diff --git a/.gitignore b/.gitignore
index 31e92a8..da559ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
SOURCES/db.x64.esl
-SOURCES/shim-15.tar.bz2
+SOURCES/shim-15.6.tar.bz2
diff --git a/.shim.metadata b/.shim.metadata
index 37e0d67..e11d0aa 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,2 +1,2 @@
-543dc75780710fb0610f69343e01d23978693ffb SOURCES/centos.db.x64.esl
-2dc6308584187bf3ee88bf9b119938c72c5a5088 SOURCES/shim-15.tar.bz2
+8738baca71e73b7c27a65d6b01d804d5d42e9cef SOURCES/db.x64.esl
+3df0ab5cefc74fdf865cb36aea0e923cb4b6b3ed SOURCES/shim-15.6.tar.bz2
diff --git a/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch b/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch
new file mode 100644
index 0000000..d3632de
--- /dev/null
+++ b/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch
@@ -0,0 +1,343 @@
+From 0eb07e11b20680200d3ce9c5bc59299121a75388 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 31 May 2022 22:21:26 +0100
+Subject: [PATCH 01/13] Make SBAT variable payload introspectable
+
+Given a set of EFI variables and boot assets, it should be possible
+to compute what the value of PCR 7 will be on the next boot.
+
+As shim manages the contents of the SbatLevel variable and this is
+measured to PCR 7, export the payloads that shim contains in a new
+COFF section (.sbatlevel) so that it can be introspected by code
+outside of shim.
+
+The new section works a bit like .vendor_cert - it contains a header
+and then the payload. In this case, the header contains no size fields
+because the strings are NULL terminated. Shim uses this new section
+internally in set_sbat_uefi_variable.
+
+The .sbatlevel section starts with a 4 byte version field which is
+not used by shim but may be useful for external auditors if the
+format of the section contents change in the future.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+---
+ sbat.c | 21 ++++++++++++++++-----
+ include/sbat.h | 32 --------------------------------
+ include/sbat_var_defs.h | 38 ++++++++++++++++++++++++++++++++++++++
+ shim.h | 1 +
+ sbat_var.S | 20 ++++++++++++++++++++
+ elf_aarch64_efi.lds | 4 ++++
+ elf_ia32_efi.lds | 4 ++++
+ elf_ia64_efi.lds | 4 ++++
+ elf_x86_64_efi.lds | 4 ++++
+ include/test.mk | 2 +-
+ Makefile | 7 ++++---
+ 11 files changed, 96 insertions(+), 41 deletions(-)
+ create mode 100644 include/sbat_var_defs.h
+ create mode 100644 sbat_var.S
+
+diff --git a/sbat.c b/sbat.c
+index f1d6e98dcde..a08c5b2a972 100644
+--- a/sbat.c
++++ b/sbat.c
+@@ -5,6 +5,11 @@
+
+ #include "shim.h"
+
++extern struct {
++ UINT32 previous_offset;
++ UINT32 latest_offset;
++} sbat_var_payload_header;
++
+ EFI_STATUS
+ parse_sbat_section(char *section_base, size_t section_size,
+ size_t *n_entries,
+@@ -399,6 +404,9 @@ set_sbat_uefi_variable(void)
+ EFI_STATUS efi_status = EFI_SUCCESS;
+ UINT32 attributes = 0;
+
++ char *sbat_var_previous;
++ char *sbat_var_latest;
++
+ UINT8 *sbat = NULL;
+ UINT8 *sbat_policy = NULL;
+ UINTN sbatsize = 0;
+@@ -407,27 +415,30 @@ set_sbat_uefi_variable(void)
+ char *sbat_var = NULL;
+ bool reset_sbat = false;
+
++ sbat_var_previous = (char *)&sbat_var_payload_header + sbat_var_payload_header.previous_offset;
++ sbat_var_latest = (char *)&sbat_var_payload_header + sbat_var_payload_header.latest_offset;
++
+ efi_status = get_variable_attr(SBAT_POLICY, &sbat_policy,
+ &sbat_policysize, SHIM_LOCK_GUID,
+ &attributes);
+ if (EFI_ERROR(efi_status)) {
+ dprint("Default sbat policy: previous\n");
+- sbat_var = SBAT_VAR_PREVIOUS;
++ sbat_var = sbat_var_previous;
+ } else {
+ switch (*sbat_policy) {
+ case SBAT_POLICY_LATEST:
+ dprint("Custom sbat policy: latest\n");
+- sbat_var = SBAT_VAR_LATEST;
++ sbat_var = sbat_var_latest;
+ clear_sbat_policy();
+ break;
+ case SBAT_POLICY_PREVIOUS:
+ dprint("Custom sbat policy: previous\n");
+- sbat_var = SBAT_VAR_PREVIOUS;
++ sbat_var = sbat_var_previous;
+ break;
+ case SBAT_POLICY_RESET:
+ if (secure_mode()) {
+ console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n");
+- sbat_var = SBAT_VAR_PREVIOUS;
++ sbat_var = sbat_var_previous;
+ } else {
+ dprint(L"Custom SBAT policy: reset OK\n");
+ reset_sbat = true;
+@@ -438,7 +449,7 @@ set_sbat_uefi_variable(void)
+ default:
+ console_error(L"SBAT policy state %llu is invalid",
+ EFI_INVALID_PARAMETER);
+- sbat_var = SBAT_VAR_PREVIOUS;
++ sbat_var = sbat_var_previous;
+ clear_sbat_policy();
+ break;
+ }
+diff --git a/include/sbat.h b/include/sbat.h
+index aca4359870f..c94c4fba8cd 100644
+--- a/include/sbat.h
++++ b/include/sbat.h
+@@ -6,38 +6,6 @@
+ #ifndef SBAT_H_
+ #define SBAT_H_
+
+-#define SBAT_VAR_SIG "sbat,"
+-#define SBAT_VAR_VERSION "1,"
+-#define SBAT_VAR_ORIGINAL_DATE "2021030218"
+-#define SBAT_VAR_ORIGINAL \
+- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
+-
+-#if defined(ENABLE_SHIM_DEVEL)
+-#define SBAT_VAR_PREVIOUS_DATE "2022020101"
+-#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
+-#define SBAT_VAR_PREVIOUS \
+- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+- SBAT_VAR_PREVIOUS_REVOCATIONS
+-
+-#define SBAT_VAR_LATEST_DATE "2022050100"
+-#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
+-#define SBAT_VAR_LATEST \
+- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+- SBAT_VAR_LATEST_REVOCATIONS
+-#else /* !ENABLE_SHIM_DEVEL */
+-#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
+-#define SBAT_VAR_PREVIOUS_REVOCATIONS
+-#define SBAT_VAR_PREVIOUS \
+- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+- SBAT_VAR_PREVIOUS_REVOCATIONS
+-
+-#define SBAT_VAR_LATEST_DATE "2022052400"
+-#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
+-#define SBAT_VAR_LATEST \
+- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+- SBAT_VAR_LATEST_REVOCATIONS
+-#endif /* ENABLE_SHIM_DEVEL */
+-
+ #define UEFI_VAR_NV_BS \
+ (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
+ #define UEFI_VAR_NV_BS_RT \
+diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
+new file mode 100644
+index 00000000000..c656b56d4c3
+--- /dev/null
++++ b/include/sbat_var_defs.h
+@@ -0,0 +1,38 @@
++// SPDX-License-Identifier: BSD-2-Clause-Patent
++
++#ifndef SBAT_VAR_DEFS_H_
++#define SBAT_VAR_DEFS_H_
++
++#define SBAT_VAR_SIG "sbat,"
++#define SBAT_VAR_VERSION "1,"
++#define SBAT_VAR_ORIGINAL_DATE "2021030218"
++#define SBAT_VAR_ORIGINAL \
++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
++
++#if defined(ENABLE_SHIM_DEVEL)
++#define SBAT_VAR_PREVIOUS_DATE "2022020101"
++#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
++#define SBAT_VAR_PREVIOUS \
++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
++ SBAT_VAR_PREVIOUS_REVOCATIONS
++
++#define SBAT_VAR_LATEST_DATE "2022050100"
++#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
++#define SBAT_VAR_LATEST \
++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
++ SBAT_VAR_LATEST_REVOCATIONS
++#else /* !ENABLE_SHIM_DEVEL */
++#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
++#define SBAT_VAR_PREVIOUS_REVOCATIONS
++#define SBAT_VAR_PREVIOUS \
++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
++ SBAT_VAR_PREVIOUS_REVOCATIONS
++
++#define SBAT_VAR_LATEST_DATE "2022052400"
++#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
++#define SBAT_VAR_LATEST \
++ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
++ SBAT_VAR_LATEST_REVOCATIONS
++#endif /* ENABLE_SHIM_DEVEL */
++
++#endif /* !SBAT_VAR_DEFS_H_ */
+diff --git a/shim.h b/shim.h
+index b5272b9c9e9..7e9d10eb2df 100644
+--- a/shim.h
++++ b/shim.h
+@@ -179,6 +179,7 @@
+ #include "include/pe.h"
+ #include "include/replacements.h"
+ #include "include/sbat.h"
++#include "include/sbat_var_defs.h"
+ #if defined(OVERRIDE_SECURITY_POLICY)
+ #include "include/security_policy.h"
+ #endif
+diff --git a/sbat_var.S b/sbat_var.S
+new file mode 100644
+index 00000000000..a115077ae4d
+--- /dev/null
++++ b/sbat_var.S
+@@ -0,0 +1,20 @@
++// SPDX-License-Identifier: BSD-2-Clause-Patent
++
++#include "include/sbat_var_defs.h"
++
++ .section .sbatlevel, "a", %progbits
++ .balignl 4, 0
++ .4byte 0 /* format version for external parsers */
++ .globl sbat_var_payload_header
++ .type sbat_var_payload_header, %object
++ .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header
++sbat_var_payload_header:
++ .4byte .Lsbat_var_previous - sbat_var_payload_header
++ .4byte .Lsbat_var_latest - sbat_var_payload_header
++.Lsbat_var_payload_header_end:
++ .balign 1, 0
++.Lsbat_var_previous:
++ .asciz SBAT_VAR_PREVIOUS
++ .balign 1, 0
++.Lsbat_var_latest:
++ .asciz SBAT_VAR_LATEST
+diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds
+index 60c55ba5fe1..0861f5e8a16 100644
+--- a/elf_aarch64_efi.lds
++++ b/elf_aarch64_efi.lds
+@@ -34,6 +34,10 @@ SECTIONS
+ .data.ident : {
+ *(.data.ident)
+ }
++ . = ALIGN(4096);
++ .sbatlevel : {
++ *(.sbatlevel)
++ }
+
+ . = ALIGN(4096);
+ .data :
+diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
+index 497a3a15265..e8da91bdfb2 100644
+--- a/elf_ia32_efi.lds
++++ b/elf_ia32_efi.lds
+@@ -28,6 +28,10 @@ SECTIONS
+ .data.ident : {
+ *(.data.ident)
+ }
++ . = ALIGN(4096);
++ .sbatlevel : {
++ *(.sbatlevel)
++ }
+
+ . = ALIGN(4096);
+ .data :
+diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds
+index 2669b856b15..a2195609ca0 100644
+--- a/elf_ia64_efi.lds
++++ b/elf_ia64_efi.lds
+@@ -34,6 +34,10 @@ SECTIONS
+ .data.ident : {
+ *(.data.ident)
+ }
++ . = ALIGN(4096);
++ .sbatlevel : {
++ *(.sbatlevel)
++ }
+
+ . = ALIGN(4096);
+ .data :
+diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
+index bcc65270911..39aff6b07b6 100644
+--- a/elf_x86_64_efi.lds
++++ b/elf_x86_64_efi.lds
+@@ -35,6 +35,10 @@ SECTIONS
+ .data.ident : {
+ *(.data.ident)
+ }
++ . = ALIGN(4096);
++ .sbatlevel : {
++ *(.sbatlevel)
++ }
+
+ . = ALIGN(4096);
+ .data :
+diff --git a/include/test.mk b/include/test.mk
+index e965c6000a5..c0e2409517a 100644
+--- a/include/test.mk
++++ b/include/test.mk
+@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+ test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
+ test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
+
+-test-sbat_FILES = csv.c lib/variables.c lib/guid.c
++test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
+ test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
+
+ test-str_FILES = lib/string.c
+diff --git a/Makefile b/Makefile
+index 24ac314e04f..866611c75d5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -38,9 +38,9 @@ CFLAGS += -DENABLE_SHIM_CERT
+ else
+ TARGETS += $(MMNAME) $(FBNAME)
+ endif
+-OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o
++OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o
+ KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
+-ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S
++ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S
+ MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o
+ ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
+ FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o
+@@ -253,7 +253,7 @@ endif
+ $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
+ -j .dynamic -j .rodata -j .rel* \
+ -j .rela* -j .dyn -j .reloc -j .eh_frame \
+- -j .vendor_cert -j .sbat \
++ -j .vendor_cert -j .sbat -j .sbatlevel \
+ $(FORMAT) $< $@
+ ./post-process-pe -vv $@
+
+@@ -269,6 +269,7 @@ endif
+ $(OBJCOPY) -D -j .text -j .sdata -j .data \
+ -j .dynamic -j .rodata -j .rel* \
+ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \
++ -j .sbatlevel \
+ -j .debug_info -j .debug_abbrev -j .debug_aranges \
+ -j .debug_line -j .debug_str -j .debug_ranges \
+ -j .note.gnu.build-id \
+--
+2.37.1
+
diff --git a/SOURCES/0001-Make-some-things-dprint-instead-of-console_print.patch b/SOURCES/0001-Make-some-things-dprint-instead-of-console_print.patch
deleted file mode 100644
index 7190954..0000000
--- a/SOURCES/0001-Make-some-things-dprint-instead-of-console_print.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 1d50318f448b73b072724eb6664d311e6084a446 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 10 Apr 2018 12:36:34 -0400
-Subject: [PATCH 01/62] Make some things dprint() instead of console_print()
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: dad59f8c0f36
----
- shim.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 00155346c12..ff0817009cd 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
- if (!dppath)
- return 0;
-
-- console_print(L"dppath: %s\n", dppath);
-- console_print(L"path: %s\n", path);
-+ dprint(L"dppath: %s\n", dppath);
-+ dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, path, len))
- ret = 0;
-
---
-2.26.2
-
diff --git a/SOURCES/0002-Makefiles-ensure-m32-gets-propogated-to-our-gcc-para.patch b/SOURCES/0002-Makefiles-ensure-m32-gets-propogated-to-our-gcc-para.patch
deleted file mode 100644
index 94c0c73..0000000
--- a/SOURCES/0002-Makefiles-ensure-m32-gets-propogated-to-our-gcc-para.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From 32f71225382ddb7dd1ad51f584bc3d42a7ee39d1 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 12 Apr 2018 13:24:48 -0400
-Subject: [PATCH 02/62] Makefiles: ensure -m32 gets propogated to our gcc
- parameter queries
-
-'gcc -print-file-name=include' and 'gcc -print-libgcc-file-name' both
-need -m32 when we're building 32-on-64 on some distros, so ensure that
-gets propogated correctly.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 104d6e54ac7
----
- Make.defaults | 66 ++++++++++++++++++++++++++-------------------------
- 1 file changed, 34 insertions(+), 32 deletions(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index e11ab5a7f2c..bbfc1d7f77b 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -33,66 +33,46 @@ EFI_INCLUDES = -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
- -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \
- -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd)
-
--LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
--EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
--
- EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
- EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
-
--CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-- -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-- -Werror=sign-compare -ffreestanding -std=gnu89 \
-- -I$(shell $(CC) -print-file-name=include) \
-- "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
-- "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
-- $(EFI_INCLUDES)
--
- CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,)
-
- COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
-
--ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
-- CFLAGS += -DOVERRIDE_SECURITY_POLICY
--endif
--
--ifneq ($(origin ENABLE_HTTPBOOT), undefined)
-- CFLAGS += -DENABLE_HTTPBOOT
--endif
--
--ifneq ($(origin REQUIRE_TPM), undefined)
-- CFLAGS += -DREQUIRE_TPM
--endif
--
- ifeq ($(ARCH),x86_64)
-- CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-- $(CLANG_BUGS) -m64 \
-- -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
-- -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096
-+ ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-+ $(CLANG_BUGS) -m64 \
-+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
-+ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \
-+ -DPAGE_SIZE=4096
- LIBDIR ?= $(prefix)/lib64
- ARCH_SUFFIX ?= x64
- ARCH_SUFFIX_UPPER ?= X64
- ARCH_LDFLAGS ?=
- endif
- ifeq ($(ARCH),ia32)
-- CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-- $(CLANG_BUGS) -m32 \
-- -DMDE_CPU_IA32 -DPAGE_SIZE=4096
-+ ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-+ $(CLANG_BUGS) -m32 \
-+ -DMDE_CPU_IA32 -DPAGE_SIZE=4096
- LIBDIR ?= $(prefix)/lib
- ARCH_SUFFIX ?= ia32
- ARCH_SUFFIX_UPPER ?= IA32
- ARCH_LDFLAGS ?=
-+ ARCH_CFLAGS ?= -m32
- endif
- ifeq ($(ARCH),aarch64)
-- CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
-+ ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
- LIBDIR ?= $(prefix)/lib64
- ARCH_SUFFIX ?= aa64
- ARCH_SUFFIX_UPPER ?= AA64
- FORMAT := -O binary
- SUBSYSTEM := 0xa
- ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
-+ ARCH_CFLAGS ?=
- endif
- ifeq ($(ARCH),arm)
-- CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
-+ ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
- LIBDIR ?= $(prefix)/lib
- ARCH_SUFFIX ?= arm
- ARCH_SUFFIX_UPPER ?= ARM
-@@ -101,6 +81,28 @@ ifeq ($(ARCH),arm)
- ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
- endif
-
-+CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-+ -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-+ -Werror=sign-compare -ffreestanding -std=gnu89 \
-+ -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \
-+ "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
-+ "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
-+ $(EFI_INCLUDES) $(ARCH_CFLAGS)
-+
-+ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
-+ CFLAGS += -DOVERRIDE_SECURITY_POLICY
-+endif
-+
-+ifneq ($(origin ENABLE_HTTPBOOT), undefined)
-+ CFLAGS += -DENABLE_HTTPBOOT
-+endif
-+
-+ifneq ($(origin REQUIRE_TPM), undefined)
-+ CFLAGS += -DREQUIRE_TPM
-+endif
-+
-+LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
-+EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
- FORMAT ?= --target efi-app-$(ARCH)
- EFI_PATH ?= $(LIBDIR)/gnuefi
-
---
-2.26.2
-
diff --git a/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch b/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch
new file mode 100644
index 0000000..96311d7
--- /dev/null
+++ b/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch
@@ -0,0 +1,49 @@
+From 092c2b2bbed950727e41cf450b61c794881c33e7 Mon Sep 17 00:00:00 2001
+From: Eric Snowberg <eric.snowberg@oracle.com>
+Date: Fri, 17 Jun 2022 12:37:28 -0400
+Subject: [PATCH 02/13] Reference MokListRT instead of MokList
+
+When calling back into shim from grub, the MokListRT may contain additional
+entries not available in the original MokList, an example being the certs
+included via user_cert. Use the MokListRT instead when calling check_db_cert
+and check_db_hash.
+
+Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
+---
+ shim.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index fdd205ef995..27b74ce06c3 100644
+--- a/shim.c
++++ b/shim.c
+@@ -397,22 +397,22 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
+ }
+ #endif
+
+- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash,
++ if (check_db_hash(L"MokListRT", SHIM_LOCK_GUID, sha256hash,
+ SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID)
+ == DATA_FOUND) {
+ verification_method = VERIFIED_BY_HASH;
+ update_verification_method(VERIFIED_BY_HASH);
+ return EFI_SUCCESS;
+ } else {
+- LogError(L"check_db_hash(MokList, sha256hash) != DATA_FOUND\n");
++ LogError(L"check_db_hash(MokListRT, sha256hash) != DATA_FOUND\n");
+ }
+- if (cert && check_db_cert(L"MokList", SHIM_LOCK_GUID, cert, sha256hash)
++ if (cert && check_db_cert(L"MokListRT", SHIM_LOCK_GUID, cert, sha256hash)
+ == DATA_FOUND) {
+ verification_method = VERIFIED_BY_CERT;
+ update_verification_method(VERIFIED_BY_CERT);
+ return EFI_SUCCESS;
+ } else if (cert) {
+- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n");
++ LogError(L"check_db_cert(MokListRT, sha256hash) != DATA_FOUND\n");
+ }
+
+ update_verification_method(VERIFIED_BY_NOTHING);
+--
+2.37.1
+
diff --git a/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch b/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch
new file mode 100644
index 0000000..b825644
--- /dev/null
+++ b/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch
@@ -0,0 +1,26 @@
+From 8b59b690613add728189897228e4dd888f8c9f16 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 4 Aug 2022 12:46:41 -0400
+Subject: [PATCH 03/13] Add a link to the test plan in the readme.
+
+It's been suggested that we should link to the test plan in the readme.
+This seems pretty reasonable to me, so here it is.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ README.md | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/README.md b/README.md
+index ce6bad77264..60d51b65fa9 100644
+--- a/README.md
++++ b/README.md
+@@ -23,3 +23,5 @@ pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`.
+
+ There are a couple of build options, and a couple of ways to customize the
+ build, described in [BUILDING](BUILDING).
++
++See the [test plan](testplan.txt), and file a ticket if anything fails!
+--
+2.37.1
+
diff --git a/SOURCES/0003-Let-MokManager-follow-a-MokTimeout-var-for-timeout-l.patch b/SOURCES/0003-Let-MokManager-follow-a-MokTimeout-var-for-timeout-l.patch
deleted file mode 100644
index 9f6697a..0000000
--- a/SOURCES/0003-Let-MokManager-follow-a-MokTimeout-var-for-timeout-l.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 74718677945b1ab825130b317c63f5002876e772 Mon Sep 17 00:00:00 2001
-From: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
-Date: Thu, 5 Jul 2018 11:28:12 -0400
-Subject: [PATCH 03/62] Let MokManager follow a MokTimeout var for timeout
- length for the prompt
-
-This timeout can have the values [-1,0..0x7fff]; where -1 means "no timeout",
-with MokManager going directly to the menu, and is capped to 0x7fff to avoid
-unecessary long timeouts. The default remains 10, which will be used whenever
-the MokTimeout variable isn't set.
-
-Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
-Upstream-commit-id: 93708c11083
----
- MokManager.c | 23 ++++++++++++++++++++++-
- 1 file changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 7e40a38f1d1..0767e4a6cde 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -40,6 +40,10 @@ typedef struct {
- CHAR16 Password[SB_PASSWORD_LEN];
- } __attribute__ ((packed)) MokDBvar;
-
-+typedef struct {
-+ INT32 Timeout;
-+} __attribute__ ((packed)) MokTimeoutvar;
-+
- static EFI_STATUS get_sha1sum(void *Data, int DataSize, UINT8 * hash)
- {
- EFI_STATUS efi_status;
-@@ -2041,7 +2045,24 @@ static int draw_countdown()
- UINTN cols, rows;
- CHAR16 *title[2];
- CHAR16 *message = L"Press any key to perform MOK management";
-- int timeout = 10, wait = 10000000;
-+ void *MokTimeout = NULL;
-+ MokTimeoutvar *var;
-+ UINTN MokTimeoutSize = 0;
-+ int timeout, wait = 10000000;
-+
-+ efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout,
-+ &MokTimeoutSize, SHIM_LOCK_GUID);
-+ if (EFI_ERROR(efi_status)) {
-+ timeout = 10;
-+ } else {
-+ var = MokTimeout;
-+ timeout = (int)var->Timeout;
-+ FreePool(MokTimeout);
-+ LibDeleteVariable(L"MokTimeout", &SHIM_LOCK_GUID);
-+ }
-+
-+ if (timeout < 0)
-+ return timeout;
-
- console_save_and_set_mode(&SavedMode);
-
---
-2.26.2
-
diff --git a/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch b/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch
new file mode 100644
index 0000000..a0ce9b1
--- /dev/null
+++ b/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch
@@ -0,0 +1,240 @@
+From 4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Mon Sep 17 00:00:00 2001
+From: Lu Ken <ken.lu@intel.com>
+Date: Sun, 22 May 2022 16:02:20 +0800
+Subject: [PATCH 04/13] Enable TDX measurement to RTMR register
+
+Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine
+Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a
+new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD
+runs in a CPU mode that is designed to protect the confidentiality of
+its memory contents and its CPU state from any other software, including
+the hosting Virtual Machine Monitor (VMM).
+
+Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX
+implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla
+for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625.
+
+To support CC measurement/attestation with Intel TDX technology, these 4
+RTMR registers will be extended by TDX service like TPM/TPM2 PCR:
+
+- RTMR[0] for TDVF configuration
+- RTMR[1] for the TD OS loader and kernel
+- RTMR[2] for the OS application
+- RTMR[3] reserved for special usage only
+
+Add a TDX Implementation for CC Measurement protocol along with
+TPM/TPM2 protocol.
+
+References:
+[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf
+[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
+[3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
+
+Signed-off-by: Lu Ken <ken.lu@intel.com>
+[rharwood: style pass on code and commit message]
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+---
+ lib/guid.c | 1 +
+ tpm.c | 48 ++++++++++++++++++++++++++++
+ include/cc.h | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ include/guid.h | 1 +
+ shim.h | 1 +
+ 5 files changed, 136 insertions(+)
+ create mode 100644 include/cc.h
+
+diff --git a/lib/guid.c b/lib/guid.c
+index e100c92ed1b..904629ebf03 100644
+--- a/lib/guid.c
++++ b/lib/guid.c
+@@ -28,6 +28,7 @@ EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48,
+ EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID;
+ EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } };
+ EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } };
++EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID = { 0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } };
+ EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } };
+ EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL;
+ EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } };
+diff --git a/tpm.c b/tpm.c
+index 41f36651e19..388f8d1217c 100644
+--- a/tpm.c
++++ b/tpm.c
+@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
+ return EFI_NOT_FOUND;
+ }
+
++static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
++ UINT8 pcr, const CHAR8 *log, UINTN logsize,
++ UINT32 type, BOOLEAN is_pe_image)
++{
++ EFI_STATUS efi_status;
++ EFI_CC_EVENT *event;
++ efi_cc_protocol_t *cc;
++ EFI_CC_MR_INDEX mr;
++ uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0;
++
++ efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID,
++ (VOID **)&cc);
++ if (EFI_ERROR(efi_status) || !cc)
++ return EFI_SUCCESS;
++
++ efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr);
++ if (EFI_ERROR(efi_status))
++ return EFI_NOT_FOUND;
++
++ UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize;
++
++ event = AllocatePool(event_size);
++ if (!event) {
++ perror(L"Unable to allocate event structure\n");
++ return EFI_OUT_OF_RESOURCES;
++ }
++
++ event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER);
++ event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
++ event->Header.MrIndex = mr;
++ event->Header.EventType = type;
++ event->Size = event_size;
++ CopyMem(event->Event, (VOID *)log, logsize);
++ efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size,
++ event);
++ FreePool(event);
++ return efi_status;
++}
++
+ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
+ UINT8 pcr, const CHAR8 *log, UINTN logsize,
+ UINT32 type, CHAR8 *hash)
+@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
+ BOOLEAN old_caps;
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
+
++ /* CC guest like TDX or SEV will measure the buffer and log the event,
++ extend the result into a specific CC MR like TCG's PCR. It could
++ coexists with TCG's TPM 1.2 and TPM 2.
