trigger tcg2 final events table: %r\n", - efi_status); - return efi_status; - } event = AllocatePool(sizeof(*event) + logsize); if (!event) {