diff --git a/.gitignore b/.gitignore index da559ad..07173a5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/db.x64.esl -SOURCES/shim-15.6.tar.bz2 +SOURCES/shim-15.8.tar.bz2 diff --git a/.shim.metadata b/.shim.metadata index e11d0aa..8158b65 100644 --- a/.shim.metadata +++ b/.shim.metadata @@ -1,2 +1,2 @@ 8738baca71e73b7c27a65d6b01d804d5d42e9cef SOURCES/db.x64.esl -3df0ab5cefc74fdf865cb36aea0e923cb4b6b3ed SOURCES/shim-15.6.tar.bz2 +cdec924ca437a4509dcb178396996ddf92c11183 SOURCES/shim-15.8.tar.bz2 diff --git a/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch b/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch deleted file mode 100644 index d3632de..0000000 --- a/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 0eb07e11b20680200d3ce9c5bc59299121a75388 Mon Sep 17 00:00:00 2001 -From: Chris Coulson -Date: Tue, 31 May 2022 22:21:26 +0100 -Subject: [PATCH 01/13] Make SBAT variable payload introspectable - -Given a set of EFI variables and boot assets, it should be possible -to compute what the value of PCR 7 will be on the next boot. - -As shim manages the contents of the SbatLevel variable and this is -measured to PCR 7, export the payloads that shim contains in a new -COFF section (.sbatlevel) so that it can be introspected by code -outside of shim. - -The new section works a bit like .vendor_cert - it contains a header -and then the payload. In this case, the header contains no size fields -because the strings are NULL terminated. Shim uses this new section -internally in set_sbat_uefi_variable. - -The .sbatlevel section starts with a 4 byte version field which is -not used by shim but may be useful for external auditors if the -format of the section contents change in the future. - -Signed-off-by: Chris Coulson ---- - sbat.c | 21 ++++++++++++++++----- - include/sbat.h | 32 -------------------------------- - include/sbat_var_defs.h | 38 ++++++++++++++++++++++++++++++++++++++ - shim.h | 1 + - sbat_var.S | 20 ++++++++++++++++++++ - elf_aarch64_efi.lds | 4 ++++ - elf_ia32_efi.lds | 4 ++++ - elf_ia64_efi.lds | 4 ++++ - elf_x86_64_efi.lds | 4 ++++ - include/test.mk | 2 +- - Makefile | 7 ++++--- - 11 files changed, 96 insertions(+), 41 deletions(-) - create mode 100644 include/sbat_var_defs.h - create mode 100644 sbat_var.S - -diff --git a/sbat.c b/sbat.c -index f1d6e98dcde..a08c5b2a972 100644 ---- a/sbat.c -+++ b/sbat.c -@@ -5,6 +5,11 @@ - - #include "shim.h" - -+extern struct { -+ UINT32 previous_offset; -+ UINT32 latest_offset; -+} sbat_var_payload_header; -+ - EFI_STATUS - parse_sbat_section(char *section_base, size_t section_size, - size_t *n_entries, -@@ -399,6 +404,9 @@ set_sbat_uefi_variable(void) - EFI_STATUS efi_status = EFI_SUCCESS; - UINT32 attributes = 0; - -+ char *sbat_var_previous; -+ char *sbat_var_latest; -+ - UINT8 *sbat = NULL; - UINT8 *sbat_policy = NULL; - UINTN sbatsize = 0; -@@ -407,27 +415,30 @@ set_sbat_uefi_variable(void) - char *sbat_var = NULL; - bool reset_sbat = false; - -+ sbat_var_previous = (char *)&sbat_var_payload_header + sbat_var_payload_header.previous_offset; -+ sbat_var_latest = (char *)&sbat_var_payload_header + sbat_var_payload_header.latest_offset; -+ - efi_status = get_variable_attr(SBAT_POLICY, &sbat_policy, - &sbat_policysize, SHIM_LOCK_GUID, - &attributes); - if (EFI_ERROR(efi_status)) { - dprint("Default sbat policy: previous\n"); -- sbat_var = SBAT_VAR_PREVIOUS; -+ sbat_var = sbat_var_previous; - } else { - switch (*sbat_policy) { - case SBAT_POLICY_LATEST: - dprint("Custom sbat policy: latest\n"); -- sbat_var = SBAT_VAR_LATEST; -+ sbat_var = sbat_var_latest; - clear_sbat_policy(); - break; - case SBAT_POLICY_PREVIOUS: - dprint("Custom sbat policy: previous\n"); -- sbat_var = SBAT_VAR_PREVIOUS; -+ sbat_var = sbat_var_previous; - break; - case SBAT_POLICY_RESET: - if (secure_mode()) { - console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n"); -- sbat_var = SBAT_VAR_PREVIOUS; -+ sbat_var = sbat_var_previous; - } else { - dprint(L"Custom SBAT policy: reset OK\n"); - reset_sbat = true; -@@ -438,7 +449,7 @@ set_sbat_uefi_variable(void) - default: - console_error(L"SBAT policy state %llu is invalid", - EFI_INVALID_PARAMETER); -- sbat_var = SBAT_VAR_PREVIOUS; -+ sbat_var = sbat_var_previous; - clear_sbat_policy(); - break; - } -diff --git a/include/sbat.h b/include/sbat.h -index aca4359870f..c94c4fba8cd 100644 ---- a/include/sbat.h -+++ b/include/sbat.h -@@ -6,38 +6,6 @@ - #ifndef SBAT_H_ - #define SBAT_H_ - --#define SBAT_VAR_SIG "sbat," --#define SBAT_VAR_VERSION "1," --#define SBAT_VAR_ORIGINAL_DATE "2021030218" --#define SBAT_VAR_ORIGINAL \ -- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" -- --#if defined(ENABLE_SHIM_DEVEL) --#define SBAT_VAR_PREVIOUS_DATE "2022020101" --#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n" --#define SBAT_VAR_PREVIOUS \ -- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ -- SBAT_VAR_PREVIOUS_REVOCATIONS -- --#define SBAT_VAR_LATEST_DATE "2022050100" --#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" --#define SBAT_VAR_LATEST \ -- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ -- SBAT_VAR_LATEST_REVOCATIONS --#else /* !ENABLE_SHIM_DEVEL */ --#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE --#define SBAT_VAR_PREVIOUS_REVOCATIONS --#define SBAT_VAR_PREVIOUS \ -- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ -- SBAT_VAR_PREVIOUS_REVOCATIONS -- --#define SBAT_VAR_LATEST_DATE "2022052400" --#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n" --#define SBAT_VAR_LATEST \ -- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ -- SBAT_VAR_LATEST_REVOCATIONS --#endif /* ENABLE_SHIM_DEVEL */ -- - #define UEFI_VAR_NV_BS \ - (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) - #define UEFI_VAR_NV_BS_RT \ -diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h -new file mode 100644 -index 00000000000..c656b56d4c3 ---- /dev/null -+++ b/include/sbat_var_defs.h -@@ -0,0 +1,38 @@ -+// SPDX-License-Identifier: BSD-2-Clause-Patent -+ -+#ifndef SBAT_VAR_DEFS_H_ -+#define SBAT_VAR_DEFS_H_ -+ -+#define SBAT_VAR_SIG "sbat," -+#define SBAT_VAR_VERSION "1," -+#define SBAT_VAR_ORIGINAL_DATE "2021030218" -+#define SBAT_VAR_ORIGINAL \ -+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" -+ -+#if defined(ENABLE_SHIM_DEVEL) -+#define SBAT_VAR_PREVIOUS_DATE "2022020101" -+#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n" -+#define SBAT_VAR_PREVIOUS \ -+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ -+ SBAT_VAR_PREVIOUS_REVOCATIONS -+ -+#define SBAT_VAR_LATEST_DATE "2022050100" -+#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" -+#define SBAT_VAR_LATEST \ -+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ -+ SBAT_VAR_LATEST_REVOCATIONS -+#else /* !ENABLE_SHIM_DEVEL */ -+#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE -+#define SBAT_VAR_PREVIOUS_REVOCATIONS -+#define SBAT_VAR_PREVIOUS \ -+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ -+ SBAT_VAR_PREVIOUS_REVOCATIONS -+ -+#define SBAT_VAR_LATEST_DATE "2022052400" -+#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n" -+#define SBAT_VAR_LATEST \ -+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ -+ SBAT_VAR_LATEST_REVOCATIONS -+#endif /* ENABLE_SHIM_DEVEL */ -+ -+#endif /* !SBAT_VAR_DEFS_H_ */ -diff --git a/shim.h b/shim.h -index b5272b9c9e9..7e9d10eb2df 100644 ---- a/shim.h -+++ b/shim.h -@@ -179,6 +179,7 @@ - #include "include/pe.h" - #include "include/replacements.h" - #include "include/sbat.h" -+#include "include/sbat_var_defs.h" - #if defined(OVERRIDE_SECURITY_POLICY) - #include "include/security_policy.h" - #endif -diff --git a/sbat_var.S b/sbat_var.S -new file mode 100644 -index 00000000000..a115077ae4d ---- /dev/null -+++ b/sbat_var.S -@@ -0,0 +1,20 @@ -+// SPDX-License-Identifier: BSD-2-Clause-Patent -+ -+#include "include/sbat_var_defs.h" -+ -+ .section .sbatlevel, "a", %progbits -+ .balignl 4, 0 -+ .4byte 0 /* format version for external parsers */ -+ .globl sbat_var_payload_header -+ .type sbat_var_payload_header, %object -+ .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header -+sbat_var_payload_header: -+ .4byte .Lsbat_var_previous - sbat_var_payload_header -+ .4byte .Lsbat_var_latest - sbat_var_payload_header -+.Lsbat_var_payload_header_end: -+ .balign 1, 0 -+.Lsbat_var_previous: -+ .asciz SBAT_VAR_PREVIOUS -+ .balign 1, 0 -+.Lsbat_var_latest: -+ .asciz SBAT_VAR_LATEST -diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds -index 60c55ba5fe1..0861f5e8a16 100644 ---- a/elf_aarch64_efi.lds -+++ b/elf_aarch64_efi.lds -@@ -34,6 +34,10 @@ SECTIONS - .data.ident : { - *(.data.ident) - } -+ . = ALIGN(4096); -+ .sbatlevel : { -+ *(.sbatlevel) -+ } - - . = ALIGN(4096); - .data : -diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds -index 497a3a15265..e8da91bdfb2 100644 ---- a/elf_ia32_efi.lds -+++ b/elf_ia32_efi.lds -@@ -28,6 +28,10 @@ SECTIONS - .data.ident : { - *(.data.ident) - } -+ . = ALIGN(4096); -+ .sbatlevel : { -+ *(.sbatlevel) -+ } - - . = ALIGN(4096); - .data : -diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds -index 2669b856b15..a2195609ca0 100644 ---- a/elf_ia64_efi.lds -+++ b/elf_ia64_efi.lds -@@ -34,6 +34,10 @@ SECTIONS - .data.ident : { - *(.data.ident) - } -+ . = ALIGN(4096); -+ .sbatlevel : { -+ *(.sbatlevel) -+ } - - . = ALIGN(4096); - .data : -diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds -index bcc65270911..39aff6b07b6 100644 ---- a/elf_x86_64_efi.lds -+++ b/elf_x86_64_efi.lds -@@ -35,6 +35,10 @@ SECTIONS - .data.ident : { - *(.data.ident) - } -+ . = ALIGN(4096); -+ .sbatlevel : { -+ *(.sbatlevel) -+ } - - . = ALIGN(4096); - .data : -diff --git a/include/test.mk b/include/test.mk -index e965c6000a5..c0e2409517a 100644 ---- a/include/test.mk -+++ b/include/test.mk -@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID - test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c - test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID - --test-sbat_FILES = csv.c lib/variables.c lib/guid.c -+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S - test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID - - test-str_FILES = lib/string.c -diff --git a/Makefile b/Makefile -index 24ac314e04f..866611c75d5 100644 ---- a/Makefile -+++ b/Makefile -@@ -38,9 +38,9 @@ CFLAGS += -DENABLE_SHIM_CERT - else - TARGETS += $(MMNAME) $(FBNAME) - endif --OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o -+OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o - KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer --ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S -+ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S - MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o - ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) - FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o -@@ -253,7 +253,7 @@ endif - $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ - -j .dynamic -j .rodata -j .rel* \ - -j .rela* -j .dyn -j .reloc -j .eh_frame \ -- -j .vendor_cert -j .sbat \ -+ -j .vendor_cert -j .sbat -j .sbatlevel \ - $(FORMAT) $< $@ - ./post-process-pe -vv $@ - -@@ -269,6 +269,7 @@ endif - $(OBJCOPY) -D -j .text -j .sdata -j .data \ - -j .dynamic -j .rodata -j .rel* \ - -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \ -+ -j .sbatlevel \ - -j .debug_info -j .debug_abbrev -j .debug_aranges \ - -j .debug_line -j .debug_str -j .debug_ranges \ - -j .note.gnu.build-id \ --- -2.37.1 - diff --git a/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch b/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch new file mode 100644 index 0000000..3169e34 --- /dev/null +++ b/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch @@ -0,0 +1,30 @@ +From 00c86a51d0ce879aff1d3c9f3fb6217e73f8d179 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 7 Feb 2024 16:24:31 -0500 +Subject: [PATCH] dos2unix: fix flags for RHEL 7 + +RHEL 7 has a version of dos2unix that doesn't support -f, and I couldn't +figure out how to get rpm+shell+make to cooperate in setting the flags +from the .spec file, so it's changed here instead. + +Signed-off-by: Peter Jones +--- + Make.defaults | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Make.defaults b/Make.defaults +index e75cd3cdd0b..87a4c6472fb 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -9,7 +9,7 @@ HOSTCC = $(COMPILER) + LD = $(CROSS_COMPILE)ld + OBJCOPY = $(CROSS_COMPILE)objcopy + DOS2UNIX ?= dos2unix +-D2UFLAGS ?= -r -l -F -f -n ++D2UFLAGS ?= -l -F -f -n + OPENSSL ?= openssl + HEXDUMP ?= hexdump + INSTALL ?= install +-- +2.41.0 + diff --git a/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch b/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch deleted file mode 100644 index 96311d7..0000000 --- a/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 092c2b2bbed950727e41cf450b61c794881c33e7 Mon Sep 17 00:00:00 2001 -From: Eric Snowberg -Date: Fri, 17 Jun 2022 12:37:28 -0400 -Subject: [PATCH 02/13] Reference MokListRT instead of MokList - -When calling back into shim from grub, the MokListRT may contain additional -entries not available in the original MokList, an example being the certs -included via user_cert. Use the MokListRT instead when calling check_db_cert -and check_db_hash. - -Signed-off-by: Eric Snowberg ---- - shim.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/shim.c b/shim.c -index fdd205ef995..27b74ce06c3 100644 ---- a/shim.c -+++ b/shim.c -@@ -397,22 +397,22 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert, - } - #endif - -- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash, -+ if (check_db_hash(L"MokListRT", SHIM_LOCK_GUID, sha256hash, - SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID) - == DATA_FOUND) { - verification_method = VERIFIED_BY_HASH; - update_verification_method(VERIFIED_BY_HASH); - return EFI_SUCCESS; - } else { -- LogError(L"check_db_hash(MokList, sha256hash) != DATA_FOUND\n"); -+ LogError(L"check_db_hash(MokListRT, sha256hash) != DATA_FOUND\n"); - } -- if (cert && check_db_cert(L"MokList", SHIM_LOCK_GUID, cert, sha256hash) -+ if (cert && check_db_cert(L"MokListRT", SHIM_LOCK_GUID, cert, sha256hash) - == DATA_FOUND) { - verification_method = VERIFIED_BY_CERT; - update_verification_method(VERIFIED_BY_CERT); - return EFI_SUCCESS; - } else if (cert) { -- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n"); -+ LogError(L"check_db_cert(MokListRT, sha256hash) != DATA_FOUND\n"); - } - - update_verification_method(VERIFIED_BY_NOTHING); --- -2.37.1 - diff --git a/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch b/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch deleted file mode 100644 index b825644..0000000 --- a/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 8b59b690613add728189897228e4dd888f8c9f16 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 4 Aug 2022 12:46:41 -0400 -Subject: [PATCH 03/13] Add a link to the test plan in the readme. - -It's been suggested that we should link to the test plan in the readme. -This seems pretty reasonable to me, so here it is. - -Signed-off-by: Peter Jones ---- - README.md | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/README.md b/README.md -index ce6bad77264..60d51b65fa9 100644 ---- a/README.md -+++ b/README.md -@@ -23,3 +23,5 @@ pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`. - - There are a couple of build options, and a couple of ways to customize the - build, described in [BUILDING](BUILDING). -+ -+See the [test plan](testplan.txt), and file a ticket if anything fails! --- -2.37.1 - diff --git a/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch b/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch deleted file mode 100644 index a0ce9b1..0000000 --- a/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Mon Sep 17 00:00:00 2001 -From: Lu Ken -Date: Sun, 22 May 2022 16:02:20 +0800 -Subject: [PATCH 04/13] Enable TDX measurement to RTMR register - -Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine -Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a -new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD -runs in a CPU mode that is designed to protect the confidentiality of -its memory contents and its CPU state from any other software, including -the hosting Virtual Machine Monitor (VMM). - -Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX -implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla -for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625. - -To support CC measurement/attestation with Intel TDX technology, these 4 -RTMR registers will be extended by TDX service like TPM/TPM2 PCR: - -- RTMR[0] for TDVF configuration -- RTMR[1] for