++ */
++ efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type,
++ (hash != NULL));
++ if (EFI_ERROR(efi_status))
++ return efi_status;
++
+ efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps);
+ if (EFI_ERROR(efi_status)) {
+ #ifdef REQUIRE_TPM
+diff --git a/include/cc.h b/include/cc.h
+new file mode 100644
+index 00000000000..8b12720804e
+--- /dev/null
++++ b/include/cc.h
+@@ -0,0 +1,85 @@
++// SPDX-License-Identifier: BSD-2-Clause-Patent
++
++#ifndef SHIM_CC_H
++#define SHIM_CC_H
++
++typedef struct {
++ uint8_t Major;
++ uint8_t Minor;
++} EFI_CC_VERSION;
++
++#define EFI_CC_TYPE_NONE 0
++#define EFI_CC_TYPE_SEV 1
++#define EFI_CC_TYPE_TDX 2
++
++typedef struct {
++ uint8_t Type;
++ uint8_t SubType;
++} EFI_CC_TYPE;
++
++typedef uint32_t EFI_CC_EVENT_LOG_BITMAP;
++typedef uint32_t EFI_CC_EVENT_LOG_FORMAT;
++typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP;
++typedef uint32_t EFI_CC_MR_INDEX;
++
++#define TDX_MR_INDEX_MRTD 0
++#define TDX_MR_INDEX_RTMR0 1
++#define TDX_MR_INDEX_RTMR1 2
++#define TDX_MR_INDEX_RTMR2 3
++#define TDX_MR_INDEX_RTMR3 4
++
++#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
++#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004
++#define EFI_CC_EVENT_HEADER_VERSION 1
++
++typedef struct tdEFI_CC_EVENT_HEADER {
++ uint32_t HeaderSize;
++ uint16_t HeaderVersion;
++ EFI_CC_MR_INDEX MrIndex;
++ uint32_t EventType;
++} __attribute__((packed)) EFI_CC_EVENT_HEADER;
++
++typedef struct tdEFI_CC_EVENT {
++ uint32_t Size;
++ EFI_CC_EVENT_HEADER Header;
++ uint8_t Event[1];
++} __attribute__((packed)) EFI_CC_EVENT;
++
++typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY {
++ uint8_t Size;
++ EFI_CC_VERSION StructureVersion;
++ EFI_CC_VERSION ProtocolVersion;
++ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
++ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs;
++ EFI_CC_TYPE CcType;
++} EFI_CC_BOOT_SERVICE_CAPABILITY;
++
++struct efi_cc_protocol
++{
++ EFI_STATUS (EFIAPI *get_capability) (
++ struct efi_cc_protocol *this,
++ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
++ EFI_STATUS (EFIAPI *get_event_log) (
++ struct efi_cc_protocol *this,
++ EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
++ EFI_PHYSICAL_ADDRESS *EventLogLocation,
++ EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
++ BOOLEAN *EventLogTruncated);
++ EFI_STATUS (EFIAPI *hash_log_extend_event) (
++ struct efi_cc_protocol *this,
++ uint64_t Flags,
++ EFI_PHYSICAL_ADDRESS DataToHash,
++ uint64_t DataToHashLen,
++ EFI_CC_EVENT *EfiCcEvent);
++ EFI_STATUS (EFIAPI *map_pcr_to_mr_index) (
++ struct efi_cc_protocol *this,
++ uint32_t PcrIndex,
++ EFI_CC_MR_INDEX *MrIndex);
++};
++
++typedef struct efi_cc_protocol efi_cc_protocol_t;
++
++#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010
++
++#endif /* SHIM_CC_H */
++// vim:fenc=utf-8:tw=75
+diff --git a/include/guid.h b/include/guid.h
+index d9910ff1abc..dad63f0f4f9 100644
+--- a/include/guid.h
++++ b/include/guid.h
+@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID;
+ extern EFI_GUID EFI_LOADED_IMAGE_GUID;
+ extern EFI_GUID EFI_TPM_GUID;
+ extern EFI_GUID EFI_TPM2_GUID;
++extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID;
+ extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
+ extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
+ extern EFI_GUID SECURITY_PROTOCOL_GUID;
+diff --git a/shim.h b/shim.h
+index 7e9d10eb2df..14824c67aff 100644
+--- a/shim.h
++++ b/shim.h
+@@ -186,6 +186,7 @@
+ #include "include/simple_file.h"
+ #include "include/str.h"
+ #include "include/tpm.h"
++#include "include/cc.h"
+ #include "include/ucs2.h"
+ #include "include/variables.h"
+ #include "include/hexdump.h"
+--
+2.37.1
+
diff --git a/SOURCES/0004-httpboot-return-EFI_NOT_FOUND-when-it-fails-to-find-.patch b/SOURCES/0004-httpboot-return-EFI_NOT_FOUND-when-it-fails-to-find-.patch
deleted file mode 100644
index 44de3b7..0000000
--- a/SOURCES/0004-httpboot-return-EFI_NOT_FOUND-when-it-fails-to-find-.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 8a66f5571bb059d2692e804f4ba9817e978dd103 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Mon, 28 May 2018 16:05:38 +0800
-Subject: [PATCH 04/62] httpboot: return EFI_NOT_FOUND when it fails to find
- the NIC handle
-
-httpboot_fetch_buffer() should return EFI_NOT_FOUND to reflect the error
-status when get_nic_handle() returns NULL.
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 2be5c7dc4b0
----
- httpboot.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/httpboot.c b/httpboot.c
-index 4cfa3aab3b7..d656073c633 100644
---- a/httpboot.c
-+++ b/httpboot.c
-@@ -715,6 +715,7 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
- also supports the HTTP service binding protocol */
- nic = get_nic_handle(&mac_addr);
- if (!nic) {
-+ efi_status = EFI_NOT_FOUND;
- goto error;
- }
-
---
-2.26.2
-
diff --git a/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch b/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch
new file mode 100644
index 0000000..8d6d654
--- /dev/null
+++ b/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch
@@ -0,0 +1,70 @@
+From 14d63398298c8de23036a4cf61594108b7345863 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 23 Aug 2022 12:07:16 -0400
+Subject: [PATCH 05/13] Discard load-options that start with a NUL
+
+In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI
+LoadOptions that are just NUL characters."), a check was added to
+discard load options that are entirely NUL. We now see some firmwares
+that start LoadOptions with a NUL, and then follow it with garbage (path
+to directory containing loaders). Widen the check to just discard
+anything that starts with a NUL.
+
+Resolves: #490
+Related: #95
+See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+---
+ load-options.c | 7 ++++++-
+ include/ucs2.h | 18 ------------------
+ 2 files changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/load-options.c b/load-options.c
+index c6bb7427685..a8c6e1a3d37 100644
+--- a/load-options.c
++++ b/load-options.c
+@@ -404,8 +404,13 @@ parse_load_options(EFI_LOADED_IMAGE *li)
+
+ /*
+ * Apparently sometimes we get L"\0\0"? Which isn't useful at all.
++ *
++ * Possibly related, but some boards have additional data before the
++ * size which is garbage (it's a weird path to the directory
++ * containing the loaders). Known boards that do this: Kontron VX3040
++ * (AMI), ASUS B85M-E, and at least one "older Dell laptop".
+ */
+- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize))
++ if (((CHAR16 *)li->LoadOptions)[0] == 0)
+ return EFI_SUCCESS;
+
+ /*
+diff --git a/include/ucs2.h b/include/ucs2.h
+index ee038ce798a..87eab32f006 100644
+--- a/include/ucs2.h
++++ b/include/ucs2.h
+@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject)
+ return ret;
+ }
+
+-/*
+- * Test if an entire buffer is nothing but NUL characters. This
+- * implementation "gracefully" ignores the difference between the
+- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL.
+- */
+-static inline bool
+-__attribute__((__unused__))
+-is_all_nuls(UINT8 *data, UINTN data_size)
+-{
+- UINTN i;
+-
+- for (i = 0; i < data_size; i++) {
+- if (data[i] != 0)
+- return false;
+- }
+- return true;
+-}
+-
+ #endif /* SHIM_UCS2_H */
+--
+2.37.1
+
diff --git a/SOURCES/0005-httpboot-print-more-messages-when-it-fails-to-set-IP.patch b/SOURCES/0005-httpboot-print-more-messages-when-it-fails-to-set-IP.patch
deleted file mode 100644
index d64a381..0000000
--- a/SOURCES/0005-httpboot-print-more-messages-when-it-fails-to-set-IP.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 0ba6c87bdf55f749a0ec1c3b0fd24ebb8200d537 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Mon, 28 May 2018 17:24:30 +0800
-Subject: [PATCH 05/62] httpboot: print more messages when it fails to set IP
-
-We previously only print the return status and it may not be clear
-enough in some situations. Print the IP address and the gateway to help
-the user to identify the possible errors.
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 3abe94516c7
----
- httpboot.c | 45 +++++++++++++++++++++++++++++++++++++++++----
- 1 file changed, 41 insertions(+), 4 deletions(-)
-
-diff --git a/httpboot.c b/httpboot.c
-index d656073c633..6f27b01bf71 100644
---- a/httpboot.c
-+++ b/httpboot.c
-@@ -311,6 +311,20 @@ is_unspecified_addr (EFI_IPv6_ADDRESS ip6)
- return TRUE;
- }
-
-+static inline void
-+print_ip6_addr(EFI_IPv6_ADDRESS ip6addr)
-+{
-+ perror(L"%x:%x:%x:%x:%x:%x:%x:%x\n",
-+ ip6addr.Addr[0] << 8 | ip6addr.Addr[1],
-+ ip6addr.Addr[2] << 8 | ip6addr.Addr[3],
-+ ip6addr.Addr[4] << 8 | ip6addr.Addr[5],
-+ ip6addr.Addr[6] << 8 | ip6addr.Addr[7],
-+ ip6addr.Addr[8] << 8 | ip6addr.Addr[9],
-+ ip6addr.Addr[10] << 8 | ip6addr.Addr[11],
-+ ip6addr.Addr[12] << 8 | ip6addr.Addr[13],
-+ ip6addr.Addr[14] << 8 | ip6addr.Addr[15]);
-+}
-+
- static EFI_STATUS
- set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
- {
-@@ -329,8 +343,12 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
- ip6.IsAnycast = FALSE;
- efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeManualAddress,
- sizeof(ip6), &ip6);
-- if (EFI_ERROR(efi_status))
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to set IPv6 Address:\nIP: ");
-+ print_ip6_addr(ip6.Address);
-+ perror(L"Prefix Length: %u\n", ip6.PrefixLength);
- return efi_status;
-+ }
-
- gateway = ip6node->GatewayIpAddress;
- if (is_unspecified_addr(gateway))
-@@ -338,12 +356,23 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
-
- efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeGateway,
- sizeof(gateway), &gateway);
-- if (EFI_ERROR(efi_status))
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to set IPv6 Gateway:\nIP: ");
-+ print_ip6_addr(gateway);
- return efi_status;
-+ }
-
- return EFI_SUCCESS;
- }
-
-+static inline void
-+print_ip4_addr(EFI_IPv4_ADDRESS ip4addr)
-+{
-+ perror(L"%u.%u.%u.%u\n",
-+ ip4addr.Addr[0], ip4addr.Addr[1],
-+ ip4addr.Addr[2], ip4addr.Addr[3]);
-+}
-+
- static EFI_STATUS
- set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
- {
-@@ -361,14 +390,22 @@ set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
- ip4.SubnetMask = ip4node->SubnetMask;
- efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeManualAddress,
- sizeof(ip4), &ip4);
-- if (EFI_ERROR(efi_status))
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to Set IPv4 Address:\nIP: ");
-+ print_ip4_addr(ip4.Address);
-+ perror(L"Mask: ");
-+ print_ip4_addr(ip4.SubnetMask);
- return efi_status;
-+ }
-
- gateway = ip4node->GatewayIpAddress;
- efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeGateway,
- sizeof(gateway), &gateway);
-- if (EFI_ERROR(efi_status))
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to Set IPv4 Gateway:\nGateway: ");
-+ print_ip4_addr(gateway);
- return efi_status;
-+ }
-
- return EFI_SUCCESS;
- }
---
-2.26.2
-
diff --git a/SOURCES/0006-httpboot-allow-the-IPv4-gateway-to-be-empty.patch b/SOURCES/0006-httpboot-allow-the-IPv4-gateway-to-be-empty.patch
deleted file mode 100644
index 4b92fda..0000000
--- a/SOURCES/0006-httpboot-allow-the-IPv4-gateway-to-be-empty.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 80e52895f206fcb40a60f031e7b721627bb193ca Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Mon, 28 May 2018 17:42:56 +0800
-Subject: [PATCH 06/62] httpboot: allow the IPv4 gateway to be empty
-
-The gateway is not mandatory.
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 69089e9c678
----
- httpboot.c | 20 ++++++++++++++++++--
- 1 file changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/httpboot.c b/httpboot.c
-index 6f27b01bf71..16dd6621f66 100644
---- a/httpboot.c
-+++ b/httpboot.c
-@@ -299,7 +299,7 @@ out:
- }
-
- static BOOLEAN
--is_unspecified_addr (EFI_IPv6_ADDRESS ip6)
-+is_unspecified_ip6addr (EFI_IPv6_ADDRESS ip6)
- {
- UINT8 i;
-
-@@ -351,7 +351,7 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
- }
-
- gateway = ip6node->GatewayIpAddress;
-- if (is_unspecified_addr(gateway))
-+ if (is_unspecified_ip6addr(gateway))
- return EFI_SUCCESS;
-
- efi_status = ip6cfg->SetData(ip6cfg, Ip6ConfigDataTypeGateway,
-@@ -365,6 +365,19 @@ set_ip6(EFI_HANDLE *nic, IPv6_DEVICE_PATH *ip6node)
- return EFI_SUCCESS;
- }
-
-+static BOOLEAN
-+is_unspecified_ip4addr (EFI_IPv4_ADDRESS ip4)
-+{
-+ UINT8 i;
-+
-+ for (i = 0; i<4; i++) {
-+ if (ip4.Addr[i] != 0)
-+ return FALSE;
-+ }
-+
-+ return TRUE;
-+}
-+
- static inline void
- print_ip4_addr(EFI_IPv4_ADDRESS ip4addr)
- {
-@@ -399,6 +412,9 @@ set_ip4(EFI_HANDLE *nic, IPv4_DEVICE_PATH *ip4node)
- }
-
- gateway = ip4node->GatewayIpAddress;
-+ if (is_unspecified_ip4addr(gateway))
-+ return EFI_SUCCESS;
-+
- efi_status = ip4cfg2->SetData(ip4cfg2, Ip4Config2DataTypeGateway,
- sizeof(gateway), &gateway);
- if (EFI_ERROR(efi_status)) {
---
-2.26.2
-
diff --git a/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch b/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
new file mode 100644
index 0000000..457ab90
--- /dev/null
+++ b/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
@@ -0,0 +1,57 @@
+From 5c537b3d0cf8c393dad2e61d49aade68f3af1401 Mon Sep 17 00:00:00 2001
+From: dann frazier <dann.frazier@canonical.com>
+Date: Tue, 6 Sep 2022 09:28:22 -0600
+Subject: [PATCH 06/13] shim: Flush the memory region from i-cache before
+ execution
+
+We've seen crashes in early GRUB code on an ARM Cortex-A72-based
+platform that point at seemingly harmless instructions. Flushing
+the i-cache of those instructions prior to executing has been
+shown to avoid the problem, which has parallels with this story:
+ https://www.mail-archive.com/osv-dev@googlegroups.com/msg06203.html
+
+Add a cache flushing utility function and provide an implementation
+using a GCC intrinsic. This will need to be extended to support other
+compilers. Note that this intrinsic is a no-op for x86 platforms.
+
+This fixes issue #498.
+
+Signed-off-by: dann frazier <dann.frazier@canonical.com>
+---
+ pe.c | 3 +++
+ include/compiler.h | 6 ++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/pe.c b/pe.c
+index ba3e2bbc444..f94530a20c0 100644
+--- a/pe.c
++++ b/pe.c
+@@ -1196,6 +1196,9 @@ handle_image (void *data, unsigned int datasize,
+
+ CopyMem(buffer, data, context.SizeOfHeaders);
+
++ /* Flush the instruction cache for the region holding the image */
++ cache_invalidate(buffer, buffer + context.ImageSize);
++
+ *entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint);
+ if (!*entry_point) {
+ perror(L"Entry point is invalid\n");
+diff --git a/include/compiler.h b/include/compiler.h
+index b4bf10319ee..b0d595f32c2 100644
+--- a/include/compiler.h
++++ b/include/compiler.h
+@@ -192,5 +192,11 @@
+ */
+ #define unreachable() __builtin_unreachable()
+
++#if defined(__GNUC__)
++#define cache_invalidate(begin, end) __builtin___clear_cache(begin, end)
++#else /* __GNUC__ */
++#error shim has no cache_invalidate() implementation for this compiler
++#endif /* __GNUC__ */
++
+ #endif /* !COMPILER_H_ */
+ // vim:fenc=utf-8:tw=75:et
+--
+2.37.1
+
diff --git a/SOURCES/0007-httpboot-show-the-error-message-for-the-ChildHandle.patch b/SOURCES/0007-httpboot-show-the-error-message-for-the-ChildHandle.patch
deleted file mode 100644
index 8d42888..0000000
--- a/SOURCES/0007-httpboot-show-the-error-message-for-the-ChildHandle.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c2f645c7cd9872585e7b4522b01c368bb545258b Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Mon, 28 May 2018 18:03:39 +0800
-Subject: [PATCH 07/62] httpboot: show the error message for the ChildHandle
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 0fd3c7e8518
----
- httpboot.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/httpboot.c b/httpboot.c
-index 16dd6621f66..3622e85867c 100644
---- a/httpboot.c
-+++ b/httpboot.c
-@@ -696,8 +696,10 @@ http_fetch (EFI_HANDLE image, EFI_HANDLE device,
- /* Set the handle to NULL to request a new handle */
- http_handle = NULL;
- efi_status = service->CreateChild(service, &http_handle);
-- if (EFI_ERROR(efi_status))
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to create the ChildHandle\n");
- return efi_status;
-+ }
-
- /* Get the http protocol */
- efi_status = gBS->HandleProtocol(http_handle, &EFI_HTTP_PROTOCOL_GUID,
---
-2.26.2
-
diff --git a/SOURCES/0007-load_cert_file-Fix-stack-issue.patch b/SOURCES/0007-load_cert_file-Fix-stack-issue.patch
new file mode 100644
index 0000000..b1d13c3
--- /dev/null
+++ b/SOURCES/0007-load_cert_file-Fix-stack-issue.patch
@@ -0,0 +1,46 @@
+From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001
+From: Eric Snowberg <eric.snowberg@oracle.com>
+Date: Wed, 2 Nov 2022 10:39:43 -0600
+Subject: [PATCH 07/13] load_cert_file: Fix stack issue
+
+0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two
+new problems. First it incorrectly assumes li.FilePath is a string.
+Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found
+that not all archectures can handle this being on the stack.
+
+The shim_li variable will be setup properly from the read_image
+call. Use the global shim_li variable instead when calling
+verify_image.
+
+Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
+---
+ shim.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 27b74ce06c3..0d919ceb83c 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1395,7 +1395,6 @@ EFI_STATUS
+ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
+ {
+ EFI_STATUS efi_status;
+- EFI_LOADED_IMAGE li;
+ PE_COFF_LOADER_IMAGE_CONTEXT context;
+ EFI_IMAGE_SECTION_HEADER *Section;
+ EFI_SIGNATURE_LIST *certlist;
+@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
+ if (EFI_ERROR(efi_status))
+ return efi_status;
+
+- memset(&li, 0, sizeof(li));
+- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath)));
+-
+- efi_status = verify_image(data, datasize, &li, &context);
++ efi_status = verify_image(data, datasize, shim_li, &context);
+ if (EFI_ERROR(efi_status))
+ return efi_status;
+
+--
+2.37.1
+
diff --git a/SOURCES/0008-Fix-typo-in-debug-path-in-shim.h.patch b/SOURCES/0008-Fix-typo-in-debug-path-in-shim.h.patch
deleted file mode 100644
index be22b83..0000000
--- a/SOURCES/0008-Fix-typo-in-debug-path-in-shim.h.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 409b59af29b8749207a527c91dccba7eee98232b Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 23 May 2018 15:15:56 +0800
-Subject: [PATCH 08/62] Fix typo in debug path in shim.h
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: a98c20bbdbb
----
- shim.h | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/shim.h b/shim.h
-index a25a660df6a..2b359d821e3 100644
---- a/shim.h
-+++ b/shim.h
-@@ -43,7 +43,7 @@
- #define EFI_ARCH L"x64"
- #endif
- #ifndef DEBUGDIR
--#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/x64/"
-+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/x64/"
- #endif
- #endif
-
-@@ -58,7 +58,7 @@
- #define EFI_ARCH L"ia32"
- #endif
- #ifndef DEBUGDIR
--#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/ia32/"
-+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/ia32/"
- #endif
- #endif
-
-@@ -73,7 +73,7 @@
- #define EFI_ARCH L"aa64"
- #endif
- #ifndef DEBUGDIR
--#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/aa64/"
-+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/aa64/"
- #endif
- #endif
-
-@@ -88,7 +88,7 @@
- #define EFI_ARCH L"arm"
- #endif
- #ifndef DEBUGDIR
--#define DEBUGDIR L"/usr/lub/debug/usr/share/shim/arm/"
-+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/arm/"
- #endif
- #endif
-
---
-2.26.2
-
diff --git a/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch b/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch
new file mode 100644
index 0000000..265c724
--- /dev/null
+++ b/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch
@@ -0,0 +1,30 @@
+From ea4911c2f3ce8f8f703a1476febac86bb16b00fd Mon Sep 17 00:00:00 2001
+From: Eric Snowberg <eric.snowberg@oracle.com>
+Date: Wed, 2 Nov 2022 10:45:23 -0600
+Subject: [PATCH 08/13] load_cert_file: Use EFI RT memory function
+
+Use the EFI RT memory function CopyMem instead of memcpy in load_cert_file.
+
+Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
+---
+ shim.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 0d919ceb83c..4437898af56 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1429,8 +1429,8 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
+ user_cert_size += certlist->SignatureListSize;;
+ user_cert = ReallocatePool(user_cert, original,
+ user_cert_size);
+- memcpy(user_cert + original, pointer,
+- certlist->SignatureListSize);
++ CopyMem(user_cert + original, pointer,
++ certlist->SignatureListSize);
+ }
+ }
+ FreePool(data);
+--
+2.37.1
+
diff --git a/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch b/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch
new file mode 100644
index 0000000..ede4471
--- /dev/null
+++ b/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch
@@ -0,0 +1,32 @@
+From 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Mon Sep 17 00:00:00 2001
+From: Nicholas Bishop <nicholasbishop@google.com>
+Date: Thu, 6 Oct 2022 16:08:56 -0400
+Subject: [PATCH 09/13] Add -malign-double to IA32 compiler flags
+
+This changes the alignment of UINT64 data to 8 bytes on IA32, which
+matches EDK2's understanding of alignment. In particular this change
+affects the offset where shim writes `EFI_LOADED_IMAGE.ImageSize`.
+
+Fixes https://github.com/rhboot/shim/issues/515
+
+Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
+---
+ Make.defaults | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Make.defaults b/Make.defaults
+index dfed9c4a3c7..c46164a33ea 100644
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -71,7 +71,7 @@ ifeq ($(ARCH),x86_64)
+ endif
+ ifeq ($(ARCH),ia32)
+ ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+- $(CLANG_BUGS) -m32 \
++ $(CLANG_BUGS) -m32 -malign-double \
+ -DMDE_CPU_IA32 -DPAGE_SIZE=4096
+ ARCH_GNUEFI ?= ia32
+ ARCH_SUFFIX ?= ia32
+--
+2.37.1
+
diff --git a/SOURCES/0009-MokManager-Stop-using-EFI_VARIABLE_APPEND_WRITE.patch b/SOURCES/0009-MokManager-Stop-using-EFI_VARIABLE_APPEND_WRITE.patch
deleted file mode 100644
index 1baa54b..0000000
--- a/SOURCES/0009-MokManager-Stop-using-EFI_VARIABLE_APPEND_WRITE.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 85c837d67fef9cd831a3126398ed8da1421f61c5 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Fri, 11 May 2018 16:59:03 +0800
-Subject: [PATCH 09/62] MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
-
-When writing MokList with EFI_VARIABLE_APPEND_WRITE, some HP laptops
-may just return EFI_SUCCESS without writing the content into the flash,
-so we have no way to detect if MokList is updated or not. Now we always
-read MokList first and write it back with the new content.
-
-https://github.com/rhboot/shim/issues/105
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: f442c8424b4
----
- MokManager.c | 11 +++--------
- 1 file changed, 3 insertions(+), 8 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 0767e4a6cde..df9b6fe6912 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -880,14 +880,9 @@ static EFI_STATUS write_db(CHAR16 * db_name, void *MokNew, UINTN MokNewSize)
- UINTN old_size;
- UINTN new_size;
-
-- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
-- EFI_VARIABLE_NON_VOLATILE |
-- EFI_VARIABLE_BOOTSERVICE_ACCESS |
-- EFI_VARIABLE_APPEND_WRITE,
-- MokNewSize, MokNew);
-- if (!EFI_ERROR(efi_status) || efi_status != EFI_INVALID_PARAMETER) {
-- return efi_status;
-- }
-+ /* Do not use EFI_VARIABLE_APPEND_WRITE due to faulty firmwares.
