Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2017-08-28 16:16:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "shim" Mon Aug 28 16:16:19 2017 rev:61 rq:518614 version:12 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2017-08-24 18:23:21.550846588 +0200 +++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2017-08-28 16:16:20.537747923 +0200 @@ -1,0 +2,11 @@ +Wed Aug 23 10:28:44 UTC 2017 - glin@suse.com + +- Add upstream fixes + + shim-fix-httpboot-crash.patch + + shim-fix-openssl-flags.patch + + shim-fix-fallback-double-free.patch + + shim-fallback-workaround-masked-ami-variables.patch +- Remove the stderr mask while compiling MokManager.efi since the + warnings in Cryptlib were fixed. + +------------------------------------------------------------------- New: ---- shim-fallback-workaround-masked-ami-variables.patch shim-fix-fallback-double-free.patch shim-fix-httpboot-crash.patch shim-fix-openssl-flags.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.Xv3sl9/_old 2017-08-28 16:16:22.201514121 +0200 +++ /var/tmp/diff_new_pack.Xv3sl9/_new 2017-08-28 16:16:22.205513560 +0200 @@ -47,6 +47,14 @@ Patch1: shim-only-os-name.patch # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Use the Arch-independent names Patch2: shim-arch-independent-names.patch +# PATCH-FIX-UPSTREAM shim-fix-httpboot-crash.patch glin@suse.com -- Fix HTTPBoot crash +Patch3: shim-fix-httpboot-crash.patch +# PATCH-FIX-UPSTREAM shim-fix-openssl-flags.patch glin@suse.com -- Fix the openssl compiler flags +Patch4: shim-fix-openssl-flags.patch +# PATCH-FIX-UPSTREAM shim-fix-fallback-double-free.patch glin@suse.com -- Fix double free in fallback.c +Patch5: shim-fix-fallback-double-free.patch +# PATCH-FIX-UPSTREAM shim-fallback-workaround-masked-ami-variables.patch glin@suse.com -- Work around the masked AMI variables +Patch6: shim-fallback-workaround-masked-ami-variables.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not @@ -96,6 +104,10 @@ %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch50 -p1 %if 0%{?is_opensuse} == 1 %patch100 -p1 @@ -103,7 +115,7 @@ %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2>/dev/null +make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi # now build variants of shim that embed different certificates default='' ++++++ shim-fallback-workaround-masked-ami-variables.patch ++++++
From 40eef4450fd4d5ec9ea666a02c276bbe073300d3 Mon Sep 17 00:00:00 2001 From: Lans Zhang <jia.zhang@windriver.com> Date: Fri, 11 Aug 2017 13:42:20 +0800 Subject: [PATCH 1/2] fallback: work around the issue of boot option creation with AMI BIOS
AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX variables with ami_masked_device_path_guid. Initially, the normal boot option created by fallback looks like this: 00000000 01 00 00 00 5e 00 42 00 6f 00 6f 00 74 00 6c 00 |....^.B.o.o.t.l.| 00000010 6f 00 61 00 64 00 65 00 72 00 20 00 54 00 65 00 |o.a.d.e.r. .T.e.| 00000020 73 00 74 00 20 00 28 00 36 00 34 00 2d 00 62 00 |s.t. .(.6.4.-.b.| 00000030 69 00 74 00 29 00 00 00 04 01 2a 00 01 00 00 00 |i.t.).....*.....| 00000040 00 08 00 00 00 00 00 00 00 00 08 00 00 00 00 00 |................| 00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000060 01 01 04 04 30 00 5c 00 45 00 46 00 49 00 5c 00 |....0.\.E.F.I.\.| 00000070 42 00 4f 00 4f 00 54 00 5c 00 74 00 65 00 73 00 |B.O.O.T.\.t.e.s.| 00000080 74 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |t.x.6.4...e.f.i.| 00000090 00 00 7f ff 04 00 |......| 00000096 after reboot, fallback has to create a new one due to the previous boot option is hidden and masked by AMI BIOS: 00000000 09 00 00 00 76 00 42 00 6f 00 6f 00 74 00 6c 00 |....v.B.o.o.t.l.| 00000010 6f 00 61 00 64 00 65 00 72 00 20 00 54 00 65 00 |o.a.d.e.r. .T.e.| 00000020 73 00 74 00 20 00 28 00 36 00 34 00 2d 00 62 00 |s.t. .(.6.4.-.b.| 00000030 69 00 74 00 29 00 00 00 01 04 14 00 e7 75 e2 99 |i.t.)........u..| 00000040 a0 75 37 4b a2 e6 c5 38 5e 6c 00 cb 7f ff 04 00 |.u7K...8^l......| 00000050 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 |..*.............| 00000060 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000070 00 00 00 00 00 00 00 00 01 01 04 04 30 00 5c 00 |............0.\.| 00000080 45 00 46 00 49 00 5c 00 42 00 4f 00 4f 00 54 00 |E.F.I.\.B.O.O.T.| 00000090 5c 00 74 00 65 00 73 00 74 00 78 00 36 00 34 00 |\.t.e.s.t.x.6.4.