the TD OS loader and kernel -- RTMR[2] for the OS application -- RTMR[3] reserved for special usage only - -Add a TDX Implementation for CC Measurement protocol along with -TPM/TPM2 protocol. - -References: -[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf -[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf -[3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf - -Signed-off-by: Lu Ken -[rharwood: style pass on code and commit message] -Signed-off-by: Robbie Harwood ---- - lib/guid.c | 1 + - tpm.c | 48 ++++++++++++++++++++++++++++ - include/cc.h | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++ - include/guid.h | 1 + - shim.h | 1 + - 5 files changed, 136 insertions(+) - create mode 100644 include/cc.h - -diff --git a/lib/guid.c b/lib/guid.c -index e100c92ed1b..904629ebf03 100644 ---- a/lib/guid.c -+++ b/lib/guid.c -@@ -28,6 +28,7 @@ EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48, - EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID; - EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } }; - EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } }; -+EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID = { 0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } }; - EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } }; - EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL; - EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } }; -diff --git a/tpm.c b/tpm.c -index 41f36651e19..388f8d1217c 100644 ---- a/tpm.c -+++ b/tpm.c -@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm, - return EFI_NOT_FOUND; - } - -+static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, -+ UINT8 pcr, const CHAR8 *log, UINTN logsize, -+ UINT32 type, BOOLEAN is_pe_image) -+{ -+ EFI_STATUS efi_status; -+ EFI_CC_EVENT *event; -+ efi_cc_protocol_t *cc; -+ EFI_CC_MR_INDEX mr; -+ uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0; -+ -+ efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID, -+ (VOID **)&cc); -+ if (EFI_ERROR(efi_status) || !cc) -+ return EFI_SUCCESS; -+ -+ efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr); -+ if (EFI_ERROR(efi_status)) -+ return EFI_NOT_FOUND; -+ -+ UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize; -+ -+ event = AllocatePool(event_size); -+ if (!event) { -+ perror(L"Unable to allocate event structure\n"); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER); -+ event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION; -+ event->Header.MrIndex = mr; -+ event->Header.EventType = type; -+ event->Size = event_size; -+ CopyMem(event->Event, (VOID *)log, logsize); -+ efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size, -+ event); -+ FreePool(event); -+ return efi_status; -+} -+ - static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - UINT8 pcr, const CHAR8 *log, UINTN logsize, - UINT32 type, CHAR8 *hash) -@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, - BOOLEAN old_caps; - EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; - -+ /* CC guest like TDX or SEV will measure the buffer and log the event, -+ extend the result into a specific CC MR like TCG's PCR. It could -+ coexists with TCG's TPM 1.2 and TPM 2. -+ */ -+ efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type, -+ (hash != NULL)); -+ if (EFI_ERROR(efi_status)) -+ return efi_status; -+ - efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps); - if (EFI_ERROR(efi_status)) { - #ifdef REQUIRE_TPM -diff --git a/include/cc.h b/include/cc.h -new file mode 100644 -index 00000000000..8b12720804e ---- /dev/null -+++ b/include/cc.h -@@ -0,0 +1,85 @@ -+// SPDX-License-Identifier: BSD-2-Clause-Patent -+ -+#ifndef SHIM_CC_H -+#define SHIM_CC_H -+ -+typedef struct { -+ uint8_t Major; -+ uint8_t Minor; -+} EFI_CC_VERSION; -+ -+#define EFI_CC_TYPE_NONE 0 -+#define EFI_CC_TYPE_SEV 1 -+#define EFI_CC_TYPE_TDX 2 -+ -+typedef struct { -+ uint8_t Type; -+ uint8_t SubType; -+} EFI_CC_TYPE; -+ -+typedef uint32_t EFI_CC_EVENT_LOG_BITMAP; -+typedef uint32_t EFI_CC_EVENT_LOG_FORMAT; -+typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP; -+typedef uint32_t EFI_CC_MR_INDEX; -+ -+#define TDX_MR_INDEX_MRTD 0 -+#define TDX_MR_INDEX_RTMR0 1 -+#define TDX_MR_INDEX_RTMR1 2 -+#define TDX_MR_INDEX_RTMR2 3 -+#define TDX_MR_INDEX_RTMR3 4 -+ -+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002 -+#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 -+#define EFI_CC_EVENT_HEADER_VERSION 1 -+ -+typedef struct tdEFI_CC_EVENT_HEADER { -+ uint32_t HeaderSize; -+ uint16_t HeaderVersion; -+ EFI_CC_MR_INDEX MrIndex; -+ uint32_t EventType; -+} __attribute__((packed)) EFI_CC_EVENT_HEADER; -+ -+typedef struct tdEFI_CC_EVENT { -+ uint32_t Size; -+ EFI_CC_EVENT_HEADER Header; -+ uint8_t Event[1]; -+} __attribute__((packed)) EFI_CC_EVENT; -+ -+typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY { -+ uint8_t Size; -+ EFI_CC_VERSION StructureVersion; -+ EFI_CC_VERSION ProtocolVersion; -+ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; -+ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs; -+ EFI_CC_TYPE CcType; -+} EFI_CC_BOOT_SERVICE_CAPABILITY; -+ -+struct efi_cc_protocol -+{ -+ EFI_STATUS (EFIAPI *get_capability) ( -+ struct efi_cc_protocol *this, -+ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability); -+ EFI_STATUS (EFIAPI *get_event_log) ( -+ struct efi_cc_protocol *this, -+ EFI_CC_EVENT_LOG_FORMAT EventLogFormat, -+ EFI_PHYSICAL_ADDRESS *EventLogLocation, -+ EFI_PHYSICAL_ADDRESS *EventLogLastEntry, -+ BOOLEAN *EventLogTruncated); -+ EFI_STATUS (EFIAPI *hash_log_extend_event) ( -+ struct efi_cc_protocol *this, -+ uint64_t Flags, -+ EFI_PHYSICAL_ADDRESS DataToHash, -+ uint64_t DataToHashLen, -+ EFI_CC_EVENT *EfiCcEvent); -+ EFI_STATUS (EFIAPI *map_pcr_to_mr_index) ( -+ struct efi_cc_protocol *this, -+ uint32_t PcrIndex, -+ EFI_CC_MR_INDEX *MrIndex); -+}; -+ -+typedef struct efi_cc_protocol efi_cc_protocol_t; -+ -+#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010 -+ -+#endif /* SHIM_CC_H */ -+// vim:fenc=utf-8:tw=75 -diff --git a/include/guid.h b/include/guid.h -index d9910ff1abc..dad63f0f4f9 100644 ---- a/include/guid.h -+++ b/include/guid.h -@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID; - extern EFI_GUID EFI_LOADED_IMAGE_GUID; - extern EFI_GUID EFI_TPM_GUID; - extern EFI_GUID EFI_TPM2_GUID; -+extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID; - extern EFI_GUID EFI_SECURE_BOOT_DB_GUID; - extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID; - extern EFI_GUID SECURITY_PROTOCOL_GUID; -diff --git a/shim.h b/shim.h -index 7e9d10eb2df..14824c67aff 100644 ---- a/shim.h -+++ b/shim.h -@@ -186,6 +186,7 @@ - #include "include/simple_file.h" - #include "include/str.h" - #include "include/tpm.h" -+#include "include/cc.h" - #include "include/ucs2.h" - #include "include/variables.h" - #include "include/hexdump.h" --- -2.37.1 - diff --git a/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch b/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch deleted file mode 100644 index 8d6d654..0000000 --- a/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 14d63398298c8de23036a4cf61594108b7345863 Mon Sep 17 00:00:00 2001 -From: Robbie Harwood -Date: Tue, 23 Aug 2022 12:07:16 -0400 -Subject: [PATCH 05/13] Discard load-options that start with a NUL - -In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI -LoadOptions that are just NUL characters."), a check was added to -discard load options that are entirely NUL. We now see some firmwares -that start LoadOptions with a NUL, and then follow it with garbage (path -to directory containing loaders). Widen the check to just discard -anything that starts with a NUL. - -Resolves: #490 -Related: #95 -See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005 -Signed-off-by: Robbie Harwood ---- - load-options.c | 7 ++++++- - include/ucs2.h | 18 ------------------ - 2 files changed, 6 insertions(+), 19 deletions(-) - -diff --git a/load-options.c b/load-options.c -index c6bb7427685..a8c6e1a3d37 100644 ---- a/load-options.c -+++ b/load-options.c -@@ -404,8 +404,13 @@ parse_load_options(EFI_LOADED_IMAGE *li) - - /* - * Apparently sometimes we get L"\0\0"? Which isn't useful at all. -+ * -+ * Possibly related, but some boards have additional data before the -+ * size which is garbage (it's a weird path to the directory -+ * containing the loaders). Known boards that do this: Kontron VX3040 -+ * (AMI), ASUS B85M-E, and at least one "older Dell laptop". - */ -- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize)) -+ if (((CHAR16 *)li->LoadOptions)[0] == 0) - return EFI_SUCCESS; - - /* -diff --git a/include/ucs2.h b/include/ucs2.h -index ee038ce798a..87eab32f006 100644 ---- a/include/ucs2.h -+++ b/include/ucs2.h -@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject) - return ret; - } - --/* -- * Test if an entire buffer is nothing but NUL characters. This -- * implementation "gracefully" ignores the difference between the -- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL. -- */ --static inline bool --__attribute__((__unused__)) --is_all_nuls(UINT8 *data, UINTN data_size) --{ -- UINTN i; -- -- for (i = 0; i < data_size; i++) { -- if (data[i] != 0) -- return false; -- } -- return true; --} -- - #endif /* SHIM_UCS2_H */ --- -2.37.1 - diff --git a/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch b/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch deleted file mode 100644 index 457ab90..0000000 --- a/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 5c537b3d0cf8c393dad2e61d49aade68f3af1401 Mon Sep 17 00:00:00 2001 -From: dann frazier -Date: Tue, 6 Sep 2022 09:28:22 -0600 -Subject: [PATCH 06/13] shim: Flush the memory region from i-cache before - execution - -We've seen crashes in early GRUB code on an ARM Cortex-A72-based -platform that point at seemingly harmless instructions. Flushing -the i-cache of those instructions prior to executing has been -shown to avoid the problem, which has parallels with this story: - https://www.mail-archive.com/osv-dev@googlegroups.com/msg06203.html - -Add a cache flushing utility function and provide an implementation -using a GCC intrinsic. This will need to be extended to support other -compilers. Note that this intrinsic is a no-op for x86 platforms. - -This fixes issue #498. - -Signed-off-by: dann frazier ---- - pe.c | 3 +++ - include/compiler.h | 6 ++++++ - 2 files changed, 9 insertions(+) - -diff --git a/pe.c b/pe.c -index ba3e2bbc444..f94530a20c0 100644 ---- a/pe.c -+++ b/pe.c -@@ -1196,6 +1196,9 @@ handle_image (void *data, unsigned int datasize, - - CopyMem(buffer, data, context.SizeOfHeaders); - -+ /* Flush the instruction cache for the region holding the image */ -+ cache_invalidate(buffer, buffer + context.ImageSize); -+ - *entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint); - if (!