-+ * ref: https://github.com/rhboot/shim/issues/55
-+ * https://github.com/rhboot/shim/issues/105 */
-
- efi_status = get_variable_attr(db_name, (UINT8 **)&old_data, &old_size,
- SHIM_LOCK_GUID, &attributes);
---
-2.26.2
-
diff --git a/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch b/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch
new file mode 100644
index 0000000..9abcffb
--- /dev/null
+++ b/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch
@@ -0,0 +1,36 @@
+From 17f02339ed1be9e90738603fe3c95ae7dc300061 Mon Sep 17 00:00:00 2001
+From: Ilya Okomin <ilya.okomin@oracle.com>
+Date: Fri, 7 Oct 2022 16:52:08 -0400
+Subject: [PATCH 10/13] pe: Fix image section entry-point validation
+
+Seen mokmanager image load failure '2 sections contain entry point'
+for shim built on Oracle Linux 9 aarch64. found_entry_point counter in
+handle_image() uses SizeOfRawData to calculate section boundary.
+PE spec defines VirtualSize for the total size of the section when loaded
+into memory. SizeOfRawData is the size of the section (for object files)
+or the size of the initialized data on disk.
+
+Fix this issue by updating section in-memory size limit to VirtualSize.
+
+Resolves: #517
+Signed-off-by: Ilya Okomin <ilya.okomin@oracle.com>
+---
+ pe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pe.c b/pe.c
+index f94530a20c0..9a3679e16a1 100644
+--- a/pe.c
++++ b/pe.c
+@@ -1259,7 +1259,7 @@ handle_image (void *data, unsigned int datasize,
+ }
+
+ if (Section->VirtualAddress <= context.EntryPoint &&
+- (Section->VirtualAddress + Section->SizeOfRawData - 1)
++ (Section->VirtualAddress + Section->Misc.VirtualSize - 1)
+ > context.EntryPoint)
+ found_entry_point++;
+
+--
+2.37.1
+
diff --git a/SOURCES/0010-shim-Extend-invalid-reloc-size-warning-message.patch b/SOURCES/0010-shim-Extend-invalid-reloc-size-warning-message.patch
deleted file mode 100644
index 76d26e8..0000000
--- a/SOURCES/0010-shim-Extend-invalid-reloc-size-warning-message.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 956717e2b375d7c7f0faafec8f12a7692708eb9a Mon Sep 17 00:00:00 2001
-From: Paul Menzel <pmenzel@molgen.mpg.de>
-Date: Wed, 23 May 2018 12:32:37 +0200
-Subject: [PATCH 10/62] shim: Extend invalid reloc size warning message
-
-Knowing the value of the reloc directory size is helpful for debugging,
-cf. issue #131 [1],
-
-[1]: https://github.com/rhboot/shim/issues/131
-
-Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
-Upstream-commit-id: dd3230d07f3
----
- shim.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index ff0817009cd..05fc65005d1 100644
---- a/shim.c
-+++ b/shim.c
-@@ -280,8 +280,14 @@ static EFI_STATUS relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context,
- while (RelocBase < RelocBaseEnd) {
- Reloc = (UINT16 *) ((char *) RelocBase + sizeof (EFI_IMAGE_BASE_RELOCATION));
-
-- if ((RelocBase->SizeOfBlock == 0) || (RelocBase->SizeOfBlock > context->RelocDir->Size)) {
-- perror(L"Reloc %d block size %d is invalid\n", n, RelocBase->SizeOfBlock);
-+ if (RelocBase->SizeOfBlock == 0) {
-+ perror(L"Reloc %d block size 0 is invalid\n", n);
-+ return EFI_UNSUPPORTED;
-+ } else if (RelocBase->SizeOfBlock > context->RelocDir->Size) {
-+ perror(L"Reloc %d block size %d greater than reloc dir"
-+ "size %d, which is invalid\n", n,
-+ RelocBase->SizeOfBlock,
-+ context->RelocDir->Size);
- return EFI_UNSUPPORTED;
- }
-
---
-2.26.2
-
diff --git a/SOURCES/0011-Add-GRUB-s-PCR-Usage-to-README.tpm.patch b/SOURCES/0011-Add-GRUB-s-PCR-Usage-to-README.tpm.patch
deleted file mode 100644
index 25197e0..0000000
--- a/SOURCES/0011-Add-GRUB-s-PCR-Usage-to-README.tpm.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From bd97e72f0490b2be766949f448bf6ea3ec2bba1a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 1 Aug 2018 09:58:09 -0500
-Subject: [PATCH 11/62] Add GRUB's PCR Usage to README.tpm
-
-This didn't seem to get documented anywhere, and this is as good a place as any.
-Upstream-commit-id: 4fab7281a8c
----
- README.tpm | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/README.tpm b/README.tpm
-index b7314f12d57..d9c7c53483b 100644
---- a/README.tpm
-+++ b/README.tpm
-@@ -19,6 +19,15 @@ PCR7:
- - MokSBState will be extended into PCR7 if it is set, logged as
- "MokSBState".
-
-+PCR8:
-+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
-+ line and all grub commands (including all of grub.cfg that gets run) are
-+ measured into PCR8.
-+
-+PCR9:
-+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
-+ initramfs, and any multiboot modules loaded are measured into PCR9.
-+
- PCR14:
- - MokList, MokListX, and MokSBState will be extended into PCR14 if they are
- set.
---
-2.26.2
-
diff --git a/SOURCES/0011-make-archive-Build-reproducible-tarball.patch b/SOURCES/0011-make-archive-Build-reproducible-tarball.patch
new file mode 100644
index 0000000..9fa4247
--- /dev/null
+++ b/SOURCES/0011-make-archive-Build-reproducible-tarball.patch
@@ -0,0 +1,42 @@
+From 5169769e0f84dd227592cb73da97dacd61ae40b9 Mon Sep 17 00:00:00 2001
+From: Julian Andres Klode <julian.klode@canonical.com>
+Date: Mon, 14 Nov 2022 12:16:29 +0100
+Subject: [PATCH 11/13] make-archive: Build reproducible tarball
+
+Remove timestamps, user names, etc. from the tarball so that
+it can be built reproducibly by multiple people, on different
+machines.
+
+The outer bzip2 layer might still be different, no reproducible
+bzip2 known.
+
+Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
+---
+ make-archive | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/make-archive b/make-archive
+index d4f095f0a46..9ae9eef077a 100755
+--- a/make-archive
++++ b/make-archive
+@@ -86,14 +86,16 @@ main() {
+ cd ..
+ if [ "x" = "x${SHIM_GIT_TAG}" ] ; then
+ git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
++ TIMESTAMP=0
+ else
+ # ORIGIN doesn't yet have this tag
+ git archive --format=tar "${SHIM_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
++ TIMESTAMP=$(git log -1 --pretty=%ct "${SHIM_GIT_TAG}")
+ fi
+ git log -1 --pretty=format:%H > "${ARCHIVE_DIR}/shim-${VERSION}/commit"
+ DIR="$PWD"
+ cd "${ARCHIVE_DIR}"
+- tar -c --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
++ tar -c --sort=name --mtime="@${TIMESTAMP}" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
+ rm -rf "${ARCHIVE_DIR}"
+ echo "The archive is in shim-${VERSION}.tar.bz2"
+ exit 0
+--
+2.37.1
+
diff --git a/SOURCES/0012-Fix-the-compile-error-of-mkdir-wrong-directory.patch b/SOURCES/0012-Fix-the-compile-error-of-mkdir-wrong-directory.patch
deleted file mode 100644
index a71436e..0000000
--- a/SOURCES/0012-Fix-the-compile-error-of-mkdir-wrong-directory.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c4e3516e303daa42b3381ddd889a90641717f720 Mon Sep 17 00:00:00 2001
-From: TanMing <tanminger@TanMing-WorkPC.sh.intel.com>
-Date: Tue, 21 Aug 2018 02:25:52 -0400
-Subject: [PATCH 12/62] Fix the compile error of mkdir wrong directory.
-
-In Ubuntu 14.04, the following code in old Makefile:
- mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
-will create a directory named "{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}".
-
-Signed-off-by: Ming Tan <ming.tan@intel.com>
-Upstream-commit-id: 39b83455d68
----
- Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index 115e7f08c0f..3f2105595a6 100644
---- a/Makefile
-+++ b/Makefile
-@@ -102,11 +102,11 @@ $(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a li
- $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
-
- Cryptlib/libcryptlib.a:
-- mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
-+ for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done
- $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile
-
- Cryptlib/OpenSSL/libopenssl.a:
-- mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/
-+ for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done
- $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile
-
- lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch])
---
-2.26.2
-
diff --git a/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch b/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch
new file mode 100644
index 0000000..83375d3
--- /dev/null
+++ b/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch
@@ -0,0 +1,38 @@
+From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001
+From: Arthur Gautier <arthur.gautier@arista.com>
+Date: Fri, 21 Oct 2022 13:20:45 -0700
+Subject: [PATCH 12/13] mok: remove MokListTrusted from PCR 7
+
+MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
+MokListTrusted does not alter the behavior of secure boot so, as per
+https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
+(section 3.3.4 PCR usage) so it should not be factored in the value of
+PCR 7.
+
+See:
+ https://github.com/rhboot/shim/pull/423
+ https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f
+
+Fixes https://github.com/rhboot/shim/issues/484
+Fixes https://github.com/rhboot/shim/issues/492
+
+Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
+---
+ mok.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/mok.c b/mok.c
+index 63ddfcaaea3..9811b358626 100644
+--- a/mok.c
++++ b/mok.c
+@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
+ EFI_VARIABLE_NON_VOLATILE,
+ .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
+ .flags = MOK_MIRROR_DELETE_FIRST |
+- MOK_VARIABLE_MEASURE |
+ MOK_VARIABLE_INVERSE |
+ MOK_VARIABLE_LOG,
+ .pcr = 14,
+--
+2.37.1
+
diff --git a/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch b/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
new file mode 100644
index 0000000..ae123c6
--- /dev/null
+++ b/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
@@ -0,0 +1,56 @@
+From 53509eaf2253e23bfb552e9386fd0877abe592b4 Mon Sep 17 00:00:00 2001
+From: Jian J Wang <jian.j.wang@intel.com>
+Date: Thu, 25 Apr 2019 23:42:16 +0800
+Subject: [PATCH 13/13] CryptoPkg/BaseCryptLib: fix NULL dereference
+
+AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded
+signed authenticode pkcs#7 data. when this successfully returns, a type
+check is done by calling PKCS7_type_is_signed() and then
+Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1
+blob that successfully decodes and have d2i_PKCS7() return a valid pointer
+and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign
+be a NULL pointer.
+
+Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for
+pkcs7 structs it does the following:
+- call PKCS7_type_is_signed()
+- call PKCS7_get_detached()
+Looking into how PKCS7_get_detatched() is implemented, it checks to see if
+p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL.
+
+As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7().
+- Add call to PKS7_get_detached() to existing error handling
+
+Cc: Chao Zhang <chao.b.zhang@intel.com>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
+Cherry-picked-from: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
+---
+ Cryptlib/Pk/CryptAuthenticode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c
+index 74e50a2e862..f6f988b8480 100644
+--- a/Cryptlib/Pk/CryptAuthenticode.c
++++ b/Cryptlib/Pk/CryptAuthenticode.c
+@@ -9,7 +9,7 @@
+ AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
+ data structure.
+
+-Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
++Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+@@ -106,7 +106,7 @@ AuthenticodeVerify (
+ //
+ // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
+ //
+- if (!PKCS7_type_is_signed (Pkcs7)) {
++ if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) {
+ goto _Exit;
+ }
+
+--
+2.37.1
+
diff --git a/SOURCES/0013-shim-Properly-generate-absolute-paths-from-relative-.patch b/SOURCES/0013-shim-Properly-generate-absolute-paths-from-relative-.patch
deleted file mode 100644
index 00dfaeb..0000000
--- a/SOURCES/0013-shim-Properly-generate-absolute-paths-from-relative-.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 79be2af5260b1f2e2a4680e74e14da0fdb42b570 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 7 Sep 2018 14:11:02 +0200
-Subject: [PATCH 13/62] shim: Properly generate absolute paths from relative
- image paths
-
-The generate_path_from_image_path() doesn't properly handle the case when
-shim is invoked using a relative path (e.g: from the EFI shell). In that
-function, always the last component is stripped from absolute file path
-to calculate the dirname, and this is concatenated with the image path.
-
-But if the path is a relative one, the function will wrongly concatenate
-the dirname with the relative image path, i.e:
-
- Shell> FS0:
- FS0:\> cd EFI
- FS0:\EFI\> BOOT\BOOTX64.EFI
- Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
- Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
- start_image() returned Not found
-
-Calculate the image path basename and concatenate that with the dirname.
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Reviewed-by: Maran Wilson maran.wilson@oracle.com
-Tested-by: Maran Wilson maran.wilson@oracle.com
-Upstream-commit-id: a625fa5096c
----
- shim.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 05fc65005d1..5ab23d03db4 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1610,9 +1610,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
- bootpath[j] = '\0';
- }
-
-- while (*ImagePath == '\\')
-- ImagePath++;
-+ for (i = 0, last = 0; i < StrLen(ImagePath); i++)
-+ if (ImagePath[i] == '\\')
-+ last = i + 1;
-
-+ ImagePath = ImagePath + last;
- *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
-
- if (!*PathName) {
---
-2.26.2
-
diff --git a/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch b/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
new file mode 100644
index 0000000..115573a
--- /dev/null
+++ b/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
@@ -0,0 +1,104 @@
+From 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 5 Dec 2022 17:57:36 -0500
+Subject: [PATCH] Make sbat_var.S parse right with buggy gcc/binutils
+
+In https://github.com/rhboot/shim/issues/533 , iokomin noticed that
+gas in binutils before 2.36 appears to be incorrectly concatenating
+string literals in '.asciz' directives, including an extra NUL character
+in between the strings, and this will cause us to incorrectly parse the
+.sbatlevel section in shim binaries.
+
+This patch adds test cases that will cause the build to fail if this has
+happened, as well as changing sbat_var.S to to use '.ascii' and '.byte'
+to construct the data, rather than using '.asciz'.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ test-sbat.c | 32 ++++++++++++++++++++++++++++++++
+ sbat_var.S | 6 ++++--
+ include/test.mk | 2 +-
+ 3 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/test-sbat.c b/test-sbat.c
+index 72bebe7ae63..65bc6a84baa 100644
+--- a/test-sbat.c
++++ b/test-sbat.c
+@@ -1107,6 +1107,36 @@ test_preserve_sbat_uefi_variable_bad_short(void)
+ return 0;
+ }
+
++static int
++test_sbat_var_asciz(void)
++{
++ EFI_STATUS status;
++ char buf[1024] = "";
++ UINT32 attrs = 0;
++ UINTN size = sizeof(buf);
++ char expected[] = SBAT_VAR_PREVIOUS;
++
++ status = set_sbat_uefi_variable();
++ if (status != EFI_SUCCESS)
++ return -1;
++
++ status = RT->GetVariable(SBAT_VAR_NAME, &SHIM_LOCK_GUID, &attrs, &size, buf);
++ if (status != EFI_SUCCESS)
++ return -1;
++
++ /*
++ * this should be enough to get past "sbat,", which handles the
++ * first error.
++ */
++ if (size < (strlen(SBAT_VAR_SIG) + 2) || size != strlen(expected))
++ return -1;
++
++ if (strncmp(expected, buf, size) != 0)
++ return -1;
++
++ return 0;
++}
++
+ int
+ main(void)
+ {
+@@ -1155,6 +1185,8 @@ main(void)
+ test(test_preserve_sbat_uefi_variable_version_older);
+ test(test_preserve_sbat_uefi_variable_version_olderlonger);
+
++ test(test_sbat_var_asciz);
++
+ return 0;
+ }
+
+diff --git a/sbat_var.S b/sbat_var.S
+index a115077ae4d..2a813a403b4 100644
+--- a/sbat_var.S
++++ b/sbat_var.S
+@@ -14,7 +14,9 @@ sbat_var_payload_header:
+ .Lsbat_var_payload_header_end:
+ .balign 1, 0
+ .Lsbat_var_previous:
+- .asciz SBAT_VAR_PREVIOUS
++ .ascii SBAT_VAR_PREVIOUS
++ .byte 0
+ .balign 1, 0
+ .Lsbat_var_latest:
+- .asciz SBAT_VAR_LATEST
++ .ascii SBAT_VAR_LATEST
++ .byte 0
+diff --git a/include/test.mk b/include/test.mk
+index c0e2409517a..c37b84466ed 100644
+--- a/include/test.mk
++++ b/include/test.mk
+@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+ test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
+ test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
+
+-test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
++test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
+ test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
+
+ test-str_FILES = lib/string.c
+--
+2.38.1
+
diff --git a/SOURCES/0014-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch b/SOURCES/0014-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
deleted file mode 100644
index 34b9896..0000000
--- a/SOURCES/0014-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 818a0dbd247f7c83d844febfa0a037b396d22701 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Fri, 7 Sep 2018 15:10:51 +0200
-Subject: [PATCH 14/62] shim: Prevent shim to set itself as a second stage
- loader
-
-When shim is invoked from a relative path (e.g: from the UEFI shell), the
-Loaded Image handle LoadOptions can be set to the binary relative path.
-
-But the is_our_path() function only checks if LoadOptions is set to the
-absolute path of shim to ignore it. So if a relative path is there, shim
-would set itself as the secondary loader and invoke itself in a loop.
-
-To prevent that, use the path in LoadOptions to calculate the absolute
-path and compare it with the one in the Loader Image handle FilePath.
-
-Resolves: bz#1622485
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Reviewed-by: Maran Wilson maran.wilson@oracle.com
-Tested-by: Maran Wilson maran.wilson@oracle.com
-Upstream-commit-id: e563bc3dcd1
----
- shim.c | 17 ++++++++++++++---
- 1 file changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 5ab23d03db4..ae03da7eddf 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2086,21 +2086,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
- return EFI_SUCCESS;
- }
-
--static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
-+static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
- {
- CHAR16 *dppath = NULL;
-+ CHAR16 *PathName = NULL;
-+ EFI_STATUS efi_status;
- int ret = 1;
-
- dppath = DevicePathToStr(li->FilePath);
- if (!dppath)
- return 0;
-
-+ efi_status = generate_path_from_image_path(li, path, &PathName);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Unable to generate path %s: %r\n", path,
-+ efi_status);
-+ goto done;
-+ }
-+
- dprint(L"dppath: %s\n", dppath);
- dprint(L"path: %s\n", path);
-- if (StrnCaseCmp(dppath, path, len))
-+ if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
- ret = 0;
-
-+done:
- FreePool(dppath);
-+ FreePool(PathName);
- return ret;
- }
-
-@@ -2289,7 +2300,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
-
- * which is just cruel... So yeah, just don't use it.
- */
-- if (strings == 1 && is_our_path(li, start, loader_len))
-+ if (strings == 1 && is_our_path(li, start))
- return EFI_SUCCESS;
-
- /*
---
-2.26.2
-
diff --git a/SOURCES/0015-Fix-for-Section-0-has-negative-size-error-when-loadi.patch b/SOURCES/0015-Fix-for-Section-0-has-negative-size-error-when-loadi.patch
deleted file mode 100644
index 419d841..0000000
--- a/SOURCES/0015-Fix-for-Section-0-has-negative-size-error-when-loadi.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From 3d04aef8d80293d701f7efee6b5300f9f528ddfc Mon Sep 17 00:00:00 2001
-From: Maran Wilson <maran.wilson@oracle.com>
-Date: Tue, 7 Aug 2018 15:32:29 -0700
-Subject: [PATCH 15/62] Fix for "Section 0 has negative size" error when
- loading fbaa64.efi
-
-The current code is incorrectly failing to load the fbaa64.efi image found
-in Arm servers even though the UEFI shell code is able to properly load
-and execute the same image.
-
-The problem is due to the presence of a section header that has zero size
-and address and marked "discardable" in the fbaa64.efi image.
-
-Although there is already a check further down in the code to look for
-the discardable bit and skip further verification checks if set, we never
-get to that point due to the "end < base" check at the start of the loop.
-
-Here is a dump of the fbaa64.efi image as compiled on an Arm machine
-from the latest code in this repo:
-
-% # First I used hexedit to change header byte from 'AA' to '86'
-% # so that objdump was able to correctly parse the file:
-% objdump -x -m aarch64 fbaa64.efi
-
-fbaa64.efi: file format pei-x86-64
-fbaa64.efi
-architecture: i386:x86-64, flags 0x00000103:
-HAS_RELOC, EXEC_P, D_PAGED
-start address 0x0000000000000148
-
-Characteristics 0x20e
- executable
- line numbers stripped
- symbols stripped
- debugging information removed
-
-Time/Date Wed Dec 31 16:00:00 1969
-Magic 020b (PE32+)
-MajorLinkerVersion 2
-MinorLinkerVersion 20
-SizeOfCode 000b15d0
-SizeOfInitializedData 00000000
-SizeOfUninitializedData 00000000
-AddressOfEntryPoint 0000000000000148
-BaseOfCode 0000000000000148
-ImageBase 0000000000000000
-SectionAlignment 0000000000000020
-FileAlignment 0000000000000008
-MajorOSystemVersion 0
-MinorOSystemVersion 0
-MajorImageVersion 0
-MinorImageVersion 0
-MajorSubsystemVersion 0
-MinorSubsystemVersion 0
-Win32Version 00000000
-SizeOfImage 000b1718
-SizeOfHeaders 00000148
-CheckSum 00000000
-Subsystem 0000000a (EFI application)
-DllCharacteristics 00000000
-SizeOfStackReserve 0000000000000000
-SizeOfStackCommit 0000000000000000
-SizeOfHeapReserve 0000000000000000
-SizeOfHeapCommit 0000000000000000
-LoaderFlags 00000000
-NumberOfRvaAndSizes 00000006
-
-The Data Directory
-Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
-Entry 1 0000000000000000 00000000 Import Directory [parts of .idata]
-Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
-Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
-Entry 4 0000000000000000 00000000 Security Directory
-Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
-Entry 6 0000000000000000 00000000 Debug Directory
-Entry 7 0000000000000000 00000000 Description Directory
-Entry 8 0000000000000000 00000000 Special Directory
-Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
-Entry a 0000000000000000 00000000 Load Configuration Directory
-Entry b 0000000000000000 00000000 Bound Import Directory
-Entry c 0000000000000000 00000000 Import Address Table Directory
-Entry d 0000000000000000 00000000 Delay Import Directory
-Entry e 0000000000000000 00000000 CLR Runtime Header
-Entry f 0000000000000000 00000000 Reserved
-
-Sections:
-Idx Name Size VMA LMA File off Algn
- 0 .reloc 00000000 0000000000000000 0000000000000000 00000000 2**0
- ALLOC, LOAD, READONLY, DATA
- 1 .text 000b15d0 0000000000000148 0000000000000148 00000148 2**4
- CONTENTS, ALLOC, LOAD, CODE
-SYMBOL TABLE:
-no symbols
-
-Signed-off-by: Maran Wilson <maran.wilson@oracle.com>
-Reviewed-by: Aaron Young <aaron.young@oracle.com>
-Reviewed-by: Jack Schwartz <jack.schwartz@oracle.com>
-Upstream-commit-id: 6df7a8f5609
----
- shim.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/shim.c b/shim.c
-index ae03da7eddf..d980cadacfc 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1347,6 +1347,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
- */
- Section = context.FirstSection;
- for (i = 0; i < context.NumberOfSections; i++, Section++) {
-+ /* Don't try to copy discardable sections with zero size */
-+ if ((Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) &&
-+ !Section->Misc.VirtualSize)
-+ continue;
-+
- base = ImageAddress (buffer, context.ImageSize,
- Section->VirtualAddress);
- end = ImageAddress (buffer, context.ImageSize,
---
-2.26.2
-
diff --git a/SOURCES/0016-Fix-apparent-typo-in-ARM-32-on-64-code.patch b/SOURCES/0016-Fix-apparent-typo-in-ARM-32-on-64-code.patch
deleted file mode 100644
index 6163a19..0000000
--- a/SOURCES/0016-Fix-apparent-typo-in-ARM-32-on-64-code.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From d5b72b322d5b7c6c115833c518e1aa5798076309 Mon Sep 17 00:00:00 2001
-From: dann frazier <dann.frazier@canonical.com>
-Date: Mon, 14 Jan 2019 15:25:11 -0700
-Subject: [PATCH 16/62] Fix apparent typo in ARM 32-on-64 code
-
-The architecture is aarch64, not arch64.
-
-Fixes: 750584c20775 ("Make 64-on-32 maybe work on x86_64.")
-Signed-off-by: dann frazier <dann.frazier@canonical.com>
-Upstream-commit-id: e9f67aaa75a
----
- shim.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/shim.c b/shim.c
-index d980cadacfc..e4d4fea226d 100644
---- a/shim.c
-+++ b/shim.c
-@@ -150,7 +150,7 @@ allow_32_bit(void)
- #endif
- #elif defined(__i386__) || defined(__i686__)
- return 1;
--#elif defined(__arch64__)
-+#elif defined(__aarch64__)
- return 0;
- #else /* assuming everything else is 32-bit... */
- return 1;
---
-2.26.2
-
diff --git a/SOURCES/0017-Makefile-do-not-run-git-on-clean-if-there-s-no-.git-.patch b/SOURCES/0017-Makefile-do-not-run-git-on-clean-if-there-s-no-.git-.patch
deleted file mode 100644
index 961e531..0000000
--- a/SOURCES/0017-Makefile-do-not-run-git-on-clean-if-there-s-no-.git-.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 8544018093b8aa4311b1e970f8396140c22ede0b Mon Sep 17 00:00:00 2001
-From: Luca Boccassi <bluca@debian.org>
-Date: Mon, 14 Jan 2019 19:29:34 +0000
-Subject: [PATCH 17/62] Makefile: do not run git on clean if there's no .git
- directory
-
-When building in minimal chroot on build workers, like in Debian (where
-make clean is called at the beginning of the build process), git will
-not be available. Skip the git clean.