| 000000a0 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 |..e.f.i.......| 000000ae And after several reboot, fallback will have to create more boot options because AMI BIOS corrupts the previous ones. We can get the valid device path if just skipping the masked device path and its next end path. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> --- fallback.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 109 insertions(+), 5 deletions(-) diff --git a/fallback.c b/fallback.c index 0a7058b..7b58018 100644 --- a/fallback.c +++ b/fallback.c @@ -226,6 +226,105 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, return EFI_OUT_OF_RESOURCES; } +/* + * AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX + * variables with ami_masked_device_path_guid. We can get the valid device path + * if just skipping it and its next end path. + */ + +static EFI_GUID ami_masked_device_path_guid = { + 0x99e275e7, 0x75a0, 0x4b37, + { 0xa2, 0xe6, 0xc5, 0x38, 0x5e, 0x6c, 0x0, 0xcb } +}; + +static unsigned int +calc_masked_boot_option_size(unsigned int size) +{ + return size + sizeof(EFI_DEVICE_PATH) + + sizeof(ami_masked_device_path_guid) + sizeof(EFI_DEVICE_PATH); +} + +static int +check_masked_boot_option(CHAR8 *candidate, unsigned int candidate_size, + CHAR8 *data, unsigned int data_size) +{ + /* + * The patched BootXXXX variables contain a hardware device path and + * an end path, preceding the real device path. + */ + if (calc_masked_boot_option_size(data_size) != candidate_size) + return 1; + + CHAR8 *cursor = candidate; + + /* Check whether the BootXXXX is patched */ + cursor += sizeof(UINT32) + sizeof(UINT16); + cursor += StrSize((CHAR16 *)cursor); + + unsigned int min_valid_size = cursor - candidate + sizeof(EFI_DEVICE_PATH); + + if (candidate_size <= min_valid_size) + return 1; + + EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)cursor; + unsigned int node_size = DevicePathNodeLength(dp) - sizeof(EFI_DEVICE_PATH); + + min_valid_size += node_size; + if (candidate_size <= min_valid_size || + DevicePathType(dp) != HARDWARE_DEVICE_PATH || + DevicePathSubType(dp) != HW_VENDOR_DP || + node_size != sizeof(ami_masked_device_path_guid) || + CompareGuid((EFI_GUID *)(cursor + sizeof(EFI_DEVICE_PATH)), + &ami_masked_device_path_guid)) + return 1; + + /* Check whether the patched guid is followed by an end path */ + min_valid_size += sizeof(EFI_DEVICE_PATH); + if (candidate_size <= min_valid_size) + return 1; + + dp = NextDevicePathNode(dp); + if (!IsDevicePathEnd(dp)) + return 1; + + /* + * OK. We may really get a masked BootXXXX variable. The next + * step is to test whether it is hidden. + */ + UINT32 attrs = *(UINT32 *)candidate; +#ifndef LOAD_OPTION_HIDDEN +# define LOAD_OPTION_HIDDEN 0x00000008 +#endif + if (!(attrs & LOAD_OPTION_HIDDEN)) + return 1; + + attrs &= ~LOAD_OPTION_HIDDEN; + + /* Compare the field Attributes */ + if (attrs != *(UINT32 *)data) + return 1; + + /* Compare the field FilePathListLength */ + data += sizeof(UINT32); + candidate += sizeof(UINT32); + if (calc_masked_boot_option_size(*(UINT16 *)data) != + *(UINT16 *)candidate) + return 1; + + /* Compare the field Description */ + data += sizeof(UINT16); + candidate += sizeof(UINT16); + if (CompareMem(candidate, data, cursor - candidate)) + return 1; + + /* Compare the filed FilePathList */ + cursor = (CHAR8 *)NextDevicePathNode(dp); + data += sizeof(UINT16); + data += StrSize((CHAR16 *)data); + + return CompareMem(cursor, data, candidate_size - min_valid_size); +} + EFI_STATUS find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, CHAR16 *filename, CHAR16 *label, CHAR16 *arguments, @@ -255,7 +354,8 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, EFI_GUID global = EFI_GLOBAL_VARIABLE; EFI_STATUS rc; - CHAR8 *candidate = AllocateZeroPool(size); + UINTN max_candidate_size = calc_masked_boot_option_size(size); + CHAR8 *candidate = AllocateZeroPool(max_candidate_size); if (!candidate) { FreePool(data); return EFI_OUT_OF_RESOURCES; @@ -267,17 +367,21 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, varname[6] = hexmap[(bootorder[i] & 0x00f0) >> 4]; varname[7] = hexmap[(bootorder[i] & 0x000f) >> 0]; - UINTN candidate_size = size; + UINTN candidate_size = max_candidate_size; rc = uefi_call_wrapper(RT->GetVariable, 5, varname, &global, NULL, &candidate_size, candidate); if (EFI_ERROR(rc)) continue; - if (candidate_size != size) + if (candidate_size != size) { + if (check_masked_boot_option(candidate, candidate_size, + data, size)) + continue; + } else if (CompareMem(candidate, data, size)) continue; - if (CompareMem(candidate, data, size)) - continue; + VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" " + L"for file \"%s\"\n", varname, label, filename); /* at this point, we have duplicate data. */ if (!first_new_option) { -- 2.14.0