*entry_point) { - perror(L"Entry point is invalid\n"); -diff --git a/include/compiler.h b/include/compiler.h -index b4bf10319ee..b0d595f32c2 100644 ---- a/include/compiler.h -+++ b/include/compiler.h -@@ -192,5 +192,11 @@ - */ - #define unreachable() __builtin_unreachable() - -+#if defined(__GNUC__) -+#define cache_invalidate(begin, end) __builtin___clear_cache(begin, end) -+#else /* __GNUC__ */ -+#error shim has no cache_invalidate() implementation for this compiler -+#endif /* __GNUC__ */ -+ - #endif /* !COMPILER_H_ */ - // vim:fenc=utf-8:tw=75:et --- -2.37.1 - diff --git a/SOURCES/0007-load_cert_file-Fix-stack-issue.patch b/SOURCES/0007-load_cert_file-Fix-stack-issue.patch deleted file mode 100644 index b1d13c3..0000000 --- a/SOURCES/0007-load_cert_file-Fix-stack-issue.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001 -From: Eric Snowberg -Date: Wed, 2 Nov 2022 10:39:43 -0600 -Subject: [PATCH 07/13] load_cert_file: Fix stack issue - -0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two -new problems. First it incorrectly assumes li.FilePath is a string. -Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found -that not all archectures can handle this being on the stack. - -The shim_li variable will be setup properly from the read_image -call. Use the global shim_li variable instead when calling -verify_image. - -Signed-off-by: Eric Snowberg ---- - shim.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/shim.c b/shim.c -index 27b74ce06c3..0d919ceb83c 100644 ---- a/shim.c -+++ b/shim.c -@@ -1395,7 +1395,6 @@ EFI_STATUS - load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) - { - EFI_STATUS efi_status; -- EFI_LOADED_IMAGE li; - PE_COFF_LOADER_IMAGE_CONTEXT context; - EFI_IMAGE_SECTION_HEADER *Section; - EFI_SIGNATURE_LIST *certlist; -@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) - if (EFI_ERROR(efi_status)) - return efi_status; - -- memset(&li, 0, sizeof(li)); -- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath))); -- -- efi_status = verify_image(data, datasize, &li, &context); -+ efi_status = verify_image(data, datasize, shim_li, &context); - if (EFI_ERROR(efi_status)) - return efi_status; - --- -2.37.1 - diff --git a/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch b/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch deleted file mode 100644 index 265c724..0000000 --- a/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch +++ /dev/null @@ -1,30 +0,0 @@ -From ea4911c2f3ce8f8f703a1476febac86bb16b00fd Mon Sep 17 00:00:00 2001 -From: Eric Snowberg -Date: Wed, 2 Nov 2022 10:45:23 -0600 -Subject: [PATCH 08/13] load_cert_file: Use EFI RT memory function - -Use the EFI RT memory function CopyMem instead of memcpy in load_cert_file. - -Signed-off-by: Eric Snowberg ---- - shim.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/shim.c b/shim.c -index 0d919ceb83c..4437898af56 100644 ---- a/shim.c -+++ b/shim.c -@@ -1429,8 +1429,8 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName) - user_cert_size += certlist->SignatureListSize;; - user_cert = ReallocatePool(user_cert, original, - user_cert_size); -- memcpy(user_cert + original, pointer, -- certlist->SignatureListSize); -+ CopyMem(user_cert + original, pointer, -+ certlist->SignatureListSize); - } - } - FreePool(data); --- -2.37.1 - diff --git a/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch b/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch deleted file mode 100644 index ede4471..0000000 --- a/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Mon Sep 17 00:00:00 2001 -From: Nicholas Bishop -Date: Thu, 6 Oct 2022 16:08:56 -0400 -Subject: [PATCH 09/13] Add -malign-double to IA32 compiler flags - -This changes the alignment of UINT64 data to 8 bytes on IA32, which -matches EDK2's understanding of alignment. In particular this change -affects the offset where shim writes `EFI_LOADED_IMAGE.ImageSize`. - -Fixes https://github.com/rhboot/shim/issues/515 - -Signed-off-by: Nicholas Bishop ---- - Make.defaults | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Make.defaults b/Make.defaults -index dfed9c4a3c7..c46164a33ea 100644 ---- a/Make.defaults -+++ b/Make.defaults -@@ -71,7 +71,7 @@ ifeq ($(ARCH),x86_64) - endif - ifeq ($(ARCH),ia32) - ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ -- $(CLANG_BUGS) -m32 \ -+ $(CLANG_BUGS) -m32 -malign-double \ - -DMDE_CPU_IA32 -DPAGE_SIZE=4096 - ARCH_GNUEFI ?= ia32 - ARCH_SUFFIX ?= ia32 --- -2.37.1 - diff --git a/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch b/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch deleted file mode 100644 index 9abcffb..0000000 --- a/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 17f02339ed1be9e90738603fe3c95ae7dc300061 Mon Sep 17 00:00:00 2001 -From: Ilya Okomin -Date: Fri, 7 Oct 2022 16:52:08 -0400 -Subject: [PATCH 10/13] pe: Fix image section entry-point validation - -Seen mokmanager image load failure '2 sections contain entry point' -for shim built on Oracle Linux 9 aarch64. found_entry_point counter in -handle_image() uses SizeOfRawData to calculate section boundary. -PE spec defines VirtualSize for the total size of the section when loaded -into memory. SizeOfRawData is the size of the section (for object files) -or the size of the initialized data on disk. - -Fix this issue by updating section in-memory size limit to VirtualSize. - -Resolves: #517 -Signed-off-by: Ilya Okomin ---- - pe.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pe.c b/pe.c -index f94530a20c0..9a3679e16a1 100644 ---- a/pe.c -+++ b/pe.c -@@ -1259,7 +1259,7 @@ handle_image (void *data, unsigned int datasize, - } - - if (Section->VirtualAddress <= context.EntryPoint && -- (Section->VirtualAddress + Section->SizeOfRawData - 1) -+ (Section->VirtualAddress + Section->Misc.VirtualSize - 1) - > context.EntryPoint) - found_entry_point++; - --- -2.37.1 - diff --git a/SOURCES/0011-make-archive-Build-reproducible-tarball.patch b/SOURCES/0011-make-archive-Build-reproducible-tarball.patch deleted file mode 100644 index 9fa4247..0000000 --- a/SOURCES/0011-make-archive-Build-reproducible-tarball.