-
-Signed-off-by: Luca Boccassi <bluca@debian.org>
-Upstream-commit-id: be352762a01
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 3f2105595a6..fd7e83dc764 100644
---- a/Makefile
-+++ b/Makefile
-@@ -225,7 +225,7 @@ clean-shim-objs:
- @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME)
- @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid
- @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa]
-- @git clean -f -d -e 'Cryptlib/OpenSSL/*'
-+ @if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi
-
- clean: clean-shim-objs
- $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
---
-2.26.2
-
diff --git a/SOURCES/0018-Make.default-use-correct-flags-to-disable-unaligned-.patch b/SOURCES/0018-Make.default-use-correct-flags-to-disable-unaligned-.patch
deleted file mode 100644
index e934fa7..0000000
--- a/SOURCES/0018-Make.default-use-correct-flags-to-disable-unaligned-.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 7f080b30f3c3718d6b2533f62a50f373fd2cda21 Mon Sep 17 00:00:00 2001
-From: Peter Korsgaard <peter@korsgaard.com>
-Date: Thu, 10 Jan 2019 23:34:11 +0100
-Subject: [PATCH 18/62] Make.default: use correct flags to disable unaligned
- access for 32 bit ARM
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The GCC flag to disable unaligned access on 32bit ARM is
--mno-unaligned-access, not -mstrict-align (which is used on aarch64):
-
-https://lkml.org/lkml/2018/8/3/294
-
-Otherwise build dies with:
-arm-linux-gnueabihf-gcc: error: unrecognized command line option
- ‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-Upstream-commit-id: 41b93358e8c
----
- Make.defaults | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index bbfc1d7f77b..09807bd8108 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -72,7 +72,7 @@ ifeq ($(ARCH),aarch64)
- ARCH_CFLAGS ?=
- endif
- ifeq ($(ARCH),arm)
-- ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
-+ ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
- LIBDIR ?= $(prefix)/lib
- ARCH_SUFFIX ?= arm
- ARCH_SUFFIX_UPPER ?= ARM
---
-2.26.2
-
diff --git a/SOURCES/0019-Cryptlib-fix-build-on-32bit-ARM.patch b/SOURCES/0019-Cryptlib-fix-build-on-32bit-ARM.patch
deleted file mode 100644
index 9ef4f67..0000000
--- a/SOURCES/0019-Cryptlib-fix-build-on-32bit-ARM.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From ee832f21c6706d6b3890d82f9d8bcb2bd249ee04 Mon Sep 17 00:00:00 2001
-From: Peter Korsgaard <peter@korsgaard.com>
-Date: Fri, 11 Jan 2019 09:17:42 +0100
-Subject: [PATCH 19/62] Cryptlib: fix build on 32bit ARM
-
-Pass MDE_CPU_ARM, similar to how it is done for the other supported
-architectures, otherwise the build fails in:
-
-Cryptlib/Include/OpenSslSupport.h:55:2: error:
- #error Unknown target architecture
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-Upstream-commit-id: cb83c14628b
----
- Cryptlib/Makefile | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
-index 2aa569594a0..5c098f34cec 100644
---- a/Cryptlib/Makefile
-+++ b/Cryptlib/Makefile
-@@ -19,6 +19,9 @@ endif
- ifeq ($(ARCH),aarch64)
- CFLAGS += -DMDE_CPU_AARCH64
- endif
-+ifeq ($(ARCH),arm)
-+ CFLAGS += -DMDE_CPU_ARM
-+endif
- LDFLAGS = -nostdlib -znocombreloc
-
- TARGET = libcryptlib.a
---
-2.26.2
-
diff --git a/SOURCES/0020-Make-sure-that-MOK-variables-always-get-mirrored.patch b/SOURCES/0020-Make-sure-that-MOK-variables-always-get-mirrored.patch
deleted file mode 100644
index ca6f732..0000000
--- a/SOURCES/0020-Make-sure-that-MOK-variables-always-get-mirrored.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From ac0400b20264ef67b67891d2216edd3fe20e5571 Mon Sep 17 00:00:00 2001
-From: Patrick Uiterwijk <patrick@puiterwijk.org>
-Date: Mon, 5 Nov 2018 14:51:16 +0100
-Subject: [PATCH 20/62] Make sure that MOK variables always get mirrored
-
-Without this, if a Mok variable doesn't exist in Boot Services, it will also
-not be copied to Runtime, even if we have data to be added to it (vendor cert).
-This patch makes sure that if we have extra data to append, we still mirror
-the variable.
-
-Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
-Upstream-commit-id: 9ab0d796bdc
----
- mok.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 38675211e0e..00dd1ad3034 100644
---- a/mok.c
-+++ b/mok.c
-@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- UINT32 attrs = 0;
- BOOLEAN delete = FALSE, present, addend;
-
-+ addend = (v->addend_source && v->addend_size &&
-+ *v->addend_source && *v->addend_size)
-+ ? TRUE : FALSE;
-+
- efi_status = get_variable_attr(v->name,
- &v->data, &v->data_size,
- *v->guid, &attrs);
-- if (efi_status == EFI_NOT_FOUND)
-+ if (efi_status == EFI_NOT_FOUND) {
-+ if (v->rtname && addend) {
-+ efi_status = mirror_one_mok_variable(v);
-+ if (EFI_ERROR(efi_status) &&
-+ ret != EFI_SECURITY_VIOLATION)
-+ ret = efi_status;
-+ }
-+ /*
-+ * after possibly adding, we can continue, no
-+ * further checks to be done.
-+ */
- continue;
-+ }
- if (EFI_ERROR(efi_status)) {
- perror(L"Could not verify %s: %r\n", v->name,
- efi_status);
-@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- }
-
- present = (v->data && v->data_size) ? TRUE : FALSE;
-- addend = (v->addend_source && v->addend_size &&
-- *v->addend_source && *v->addend_size)
-- ? TRUE : FALSE;
-
- if (v->flags & MOK_VARIABLE_MEASURE && present) {
- /*
---
-2.26.2
-
diff --git a/SOURCES/0021-mok-fix-the-mirroring-of-RT-variables.patch b/SOURCES/0021-mok-fix-the-mirroring-of-RT-variables.patch
deleted file mode 100644
index 135788e..0000000
--- a/SOURCES/0021-mok-fix-the-mirroring-of-RT-variables.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From f748139695384fb4e09833898f0b8cb3ab85d810 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 21 Nov 2018 12:47:43 +0800
-Subject: [PATCH 21/62] mok: fix the mirroring of RT variables
-
-When there is no key in MokList, import_mok_state() just skipped MokList
-even though it should always mirror the vendor cert. Besides, the faulty
-check of 'present' and 'addend' invalidates the mirroring of MokListXRT,
-MokSBStateRT, and MokIgnoreDB.
-
-https://github.com/rhboot/shim/issues/154
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 4b27ae034ba
----
- mok.c | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 00dd1ad3034..41925abbb49 100644
---- a/mok.c
-+++ b/mok.c
-@@ -231,12 +231,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- &v->data, &v->data_size,
- *v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND) {
-- if (v->rtname && addend) {
-- efi_status = mirror_one_mok_variable(v);
-- if (EFI_ERROR(efi_status) &&
-- ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-+ if (addend)
-+ goto mirror_addend;
- /*
- * after possibly adding, we can continue, no
- * further checks to be done.
-@@ -316,7 +312,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- }
- }
-
-- if (v->rtname && present && addend) {
-+mirror_addend:
-+ if (v->rtname && (present || addend)) {
- if (v->flags & MOK_MIRROR_DELETE_FIRST)
- LibDeleteVariable(v->rtname, v->guid);
-
---
-2.26.2
-
diff --git a/SOURCES/0022-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch b/SOURCES/0022-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
deleted file mode 100644
index bd8d9cf..0000000
--- a/SOURCES/0022-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From ff6e5cda136c8fd637d3d6b8334f4f221ba2b1ee Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 31 Jan 2019 13:45:30 -0500
-Subject: [PATCH 22/62] mok: consolidate mirroring code in a helper instead of
- using goto
-
-There's no reason to complicate the logic with a goto here, instead just
-pull the logic we're jumping to out to a helper function.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 29c11483101
----
- mok.c | 42 +++++++++++++++++++++++++++++-------------
- shim.h | 2 ++
- 2 files changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 41925abbb49..2b9d796a0e8 100644
---- a/mok.c
-+++ b/mok.c
-@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {
- { NULL, }
- };
-
--static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
-+static EFI_STATUS nonnull(1)
-+mirror_one_mok_variable(struct mok_state_variable *v)
- {
- EFI_STATUS efi_status = EFI_SUCCESS;
- void *FullData = NULL;
-@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
- return efi_status;
- }
-
-+/*
-+ * Mirror a variable if it has an rtname, and preserve any
-+ * EFI_SECURITY_VIOLATION status at the same time.
-+ */
-+static EFI_STATUS nonnull(1)
-+maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
-+{
-+ EFI_STATUS efi_status;
-+ if (v->rtname) {
-+ if (v->flags & MOK_MIRROR_DELETE_FIRST)
-+ LibDeleteVariable(v->rtname, v->guid);
-+
-+ efi_status = mirror_one_mok_variable(v);
-+ if (EFI_ERROR(efi_status)) {
-+ if (ret != EFI_SECURITY_VIOLATION)
-+ ret = efi_status;
-+ perror(L"Could not create %s: %r\n", v->rtname,
-+ efi_status);
-+ }
-+ }
-+ return ret;
-+}
-+
- /*
- * Verify our non-volatile MoK state. This checks the variables above
- * accessable and have valid attributes. If they don't, it removes
-@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- *v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND) {
- if (addend)
-- goto mirror_addend;
-+ ret = maybe_mirror_one_mok_variable(v, ret);
- /*
- * after possibly adding, we can continue, no
- * further checks to be done.
-@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- }
- }
-
--mirror_addend:
-- if (v->rtname && (present || addend)) {
-- if (v->flags & MOK_MIRROR_DELETE_FIRST)
-- LibDeleteVariable(v->rtname, v->guid);
--
-- efi_status = mirror_one_mok_variable(v);
-- if (EFI_ERROR(efi_status) &&
-- ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-+ if (present)
-+ ret = maybe_mirror_one_mok_variable(v, ret);
- }
-
- /*
-@@ -340,4 +356,4 @@ mirror_addend:
- return ret;
- }
-
--// vim:fenc=utf-8:tw=75
-+// vim:fenc=utf-8:tw=75:noet
-diff --git a/shim.h b/shim.h
-index 2b359d821e3..c26d5f06538 100644
---- a/shim.h
-+++ b/shim.h
-@@ -30,6 +30,8 @@
-
- #include <stddef.h>
-
-+#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))
-+
- #define min(a, b) ({(a) < (b) ? (a) : (b);})
-
- #ifdef __x86_64__
---
-2.26.2
-
diff --git a/SOURCES/0023-shim-only-include-shim_cert.h-in-shim.c.patch b/SOURCES/0023-shim-only-include-shim_cert.h-in-shim.c.patch
deleted file mode 100644
index fce8963..0000000
--- a/SOURCES/0023-shim-only-include-shim_cert.h-in-shim.c.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From 7a3638173e406ce7cbd682213606e3152244fcb2 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 19 Dec 2018 11:27:42 +0800
-Subject: [PATCH 23/62] shim: only include shim_cert.h in shim.c
-
-The shim_cert array was declared as a static array, and every user of
-shim_cert.h would create a shim_cert array for its own and grow the file
-size. To remove the unnecessary duplicate shim_cert arrays, this commit
-declares shim_cert in shim.c while other users still can access the
-array through the external variables: build_cert and build_cert_size.
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: 4e2d62f0f4e
----
- shim.c | 11 +++++++++++
- shim.h | 7 ++++---
- 2 files changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index e4d4fea226d..0a95f94b360 100644
---- a/shim.c
-+++ b/shim.c
-@@ -34,6 +34,9 @@
- */
-
- #include "shim.h"
-+#if defined(ENABLE_SHIM_CERT)
-+#include "shim_cert.h"
-+#endif /* defined(ENABLE_SHIM_CERT) */
-
- #include <openssl/err.h>
- #include <openssl/bn.h>
-@@ -75,6 +78,10 @@ UINT32 vendor_cert_size;
- UINT32 vendor_dbx_size;
- UINT8 *vendor_cert;
- UINT8 *vendor_dbx;
-+#if defined(ENABLE_SHIM_CERT)
-+UINT32 build_cert_size;
-+UINT8 *build_cert;
-+#endif /* defined(ENABLE_SHIM_CERT) */
-
- /*
- * indicator of how an image has been verified
-@@ -2562,6 +2569,10 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- vendor_dbx_size = cert_table.vendor_dbx_size;
- vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
- vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
-+#if defined(ENABLE_SHIM_CERT)
-+ build_cert_size = sizeof(shim_cert);
-+ build_cert = shim_cert;
-+#endif /* defined(ENABLE_SHIM_CERT) */
- CHAR16 *msgs[] = {
- L"import_mok_state() failed\n",
- L"shim_int() failed\n",
-diff --git a/shim.h b/shim.h
-index c26d5f06538..e4d40505f09 100644
---- a/shim.h
-+++ b/shim.h
-@@ -122,9 +122,6 @@
- #include "include/variables.h"
-
- #include "version.h"
--#ifdef ENABLE_SHIM_CERT
--#include "shim_cert.h"
--#endif
-
- INTERFACE_DECL(_SHIM_LOCK);
-
-@@ -172,6 +169,10 @@ extern UINT32 vendor_cert_size;
- extern UINT32 vendor_dbx_size;
- extern UINT8 *vendor_cert;
- extern UINT8 *vendor_dbx;
-+#if defined(ENABLE_SHIM_CERT)
-+extern UINT32 build_cert_size;
-+extern UINT8 *build_cert;
-+#endif /* defined(ENABLE_SHIM_CERT) */
-
- extern UINT8 user_insecure_mode;
- extern UINT8 ignore_db;
---
-2.26.2
-
diff --git a/SOURCES/0024-mok-also-mirror-the-build-cert-to-MokListRT.patch b/SOURCES/0024-mok-also-mirror-the-build-cert-to-MokListRT.patch
deleted file mode 100644
index d331df4..0000000
--- a/SOURCES/0024-mok-also-mirror-the-build-cert-to-MokListRT.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From 3d62232feb296b238ca5d7963ba40a2c346767e7 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 19 Dec 2018 12:40:02 +0800
-Subject: [PATCH 24/62] mok: also mirror the build cert to MokListRT
-
-If the build cert is enabled, we should also mirror it to MokListRT.
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: aecbe1f99b6
----
- mok.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
- 1 file changed, 72 insertions(+), 6 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 2b9d796a0e8..6150d8c8868 100644
---- a/mok.c
-+++ b/mok.c
-@@ -68,6 +68,10 @@ struct mok_state_variable {
- */
- UINT8 **addend_source;
- UINT32 *addend_size;
-+#if defined(ENABLE_SHIM_CERT)
-+ UINT8 **build_cert;
-+ UINT32 *build_cert_size;
-+#endif /* defined(ENABLE_SHIM_CERT) */
- UINT32 yes_attr;
- UINT32 no_attr;
- UINT32 flags;
-@@ -90,6 +94,10 @@ struct mok_state_variable mok_state_variables[] = {
- .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
- .addend_source = &vendor_cert,
- .addend_size = &vendor_cert_size,
-+#if defined(ENABLE_SHIM_CERT)
-+ .build_cert = &build_cert,
-+ .build_cert_size = &build_cert_size,
-+#endif /* defined(ENABLE_SHIM_CERT) */
- .flags = MOK_MIRROR_KEYDB |
- MOK_VARIABLE_LOG,
- .pcr = 14,
-@@ -130,6 +138,22 @@ struct mok_state_variable mok_state_variables[] = {
- { NULL, }
- };
-
-+inline BOOLEAN check_vendor_cert(struct mok_state_variable *v)
-+{
-+ return (v->addend_source && v->addend_size &&
-+ *v->addend_source && *v->addend_size) ? TRUE : FALSE;
-+}
-+#if defined(ENABLE_SHIM_CERT)
-+inline BOOLEAN check_build_cert(struct mok_state_variable *v)
-+{
-+ return (v->build_cert && v->build_cert_size &&
-+ *v->build_cert && *v->build_cert_size) ? TRUE : FALSE;
-+}
-+#define check_addend(v) (check_vendor_cert(v) || check_build_cert(v))
-+#else
-+#define check_addend(v) check_vendor_cert(v)
-+#endif /* defined(ENABLE_SHIM_CERT) */
-+
- static EFI_STATUS nonnull(1)
- mirror_one_mok_variable(struct mok_state_variable *v)
- {
-@@ -138,15 +162,27 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- UINTN FullDataSize = 0;
- uint8_t *p = NULL;
-
-- if ((v->flags & MOK_MIRROR_KEYDB) &&
-- v->addend_source && *v->addend_source &&
-- v->addend_size && *v->addend_size) {
-+ if ((v->flags & MOK_MIRROR_KEYDB) && check_addend(v)) {
- EFI_SIGNATURE_LIST *CertList = NULL;
- EFI_SIGNATURE_DATA *CertData = NULL;
-+#if defined(ENABLE_SHIM_CERT)
-+ FullDataSize = v->data_size;
-+ if (check_build_cert(v)) {
-+ FullDataSize += sizeof (*CertList)
-+ + sizeof (EFI_GUID)
-+ + *v->build_cert_size;
-+ }
-+ if (check_vendor_cert(v)) {
-+ FullDataSize += sizeof (*CertList)
-+ + sizeof (EFI_GUID)
-+ + *v->addend_size;
-+ }
-+#else
- FullDataSize = v->data_size
- + sizeof (*CertList)
- + sizeof (EFI_GUID)
- + *v->addend_size;
-+#endif /* defined(ENABLE_SHIM_CERT) */
- FullData = AllocatePool(FullDataSize);
- if (!FullData) {
- perror(L"Failed to allocate space for MokListRT\n");
-@@ -158,6 +194,35 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- CopyMem(p, v->data, v->data_size);
- p += v->data_size;
- }
-+
-+#if defined(ENABLE_SHIM_CERT)
-+ if (check_build_cert(v) == FALSE)
-+ goto skip_build_cert;
-+
-+ CertList = (EFI_SIGNATURE_LIST *)p;
-+ p += sizeof (*CertList);
-+ CertData = (EFI_SIGNATURE_DATA *)p;
-+ p += sizeof (EFI_GUID);
-+
-+ CertList->SignatureType = EFI_CERT_TYPE_X509_GUID;
-+ CertList->SignatureListSize = *v->build_cert_size
-+ + sizeof (*CertList)
-+ + sizeof (*CertData)
-+ -1;
-+ CertList->SignatureHeaderSize = 0;
-+ CertList->SignatureSize = *v->build_cert_size +
-+ sizeof (EFI_GUID);
-+
-+ CertData->SignatureOwner = SHIM_LOCK_GUID;
-+ CopyMem(p, *v->build_cert, *v->build_cert_size);
-+
-+ p += *v->build_cert_size;
-+
-+ if (check_vendor_cert(v) == FALSE)
-+ goto skip_vendor_cert;
-+skip_build_cert:
-+#endif /* defined(ENABLE_SHIM_CERT) */
-+
- CertList = (EFI_SIGNATURE_LIST *)p;
- p += sizeof (*CertList);
- CertData = (EFI_SIGNATURE_DATA *)p;
-@@ -174,6 +239,9 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- CertData->SignatureOwner = SHIM_LOCK_GUID;
- CopyMem(p, *v->addend_source, *v->addend_size);
-
-+#if defined(ENABLE_SHIM_CERT)
-+skip_vendor_cert:
-+#endif /* defined(ENABLE_SHIM_CERT) */
- if (v->data && v->data_size)
- FreePool(v->data);
- v->data = FullData;
-@@ -247,9 +315,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- UINT32 attrs = 0;
- BOOLEAN delete = FALSE, present, addend;
-
-- addend = (v->addend_source && v->addend_size &&
-- *v->addend_source && *v->addend_size)
-- ? TRUE : FALSE;
-+ addend = check_addend(v);
-
- efi_status = get_variable_attr(v->name,
- &v->data, &v->data_size,
---
-2.26.2
-
diff --git a/SOURCES/0025-mok-minor-cleanups.patch b/SOURCES/0025-mok-minor-cleanups.patch
deleted file mode 100644
index 98120d3..0000000
--- a/SOURCES/0025-mok-minor-cleanups.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From ff890cf45224926574eee93b0ea1494468870bd3 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 31 Jan 2019 14:04:57 -0500
-Subject: [PATCH 25/62] mok: minor cleanups
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 617b9007668
----
- mok.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 6150d8c8868..59630e74425 100644
---- a/mok.c
-+++ b/mok.c
-@@ -138,13 +138,16 @@ struct mok_state_variable mok_state_variables[] = {
- { NULL, }
- };
-
--inline BOOLEAN check_vendor_cert(struct mok_state_variable *v)
-+static inline BOOLEAN nonnull(1)
-+check_vendor_cert(struct mok_state_variable *v)
- {
- return (v->addend_source && v->addend_size &&
- *v->addend_source && *v->addend_size) ? TRUE : FALSE;
- }
-+
- #if defined(ENABLE_SHIM_CERT)
--inline BOOLEAN check_build_cert(struct mok_state_variable *v)
-+static inline BOOLEAN nonnull(1)
-+check_build_cert(struct mok_state_variable *v)
- {
- return (v->build_cert && v->build_cert_size &&
- *v->build_cert && *v->build_cert_size) ? TRUE : FALSE;
---
-2.26.2
-
diff --git a/SOURCES/0026-Remove-call-to-TPM2-get_event_log.patch b/SOURCES/0026-Remove-call-to-TPM2-get_event_log.patch
deleted file mode 100644
index 30b8374..0000000
--- a/SOURCES/0026-Remove-call-to-TPM2-get_event_log.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From cf3f99c3b1e11c8c83938784975331db5efb410f Mon Sep 17 00:00:00 2001
-From: Matthew Garrett <mjg59@google.com>
-Date: Tue, 11 Dec 2018 15:25:44 -0800
-Subject: [PATCH 26/62] Remove call to TPM2 get_event_log()
-
-Calling the TPM2 get_event_log causes the firmware to start logging
-events to the final events table, but implementations may also continue
-logging to the boot services event log. Any OS that wishes to
-reconstruct the full PCR state must already look at both the final
-events log and the boot services event log, so if this call is made
-anywhere other than immediately before ExitBootServices() then the OS
-must deduplicate events that occur in both, complicating things
-immensely.
-
-Linux already has support for copying up the boot services event log
-across the ExitBootServices() boundary, so there's no reason to make
-this call. Remove it.
-
-Signed-off-by: Matthew Garrett <mjg59@google.com>
-Upstream-commit-id: fd7c3bd920b
----
- tpm.c | 46 ----------------------------------------------
- 1 file changed, 46 deletions(-)
-
-diff --git a/tpm.c b/tpm.c
-index 674e69b715f..f07362c70bb 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -70,41 +70,6 @@ static BOOLEAN tpm2_present(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps,
- return FALSE;
- }
-
--static inline EFI_TCG2_EVENT_LOG_BITMAP
--tpm2_get_supported_logs(efi_tpm2_protocol_t *tpm,
-- EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps,
-- BOOLEAN old_caps)
--{
-- if (old_caps)
-- return ((TREE_BOOT_SERVICE_CAPABILITY *)caps)->SupportedEventLogs;
--
-- return caps->SupportedEventLogs;
--}
--
--/*
-- * According to TCG EFI Protocol Specification for TPM 2.0 family,
-- * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
-- * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
-- * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
-- * internal switch through calling get_event_log() in order to allow
-- * to retrieve the logs from OS runtime.
-- */
--static EFI_STATUS trigger_tcg2_final_events_table(efi_tpm2_protocol_t *tpm2,
-- EFI_TCG2_EVENT_LOG_BITMAP supported_logs)
--{
-- EFI_TCG2_EVENT_LOG_FORMAT log_fmt;
-- EFI_PHYSICAL_ADDRESS start;
-- EFI_PHYSICAL_ADDRESS end;
-- BOOLEAN truncated;
--
-- if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
-- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
-- else
-- log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
--
-- return tpm2->get_event_log(tpm2, log_fmt, &start, &end, &truncated);
--}
--
- static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
- efi_tpm2_protocol_t **tpm2,
- BOOLEAN *old_caps_p,
-@@ -166,17 +131,6 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- #endif
- } else if (tpm2) {
- EFI_TCG2_EVENT *event;
-- EFI_TCG2_EVENT_LOG_BITMAP supported_logs;
--
-- supported_logs = tpm2_get_supported_logs(tpm2, &caps, old_caps);
--
-- efi_status = trigger_tcg2_final_events_table(tpm2,
-- supported_logs);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Unable to trigger tcg2 final events table: %r\n",
-- efi_status);
-- return efi_status;
-- }
-
- event = AllocatePool(sizeof(*event) + logsize);
- if (!event) {
---
-2.26.2
-
diff --git a/SOURCES/0027-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch b/SOURCES/0027-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
deleted file mode 100644
index d07e6e2..0000000
--- a/SOURCES/0027-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 95bd1d88003a9a7c2732472b061ad2a9c7140419 Mon Sep 17 00:00:00 2001
-From: Patrick Uiterwijk <patrick@puiterwijk.org>
-Date: Thu, 6 Dec 2018 10:08:45 +0100
-Subject: [PATCH 27/62] Make EFI variable copying fatal only on secureboot
- enabled systems
-
-I have come across systems that are unwilling to reserve enough memory for
-a MokListRT big enough for big certificates.
-This seems to be the case with firmware implementations that do not support
-secureboot, which is probably the reason they went with much lower variable
-storage.
-
-This patch set makes sure we can still boot on those systems, by only
-making the copy action fatal if the system has secure boot enabled, or if
-the error was anything other than EFI_INVALID_PARAMETER.
-
-Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
-Upstream-commit-id: 741c61abba7
----
- shim.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/shim.c b/shim.c
-index 0a95f94b360..d4ed332f901 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2609,7 +2609,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- * boot-services-only state variables are what we think they are.
- */
- efi_status = import_mok_state(image_handle);
-- if (EFI_ERROR(efi_status)) {
-+ if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
-+ /*
-+ * Make copy failures fatal only if secure_mode is enabled, or
-+ * the error was anything else than EFI_INVALID_PARAMETER.
-+ * There are non-secureboot firmware implementations that don't
-+ * reserve enough EFI variable memory to fit the variable.
-+ */
-+ console_print(L"Importing MOK states has failed: %s: %r\n",
-+ msgs[msg], efi_status);
-+ console_print(L"Continuing boot since secure mode is disabled");
-+ } else if (EFI_ERROR(efi_status)) {
- die:
- console_print(L"Something has gone seriously wrong: %s: %r\n",
- msgs[msg], efi_status);
---
-2.26.2
-
diff --git a/SOURCES/0028-VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch b/SOURCES/0028-VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch
deleted file mode 100644
index c671a9a..0000000
--- a/SOURCES/0028-VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 344a8364cb05cdaafc43231d0f73d5217c4e118c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 12 Feb 2019 18:04:49 -0500
-Subject: [PATCH 28/62] VLogError(): Avoid NULL pointer dereferences in
- (V)Sprint calls
-
-VLogError() calculates the size of format strings by using calls to
-SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
-Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
-of "0" is special-cased to mean "there is no limit". So, we end up
-writing our string to address 0x0. This was discovered because it
-causes a crash on ARM where, unlike x86, it does not necessarily
-have memory mapped at 0x0.