From 5efee65f1cb7a04ea9434eedfc0d8a49b0305c83 Mon Sep 17 00:00:00 2001 From: Gary Lin <glin@suse.com> Date: Wed, 23 Aug 2017 18:26:00 +0800 Subject: [PATCH 2/2] fallback: Remove VerbosePrint()
It's not available in shim 12. Signed-off-by: Gary Lin <glin@suse.com> --- fallback.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fallback.c b/fallback.c index 7b58018..701a1c4 100644 --- a/fallback.c +++ b/fallback.c @@ -380,9 +380,6 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, } else if (CompareMem(candidate, data, size)) continue; - VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" " - L"for file \"%s\"\n", varname, label, filename); - /* at this point, we have duplicate data. */ if (!first_new_option) { first_new_option = DuplicateDevicePath(fulldp); -- 2.14.0 ++++++ shim-fix-fallback-double-free.patch ++++++
From 971c5225bea11b4193e4e69a939410030b420ed1 Mon Sep 17 00:00:00 2001 From: Lans Zhang <jia.zhang@windriver.com> Date: Wed, 9 Aug 2017 16:10:14 +0800 Subject: [PATCH] fallback: fix double free of dp
If the boot option recorded in csv is not in a media device path, the corresponding full device path will be referred for creating the boot variable. However, the current code logic always frees the full device path (full_device_path) and the media device path (dp) separately. In order to resolve this issue, always check whether dp equals to full_device_path before freeing dp. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> --- fallback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fallback.c b/fallback.c index c80652a..0a7058b 100644 --- a/fallback.c +++ b/fallback.c @@ -433,7 +433,7 @@ err: FreePool(file); if (full_device_path) FreePool(full_device_path); - if (dp) + if (dp && dp != full_device_path) FreePool(dp); if (fullpath) FreePool(fullpath); -- 2.14.0 ++++++ shim-fix-httpboot-crash.patch ++++++
From 1a83299ac5caca13be7ba69507f7623c99d9eef6 Mon Sep 17 00:00:00 2001 From: Lans Zhang <jia.zhang@windriver.com> Date: Fri, 30 Jun 2017 15:50:24 +0800 Subject: [PATCH] httpboot: fix OVMF crash
This is a typical typo. The free operation should be done if uri was allocated. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> --- httpboot.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/httpboot.c b/httpboot.c index f8fbc73..e4657c1 100644 --- a/httpboot.c +++ b/httpboot.c @@ -110,8 +110,10 @@ find_httpboot (EFI_HANDLE device) URI_DEVICE_PATH *UriNode; UINTN uri_size; - if (!uri) + if (uri) { FreePool(uri); + uri = NULL; + } devpath = DevicePathFromHandle(device); if (!devpath) { -- 2.14.0 ++++++ shim-fix-openssl-flags.patch ++++++
From a120ddd83d02f302c72baa1974691a1f677829f3 Mon Sep 17 00:00:00 2001 From: Peter Jones <pjones@redhat.com> Date: Tue, 8 Aug 2017 17:48:59 -0400 Subject: [PATCH] Fix openssl compile flags for x86_64
Signed-off-by: Peter Jones <pjones@redhat.com> --- Cryptlib/Makefile | 2 +- Cryptlib/OpenSSL/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile index 77a5bd4..e99f009 100644 --- a/Cryptlib/Makefile +++ b/Cryptlib/Makefile @@ -8,7 +8,7 @@ CFLAGS = -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort- ifeq ($(ARCH),x86_64) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI -DNO_BUILTIN_VA_FUNCS \ - -DMDE_CPU_IA64 + -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 \ diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile index 829fa5c..e54105b 100644 --- a/Cryptlib/OpenSSL/Makefile +++ b/Cryptlib/OpenSSL/Makefile @@ -8,7 +8,7 @@ CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-st ifeq ($(ARCH),x86_64) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_IA64 + -UNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 endif ifeq ($(ARCH),ia32) CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ -- 2.14.0
participants (1)
-
root@hilbert.suse.de