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 5169769e0f84dd227592cb73da97dacd61ae40b9 Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode -Date: Mon, 14 Nov 2022 12:16:29 +0100 -Subject: [PATCH 11/13] make-archive: Build reproducible tarball - -Remove timestamps, user names, etc. from the tarball so that -it can be built reproducibly by multiple people, on different -machines. - -The outer bzip2 layer might still be different, no reproducible -bzip2 known. - -Signed-off-by: Julian Andres Klode ---- - make-archive | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/make-archive b/make-archive -index d4f095f0a46..9ae9eef077a 100755 ---- a/make-archive -+++ b/make-archive -@@ -86,14 +86,16 @@ main() { - cd .. - if [ "x" = "x${SHIM_GIT_TAG}" ] ; then - git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x ) -+ TIMESTAMP=0 - else - # ORIGIN doesn't yet have this tag - git archive --format=tar "${SHIM_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x ) -+ TIMESTAMP=$(git log -1 --pretty=%ct "${SHIM_GIT_TAG}") - fi - git log -1 --pretty=format:%H > "${ARCHIVE_DIR}/shim-${VERSION}/commit" - DIR="$PWD" - cd "${ARCHIVE_DIR}" -- tar -c --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}" -+ tar -c --sort=name --mtime="@${TIMESTAMP}" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}" - rm -rf "${ARCHIVE_DIR}" - echo "The archive is in shim-${VERSION}.tar.bz2" - exit 0 --- -2.37.1 - diff --git a/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch b/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch deleted file mode 100644 index 83375d3..0000000 --- a/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch +++ /dev/null @@ -1,38 +0,0 @@ -From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001 -From: Arthur Gautier -Date: Fri, 21 Oct 2022 13:20:45 -0700 -Subject: [PATCH 12/13] mok: remove MokListTrusted from PCR 7 - -MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of -MokListTrusted does not alter the behavior of secure boot so, as per -https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36 -(section 3.3.4 PCR usage) so it should not be factored in the value of -PCR 7. - -See: - https://github.com/rhboot/shim/pull/423 - https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f - -Fixes https://github.com/rhboot/shim/issues/484 -Fixes https://github.com/rhboot/shim/issues/492 - -Signed-off-by: Arthur Gautier ---- - mok.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/mok.c b/mok.c -index 63ddfcaaea3..9811b358626 100644 ---- a/mok.c -+++ b/mok.c -@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = { - EFI_VARIABLE_NON_VOLATILE, - .no_attr = EFI_VARIABLE_RUNTIME_ACCESS, - .flags = MOK_MIRROR_DELETE_FIRST | -- MOK_VARIABLE_MEASURE | - MOK_VARIABLE_INVERSE | - MOK_VARIABLE_LOG, - .pcr = 14, --- -2.37.1 - diff --git a/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch b/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch deleted file mode 100644 index ae123c6..0000000 --- a/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 53509eaf2253e23bfb552e9386fd0877abe592b4 Mon Sep 17 00:00:00 2001 -From: Jian J Wang -Date: Thu, 25 Apr 2019 23:42:16 +0800 -Subject: [PATCH 13/13] CryptoPkg/BaseCryptLib: fix NULL dereference - -AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded -signed authenticode pkcs#7 data. when this successfully returns, a type -check is done by calling PKCS7_type_is_signed() and then -Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1 -blob that successfully decodes and have d2i_PKCS7() return a valid pointer -and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign -be a NULL pointer. - -Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for -pkcs7 structs it does the following: -- call PKCS7_type_is_signed() -- call PKCS7_get_detached() -Looking into how PKCS7_get_detatched() is implemented, it checks to see if -p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL. - -As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7(). -- Add call to PKS7_get_detached() to existing error handling - -Cc: Chao Zhang -Cc: Jiewen Yao -Signed-off-by: Jian J Wang -Cherry-picked-from: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10 ---- - Cryptlib/Pk/CryptAuthenticode.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c -index 74e50a2e862..f6f988b8480 100644 ---- a/Cryptlib/Pk/CryptAuthenticode.c -+++ b/Cryptlib/Pk/CryptAuthenticode.c -@@ -9,7 +9,7 @@ - AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for - data structure. - --Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