-
-Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
-handles the size calculation and allocation for us.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
-[dannf: commit message ]
-Signed-off-by: dann frazier <dann.frazier@canonical.com>
-Upstream-commit-id: 20e731f423a
----
- errlog.c | 15 +++------------
- 1 file changed, 3 insertions(+), 12 deletions(-)
-
-diff --git a/errlog.c b/errlog.c
-index 18be4822d53..eebb266d396 100644
---- a/errlog.c
-+++ b/errlog.c
-@@ -14,29 +14,20 @@ EFI_STATUS
- VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
- {
- va_list args2;
-- UINTN size = 0, size2;
- CHAR16 **newerrs;
-
-- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
-- va_copy(args2, args);
-- size2 = VSPrint(NULL, 0, fmt, args2);
-- va_end(args2);
--
- newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
- (nerrs + 3) * sizeof(*errs));
- if (!newerrs)
- return EFI_OUT_OF_RESOURCES;
-
-- newerrs[nerrs] = AllocatePool(size*2+2);
-+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
- if (!newerrs[nerrs])
- return EFI_OUT_OF_RESOURCES;
-- newerrs[nerrs+1] = AllocatePool(size2*2+2);
-+ va_copy(args2, args);
-+ newerrs[nerrs+1] = VPoolPrint(fmt, args2);
- if (!newerrs[nerrs+1])
- return EFI_OUT_OF_RESOURCES;
--
-- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
-- va_copy(args2, args);
-- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
- va_end(args2);
-
- nerrs += 2;
---
-2.26.2
-
diff --git a/SOURCES/0029-Once-again-try-even-harder-to-get-binaries-without-t.patch b/SOURCES/0029-Once-again-try-even-harder-to-get-binaries-without-t.patch
deleted file mode 100644
index 617ae6a..0000000
--- a/SOURCES/0029-Once-again-try-even-harder-to-get-binaries-without-t.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 10d6e3d90f1ea504a1dedaea50478c444e92951c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Fri, 15 Mar 2019 09:52:02 -0400
-Subject: [PATCH 29/62] Once again, try even harder to get binaries without
- timestamps in them.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'
-Time/Date Thu Jan 1 00:00:08 1970
-$ _
-
-"What is despair? I have known it—hear my song. Despair is when you’re
-debugging a kernel driver and you look at a memory dump and you see that
-a pointer has a value of 7."
- - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf
-
-objcopy only knows about -D for some targets.
-ld only believes in --no-insert-timestamp in some versions.
-dd takes off and nukes the site from orbit.
-
-It's the only way to be sure.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: a4a1fbe728c
----
- Make.defaults | 4 ++++
- Makefile | 6 ++++--
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index 09807bd8108..f0bfa9fd573 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -50,6 +50,7 @@ ifeq ($(ARCH),x86_64)
- ARCH_SUFFIX ?= x64
- ARCH_SUFFIX_UPPER ?= X64
- ARCH_LDFLAGS ?=
-+ TIMESTAMP_LOCATION := 136
- endif
- ifeq ($(ARCH),ia32)
- ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-@@ -60,6 +61,7 @@ ifeq ($(ARCH),ia32)
- ARCH_SUFFIX_UPPER ?= IA32
- ARCH_LDFLAGS ?=
- ARCH_CFLAGS ?= -m32
-+ TIMESTAMP_LOCATION := 136
- endif
- ifeq ($(ARCH),aarch64)
- ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
-@@ -70,6 +72,7 @@ ifeq ($(ARCH),aarch64)
- SUBSYSTEM := 0xa
- ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
- ARCH_CFLAGS ?=
-+ TIMESTAMP_LOCATION := 72
- endif
- ifeq ($(ARCH),arm)
- ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
-@@ -79,6 +82,7 @@ ifeq ($(ARCH),arm)
- FORMAT := -O binary
- SUBSYSTEM := 0xa
- ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
-+ TIMESTAMP_LOCATION := 72
- endif
-
- CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-diff --git a/Makefile b/Makefile
-index fd7e83dc764..49e14a26521 100644
---- a/Makefile
-+++ b/Makefile
-@@ -189,11 +189,13 @@ endif
- ifneq ($(OBJCOPY_GTE224),1)
- $(error objcopy >= 2.24 is required)
- endif
-- $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \
-+ $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
- -j .dynamic -j .dynsym -j .rel* \
- -j .rela* -j .reloc -j .eh_frame \
- -j .vendor_cert \
- $(FORMAT) $^ $@
-+ # I am tired of wasting my time fighting binutils timestamp code.
-+ dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@
-
- ifneq ($(origin ENABLE_SHIM_HASH),undefined)
- %.hash : %.efi
-@@ -204,7 +206,7 @@ endif
- ifneq ($(OBJCOPY_GTE224),1)
- $(error objcopy >= 2.24 is required)
- endif
-- $(OBJCOPY) -j .text -j .sdata -j .data \
-+ $(OBJCOPY) -D -j .text -j .sdata -j .data \
- -j .dynamic -j .dynsym -j .rel* \
- -j .rela* -j .reloc -j .eh_frame \
- -j .debug_info -j .debug_abbrev -j .debug_aranges \
---
-2.26.2
-
diff --git a/SOURCES/0030-shim-Rework-pause-functions-and-add-read_counter.patch b/SOURCES/0030-shim-Rework-pause-functions-and-add-read_counter.patch
deleted file mode 100644
index ba8c278..0000000
--- a/SOURCES/0030-shim-Rework-pause-functions-and-add-read_counter.patch
+++ /dev/null
@@ -1,280 +0,0 @@
-From 1b382ef850de5a6c59b192c146a0e8d898d2d961 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 23 Oct 2018 18:17:57 -0400
-Subject: [PATCH 30/62] shim: Rework pause functions and add read_counter()
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: fc6b0bca84e
----
- shim.c | 4 +-
- include/asm.h | 59 +++++++++++++++++
- include/compiler.h | 156 +++++++++++++++++++++++++++++++++++++++++++++
- shim.h | 1 +
- 4 files changed, 217 insertions(+), 3 deletions(-)
- create mode 100644 include/asm.h
- create mode 100644 include/compiler.h
-
-diff --git a/shim.c b/shim.c
-index d4ed332f901..f69e69487fc 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2543,16 +2543,14 @@ debug_hook(void)
- #if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
- if (x > 4294967294ULL)
- break;
-- __asm__ __volatile__("pause");
- #elif defined(__aarch64__)
- if (x > 1000)
- break;
-- __asm__ __volatile__("wfi");
- #else
- if (x > 12000)
- break;
-- msleep(5000);
- #endif
-+ pause();
- }
- x = 1;
- }
-diff --git a/include/asm.h b/include/asm.h
-new file mode 100644
-index 00000000000..5e8f9ed9d7c
---- /dev/null
-+++ b/include/asm.h
-@@ -0,0 +1,59 @@
-+/*
-+ * asm.h
-+ * Copyright 2018 Peter Jones <pjones@redhat.com>
-+ */
-+
-+#ifndef SHIM_ASM_H_
-+#define SHIM_ASM_H_
-+
-+#define __stringify_1(x...) #x
-+#define __stringify(x...) __stringify_1(x)
-+
-+static inline uint64_t read_counter(void)
-+{
-+ uint64_t val;
-+#if defined (__x86_64__)
-+ unsigned long low, high;
-+ __asm__ __volatile__("rdtsc" : "=a" (low), "=d" (high));
-+ val = (low) | (high) << 32;
-+#elif defined(__i386__) || defined(__i686__)
-+ __asm__ __volatile__("rdtsc" : "=A" (val));
-+#elif defined(__aarch64__)
-+ __asm__ __volatile__ ("mrs %0, pmccntr_el0" : "=r" (val));
-+#elif defined(__arm__)
-+ __asm__ __volatile__ ("mrc p15, 0, %0, c9, c13, 0" : "=r" (val));
-+#else
-+#error unsupported arch
-+#endif
-+ return val;
-+}
-+
-+#if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
-+static inline void pause(void)
-+{
-+ __asm__ __volatile__("pause");
-+}
-+#elif defined(__aarch64__)
-+static inline void pause(void)
-+{
-+ __asm__ __volatile__("wfi");
-+}
-+#else
-+static inline void pause(void)
-+{
-+ uint64_t a, b;
-+ int x;
-+ extern void msleep(unsigned long msecs);
-+
-+ a = read_counter();
-+ for (x = 0; x < 1000; x++) {
-+ msleep(1000);
-+ b = read_counter();
-+ if (a != b)
-+ break;
-+ }
-+}
-+#endif
-+
-+#endif /* !SHIM_ASM_H_ */
-+// vim:fenc=utf-8:tw=75:et
-diff --git a/include/compiler.h b/include/compiler.h
-new file mode 100644
-index 00000000000..a2a0859379f
---- /dev/null
-+++ b/include/compiler.h
-@@ -0,0 +1,156 @@
-+/*
-+ * compiler.h
-+ * Copyright 2019 Peter Jones <pjones@redhat.com>
-+ */
-+
-+#ifndef COMPILER_H_
-+#define COMPILER_H_
-+
-+#ifndef UNUSED
-+#define UNUSED __attribute__((__unused__))
-+#endif
-+#ifndef HIDDEN
-+#define HIDDEN __attribute__((__visibility__ ("hidden")))
-+#endif
-+#ifndef PUBLIC
-+#define PUBLIC __attribute__((__visibility__ ("default")))
-+#endif
-+#ifndef DESTRUCTOR
-+#define DESTRUCTOR __attribute__((destructor))
-+#endif
-+#ifndef CONSTRUCTOR
-+#define CONSTRUCTOR __attribute__((constructor))
-+#endif
-+#ifndef ALIAS
-+#define ALIAS(x) __attribute__((weak, alias (#x)))
-+#endif
-+#ifndef NONNULL
-+#endif
-+#define NONNULL(first, args...) __attribute__((__nonnull__(first, ## args)))
-+#ifndef PRINTF
-+#define PRINTF(first, args...) __attribute__((__format__(printf, first, ## args)))
-+#endif
-+#ifndef FLATTEN
-+#define FLATTEN __attribute__((__flatten__))
-+#endif
-+#ifndef PACKED
-+#define PACKED __attribute__((__packed__))
-+#endif
-+#ifndef VERSION
-+#define VERSION(sym, ver) __asm__(".symver " # sym "," # ver)
-+#endif
-+#ifndef NORETURN
-+#define NORETURN __attribute__((__noreturn__))
-+#endif
-+#ifndef ALIGNED
-+#define ALIGNED(n) __attribute__((__aligned__(n)))
-+#endif
-+#ifndef CLEANUP_FUNC
-+#define CLEANUP_FUNC(x) __attribute__((__cleanup__(x)))
-+#endif
-+#ifndef USED
-+#define USED __attribute__((__used__))
-+#endif
-+#ifndef SECTION
-+#define SECTION(x) __attribute__((__section__(x)))
-+#endif
-+#ifndef OPTIMIZE
-+#define OPTIMIZE(x) __attribute__((__optimize__(x)))
-+#endif
-+
-+#ifndef __CONCAT
-+#define __CONCAT3(a, b, c) a ## b ## c
-+#endif
-+#ifndef CAT
-+#define CAT(a, b) __CONCAT(a, b)
-+#endif
-+#ifndef CAT3
-+#define CAT3(a, b, c) __CONCAT3(a, b, c)
-+#endif
-+#ifndef STRING
-+#define STRING(x) __STRING(x)
-+#endif
-+
-+#ifndef WRITE_ONCE
-+#define WRITE_ONCE(var, val) \
-+ (*((volatile typeof(val) *)(&(var))) = (val))
-+#endif
-+
-+#ifndef READ_ONCE
-+#define READ_ONCE(var) (*((volatile typeof(var) *)(&(var))))
-+#endif
-+
-+#ifndef likely
-+#define likely(x) __builtin_expect(!!(x), 1)
-+#endif
-+
-+#ifndef unlikely
-+#define unlikely(x) __builtin_expect(!!(x), 0)
-+#endif
-+
-+/* Are two types/vars the same type (ignoring qualifiers)? */
-+#ifndef __same_type
-+#define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
-+#endif
-+
-+/* Compile time object size, -1 for unknown */
-+#ifndef __compiletime_object_size
-+# define __compiletime_object_size(obj) -1
-+#endif
-+#ifndef __compiletime_warning
-+# define __compiletime_warning(message)
-+#endif
-+#ifndef __compiletime_error
-+# define __compiletime_error(message)
-+#endif
-+
-+#ifndef __compiletime_assert
-+#define __compiletime_assert(condition, msg, prefix, suffix) \
-+ do { \
-+ extern void prefix ## suffix(void) __compiletime_error(msg); \
-+ if (!(condition)) \
-+ prefix ## suffix(); \
-+ } while (0)
-+#endif
-+
-+#ifndef _compiletime_assert
-+#define _compiletime_assert(condition, msg, prefix, suffix) \
-+ __compiletime_assert(condition, msg, prefix, suffix)
-+#endif
-+
-+/**
-+ * compiletime_assert - break build and emit msg if condition is false
-+ * @condition: a compile-time constant condition to check
-+ * @msg: a message to emit if condition is false
-+ *
-+ * In tradition of POSIX assert, this macro will break the build if the
-+ * supplied condition is *false*, emitting the supplied error message if the
-+ * compiler has support to do so.
-+ */
-+#ifndef compiletime_assert
-+#define compiletime_assert(condition, msg) \
-+ _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
-+#endif
-+
-+/**
-+ * BUILD_BUG_ON_MSG - break compile if a condition is true & emit supplied
-+ * error message.
-+ * @condition: the condition which the compiler should know is false.
-+ *
-+ * See BUILD_BUG_ON for description.
-+ */
-+#ifndef BUILD_BUG_ON_MSG
-+#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
-+#endif
-+
-+#ifndef ALIGN
-+#define __ALIGN_MASK(x, mask) (((x) + (mask)) & ~(mask))
-+#define __ALIGN(x, a) __ALIGN_MASK(x, (typeof(x))(a) - 1)
-+#define ALIGN(x, a) __ALIGN((x), (a))
-+#endif
-+#ifndef ALIGN_DOWN
-+#define ALIGN_DOWN(x, a) __ALIGN((x) - ((a) - 1), (a))
-+#endif
-+
-+#endif /* !COMPILER_H_ */
-+// vim:fenc=utf-8:tw=75:et
-diff --git a/shim.h b/shim.h
-index e4d40505f09..a0fa5a75e7e 100644
---- a/shim.h
-+++ b/shim.h
-@@ -97,6 +97,7 @@
- #define FALLBACK L"\\fb" EFI_ARCH L".efi"
- #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
-
-+#include "include/asm.h"
- #include "include/configtable.h"
- #include "include/console.h"
- #include "include/crypt_blowfish.h"
---
-2.26.2
-
diff --git a/SOURCES/0031-Hook-exit-when-shim_lock-protocol-installed.patch b/SOURCES/0031-Hook-exit-when-shim_lock-protocol-installed.patch
deleted file mode 100644
index 16f472f..0000000
--- a/SOURCES/0031-Hook-exit-when-shim_lock-protocol-installed.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From b5e10f70c7a495dc1788e3604803ee633f1e5f76 Mon Sep 17 00:00:00 2001
-From: Stuart Hayes <stuart.w.hayes@gmail.com>
-Date: Fri, 8 Feb 2019 15:48:20 -0500
-Subject: [PATCH 31/62] Hook exit when shim_lock protocol installed
-
-A recent commit moved where the shim_lock protocol is loaded and
-unloaded, but did not move where exit was hooked and unhooked. Exit
-needs to be hooked when the protocol is installed, so that the protocol
-will be uninstalled on exit. Otherwise, the system can crash if, for
-example, shim loads grub, the user exits grub, shim is run again, which
-installs a second instance of the protocol, and then grub tries to use
-the shim_lock protocol that was installed by the first instance of shim.
-
-Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
-Upstream-commit-id: 06c92591e94
----
- shim.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index f69e69487fc..16911a37b17 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2474,9 +2474,9 @@ shim_init(void)
- loader_is_participating = 0;
- }
-
-- hook_exit(systab);
- }
-
-+ hook_exit(systab);
- return install_shim_protocols();
- }
-
-@@ -2494,9 +2494,10 @@ shim_fini(void)
- * Remove our hooks from system services.
- */
- unhook_system_services();
-- unhook_exit();
- }
-
-+ unhook_exit();
-+
- /*
- * Free the space allocated for the alternative 2nd stage loader
- */
---
-2.26.2
-
diff --git a/SOURCES/0032-Work-around-stuff-Waddress-of-packed-member-finds.patch b/SOURCES/0032-Work-around-stuff-Waddress-of-packed-member-finds.patch
deleted file mode 100644
index f7696a3..0000000
--- a/SOURCES/0032-Work-around-stuff-Waddress-of-packed-member-finds.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 2cbf56b82a5102777b37c4f7f47c8cf058cea027 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 13 May 2019 16:34:35 -0400
-Subject: [PATCH 32/62] Work around stuff -Waddress-of-packed-member finds.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In MokManager we get a lot of these:
-
-../src/MokManager.c:1063:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1063 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
- | ^~~~~~~~~~~~~~~
-
-The reason for this is that gnu-efi takes EFI_GUID * as its argument
-instead of VOID *, and there's nothing telling the compiler that it
-doesn't have alignment constraints on the input, so the compiler wants
-it to have 16-byte alignment.
-
-Just use CompareMem() for these, as that's all CompareGuid is calling
-anyway.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 08c14376b59
----
- MokManager.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index df9b6fe6912..a1bd39a68e2 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -22,6 +22,8 @@
- #define CERT_STRING L"Select an X509 certificate to enroll:\n\n"
- #define HASH_STRING L"Select a file to trust:\n\n"
-
-+#define CompareMemberGuid(x, y) CompareMem(x, y, sizeof(EFI_GUID))
-+
- typedef struct {
- UINT32 MokSize;
- UINT8 *Mok;
-@@ -1077,7 +1079,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-+ if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1099,7 +1101,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
-+ if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1140,7 +1142,7 @@ static void delete_cert(void *key, UINT32 key_size,
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
-+ if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1191,7 +1193,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
-+ if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1355,7 +1357,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+ if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.26.2
-
diff --git a/SOURCES/0033-Fix-a-use-of-strlen-instead-of-Strlen.patch b/SOURCES/0033-Fix-a-use-of-strlen-instead-of-Strlen.patch
deleted file mode 100644
index e79afa1..0000000
--- a/SOURCES/0033-Fix-a-use-of-strlen-instead-of-Strlen.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From c372ec7a254147f70d62c1f72da5806d42df6994 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 5 Sep 2019 10:36:23 -0400
-Subject: [PATCH 33/62] Fix a use of strlen() instead of Strlen()
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 1870bae7960
----
- shim.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/shim.c b/shim.c
-index 16911a37b17..a0eb19b91fe 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2118,7 +2118,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
-
- dprint(L"dppath: %s\n", dppath);
- dprint(L"path: %s\n", path);
-- if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
-+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
- ret = 0;
-
- done:
---
-2.26.2
-
diff --git a/SOURCES/0034-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch b/SOURCES/0034-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
deleted file mode 100644
index 43a2c6e..0000000
--- a/SOURCES/0034-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 5d30a31fef4eb7e773da24c5e6c20576282a9c3a Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Tue, 26 Feb 2019 11:33:53 +0800
-Subject: [PATCH 34/62] MokManager: Use CompareMem on MokListNode.Type instead
- of CompareGuid
-
-Fix the errors from gcc9 '-Werror=address-of-packed-member'
-
-https://github.com/rhboot/shim/issues/161
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream-commit-id: aaa09b35e73
----
- MokManager.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index a1bd39a68e2..30192c16789 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1079,7 +1079,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
-+ if (CompareMem(&(list[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1101,7 +1102,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
-+ if (CompareMem(&(list[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1142,7 +1144,8 @@ static void delete_cert(void *key, UINT32 key_size,
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
-+ if (CompareMem(&(mok[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1193,7 +1196,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
-+ if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1357,7 +1360,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+ if (CompareMem(&(del_key[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.26.2
-
diff --git a/SOURCES/0035-OpenSSL-always-provide-OBJ_create-with-name-strings.patch b/SOURCES/0035-OpenSSL-always-provide-OBJ_create-with-name-strings.patch
deleted file mode 100644
index 0efaac9..0000000
--- a/SOURCES/0035-OpenSSL-always-provide-OBJ_create-with-name-strings.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 44b211bcf7ad58ff29e6495e1c3978e4660cb7d1 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 15 Jan 2019 18:04:34 -0500
-Subject: [PATCH 35/62] OpenSSL: always provide OBJ_create() with name strings.
-
-Some versions of OpenSSL seem to go back and forth as to whether NULL
-for these names are okay. Don't risk it.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 46b76a01717
----
- shim.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/shim.c b/shim.c
-index a0eb19b91fe..d7ee2b6de6f 100644
---- a/shim.c
-+++ b/shim.c
-@@ -388,7 +388,9 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize)
- EXTENDED_KEY_USAGE *eku;
- ASN1_OBJECT *module_signing;
-
-- module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN, NULL, NULL));
-+ module_signing = OBJ_nid2obj(OBJ_create(OID_EKU_MODSIGN,
-+ "modsign-eku",
-+ "modsign-eku"));
-
- x509 = d2i_X509 (NULL, &Temp, (long) CertSize);
- if (x509 != NULL) {
---
-2.26.2
-
diff --git a/SOURCES/0036-Use-portable-shebangs-bin-bash-usr-bin-env-bash.patch b/SOURCES/0036-Use-portable-shebangs-bin-bash-usr-bin-env-bash.patch
deleted file mode 100644
index 6ba6995..0000000
--- a/SOURCES/0036-Use-portable-shebangs-bin-bash-usr-bin-env-bash.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 07de085dabab8daaea589b597e3915893cc98445 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
-Date: Fri, 26 Apr 2019 11:41:02 +0200
-Subject: [PATCH 36/62] Use portable shebangs: /bin/bash -> /usr/bin/env bash
-
-Upstream-commit-id: 6a73ca814af
----
- Cryptlib/update.sh | 2 +-
- make-certs | 4 +++-
- 2 files changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh
-index 31a082d4db6..7ea59831a06 100755
---- a/Cryptlib/update.sh
-+++ b/Cryptlib/update.sh
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/usr/bin/env bash
-
- DIR=$1
- OPENSSL_VERSION="1.0.2k"
-diff --git a/make-certs b/make-certs
-index 3e9293b2497..6f40b234d6a 100755
---- a/make-certs
-+++ b/make-certs
-@@ -1,10 +1,12 @@
--#!/bin/bash -e
-+#!/usr/bin/env bash
- #
- # Generate a root CA cert for signing, and then a subject cert.
- # Usage: make-certs.sh hostname [user[@domain]] [more ...]
- # For testing only, probably still has some bugs in it.
- #
-
-+set -e
-+
- DOMAIN=xn--u4h.net
- DAYS=365
- KEYTYPE=RSA
---
-2.26.2
-
diff --git a/SOURCES/0037-tpm-Fix-off-by-one-error-when-calculating-event-size.patch b/SOURCES/0037-tpm-Fix-off-by-one-error-when-calculating-event-size.patch
deleted file mode 100644
index a2619ab..0000000
--- a/SOURCES/0037-tpm-Fix-off-by-one-error-when-calculating-event-size.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 6fd8db6bb3b23b9e41f109135253f77263071f46 Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Sat, 22 Jun 2019 15:33:03 +0100
-Subject: [PATCH 37/62] tpm: Fix off-by-one error when calculating event size
-
-tpm_log_event_raw() allocates a buffer for the EFI_TCG2_EVENT structure
-that is one byte larger than necessary, and sets event->Size accordingly.
-The result of this is that the event data recorded in the log differs
-from the data that is measured to the TPM (it has an extra zero byte
-at the end).
-
-Upstream-commit-id: 8a27a4809a6
----
- tpm.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/tpm.c b/tpm.c
-index f07362c70bb..516fb876caa 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -131,8 +131,10 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- #endif
- } else if (tpm2) {
- EFI_TCG2_EVENT *event;
-+ UINTN event_size = sizeof(*event) - sizeof(event->Event) +
-+ logsize;
-
-- event = AllocatePool(sizeof(*event) + logsize);
-+ event = AllocatePool(event_size);
- if (!event) {
- perror(L"Unable to allocate event structure\n");
- return EFI_OUT_OF_RESOURCES;
-@@ -142,7 +144,7 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- event->Header.HeaderVersion = 1;
- event->Header.PCRIndex = pcr;
- event->Header.EventType = type;
-- event->Size = sizeof(*event) - sizeof(event->Event) + logsize + 1;
-+ event->Size = event_size;
- CopyMem(event->Event, (VOID *)log, logsize);
- if (hash) {
- /* TPM 2 systems will generate the appropriate hash
---
-2.26.2
-
diff --git a/SOURCES/0038-tpm-Define-EFI_VARIABLE_DATA_TREE-as-packed.patch b/SOURCES/0038-tpm-Define-EFI_VARIABLE_DATA_TREE-as-packed.patch
deleted file mode 100644
index 71b98a9..0000000
--- a/SOURCES/0038-tpm-Define-EFI_VARIABLE_DATA_TREE-as-packed.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9f80be9f16a854e3946568fa92edebe26eb79e78 Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Sat, 22 Jun 2019 15:37:29 +0100
-Subject: [PATCH 38/62] tpm: Define EFI_VARIABLE_DATA_TREE as packed
-
-tpm_measure_variable() calculates VarLogSize by adding the size of VarName
-and VarData to the size of EFI_VARIABLE_DATA_TREE, and then subtracting
-the size of the UnicodeName and VariableData members. This results in a
-calculation that is 5 bytes larger than necessary because it doesn't take
-in to account the padding of these members. The effect of this is that
-shim measures an additional 5 zero bytes when measuring UEFI variables
-(at least on 64-bit architectures).
-
-Byte packing EFI_VARIABLE_DATA_TREE fixes this.
-
-Upstream-commit-id: 7e4d3f1c8c7
----
- tpm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tpm.c b/tpm.c
-index 516fb876caa..c0617bb479e 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -233,7 +233,7 @@ typedef struct {
- UINT64 VariableDataLength;
- CHAR16 UnicodeName[1];
- INT8 VariableData[1];
--} EFI_VARIABLE_DATA_TREE;
-+} __attribute__ ((packed)) EFI_VARIABLE_DATA_TREE;
-
- static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN VarSize, VOID *VarData)
- {
---
-2.26.2
-
diff --git a/SOURCES/0039-MokManager-console-mode-modification-for-hi-dpi-scre.patch b/SOURCES/0039-MokManager-console-mode-modification-for-hi-dpi-scre.patch
deleted file mode 100644
index a71b643..0000000
--- a/SOURCES/0039-MokManager-console-mode-modification-for-hi-dpi-scre.patch
+++ /dev/null
@@ -1,223 +0,0 @@
-From 55163bc82c5179adb109c3d8b982c2689d68b4c9 Mon Sep 17 00:00:00 2001
-From: Ivan Hu <ivan.hu@canonical.com>
-Date: Fri, 10 May 2019 17:50:12 +0800
-Subject: [PATCH 39/62] MokManager: console mode modification for hi-dpi screen
- devices
-
-There are lots of hi-dpi laptops nowadays, as doing mok enrollment, the font
-is too small to see.
-https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1822043
-
-This patch checks if the resolution is larger than Full HD (1920x1080) and
-current console output columns and rows is in a good mode. Then swith the
-console output to a better mode.
-
-Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
-Upstream-commit-id: cf05af6d899
----
- MokManager.c | 2 +
- lib/console.c | 161 +++++++++++++++++++++++++++++++++++++++++++++-
- include/console.h | 2 +
- 3 files changed, 164 insertions(+), 1 deletion(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 30192c16789..78da9fd95ee 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -2560,6 +2560,8 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE * systab)
-
- setup_rand();
-
-+ console_mode_handle();
-+
- efi_status = check_mok_request(image_handle);
-
- console_fini();
-diff --git a/lib/console.c b/lib/console.c
-index 3aee41cd276..c92d27f3c86 100644
---- a/lib/console.c
-+++ b/lib/console.c
-@@ -409,7 +409,166 @@ console_notify(CHAR16 *string)
- console_alertbox(str_arr);
- }
-
--#define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
-+void
-+console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
-+{
-+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-+
-+ if (!SavedMode) {
-+ console_print(L"Invalid parameter: SavedMode\n");
-+ return;
-+ }
-+
-+ CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE));
-+ co->EnableCursor(co, FALSE);
-+ co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
-+}
-+
-+void
-+console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode)
-+{
-+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-+
-+ co->EnableCursor(co, SavedMode->CursorVisible);
-+ co->SetCursorPosition(co, SavedMode->CursorColumn,
-+ SavedMode->CursorRow);
-+ co->SetAttribute(co, SavedMode->Attribute);
-+}
-+
-+int
-+console_countdown(CHAR16* title, const CHAR16* message, int timeout)
-+{
-+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-+ SIMPLE_INPUT_INTERFACE *ci = ST->ConIn;
-+ SIMPLE_TEXT_OUTPUT_MODE SavedMode;
-+ EFI_INPUT_KEY key;
-+ EFI_STATUS efi_status;
-+ UINTN cols, rows;
-+ CHAR16 *titles[2];
-+ int wait = 10000000;
-+
-+ console_save_and_set_mode(&SavedMode);
-+
-+ titles[0] = title;
-+ titles[1] = NULL;
-+
-+ console_print_box_at(titles, -1, 0, 0, -1, -1, 1, 1);
-+
-+ co->QueryMode(co, co->Mode->Mode, &cols, &rows);
-+
-+ console_print_at((cols - StrLen(message)) / 2, rows / 2, message);
-+ while (1) {
-+ if (timeout > 1)
-+ console_print_at(2, rows - 3,
-+ L"Booting in %d seconds ",
-+ timeout);
-+ else if (timeout)
-+ console_print_at(2, rows - 3,
-+ L"Booting in %d second ",
-+ timeout);
-+
-+ efi_status = WaitForSingleEvent(ci->WaitForKey, wait);
-+ if (efi_status != EFI_TIMEOUT) {
-+ /* Clear the key in the queue */
-+ ci->ReadKeyStroke(ci, &key);
-+ break;
-+ }
-+
-+ timeout--;
-+ if (!timeout)
-+ break;
-+ }
-+
-+ console_restore_mode(&SavedMode);
-+
-+ return timeout;
-+}
-+
-+#define HORIZONTAL_MAX_OK 1920
-+#define VERTICAL_MAX_OK 1080
-+#define COLUMNS_MAX_OK 200
-+#define ROWS_MAX_OK 100
-+
-+void
-+console_mode_handle(VOID)
-+{
-+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
-+ EFI_GRAPHICS_OUTPUT_PROTOCOL *gop;
-+ EFI_GUID gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
-+ EFI_GRAPHICS_OUTPUT_MODE_INFORMATION *Info;
-+
-+ UINTN mode_set;
-+ UINTN rows = 0, columns = 0;
-+ EFI_STATUS efi_status = EFI_SUCCESS;
-+
-+ efi_status = gBS->LocateProtocol(&gop_guid, NULL, (void **)&gop);
-+ if (EFI_ERROR(efi_status)) {
-+ console_error(L"Locate graphic output protocol fail", efi_status);
-+ return;
-+ }
-+
-+ Info = gop->Mode->Info;
-+
-+ /*
-+ * Start verifying if we are in a resolution larger than Full HD
-+ * (1920x1080). If we're not, assume we're in a good mode and do not
-+ * try to change it.
-+ */
-+ if (Info->HorizontalResolution <= HORIZONTAL_MAX_OK &&
-+ Info->VerticalResolution <= VERTICAL_MAX_OK) {
-+ /* keep original mode and return */
-+ return;
-+ }
-+
-+ efi_status = co->QueryMode(co, co->Mode->Mode, &columns, &rows);
-+ if (EFI_ERROR(efi_status)) {
-+ console_error(L"Console query mode fail", efi_status);
-+ return;
-+ }
-+
-+ /*
-+ * Verify current console output to check if the character columns and
-+ * rows in a good mode.
-+ */
-+ if (columns <= COLUMNS_MAX_OK && rows <= ROWS_MAX_OK) {
-+ /* keep original mode and return */
-+ return;
-+ }
-+
-+ if (!console_text_mode)
-+ setup_console(1);
-+
-+ co->Reset(co, TRUE);
-+
-+ /*
-+ * If we reached here, then we have a high resolution screen and the
-+ * text too small. Try to switch to a better mode. Mode number 2 is
-+ * first non standard mode, which is provided by the device
-+ * manufacturer, so it should be a good mode.
-+ */
-+ if (co->Mode->MaxMode > 2)
-+ mode_set = 2;
-+ else
-+ mode_set = 0;
-+
-+ efi_status = co->SetMode(co, mode_set);
-+ if (EFI_ERROR(efi_status) && mode_set != 0) {
-+ /*
-+ * Set to 0 mode which is required that all output devices
-+ * support at least 80x25 text mode.
-+ */
-+ mode_set = 0;
-+ efi_status = co->SetMode(co, mode_set);
-+ }
-+
-+ co->ClearScreen(co);
-+
-+ if (EFI_ERROR(efi_status)) {
-+ console_error(L"Console set mode fail", efi_status);
-+ }
-+
-+ return;
-+}
-
- /* Copy of gnu-efi-3.0 with the added secure boot strings */
- static struct {
-diff --git a/include/console.h b/include/console.h
-index deb4fa3db23..9f259c71b72 100644
---- a/include/console.h
-+++ b/include/console.h
-@@ -34,6 +34,8 @@ void
- console_notify(CHAR16 *string);
- void
- console_reset(void);
-+void
-+console_mode_handle(void);
- #define NOSEL 0x7fffffff
-
- typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL EFI_CONSOLE_CONTROL_PROTOCOL;
---
-2.26.2
-
diff --git a/SOURCES/0040-MokManager-avoid-Werror-address-of-packed-member.patch b/SOURCES/0040-MokManager-avoid-Werror-address-of-packed-member.patch
deleted file mode 100644
index ac8814e..0000000
--- a/SOURCES/0040-MokManager-avoid-Werror-address-of-packed-member.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From d57e53f3bddc4bc7299b3d5efd5ba8c547e8dfa5 Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas@gmx.de>
-Date: Thu, 5 Sep 2019 10:39:37 +0200
-Subject: [PATCH 40/62] MokManager: avoid -Werror=address-of-packed-member
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When compiling with GCC 9, there are a couple of errors of the form
-
-MokManager.c: In function ‘write_back_mok_list’:
-MokManager.c:1056:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1056 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
- | ^~~~~~~~~~~~~~~
-
-Copying the member of the packed struct to a temporary variable and
-pointing to that variable solves the problem.
-
-Upstream-commit-id: 58532e12e9a
----
- MokManager.c | 22 +++++++++++++---------
- 1 file changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 78da9fd95ee..fa73e2fd865 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1064,6 +1064,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- EFI_STATUS efi_status;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *CertData;
-+ EFI_GUID type;
- void *Data = NULL, *ptr;
- INTN DataSize = 0;
- int i;
-@@ -1079,8 +1080,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareMem(&(list[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0)
-+ type = list[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1102,8 +1103,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareMem(&(list[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0) {
-+ if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1141,11 +1141,12 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- static void delete_cert(void *key, UINT32 key_size,
- MokListNode * mok, INTN mok_num)
- {
-+ EFI_GUID type;
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareMem(&(mok[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) != 0)
-+ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1187,6 +1188,7 @@ static void mem_move(void *dest, void *src, UINTN size)
- static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- MokListNode * mok, INTN mok_num)
- {
-+ EFI_GUID type;
- UINT32 sig_size;
- UINT32 list_num;
- int i, del_ind;
-@@ -1196,7 +1198,8 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
-+ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if ((CompareGuid(&type, &Type) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1252,6 +1255,7 @@ static void delete_hash_list(EFI_GUID Type, void *hash_list, UINT32 list_size,
- static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- {
- EFI_STATUS efi_status;
-+ EFI_GUID type;
- CHAR16 *db_name;
- CHAR16 *auth_name;
- CHAR16 *err_strs[] = { NULL, NULL, NULL };
-@@ -1360,8 +1364,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareMem(&(del_key[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0) {
-+ type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.26.2
-
diff --git a/SOURCES/0041-tpm-Don-t-log-duplicate-identical-events.patch b/SOURCES/0041-tpm-Don-t-log-duplicate-identical-events.patch
deleted file mode 100644
index 3a282e4..0000000
--- a/SOURCES/0041-tpm-Don-t-log-duplicate-identical-events.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 58df8d745c6516818ba6ebfa8fe826702c1621a0 Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Thu, 26 Sep 2019 20:01:01 +0100
-Subject: [PATCH 41/62] tpm: Don't log duplicate identical events
-
-According to the comment in tpm_measure_variable ("Don't measure something that we've already measured"), shim
-shouldn't measure duplicate events if they are identical, which also aligns with section 2.3.4.8 of the TCG PC
-Client Platform Firmware Profile Specification ("If it has been measured previously, it MUST NOT be measured
-again"). This is currently broken because tpm_data_measured() uses the return value of CompareGuid() incorrectly.
-
-Upstream-commit-id: 103adc89ce5
----
- tpm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tpm.c b/tpm.c
-index c0617bb479e..196b93c30f6 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -241,7 +241,7 @@ static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN Var
-
- for (i=0; i<measuredcount; i++) {
- if ((StrCmp (VarName, measureddata[i].VariableName) == 0) &&
-- (CompareGuid (&VendorGuid, measureddata[i].VendorGuid)) &&
-+ (CompareGuid (&VendorGuid, measureddata[i].VendorGuid) == 0) &&
- (VarSize == measureddata[i].Size) &&
- (CompareMem (VarData, measureddata[i].Data, VarSize) == 0)) {
- return TRUE;
---
-2.26.2
-
diff --git a/SOURCES/0042-Slightly-better-debugging-messages.patch b/SOURCES/0042-Slightly-better-debugging-messages.patch
deleted file mode 100644
index 2e49a66..0000000
--- a/SOURCES/0042-Slightly-better-debugging-messages.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 5e6e0792cedb3b71cbe061ae56e96906cf710579 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 18 Nov 2019 13:59:14 -0500
-Subject: [PATCH 42/62] Slightly better debugging messages
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 173d35fe8f5
----
- shim.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index d7ee2b6de6f..2f7aba07421 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2459,6 +2459,8 @@ uninstall_shim_protocols(void)
- EFI_STATUS
- shim_init(void)
- {
-+ EFI_STATUS efi_status;
-+
- setup_verbosity();
- dprint(L"%a", shim_version);
-
-@@ -2479,7 +2481,12 @@ shim_init(void)
- }
-
- hook_exit(systab);
-- return install_shim_protocols();
-+
-+ efi_status = install_shim_protocols();
-+ if (EFI_ERROR(efi_status))
-+ perror(L"install_shim_protocols() failed: %r\n", efi_status);
-+
-+ return efi_status;
- }
-
- void
-@@ -2575,13 +2582,12 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- build_cert = shim_cert;
- #endif /* defined(ENABLE_SHIM_CERT) */
- CHAR16 *msgs[] = {
-- L"import_mok_state() failed\n",
-- L"shim_int() failed\n",
-+ L"import_mok_state() failed",
-+ L"shim_init() failed",
- NULL
- };
- int msg = 0;
-
--
- /*
- * Set up the shim lock protocol so that grub and MokManager can
- * call back in and use shim functions
---
-2.26.2
-
diff --git a/SOURCES/0043-Actually-check-for-errors-from-set_second_stage.patch b/SOURCES/0043-Actually-check-for-errors-from-set_second_stage.patch
deleted file mode 100644
index 255f47f..0000000
--- a/SOURCES/0043-Actually-check-for-errors-from-set_second_stage.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 959f5e4e993a82020fef48c7e7c012a44074645c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 18 Nov 2019 13:58:46 -0500
-Subject: [PATCH 43/62] Actually check for errors from set_second_stage()
-
-This changes shim_init() to check for errors from set_second_stage().
-In order to make that work, it also does the following:
-
-- correctly /always/ allocate second_stage, not sometimes allocate and
- sometimes point at .data
-- test for LoadOptionSize == 0 and return success
-- print an error message for the failure so we can see it.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 354bd9b1931
----
- shim.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 2f7aba07421..5329795c333 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2141,8 +2141,15 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
- CHAR16 *loader_str = NULL;
- UINTN loader_len = 0;
- unsigned int i;
-+ UINTN second_stage_len;
-
-- second_stage = DEFAULT_LOADER;
-+ second_stage_len = StrLen(DEFAULT_LOADER) + 1;
-+ second_stage = AllocatePool(second_stage_len);
-+ if (!second_stage) {
-+ perror(L"Could not allocate %lu bytes\n", second_stage_len);
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+ StrCpy(second_stage, DEFAULT_LOADER);
- load_options = NULL;
- load_options_size = 0;
-
-@@ -2199,6 +2206,12 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
- * BDS will add that, but we ignore that here.
- */
-
-+ /*
-+ * Maybe there just aren't any options...
-+ */
-+ if (li->LoadOptionsSize == 0)
-+ return EFI_SUCCESS;
-+
- /*
- * In either case, we've got to have at least a UCS2 NUL...
- */
-@@ -2465,7 +2478,11 @@ shim_init(void)
- dprint(L"%a", shim_version);
-
- /* Set the second stage loader */
-- set_second_stage (global_image_handle);
-+ efi_status = set_second_stage(global_image_handle);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"set_second_stage() failed: %r\n", efi_status);
-+ return efi_status;
-+ }
-
- if (secure_mode()) {
- if (vendor_cert_size || vendor_dbx_size) {
---
-2.26.2
-
diff --git a/SOURCES/0044-translate_slashes-don-t-write-to-string-literals.patch b/SOURCES/0044-translate_slashes-don-t-write-to-string-literals.patch
deleted file mode 100644
index f69b22e..0000000
--- a/SOURCES/0044-translate_slashes-don-t-write-to-string-literals.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From c6bedd5b83529925c3ec08f96a3bf61c81bff0ae Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 28 Jan 2020 23:33:46 +0100
-Subject: [PATCH 44/62] translate_slashes(): don't write to string literals
-
-Currently, all three invocations of the translate_slashes() function may
-lead to writes to the string literal that is #defined with the
-DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined
-behavior ("If the program attempts to modify such an array, the behavior
-is undefined").
-
-This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data
-abort: Permission fault"), where the platform firmware maps the .text
-section (which contains the string literal) read-only.
-
-Modify translate_slashes() so that it copies and translates characters
-from an input array of "char" to an output array of "CHAR8".
-
-While at it, fix another bug. Before this patch, if translate_slashes()
-ever encountered a double backslash (translating it to a single forward
-slash), then the output would end up shorter than the input. However, the
-output was not NUL-terminated in-place, therefore the original string
-length (and according trailing garbage) would be preserved. After this
-patch, the NUL-termination on contraction is automatic, as the output
-array's contents are indeterminate when entering the function, and so we
-must NUL-terminate it anyway.
-
-Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98
-Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927
-Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Upstream-commit-id: 9813e8bc8b3
----
- httpboot.c | 4 ++--
- netboot.c | 16 +++++++++++-----
- include/str.h | 14 ++++++++------
- 3 files changed, 21 insertions(+), 13 deletions(-)
-
-diff --git a/httpboot.c b/httpboot.c
-index 3622e85867c..2d27e8ed993 100644
---- a/httpboot.c
-+++ b/httpboot.c
-@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
- {
- EFI_STATUS efi_status;
- EFI_HANDLE nic;
-- CHAR8 *next_loader = NULL;
-+ CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR];
- CHAR8 *next_uri = NULL;
- CHAR8 *hostname = NULL;
-
- if (!uri)
- return EFI_NOT_READY;
-
-- next_loader = translate_slashes(DEFAULT_LOADER_CHAR);
-+ translate_slashes(next_loader, DEFAULT_LOADER_CHAR);
-
- /* Create the URI for the next loader based on the original URI */
- efi_status = generate_next_uri(uri, next_loader, &next_uri);
-diff --git a/netboot.c b/netboot.c
-index 58babfb4d2e..4922ef284b1 100644
---- a/netboot.c
-+++ b/netboot.c
-@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
- CHAR8 *start, *end;
- CHAR8 ip6str[40];
- CHAR8 ip6inv[16];
-- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
-+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
-+
-+ translate_slashes(template, DEFAULT_LOADER_CHAR);
-
- // to check against str2ip6() errors
- memset(ip6inv, 0, sizeof(ip6inv));
-@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6()
-
- static EFI_STATUS parseDhcp4()
- {
-- CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
-- INTN template_len = strlen(template) + 1;
-+ CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
-+ INTN template_len;
-+ UINTN template_ofs = 0;
- EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4;
-
-+ translate_slashes(template, DEFAULT_LOADER_CHAR);
-+ template_len = strlen(template) + 1;
-+
- if(pxe->Mode->ProxyOfferReceived) {
- /*
- * Proxy should not have precedence. Check if DhcpAck
-@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4()
- full_path[dir_len-1] = '\0';
- }
- if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
-- template++;
-- strcata(full_path, template);
-+ template_ofs++;
-+ strcata(full_path, template + template_ofs);
- memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);
-
- return EFI_SUCCESS;
-diff --git a/include/str.h b/include/str.h
-index 9a748366bd1..f73c6212cd9 100644
---- a/include/str.h
-+++ b/include/str.h
-@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src)
- static inline
- __attribute__((unused))
- CHAR8 *
--translate_slashes(char *str)
-+translate_slashes(CHAR8 *out, const char *str)
- {
- int i;
- int j;
-- if (str == NULL)
-- return (CHAR8 *)str;
-+ if (str == NULL || out == NULL)
-+ return NULL;
-
- for (i = 0, j = 0; str[i] != '\0'; i++, j++) {
- if (str[i] == '\\') {
-- str[j] = '/';
-+ out[j] = '/';
- if (str[i+1] == '\\')
- i++;
-- }
-+ } else
-+ out[j] = str[i];
- }
-- return (CHAR8 *)str;
-+ out[j] = '\0';
-+ return out;
- }
-
- #endif /* SHIM_STR_H */
---
-2.26.2
-
diff --git a/SOURCES/0045-shim-Update-EFI_LOADED_IMAGE-with-the-second-stage-l.patch b/SOURCES/0045-shim-Update-EFI_LOADED_IMAGE-with-the-second-stage-l.patch
deleted file mode 100644
index 2203e48..0000000
--- a/SOURCES/0045-shim-Update-EFI_LOADED_IMAGE-with-the-second-stage-l.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 89d72301aa67c82f00fe7fa4f42d7f6eb6045538 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 18 Feb 2020 12:03:28 +0100
-Subject: [PATCH 45/62] shim: Update EFI_LOADED_IMAGE with the second stage
- loader file path
-
-When shim loads the second stage loader (e.g: GRUB) the FilePath field of
-the EFI_LOADED_IMAGE structure isn't updated with the path of the loaded
-binary. So it still contains the file path of the shim binary.
-
-This isn't a problem since the file path is currently not used. But should
-be used to set the DevicePath field of the EFI_IMAGE_LOAD_EVENT structure
-that is logged when measuring the PE/COFF binaries. In that case the TPM
-Event Log will have an incorrect file path for the measured binary, i.e:
-
-$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
-...
-00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.|
-00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.|
-00000a70 5c 00 73 00 68 00 69 00 6d 00 78 00 36 00 34 00 |\.s.h.i.m.x.6.4.|
-00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........|
-00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................|
-00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....|
-00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd |
-00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....|
-...
-
-So update the EFI_LOADED_IMAGE structure with the second stage loader file
-path to have the correct value in the log, i.e:
-
-$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
-...
-00000a50 00 00 00 00 00 00 04 04 34 00 5c 00 45 00 46 00 |........4.\.E.F.|
-00000a60 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 |I.\.r.e.d.h.a.t.|
-00000a70 5c 00 67 00 72 00 75 00 62 00 78 00 36 00 34 00 |\.g.r.u.b.x.6.4.|
-00000a80 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 00 00 |..e.f.i.........|
-00000a90 00 00 00 00 00 00 af 08 00 00 00 0d 00 00 00 b5 |................|
-00000aa0 cd d0 8f bb 16 31 e2 80 8b e8 58 75 c9 89 18 95 |.....1....Xu....|
-00000ab0 d2 de 15 15 00 00 00 67 72 75 62 5f 63 6d 64 20 |.......grub_cmd |
-00000ac0 73 65 74 20 70 61 67 65 72 3d 31 00 08 00 00 00 |set pager=1.....|
-...
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Upstream-commit-id: cd7d42d493d
----
- shim.c | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 5329795c333..a4f7769b38b 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1925,6 +1925,16 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
- */
- CopyMem(&li_bak, li, sizeof(li_bak));
-
-+ /*
-+ * Update the loaded image with the second stage loader file path
-+ */
-+ li->FilePath = FileDevicePath(NULL, PathName);
-+ if (!li->FilePath) {
-+ perror(L"Unable to update loaded image file path\n");
-+ efi_status = EFI_OUT_OF_RESOURCES;
-+ goto restore;
-+ }
-+
- /*
- * Verify and, if appropriate, relocate and execute the executable
- */
-@@ -1934,8 +1944,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
- perror(L"Failed to load image: %r\n", efi_status);
- PrintErrors();
- ClearErrors();
-- CopyMem(li, &li_bak, sizeof(li_bak));
-- goto done;
-+ goto restore;
- }
-
- loader_is_participating = 0;
-@@ -1945,6 +1954,10 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
- */
- efi_status = entry_point(image_handle, systab);
-
-+restore:
-+ if (li->FilePath)
-+ FreePool(li->FilePath);
-+
- /*
- * Restore our original loaded image values
- */
---
-2.26.2
-
diff --git a/SOURCES/0046-tpm-Include-information-about-PE-COFF-images-in-the-.patch b/SOURCES/0046-tpm-Include-information-about-PE-COFF-images-in-the-.patch
deleted file mode 100644
index 90a6b52..0000000
--- a/SOURCES/0046-tpm-Include-information-about-PE-COFF-images-in-the-.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 0a8f7ade76ff3eede486027eaa638181e6bed3b8 Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 18 Feb 2020 12:03:17 +0100
-Subject: [PATCH 46/62] tpm: Include information about PE/COFF images in the
- TPM Event Log
-
-The "TCG PC Client Specific Platform Firmware Profile Specification" says
-that when measuring a PE/COFF image, the TCG_PCR_EVENT2 structure Event
-field MUST contain a UEFI_IMAGE_LOAD_EVENT structure.
-
-Currently an empty UEFI_IMAGE_LOAD_EVENT structure is passed so users only
-have the hash of the PE/COFF image, but not information such the file path
-of the binary.
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Upstream-commit-id: c252b9ee94c
----
- shim.c | 7 +++++--
- tpm.c | 46 ++++++++++++++++++++++++++++++++--------------
- include/tpm.h | 5 +++--
- 3 files changed, 40 insertions(+), 18 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index a4f7769b38b..b35b0ad90cc 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1274,7 +1274,9 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
- #ifdef REQUIRE_TPM
- efi_status =
- #endif
-- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4);
-+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize,
-+ (EFI_PHYSICAL_ADDRESS)(UINTN)context.ImageAddress,
-+ li->FilePath, sha1hash, 4);
- #ifdef REQUIRE_TPM
- if (efi_status != EFI_SUCCESS) {
- return efi_status;
-@@ -1788,7 +1790,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
- #ifdef REQUIRE_TPM
- efi_status =
- #endif
-- tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
-+ tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, 0, NULL,
-+ sha1hash, 4);
- #ifdef REQUIRE_TPM
- if (EFI_ERROR(efi_status))
- goto done;
-diff --git a/tpm.c b/tpm.c
-index 196b93c30f6..22ad148b35a 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -210,21 +210,39 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
- strlen(description) + 1, 0xd, NULL);
- }
-
--EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
-- UINT8 pcr)
-+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
-+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path,
-+ UINT8 *sha1hash, UINT8 pcr)
- {
-- EFI_IMAGE_LOAD_EVENT ImageLoad;
--
-- // All of this is informational and forces us to do more parsing before
-- // we can generate it, so let's just leave it out for now
-- ImageLoad.ImageLocationInMemory = 0;
-- ImageLoad.ImageLengthInMemory = 0;
-- ImageLoad.ImageLinkTimeAddress = 0;
-- ImageLoad.LengthOfDevicePath = 0;
--
-- return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
-- sizeof(ImageLoad),
-- EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
-+ EFI_IMAGE_LOAD_EVENT *ImageLoad = NULL;
-+ EFI_STATUS efi_status;
-+ UINTN path_size = 0;
-+
-+ if (path)
-+ path_size = DevicePathSize(path);
-+
-+ ImageLoad = AllocateZeroPool(sizeof(*ImageLoad) + path_size);
-+ if (!ImageLoad) {
-+ perror(L"Unable to allocate image load event structure\n");
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ ImageLoad->ImageLocationInMemory = buf;
-+ ImageLoad->ImageLengthInMemory = size;
-+ ImageLoad->ImageLinkTimeAddress = addr;
-+
-+ if (path_size > 0) {
-+ CopyMem(ImageLoad->DevicePath, path, path_size);
-+ ImageLoad->LengthOfDevicePath = path_size;
-+ }
-+
-+ efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad,
-+ sizeof(*ImageLoad) + path_size,
-+ EV_EFI_BOOT_SERVICES_APPLICATION,
-+ sha1hash);
-+ FreePool(ImageLoad);
-+
-+ return efi_status;
- }
-
- typedef struct {
-diff --git a/include/tpm.h b/include/tpm.h
-index 746e871ff22..a05c24949e5 100644
---- a/include/tpm.h
-+++ b/include/tpm.h
-@@ -10,8 +10,9 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
- const CHAR8 *description);
- EFI_STATUS fallback_should_prefer_reset(void);
-
--EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
-- UINT8 pcr);
-+EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
-+ EFI_PHYSICAL_ADDRESS addr, EFI_DEVICE_PATH *path,
-+ UINT8 *sha1hash, UINT8 pcr);
-
- EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data);
-
---
-2.26.2
-
diff --git a/SOURCES/0047-Fix-the-license-on-our-buildid-extractor.patch b/SOURCES/0047-Fix-the-license-on-our-buildid-extractor.patch
deleted file mode 100644
index b62628d..0000000
--- a/SOURCES/0047-Fix-the-license-on-our-buildid-extractor.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From dce3659ac3d14ed338cdb37798a429751898c078 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Apr 2020 18:55:34 -0400
-Subject: [PATCH 47/62] Fix the license on our buildid extractor.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 71439f848f6
----
- buildid.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/buildid.c b/buildid.c
-index f213f3bc921..6b414cdcffb 100644
---- a/buildid.c
-+++ b/buildid.c
-@@ -1,8 +1,6 @@
- /*
- * Walk a list of input files, printing the name and buildid of any file
- * that has one.