-+Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -106,7 +106,7 @@ AuthenticodeVerify ( - // - // Check if it's PKCS#7 Signed Data (for Authenticode Scenario) - // -- if (!PKCS7_type_is_signed (Pkcs7)) { -+ if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) { - goto _Exit; - } - --- -2.37.1 - diff --git a/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch b/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch deleted file mode 100644 index 115573a..0000000 --- a/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Mon, 5 Dec 2022 17:57:36 -0500 -Subject: [PATCH] Make sbat_var.S parse right with buggy gcc/binutils - -In https://github.com/rhboot/shim/issues/533 , iokomin noticed that -gas in binutils before 2.36 appears to be incorrectly concatenating -string literals in '.asciz' directives, including an extra NUL character -in between the strings, and this will cause us to incorrectly parse the -.sbatlevel section in shim binaries. - -This patch adds test cases that will cause the build to fail if this has -happened, as well as changing sbat_var.S to to use '.ascii' and '.byte' -to construct the data, rather than using '.asciz'. - -Signed-off-by: Peter Jones ---- - test-sbat.c | 32 ++++++++++++++++++++++++++++++++ - sbat_var.S | 6 ++++-- - include/test.mk | 2 +- - 3 files changed, 37 insertions(+), 3 deletions(-) - -diff --git a/test-sbat.c b/test-sbat.c -index 72bebe7ae63..65bc6a84baa 100644 ---- a/test-sbat.c -+++ b/test-sbat.c -@@ -1107,6 +1107,36 @@ test_preserve_sbat_uefi_variable_bad_short(void) - return 0; - } - -+static int -+test_sbat_var_asciz(void) -+{ -+ EFI_STATUS status; -+ char buf[1024] = ""; -+ UINT32 attrs = 0; -+ UINTN size = sizeof(buf); -+ char expected[] = SBAT_VAR_PREVIOUS; -+ -+ status = set_sbat_uefi_variable(); -+ if (status != EFI_SUCCESS) -+ return -1; -+ -+ status = RT->GetVariable(SBAT_VAR_NAME, &SHIM_LOCK_GUID, &attrs, &size, buf); -+ if (status != EFI_SUCCESS) -+ return -1; -+ -+ /* -+ * this should be enough to get past "sbat,", which handles the -+ * first error. -+ */ -+ if (size < (strlen(SBAT_VAR_SIG) + 2) || size != strlen(expected)) -+ return -1; -+ -+ if (strncmp(expected, buf, size) != 0) -+ return -1; -+ -+ return 0; -+} -+ - int - main(void) - { -@@ -1155,6 +1185,8 @@ main(void) - test(test_preserve_sbat_uefi_variable_version_older); - test(test_preserve_sbat_uefi_variable_version_olderlonger); - -+ test(test_sbat_var_asciz); -+ - return 0; - } - -diff --git a/sbat_var.S b/sbat_var.S -index a115077ae4d..2a813a403b4 100644 ---- a/sbat_var.S -+++ b/sbat_var.S -@@ -14,7 +14,9 @@ sbat_var_payload_header: - .Lsbat_var_payload_header_end: - .balign 1, 0 - .Lsbat_var_previous: -- .asciz SBAT_VAR_PREVIOUS -+ .ascii SBAT_VAR_PREVIOUS -+ .byte 0 - .balign 1, 0 - .Lsbat_var_latest: -- .asciz SBAT_VAR_LATEST -+ .ascii SBAT_VAR_LATEST -+ .byte 0 -diff --git a/include/test.mk b/include/test.mk -index c0e2409517a..c37b84466ed 100644 ---- a/include/test.mk -+++ b/include/test.mk -@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID - test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c - test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID - --test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S -+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c - test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID - - test-str_FILES = lib/string.c --- -2.38.1 - diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv new file mode 100644 index 0000000..be9e036 --- /dev/null +++ b/SOURCES/sbat.redhat.csv @@ -0,0 +1 @@ +shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com diff --git a/SOURCES/shim.patches b/SOURCES/shim.patches index 5ee5430..0d43178 100644 --- a/SOURCES/shim.patches +++ b/SOURCES/shim.patches @@ -1,14 +1 @@ -Patch0001: 0001-Make-SBAT-variable-payload-introspectable.patch -Patch0002: 0002-Reference-MokListRT-instead-of-MokList.patch -Patch0003: 0003-Add-a-link-to-the-test-plan-in-the-readme.patch -Patch0004: 0004-Enable-TDX-measurement-to-RTMR-register.patch -Patch0005: 0005-Discard-load-options-that-start-with-a-NUL.patch -Patch0006: 0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch -Patch0007: 0007-load_cert_file-Fix-stack-issue.patch -Patch0008: 0008-load_cert_file-Use-EFI-RT-memory-function.patch -Patch0009: 0009-Add-malign-double-to-IA32-compiler-flags.patch -Patch0010: 0010-pe-Fix-image-section-entry-point-validation.patch -Patch0011: 0011-make-archive-Build-reproducible-tarball.patch -Patch0012: 0012-mok-remove-MokListTrusted-from-PCR-7.patch -Patch0013: 0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch -Patch0014: 0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch +Patch0001: 0001-dos2unix-fix-flags-for-RHEL-7.patch diff --git a/SPECS/shim.spec b/SPECS/shim.spec index c7ca2b6..2783ddc 100644 --- a/SPECS/shim.spec +++ b/SPECS/shim.spec @@ -1,5 +1,5 @@ Name: shim -Version: 15.6 +Version: 15.8 Release: 3.el7 Summary: First-stage UEFI bootloader @@ -8,6 +8,7 @@ URL: https://github.com/rhboot/shim Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source1: shim-find-debuginfo.sh Source2: shim.patches +Source3: sbat.redhat.csv Source100: db.aa64.esl Source101: dbx.aa64.esl @@ -17,6 +18,7 @@ Source201: dbx.x64.esl %include %{SOURCE2} BuildRequires: binutils +BuildRequires: dos2unix BuildRequires: gcc BuildRequires: git BuildRequires: efivar-devel efivar-libs @@ -106,6 +108,8 @@ cd %{name}-%{version}-%{efiarch} git init git config user.email "example@example.com" git config user.name "rpmbuild -bp" +echo 5914984a1ffeab841f482c791426d7ca9935a5e6 > commit +cp %{SOURCE3} data/ git add . git commit -a -q -m "%{version} baseline." git am --ignore-whitespace %{patches} commit git add . git commit -a -q -m "%{version} baseline." git am --ignore-whitespace %{patches} - 15.8-3.el7 +- Update to include vendor sbat data. + Resolves: RHEL-11254 + +* Tue Feb 06 2024 Peter Jones - 15.8-2.el7 +- Rebuild to fix the commit ident and MAKEFLAGS + Resolves: RHEL-11254 + +* Wed Dec 06 2023 Peter Jones - 15.8-1.el7 +- Update to shim-15.8 for CVE-2023-40547 + Resolves: RHEL-11254 + * Wed Dec 07 2022 Peter Jones - 15.6-3.el7 - Patch to work around upstream issue #533 Related: CVE-2020-14372