-- *
-- * This program is licensed under the GNU Public License version 2.
- */
-
- #include <err.h>
---
-2.26.2
-
diff --git a/SOURCES/0048-Update-README.tpm.patch b/SOURCES/0048-Update-README.tpm.patch
deleted file mode 100644
index b5cd08d..0000000
--- a/SOURCES/0048-Update-README.tpm.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 633169fe3291c832236ca1074fc679852f9caee1 Mon Sep 17 00:00:00 2001
-From: noahbliss <noah@superuser.sh>
-Date: Wed, 4 Mar 2020 19:46:28 -0500
-Subject: [PATCH 48/62] Update README.tpm
-
-typo
-Upstream-commit-id: bc24c9eb1d4
----
- README.tpm | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/README.tpm b/README.tpm
-index d9c7c53483b..c060dbe22db 100644
---- a/README.tpm
-+++ b/README.tpm
-@@ -25,7 +25,7 @@ PCR8:
- measured into PCR8.
-
- PCR9:
--- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
-+- If you're using the grub2 TPM patchset we carry in Fedora, the kernel,
- initramfs, and any multiboot modules loaded are measured into PCR9.
-
- PCR14:
---
-2.26.2
-
diff --git a/SOURCES/0049-Check-PxeReplyReceived-as-fallback-in-netboot.patch b/SOURCES/0049-Check-PxeReplyReceived-as-fallback-in-netboot.patch
deleted file mode 100644
index dd9eea9..0000000
--- a/SOURCES/0049-Check-PxeReplyReceived-as-fallback-in-netboot.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 9a209af5d84f4015ec399e1d1fa9dab31ef4d2b7 Mon Sep 17 00:00:00 2001
-From: Thomas Frauendorfer | Miray Software <tf@miray.de>
-Date: Wed, 25 Mar 2020 09:19:19 +0100
-Subject: [PATCH 49/62] Check PxeReplyReceived as fallback in netboot
-
-Some mainboards do not update the ProxyOffset dhcp information when using
-proxy dhcp and boot menus.
-This adds a fallback to check the PxeReply field if no boot information is
-found in the v4 dhcp or proxy dhcp information
-
-Upstream-commit-id: cc7ebe0f9f4
----
- netboot.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
- mode change 100644 => 100755 netboot.c
-
-diff --git a/netboot.c b/netboot.c
-old mode 100644
-new mode 100755
-index 4922ef284b1..047dad3a760
---- a/netboot.c
-+++ b/netboot.c
-@@ -273,7 +273,16 @@ static EFI_STATUS parseDhcp4()
- pkt_v4 = &pxe->Mode->ProxyOffer.Dhcpv4;
- }
-
-- INTN dir_len = strnlena(pkt_v4->BootpBootFile, 127);
-+ if(pxe->Mode->PxeReplyReceived) {
-+ /*
-+ * If we have no bootinfo yet search for it in the PxeReply.
-+ * Some mainboards run into this when the server uses boot menus
-+ */
-+ if(pkt_v4->BootpBootFile[0] == '\0' && pxe->Mode->PxeReply.Dhcpv4.BootpBootFile[0] != '\0')
-+ pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4;
-+ }
-+
-+ INTN dir_len = strnlena((CHAR8 *)pkt_v4->BootpBootFile, 127);
- INTN i;
- UINT8 *dir = pkt_v4->BootpBootFile;
-
-@@ -289,7 +298,7 @@ static EFI_STATUS parseDhcp4()
- return EFI_OUT_OF_RESOURCES;
-
- if (dir_len > 0) {
-- strncpya(full_path, dir, dir_len);
-+ strncpya(full_path, (CHAR8 *)dir, dir_len);
- if (full_path[dir_len-1] == '/' && template[0] == '/')
- full_path[dir_len-1] = '\0';
- }
-@@ -340,7 +349,7 @@ EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *buf
-
- try_again:
- efi_status = pxe->Mtftp(pxe, read, *buffer, overwrite, bufsiz, &blksz,
-- &tftp_addr, full_path, NULL, nobuffer);
-+ &tftp_addr, (UINT8 *)full_path, NULL, nobuffer);
- if (efi_status == EFI_BUFFER_TOO_SMALL) {
- /* try again, doubling buf size */
- *bufsiz *= 2;
---
-2.26.2
-
diff --git a/SOURCES/0050-Remove-a-couple-of-incorrect-license-claims.patch b/SOURCES/0050-Remove-a-couple-of-incorrect-license-claims.patch
deleted file mode 100644
index 1fda36c..0000000
--- a/SOURCES/0050-Remove-a-couple-of-incorrect-license-claims.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From e8a04c1d84d2ebd0dbdf7bda26d7a22017100586 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 9 Jul 2020 00:24:57 -0400
-Subject: [PATCH 50/62] Remove a couple of incorrect license claims.
-
-A certain someone's default editor template leaked in to a couple of
-source files, and claims they're GPL licensed. They're not.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream-commit-id: 476cbff1110
----
- errlog.c | 3 ---
- mok.c | 2 --
- 2 files changed, 5 deletions(-)
-
-diff --git a/errlog.c b/errlog.c
-index eebb266d396..6669c800233 100644
---- a/errlog.c
-+++ b/errlog.c
-@@ -1,10 +1,7 @@
- /*
- * errlog.c
- * Copyright 2017 Peter Jones <pjones@redhat.com>
-- *
-- * Distributed under terms of the GPLv3 license.
- */
--
- #include "shim.h"
-
- static CHAR16 **errs = NULL;
-diff --git a/mok.c b/mok.c
-index 59630e74425..089ea6bfc9a 100644
---- a/mok.c
-+++ b/mok.c
-@@ -1,8 +1,6 @@
- /*
- * mok.c
- * Copyright 2017 Peter Jones <pjones@redhat.com>
-- *
-- * Distributed under terms of the GPLv3 license.
- */
-
- #include "shim.h"
---
-2.26.2
-
diff --git a/SOURCES/0051-MokManager-fix-uninitialized-value.patch b/SOURCES/0051-MokManager-fix-uninitialized-value.patch
deleted file mode 100644
index 808d11f..0000000
--- a/SOURCES/0051-MokManager-fix-uninitialized-value.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7b77bee7966a1aa5f00a9b34aeb7e550bfa47be1 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 22 Jul 2020 23:53:09 -0400
-Subject: [PATCH 51/62] MokManager: fix uninitialized value
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#212
----
- MokManager.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index fa73e2fd865..654a115033c 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1431,7 +1431,7 @@ static CHAR16 get_password_charater(CHAR16 * prompt)
- SIMPLE_TEXT_OUTPUT_MODE SavedMode;
- EFI_STATUS efi_status;
- CHAR16 *message[2];
-- CHAR16 character;
-+ CHAR16 character = 0;
- UINTN length;
- UINT32 pw_length;
-
---
-2.26.2
-
diff --git a/SOURCES/0052-Fix-some-volatile-usage-gcc-whines-about.patch b/SOURCES/0052-Fix-some-volatile-usage-gcc-whines-about.patch
deleted file mode 100644
index 4f3d2d6..0000000
--- a/SOURCES/0052-Fix-some-volatile-usage-gcc-whines-about.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From d3b7dc54cdac474a57b67cf9bcdb15bcb131d06c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 16:18:52 -0400
-Subject: [PATCH 52/62] Fix some volatile usage gcc whines about.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#212
----
- fallback.c | 2 +-
- shim.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/fallback.c b/fallback.c
-index c3f5583c626..5a4bfff0793 100644
---- a/fallback.c
-+++ b/fallback.c
-@@ -983,7 +983,7 @@ debug_hook(void)
- UINT8 *data = NULL;
- UINTN dataSize = 0;
- EFI_STATUS efi_status;
-- volatile register int x = 0;
-+ register volatile int x = 0;
- extern char _etext, _edata;
-
- efi_status = get_variable(L"SHIM_DEBUG", &data, &dataSize,
-diff --git a/shim.c b/shim.c
-index b35b0ad90cc..0e7e784b4c8 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2559,7 +2559,7 @@ debug_hook(void)
- UINT8 *data = NULL;
- UINTN dataSize = 0;
- EFI_STATUS efi_status;
-- volatile register UINTN x = 0;
-+ register volatile UINTN x = 0;
- extern char _text, _data;
-
- if (x)
---
-2.26.2
-
diff --git a/SOURCES/0053-MokManager-fix-a-wrong-allocation-failure-check.patch b/SOURCES/0053-MokManager-fix-a-wrong-allocation-failure-check.patch
deleted file mode 100644
index cd20cb4..0000000
--- a/SOURCES/0053-MokManager-fix-a-wrong-allocation-failure-check.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 6df96cdb20b84b33027d2e40bc0dbe0676d31282 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 19:01:27 -0400
-Subject: [PATCH 53/62] MokManager: fix a wrong allocation failure check.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#212
----
- MokManager.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 654a115033c..c9949e33bcf 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1085,9 +1085,11 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-+ if (DataSize == 0)
-+ return EFI_SUCCESS;
-
- Data = AllocatePool(DataSize);
-- if (Data == NULL && DataSize != 0)
-+ if (Data == NULL)
- return EFI_OUT_OF_RESOURCES;
-
- ptr = Data;
---
-2.26.2
-
diff --git a/SOURCES/0054-simple_file-fix-uninitialized-variable-unchecked-ret.patch b/SOURCES/0054-simple_file-fix-uninitialized-variable-unchecked-ret.patch
deleted file mode 100644
index 8749432..0000000
--- a/SOURCES/0054-simple_file-fix-uninitialized-variable-unchecked-ret.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c186bdddaa7b103aef9d4a164ac0a07499dba112 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 22 Jul 2020 23:55:44 -0400
-Subject: [PATCH 54/62] simple_file: fix uninitialized variable/unchecked
- return
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#212
----
- lib/simple_file.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/simple_file.c b/lib/simple_file.c
-index 3bf92ed8e0f..6ad31b4dc04 100644
---- a/lib/simple_file.c
-+++ b/lib/simple_file.c
-@@ -403,10 +403,10 @@ simple_file_selector(EFI_HANDLE * im, CHAR16 ** title, CHAR16 * name,
- filter = L"";
- if (!*im) {
- EFI_HANDLE h;
-- CHAR16 *volname;
-+ CHAR16 *volname = NULL;
-
-- simple_volume_selector(title, &volname, &h);
-- if (!volname)
-+ efi_status = simple_volume_selector(title, &volname, &h);
-+ if (EFI_ERROR(efi_status) || !volname)
- return;
- FreePool(volname);
- *im = h;
---
-2.26.2
-
diff --git a/SOURCES/0055-Fix-a-broken-tpm-type.patch b/SOURCES/0055-Fix-a-broken-tpm-type.patch
deleted file mode 100644
index 06b1201..0000000
--- a/SOURCES/0055-Fix-a-broken-tpm-type.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a7f9911b776f3cdc12e42bf5990ddef0b08d3701 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 20:35:56 -0400
-Subject: [PATCH 55/62] Fix a broken tpm type
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#212
----
- tpm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tpm.c b/tpm.c
-index 22ad148b35a..03cf3a1f60e 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -239,7 +239,7 @@ EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- efi_status = tpm_log_event_raw(buf, size, pcr, (CHAR8 *)ImageLoad,
- sizeof(*ImageLoad) + path_size,
- EV_EFI_BOOT_SERVICES_APPLICATION,
-- sha1hash);
-+ (CHAR8 *)sha1hash);
- FreePool(ImageLoad);
-
- return efi_status;
---
-2.26.2
-
diff --git a/SOURCES/0056-Make-cert.S-not-impossible-to-read.patch b/SOURCES/0056-Make-cert.S-not-impossible-to-read.patch
deleted file mode 100644
index c8068ef..0000000
--- a/SOURCES/0056-Make-cert.S-not-impossible-to-read.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From 7d542805ba5c48185128a2351bb315a5648fe3d7 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 00:08:30 -0400
-Subject: [PATCH 56/62] Make cert.S not impossible to read.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#206
----
- shim.c | 47 +++++++++++++++++--------------
- shim.h | 28 +++++++++++++++---
- cert.S | 89 ++++++++++++++++++++++------------------------------------
- 3 files changed, 84 insertions(+), 80 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 0e7e784b4c8..888ee6e8d7b 100644
---- a/shim.c
-+++ b/shim.c
-@@ -68,16 +68,18 @@ static UINT32 load_options_size;
- * The vendor certificate used for validating the second stage loader
- */
- extern struct {
-- UINT32 vendor_cert_size;
-- UINT32 vendor_dbx_size;
-- UINT32 vendor_cert_offset;
-- UINT32 vendor_dbx_offset;
-+ UINT32 vendor_authorized_size;
-+ UINT32 vendor_deauthorized_size;
-+ UINT32 vendor_authorized_offset;
-+ UINT32 vendor_deauthorized_offset;
- } cert_table;
-
--UINT32 vendor_cert_size;
--UINT32 vendor_dbx_size;
--UINT8 *vendor_cert;
--UINT8 *vendor_dbx;
-+UINT32 vendor_authorized_size = 0;
-+UINT8 *vendor_authorized = NULL;
-+
-+UINT32 vendor_deauthorized_size = 0;
-+UINT8 *vendor_deauthorized = NULL;
-+
- #if defined(ENABLE_SHIM_CERT)
- UINT32 build_cert_size;
- UINT8 *build_cert;
-@@ -554,22 +556,22 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, EFI_GUID guid, UINT8 *data,
- static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
- UINT8 *sha256hash, UINT8 *sha1hash)
- {
-- EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_dbx;
-+ EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_deauthorized;
-
-- if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha256hash,
-+ if (check_db_hash_in_ram(dbx, vendor_deauthorized_size, sha256hash,
- SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID, L"dbx",
- EFI_SECURE_BOOT_DB_GUID) == DATA_FOUND) {
- LogError(L"binary sha256hash found in vendor dbx\n");
- return EFI_SECURITY_VIOLATION;
- }
-- if (check_db_hash_in_ram(dbx, vendor_dbx_size, sha1hash,
-+ if (check_db_hash_in_ram(dbx, vendor_deauthorized_size, sha1hash,
- SHA1_DIGEST_SIZE, EFI_CERT_SHA1_GUID, L"dbx",
- EFI_SECURE_BOOT_DB_GUID) == DATA_FOUND) {
- LogError(L"binary sha1hash found in vendor dbx\n");
- return EFI_SECURITY_VIOLATION;
- }
- if (cert &&
-- check_db_cert_in_ram(dbx, vendor_dbx_size, cert, sha256hash, L"dbx",
-+ check_db_cert_in_ram(dbx, vendor_deauthorized_size, cert, sha256hash, L"dbx",
- EFI_SECURE_BOOT_DB_GUID) == DATA_FOUND) {
- LogError(L"cert sha256hash found in vendor dbx\n");
- return EFI_SECURITY_VIOLATION;
-@@ -1077,19 +1079,19 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- /*
- * And finally, check against shim's built-in key
- */
-- if (vendor_cert_size &&
-+ if (vendor_authorized_size &&
- AuthenticodeVerify(cert->CertData,
- cert->Hdr.dwLength - sizeof(cert->Hdr),
-- vendor_cert, vendor_cert_size,
-+ vendor_authorized, vendor_authorized_size,
- sha256hash, SHA256_DIGEST_SIZE)) {
- update_verification_method(VERIFIED_BY_CERT);
- tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
-- vendor_cert_size, vendor_cert);
-+ vendor_authorized_size, vendor_authorized);
- efi_status = EFI_SUCCESS;
- drain_openssl_errors();
- return efi_status;
- } else {
-- LogError(L"AuthenticodeVerify(vendor_cert) failed\n");
-+ LogError(L"AuthenticodeVerify(vendor_authorized) failed\n");
- }
- }
-
-@@ -2501,7 +2503,7 @@ shim_init(void)
- }
-
- if (secure_mode()) {
-- if (vendor_cert_size || vendor_dbx_size) {
-+ if (vendor_authorized_size || vendor_deauthorized_size) {
- /*
- * If shim includes its own certificates then ensure
- * that anything it boots has performed some
-@@ -2606,14 +2608,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
-
- verification_method = VERIFIED_BY_NOTHING;
-
-- vendor_cert_size = cert_table.vendor_cert_size;
-- vendor_dbx_size = cert_table.vendor_dbx_size;
-- vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
-- vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
-+ vendor_authorized_size = cert_table.vendor_authorized_size;
-+ vendor_authorized = (UINT8 *)&cert_table + cert_table.vendor_authorized_offset;
-+
-+ vendor_deauthorized_size = cert_table.vendor_deauthorized_size;
-+ vendor_deauthorized = (UINT8 *)&cert_table + cert_table.vendor_deauthorized_offset;
-+
- #if defined(ENABLE_SHIM_CERT)
- build_cert_size = sizeof(shim_cert);
- build_cert = shim_cert;
- #endif /* defined(ENABLE_SHIM_CERT) */
-+
- CHAR16 *msgs[] = {
- L"import_mok_state() failed",
- L"shim_init() failed",
-diff --git a/shim.h b/shim.h
-index a0fa5a75e7e..555498c6673 100644
---- a/shim.h
-+++ b/shim.h
-@@ -97,6 +97,24 @@
- #define FALLBACK L"\\fb" EFI_ARCH L".efi"
- #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
-
-+#if defined(VENDOR_CERT_FILE)
-+# define vendor_authorized vendor_cert
-+# define vendor_authorized_size vendor_cert_size
-+# define vendor_authorized_category VENDOR_ADDEND_X509
-+#else
-+# define vendor_authorized vendor_null
-+# define vendor_authorized_size vendor_null_size
-+# define vendor_authorized_category VENDOR_ADDEND_NONE
-+#endif
-+
-+#if defined(VENDOR_DBX_FILE)
-+# define vendor_deauthorized vendor_dbx
-+# define vendor_deauthorized_size vendor_dbx_size
-+#else
-+# define vendor_deauthorized vendor_deauthorized_null
-+# define vendor_deauthorized_size vendor_deauthorized_null_size
-+#endif
-+
- #include "include/asm.h"
- #include "include/configtable.h"
- #include "include/console.h"
-@@ -166,10 +184,12 @@ extern VOID ClearErrors(VOID);
- extern EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath);
- extern EFI_STATUS import_mok_state(EFI_HANDLE image_handle);
-
--extern UINT32 vendor_cert_size;
--extern UINT32 vendor_dbx_size;
--extern UINT8 *vendor_cert;
--extern UINT8 *vendor_dbx;
-+extern UINT32 vendor_authorized_size;
-+extern UINT8 *vendor_authorized;
-+
-+extern UINT32 vendor_deauthorized_size;
-+extern UINT8 *vendor_deauthorized;
-+
- #if defined(ENABLE_SHIM_CERT)
- extern UINT32 build_cert_size;
- extern UINT8 *build_cert;
-diff --git a/cert.S b/cert.S
-index cfc4525b44c..520caaef3af 100644
---- a/cert.S
-+++ b/cert.S
-@@ -1,65 +1,44 @@
-+
-+#if defined(VENDOR_CERT_FILE)
-+# define vendor_authorized vendor_cert
-+# define vendor_authorized_end vendor_cert_end
-+# define vendor_authorized_size vendor_cert_size
-+# define vendor_authorized_size_end vendor_cert_size_end
-+#endif
-+
-+#if defined(VENDOR_DBX_FILE)
-+# define vendor_deauthorized vendor_dbx
-+# define vendor_deauthorized_end vendor_dbx_end
-+# define vendor_deauthorized_size vendor_dbx_size
-+# define vendor_deauthorized_size_end vendor_dbx_size_end
-+#endif
-+
- .globl cert_table
- .type cert_table, %object
-- .size cert_table, 4
-+ .size cert_table, .Lcert_table_end - cert_table
- .section .vendor_cert, "a", %progbits
-+ .balignl 4, 0
- cert_table:
--#if defined(VENDOR_CERT_FILE)
-- .long vendor_cert_priv_end - vendor_cert_priv
--#else
-- .long 0
--#endif
--#if defined(VENDOR_DBX_FILE)
-- .long vendor_dbx_priv_end - vendor_dbx_priv
--#else
-- .long 0
--#endif
-- .long vendor_cert_priv - cert_table
-- .long vendor_dbx_priv - cert_table
--#if defined(VENDOR_CERT_FILE)
-- .data
-- .align 1
-- .type vendor_cert_priv, %object
-- .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv
-+ .4byte .Lvendor_authorized_end - vendor_authorized
-+ .4byte .Lvendor_deauthorized_end - vendor_deauthorized
-+ .4byte vendor_authorized - cert_table
-+ .4byte vendor_deauthorized - cert_table
-+ .balign 1, 0
-+ .type vendor_authorized, %object
-+ .size vendor_authorized, .Lvendor_authorized_end - vendor_authorized
- .section .vendor_cert, "a", %progbits
--vendor_cert_priv:
-+vendor_authorized:
-+#if defined(VENDOR_CERT_FILE)
- .incbin VENDOR_CERT_FILE
--vendor_cert_priv_end:
--#else
-- .bss
-- .type vendor_cert_priv, %object
-- .size vendor_cert_priv, 1
-- .section .vendor_cert, "a", %progbits
--vendor_cert_priv:
-- .zero 1
--
-- .data
-- .align 4
-- .type vendor_cert_size_priv, %object
-- .size vendor_cert_size_priv, 4
-- .section .vendor_cert, "a", %progbits
--vendor_cert_priv_end:
- #endif
-+.Lvendor_authorized_end:
-+ .balign 1, 0
-+ .type vendor_deauthorized, %object
-+ .size vendor_deauthorized, .Lvendor_deauthorized_end - vendor_deauthorized
-+ .section .vendor_cert, "a", %progbits
-+vendor_deauthorized:
- #if defined(VENDOR_DBX_FILE)
-- .data
-- .align 1
-- .type vendor_dbx_priv, %object
-- .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv
-- .section .vendor_cert, "a", %progbits
--vendor_dbx_priv:
- .incbin VENDOR_DBX_FILE
--vendor_dbx_priv_end:
--#else
-- .bss
-- .type vendor_dbx_priv, %object
-- .size vendor_dbx_priv, 1
-- .section .vendor_cert, "a", %progbits
--vendor_dbx_priv:
-- .zero 1
--
-- .data
-- .align 4
-- .type vendor_dbx_size_priv, %object
-- .size vendor_dbx_size_priv, 4
-- .section .vendor_cert, "a", %progbits
--vendor_dbx_priv_end:
- #endif
-+.Lvendor_deauthorized_end:
-+.Lcert_table_end:
---
-2.26.2
-
diff --git a/SOURCES/0057-Add-support-for-vendor_db-built-in-shim-authorized-l.patch b/SOURCES/0057-Add-support-for-vendor_db-built-in-shim-authorized-l.patch
deleted file mode 100644
index 13a25e8..0000000
--- a/SOURCES/0057-Add-support-for-vendor_db-built-in-shim-authorized-l.patch
+++ /dev/null
@@ -1,943 +0,0 @@
-From dd3a5d71252a1f94e37f1a4c8841d253630b305a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 12:36:56 -0400
-Subject: [PATCH 57/62] Add support for vendor_db built-in shim authorized
- list.
-
-Potential new signing strategies ( for example signing grub, fwupdate
-and vmlinuz with separate certificates ) require shim to support a
-vendor provided bundle of trusted certificates and hashes, which allows
-shim to trust EFI binaries matching either certificate by signature or
-hash in the vendor_db. Functionality is similar to vendor_dbx.
-
-This also improves the mirroring quite a bit.
-Upstream: pr#206
----
- lib/variables.c | 55 +++--
- mok.c | 502 ++++++++++++++++++++++++++++++--------------
- shim.c | 27 +++
- include/console.h | 3 +-
- include/variables.h | 9 +-
- shim.h | 7 +-
- cert.S | 13 +-
- Make.defaults | 3 +
- README.tpm | 1 +
- 9 files changed, 437 insertions(+), 183 deletions(-)
-
-diff --git a/lib/variables.c b/lib/variables.c
-index 9c2e7d0ac2d..8123ae60fc9 100644
---- a/lib/variables.c
-+++ b/lib/variables.c
-@@ -25,32 +25,59 @@
- #include "shim.h"
-
- EFI_STATUS
--variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner,
-- void **out, int *outlen)
-+fill_esl(const uint8_t *data, const size_t data_len,
-+ const EFI_GUID *type, const EFI_GUID *owner,
-+ uint8_t *out, size_t *outlen)
- {
-- *outlen = cert_len + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
-+ EFI_SIGNATURE_LIST *sl;
-+ EFI_SIGNATURE_DATA *sd;
-+ size_t needed = 0;
-
-- *out = AllocateZeroPool(*outlen);
-- if (!*out)
-- return EFI_OUT_OF_RESOURCES;
-+ if (!data || !data_len || !type || !outlen)
-+ return EFI_INVALID_PARAMETER;
-
-- EFI_SIGNATURE_LIST *sl = *out;
-+ needed = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID) + data_len;
-+ if (!out || *outlen < needed) {
-+ *outlen = needed;
-+ return EFI_BUFFER_TOO_SMALL;
-+ }
-+
-+ *outlen = needed;
-+ sl = (EFI_SIGNATURE_LIST *)out;
-
- sl->SignatureHeaderSize = 0;
- sl->SignatureType = *type;
-- sl->SignatureSize = cert_len + sizeof(EFI_GUID);
-- sl->SignatureListSize = *outlen;
--
-- EFI_SIGNATURE_DATA *sd = *out + sizeof(EFI_SIGNATURE_LIST);
-+ sl->SignatureSize = sizeof(EFI_GUID) + data_len;
-+ sl->SignatureListSize = needed;
-
-+ sd = (EFI_SIGNATURE_DATA *)(out + sizeof(EFI_SIGNATURE_LIST));
- if (owner)
- sd->SignatureOwner = *owner;
-
-- CopyMem(sd->SignatureData, cert, cert_len);
-+ CopyMem(sd->SignatureData, data, data_len);
-
- return EFI_SUCCESS;
- }
-
-+EFI_STATUS
-+variable_create_esl(const uint8_t *data, const size_t data_len,
-+ const EFI_GUID *type, const EFI_GUID *owner,
-+ uint8_t **out, size_t *outlen)
-+{
-+ EFI_STATUS efi_status;
-+
-+ *outlen = 0;
-+ efi_status = fill_esl(data, data_len, type, owner, NULL, outlen);
-+ if (efi_status != EFI_BUFFER_TOO_SMALL)
-+ return efi_status;
-+
-+ *out = AllocateZeroPool(*outlen);
-+ if (!*out)
-+ return EFI_OUT_OF_RESOURCES;
-+
-+ return fill_esl(data, data_len, type, owner, *out, outlen);
-+}
-+
- EFI_STATUS
- CreateTimeBasedPayload(IN OUT UINTN * DataSize, IN OUT UINT8 ** Data)
- {
-@@ -137,9 +164,9 @@ SetSecureVariable(CHAR16 *var, UINT8 *Data, UINTN len, EFI_GUID owner,
- return EFI_SECURITY_VIOLATION;
-
- if (createtimebased) {
-- int ds;
-+ size_t ds;
- efi_status = variable_create_esl(Data, len, &X509_GUID, NULL,
-- (void **)&Cert, &ds);
-+ (uint8_t **)&Cert, &ds);
- if (EFI_ERROR(efi_status)) {
- console_print(L"Failed to create %s certificate %d\n",
- var, efi_status);
-diff --git a/mok.c b/mok.c
-index 089ea6bfc9a..e69857f3c37 100644
---- a/mok.c
-+++ b/mok.c
-@@ -5,6 +5,8 @@
-
- #include "shim.h"
-
-+#include <stdint.h>
-+
- /*
- * Check if a variable exists
- */
-@@ -47,6 +49,15 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
- return EFI_SUCCESS;
- }
-
-+typedef enum {
-+ VENDOR_ADDEND_DB,
-+ VENDOR_ADDEND_X509,
-+ VENDOR_ADDEND_NONE,
-+} vendor_addend_category_t;
-+
-+struct mok_state_variable;
-+typedef vendor_addend_category_t (vendor_addend_categorizer_t)(struct mok_state_variable *);
-+
- /*
- * MoK variables that need to have their storage validated.
- *
-@@ -58,18 +69,20 @@ struct mok_state_variable {
- char *name8;
- CHAR16 *rtname;
- EFI_GUID *guid;
-+
- UINT8 *data;
- UINTN data_size;
-+
- /*
-- * These two are indirect pointers just to make initialization
-- * saner...
-+ * These are indirect pointers just to make initialization saner...
- */
-- UINT8 **addend_source;
-+ vendor_addend_categorizer_t *categorize_addend;
-+ UINT8 **addend;
- UINT32 *addend_size;
--#if defined(ENABLE_SHIM_CERT)
-+
- UINT8 **build_cert;
- UINT32 *build_cert_size;
--#endif /* defined(ENABLE_SHIM_CERT) */
-+
- UINT32 yes_attr;
- UINT32 no_attr;
- UINT32 flags;
-@@ -77,6 +90,28 @@ struct mok_state_variable {
- UINT8 *state;
- };
-
-+static vendor_addend_category_t
-+categorize_authorized(struct mok_state_variable *v)
-+{
-+ if (!(v->addend && v->addend_size &&
-+ *v->addend && *v->addend_size)) {
-+ return VENDOR_ADDEND_NONE;
-+ }
-+
-+ return vendor_authorized_category;
-+}
-+
-+static vendor_addend_category_t
-+categorize_deauthorized(struct mok_state_variable *v)
-+{
-+ if (!(v->addend && v->addend_size &&
-+ *v->addend && *v->addend_size)) {
-+ return VENDOR_ADDEND_NONE;
-+ }
-+
-+ return VENDOR_ADDEND_DB;
-+}
-+
- #define MOK_MIRROR_KEYDB 0x01
- #define MOK_MIRROR_DELETE_FIRST 0x02
- #define MOK_VARIABLE_MEASURE 0x04
-@@ -90,8 +125,9 @@ struct mok_state_variable mok_state_variables[] = {
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
- .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
-- .addend_source = &vendor_cert,
-- .addend_size = &vendor_cert_size,
-+ .categorize_addend = categorize_authorized,
-+ .addend = &vendor_authorized,
-+ .addend_size = &vendor_authorized_size,
- #if defined(ENABLE_SHIM_CERT)
- .build_cert = &build_cert,
- .build_cert_size = &build_cert_size,
-@@ -107,6 +143,9 @@ struct mok_state_variable mok_state_variables[] = {
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
- .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
-+ .categorize_addend = categorize_deauthorized,
-+ .addend = &vendor_deauthorized,
-+ .addend_size = &vendor_deauthorized_size,
- .flags = MOK_MIRROR_KEYDB |
- MOK_VARIABLE_LOG,
- .pcr = 14,
-@@ -136,123 +175,253 @@ struct mok_state_variable mok_state_variables[] = {
- { NULL, }
- };
-
--static inline BOOLEAN nonnull(1)
--check_vendor_cert(struct mok_state_variable *v)
--{
-- return (v->addend_source && v->addend_size &&
-- *v->addend_source && *v->addend_size) ? TRUE : FALSE;
--}
-+#define should_mirror_addend(v) (((v)->categorize_addend) && ((v)->categorize_addend(v) != VENDOR_ADDEND_NONE))
-
--#if defined(ENABLE_SHIM_CERT)
- static inline BOOLEAN nonnull(1)
--check_build_cert(struct mok_state_variable *v)
-+should_mirror_build_cert(struct mok_state_variable *v)
- {
- return (v->build_cert && v->build_cert_size &&
- *v->build_cert && *v->build_cert_size) ? TRUE : FALSE;
- }
--#define check_addend(v) (check_vendor_cert(v) || check_build_cert(v))
--#else
--#define check_addend(v) check_vendor_cert(v)
--#endif /* defined(ENABLE_SHIM_CERT) */
-+
-+static const uint8_t null_sha256[32] = { 0, };
-
- static EFI_STATUS nonnull(1)
- mirror_one_mok_variable(struct mok_state_variable *v)
- {
- EFI_STATUS efi_status = EFI_SUCCESS;
-- void *FullData = NULL;
-- UINTN FullDataSize = 0;
-+ uint8_t *FullData = NULL;
-+ size_t FullDataSize = 0;
-+ vendor_addend_category_t addend_category = VENDOR_ADDEND_NONE;
- uint8_t *p = NULL;
-
-- if ((v->flags & MOK_MIRROR_KEYDB) && check_addend(v)) {
-- EFI_SIGNATURE_LIST *CertList = NULL;
-- EFI_SIGNATURE_DATA *CertData = NULL;
--#if defined(ENABLE_SHIM_CERT)
-- FullDataSize = v->data_size;
-- if (check_build_cert(v)) {
-- FullDataSize += sizeof (*CertList)
-- + sizeof (EFI_GUID)
-- + *v->build_cert_size;
-- }
-- if (check_vendor_cert(v)) {
-- FullDataSize += sizeof (*CertList)
-- + sizeof (EFI_GUID)
-- + *v->addend_size;
-- }
--#else
-- FullDataSize = v->data_size
-- + sizeof (*CertList)
-- + sizeof (EFI_GUID)
-- + *v->addend_size;
--#endif /* defined(ENABLE_SHIM_CERT) */
-- FullData = AllocatePool(FullDataSize);
-- if (!FullData) {
-- perror(L"Failed to allocate space for MokListRT\n");
-- return EFI_OUT_OF_RESOURCES;
-- }
-- p = FullData;
-+ size_t build_cert_esl_sz = 0, addend_esl_sz = 0;
-
-- if (!EFI_ERROR(efi_status) && v->data_size > 0) {
-- CopyMem(p, v->data, v->data_size);
-- p += v->data_size;
-- }
-+ if (v->categorize_addend)
-+ addend_category = v->categorize_addend(v);
-
--#if defined(ENABLE_SHIM_CERT)
-- if (check_build_cert(v) == FALSE)
-- goto skip_build_cert;
-+ /*
-+ * we're always mirroring the original data, whether this is an efi
-+ * security database or not
-+ */
-+ dprint(L"v->data_size:%lu v->data:0x%08llx\n", v->data_size, v->data);
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n", FullDataSize, FullData);
-+ if (v->data_size) {
-+ FullDataSize = v->data_size;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ FullDataSize, FullData);
-+ }
-
-- CertList = (EFI_SIGNATURE_LIST *)p;
-- p += sizeof (*CertList);
-- CertData = (EFI_SIGNATURE_DATA *)p;
-- p += sizeof (EFI_GUID);
-+ /*
-+ * if it is, there's more data
-+ */
-+ if (v->flags & MOK_MIRROR_KEYDB) {
-
-- CertList->SignatureType = EFI_CERT_TYPE_X509_GUID;
-- CertList->SignatureListSize = *v->build_cert_size
-- + sizeof (*CertList)
-- + sizeof (*CertData)
-- -1;
-- CertList->SignatureHeaderSize = 0;
-- CertList->SignatureSize = *v->build_cert_size +
-- sizeof (EFI_GUID);
-+ /*
-+ * We're mirroring (into) an efi security database, aka an
-+ * array of efi_signature_list_t. Its layout goes like:
-+ *
-+ * existing_variable_data
-+ * existing_variable_data_size
-+ * if flags & MOK_MIRROR_KEYDB
-+ * if build_cert
-+ * build_cert_esl
-+ * build_cert_header (always sz=0)
-+ * build_cert_esd[0] { owner, data }
-+ * if addend==vendor_db
-+ * for n=[1..N]
-+ * vendor_db_esl_n
-+ * vendor_db_header_n (always sz=0)
-+ * vendor_db_esd_n[m] {{ owner, data }, ... }
-+ * elif addend==vendor_cert
-+ * vendor_cert_esl
-+ * vendor_cert_header (always sz=0)
-+ * vendor_cert_esd[1] { owner, data }
-+ *
-+ * first we determine the size of the variable, then alloc
-+ * and add the data.
-+ */
-
-- CertData->SignatureOwner = SHIM_LOCK_GUID;
-- CopyMem(p, *v->build_cert, *v->build_cert_size);
-+ /*
-+ * first bit is existing data, but we added that above
-+ */
-
-- p += *v->build_cert_size;
-+ /*
-+ * then the build cert if it's there
-+ */
-+ if (should_mirror_build_cert(v)) {
-+ efi_status = fill_esl(*v->build_cert,
-+ *v->build_cert_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ NULL, &build_cert_esl_sz);
-+ if (efi_status != EFI_BUFFER_TOO_SMALL) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ FullDataSize += build_cert_esl_sz;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ FullDataSize, FullData);
-+ }
-
-- if (check_vendor_cert(v) == FALSE)
-- goto skip_vendor_cert;
--skip_build_cert:
--#endif /* defined(ENABLE_SHIM_CERT) */
-+ /*
-+ * then the addend data
-+ */
-+ switch (addend_category) {
-+ case VENDOR_ADDEND_DB:
-+ /*
-+ * if it's an ESL already, we use it wholesale
-+ */
-+ FullDataSize += *v->addend_size;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ FullDataSize, FullData);
-+ break;
-+ case VENDOR_ADDEND_X509:
-+ efi_status = fill_esl(*v->addend, *v->addend_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ NULL, &addend_esl_sz);
-+ if (efi_status != EFI_BUFFER_TOO_SMALL) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ FullDataSize += addend_esl_sz;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ FullDataSize, FullData);
-+ break;
-+ default:
-+ case VENDOR_ADDEND_NONE:
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ FullDataSize, FullData);
-+ break;
-+ }
-+ }
-
-- CertList = (EFI_SIGNATURE_LIST *)p;
-- p += sizeof (*CertList);
-- CertData = (EFI_SIGNATURE_DATA *)p;
-- p += sizeof (EFI_GUID);
-+ /*
-+ * Now we have the full size
-+ */
-+ if (FullDataSize) {
-+ /*
-+ * allocate the buffer, or use the old one if it's just the
-+ * existing data.
-+ */
-+ if (FullDataSize != v->data_size) {
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx allocating FullData\n",
-+ FullDataSize, FullData);
-+ FullData = AllocatePool(FullDataSize);
-+ if (!FullData) {
-+ FreePool(v->data);
-+ v->data = NULL;
-+ v->data_size = 0;
-+ perror(L"Failed to allocate %lu bytes for %s\n",
-+ FullDataSize, v->name);
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+ p = FullData;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ if (v->data && v->data_size) {
-+ CopyMem(p, v->data, v->data_size);
-+ p += v->data_size;
-+ }
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ } else {
-+ FullData = v->data;
-+ FullDataSize = v->data_size;
-+ p = FullData + FullDataSize;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ v->data = NULL;
-+ v->data_size = 0;
-+ }
-+ }
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-
-- CertList->SignatureType = EFI_CERT_TYPE_X509_GUID;
-- CertList->SignatureListSize = *v->addend_size
-- + sizeof (*CertList)
-- + sizeof (*CertData)
-- -1;
-- CertList->SignatureHeaderSize = 0;
-- CertList->SignatureSize = *v->addend_size + sizeof (EFI_GUID);
-+ /*
-+ * Now fill it.
-+ */
-+ if (v->flags & MOK_MIRROR_KEYDB) {
-+ /*
-+ * first bit is existing data, but again, we added that above
-+ */
-
-- CertData->SignatureOwner = SHIM_LOCK_GUID;
-- CopyMem(p, *v->addend_source, *v->addend_size);
-+ /*
-+ * second is the build cert
-+ */
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ if (should_mirror_build_cert(v)) {
-+ efi_status = fill_esl(*v->build_cert,
-+ *v->build_cert_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ p, &build_cert_esl_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ p += build_cert_esl_sz;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ }
-
--#if defined(ENABLE_SHIM_CERT)
--skip_vendor_cert:
--#endif /* defined(ENABLE_SHIM_CERT) */
-- if (v->data && v->data_size)
-- FreePool(v->data);
-- v->data = FullData;
-- v->data_size = FullDataSize;
-- } else {
-- FullDataSize = v->data_size;
-- FullData = v->data;
-+ switch (addend_category) {
-+ case VENDOR_ADDEND_DB:
-+ CopyMem(p, *v->addend, *v->addend_size);
-+ p += *v->addend_size;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ break;
-+ case VENDOR_ADDEND_X509:
-+ efi_status = fill_esl(*v->addend, *v->addend_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ p, &addend_esl_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ p += addend_esl_sz;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ break;
-+ default:
-+ case VENDOR_ADDEND_NONE:
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ break;
-+ }
-+ }
-+ /*
-+ * We always want to create our key databases, so in this case we
-+ * need a dummy entry
-+ */
-+ if ((v->flags & MOK_MIRROR_KEYDB) && FullDataSize == 0) {
-+ efi_status = variable_create_esl(
-+ null_sha256, sizeof(null_sha256),
-+ &EFI_CERT_SHA256_GUID, &SHIM_LOCK_GUID,
-+ &FullData, &FullDataSize);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to allocate %lu bytes for %s\n",
-+ FullDataSize, v->name);
-+ return efi_status;
-+ }
-+ p = FullData + FullDataSize;
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
- }
-
-+ dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
- if (FullDataSize) {
-+ dprint(L"Setting %s with %lu bytes of data\n",
-+ v->rtname, FullDataSize);
- efi_status = gRT->SetVariable(v->rtname, v->guid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_RUNTIME_ACCESS,
-@@ -262,7 +431,15 @@ skip_vendor_cert:
- v->rtname, efi_status);
- }
- }
--
-+ if (v->data && v->data_size) {
-+ FreePool(v->data);
-+ v->data = NULL;
-+ v->data_size = 0;
-+ }
-+ if (FullData && FullDataSize) {
-+ FreePool(FullData);
-+ }
-+ dprint(L"returning %r\n", efi_status);
- return efi_status;
- }
-
-@@ -274,6 +451,8 @@ static EFI_STATUS nonnull(1)
- maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
- {
- EFI_STATUS efi_status;
-+ BOOLEAN present = FALSE;
-+
- if (v->rtname) {
- if (v->flags & MOK_MIRROR_DELETE_FIRST)
- LibDeleteVariable(v->rtname, v->guid);
-@@ -286,6 +465,43 @@ maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
- efi_status);
- }
- }
-+
-+ present = (v->data && v->data_size) ? TRUE : FALSE;
-+ if (!present)
-+ return ret;
-+
-+ if (v->data_size == sizeof(UINT8) && v->state) {
-+ *v->state = v->data[0];
-+ }
-+
-+ if (v->flags & MOK_VARIABLE_MEASURE) {
-+ /*
-+ * Measure this into PCR 7 in the Microsoft format
-+ */
-+ efi_status = tpm_measure_variable(v->name, *v->guid,
-+ v->data_size,
-+ v->data);
-+ if (EFI_ERROR(efi_status)) {
-+ if (ret != EFI_SECURITY_VIOLATION)
-+ ret = efi_status;
-+ }
-+ }
-+
-+ if (v->flags & MOK_VARIABLE_LOG) {
-+ /*
-+ * Log this variable into whichever PCR the table
-+ * says.
-+ */
-+ EFI_PHYSICAL_ADDRESS datap =
-+ (EFI_PHYSICAL_ADDRESS)(UINTN)v->data,
-+ efi_status = tpm_log_event(datap, v->data_size,
-+ v->pcr, (CHAR8 *)v->name8);
-+ if (EFI_ERROR(efi_status)) {
-+ if (ret != EFI_SECURITY_VIOLATION)
-+ ret = efi_status;
-+ }
-+ }
-+
- return ret;
- }
-
-@@ -311,26 +527,20 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- user_insecure_mode = 0;
- ignore_db = 0;
-
-+ dprint(L"importing mok state\n");
- for (i = 0; mok_state_variables[i].name != NULL; i++) {
- struct mok_state_variable *v = &mok_state_variables[i];
- UINT32 attrs = 0;
-- BOOLEAN delete = FALSE, present, addend;
--
-- addend = check_addend(v);
-+ BOOLEAN delete = FALSE;
-
- efi_status = get_variable_attr(v->name,
- &v->data, &v->data_size,
- *v->guid, &attrs);
-+ dprint(L"maybe mirroring %s\n", v->name);
- if (efi_status == EFI_NOT_FOUND) {
-- if (addend)
-- ret = maybe_mirror_one_mok_variable(v, ret);
-- /*
-- * after possibly adding, we can continue, no
-- * further checks to be done.
-- */
-- continue;
-- }
-- if (EFI_ERROR(efi_status)) {
-+ v->data = NULL;
-+ v->data_size = 0;
-+ } else if (EFI_ERROR(efi_status)) {
- perror(L"Could not verify %s: %r\n", v->name,
- efi_status);
- /*
-@@ -339,22 +549,22 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- */
- if (ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
-- continue;
-- }
--
-- if (!(attrs & v->yes_attr)) {
-- perror(L"Variable %s is missing attributes:\n",
-- v->name);
-- perror(L" 0x%08x should have 0x%08x set.\n",
-- attrs, v->yes_attr);
-- delete = TRUE;
-- }
-- if (attrs & v->no_attr) {
-- perror(L"Variable %s has incorrect attribute:\n",
-- v->name);
-- perror(L" 0x%08x should not have 0x%08x set.\n",
-- attrs, v->no_attr);
- delete = TRUE;
-+ } else {
-+ if (!(attrs & v->yes_attr)) {
-+ perror(L"Variable %s is missing attributes:\n",
-+ v->name);
-+ perror(L" 0x%08x should have 0x%08x set.\n",
-+ attrs, v->yes_attr);
-+ delete = TRUE;
-+ }
-+ if (attrs & v->no_attr) {
-+ perror(L"Variable %s has incorrect attribute:\n",
-+ v->name);
-+ perror(L" 0x%08x should not have 0x%08x set.\n",
-+ attrs, v->no_attr);
-+ delete = TRUE;
-+ }
- }
- if (delete == TRUE) {
- perror(L"Deleting bad variable %s\n", v->name);
-@@ -366,45 +576,9 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- FreePool(v->data);
- v->data = NULL;
- v->data_size = 0;
-- continue;
- }
-
-- if (v->data && v->data_size == sizeof(UINT8) && v->state) {
-- *v->state = v->data[0];
-- }
--
-- present = (v->data && v->data_size) ? TRUE : FALSE;
--
-- if (v->flags & MOK_VARIABLE_MEASURE && present) {
-- /*
-- * Measure this into PCR 7 in the Microsoft format
-- */
-- efi_status = tpm_measure_variable(v->name, *v->guid,
-- v->data_size,
-- v->data);
-- if (EFI_ERROR(efi_status)) {
-- if (ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-- }
--
-- if (v->flags & MOK_VARIABLE_LOG && present) {
-- /*
-- * Log this variable into whichever PCR the table
-- * says.
-- */
-- EFI_PHYSICAL_ADDRESS datap =
-- (EFI_PHYSICAL_ADDRESS)(UINTN)v->data,
-- efi_status = tpm_log_event(datap, v->data_size,
-- v->pcr, (CHAR8 *)v->name8);
-- if (EFI_ERROR(efi_status)) {
-- if (ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-- }
--
-- if (present)
-- ret = maybe_mirror_one_mok_variable(v, ret);
-+ ret = maybe_mirror_one_mok_variable(v, ret);
- }
-
- /*
-@@ -412,14 +586,16 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- * cause MokManager to demand a machine reboot, so this is safe to
- * have after the entire loop.
- */
-+ dprint(L"checking mok request\n");
- efi_status = check_mok_request(image_handle);
-+ dprint(L"mok returned %r\n", efi_status);
- if (EFI_ERROR(efi_status)) {
- if (ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
- return ret;
- }
-
--
-+ dprint(L"returning %r\n", ret);
- return ret;
- }
-
-diff --git a/shim.c b/shim.c
-index 888ee6e8d7b..ee62248ca4e 100644
---- a/shim.c
-+++ b/shim.c
-@@ -646,6 +646,31 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
- }
- }
-
-+#if defined(VENDOR_DB_FILE)
-+ EFI_SIGNATURE_LIST *db = (EFI_SIGNATURE_LIST *)vendor_db;
-+
-+ if (check_db_hash_in_ram(db, vendor_db_size,
-+ sha256hash, SHA256_DIGEST_SIZE,
-+ EFI_CERT_SHA256_GUID, L"vendor_db",
-+ EFI_SECURE_BOOT_DB_GUID) == DATA_FOUND) {
-+ verification_method = VERIFIED_BY_HASH;
-+ update_verification_method(VERIFIED_BY_HASH);
-+ return EFI_SUCCESS;
-+ } else {
-+ LogError(L"check_db_hash(vendor_db, sha256hash) != DATA_FOUND\n");
-+ }
-+ if (cert &&
-+ check_db_cert_in_ram(db, vendor_db_size,
-+ cert, sha256hash, L"vendor_db",
-+ EFI_SECURE_BOOT_DB_GUID) == DATA_FOUND) {
-+ verification_method = VERIFIED_BY_CERT;
-+ update_verification_method(VERIFIED_BY_CERT);
-+ return EFI_SUCCESS;
-+ } else {
-+ LogError(L"check_db_cert(vendor_db, sha256hash) != DATA_FOUND\n");
-+ }
-+#endif
-+
- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash,
- SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID)
- == DATA_FOUND) {
-@@ -1076,6 +1101,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- }
- #endif /* defined(ENABLE_SHIM_CERT) */
-
-+#if defined(VENDOR_CERT_FILE)
- /*
- * And finally, check against shim's built-in key
- */
-@@ -1093,6 +1119,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- } else {
- LogError(L"AuthenticodeVerify(vendor_authorized) failed\n");
- }
-+#endif /* defined(VENDOR_CERT_FILE) */
- }
-
- LogError(L"Binary is not whitelisted\n");
-diff --git a/include/console.h b/include/console.h
-index 9f259c71b72..810bf13a1f1 100644
---- a/include/console.h
-+++ b/include/console.h
-@@ -78,12 +78,13 @@ struct _EFI_CONSOLE_CONTROL_PROTOCOL {
- extern VOID console_fini(VOID);
- extern VOID setup_verbosity(VOID);
- extern UINT32 verbose;
--#define dprint(fmt, ...) ({ \
-+#define dprint_(fmt, ...) ({ \
- UINTN __dprint_ret = 0; \
- if (verbose) \
- __dprint_ret = console_print((fmt), ##__VA_ARGS__); \
- __dprint_ret; \
- })
-+#define dprint(fmt, ...) dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-
- extern EFI_STATUS print_crypto_errors(EFI_STATUS rc, char *file, const char *func, int line);
- #define crypterr(rc) print_crypto_errors((rc), __FILE__, __func__, __LINE__)
-diff --git a/include/variables.h b/include/variables.h
-index 8566a1a4746..436adb46e16 100644
---- a/include/variables.h
-+++ b/include/variables.h
-@@ -57,7 +57,12 @@ EFI_STATUS
- variable_enroll_hash(CHAR16 *var, EFI_GUID owner,
- UINT8 hash[SHA256_DIGEST_SIZE]);
- EFI_STATUS
--variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner,
-- void **out, int *outlen);
-+variable_create_esl(const uint8_t *cert, const size_t cert_len,
-+ const EFI_GUID *type, const EFI_GUID *owner,
-+ uint8_t **out, size_t *outlen);
-+EFI_STATUS
-+fill_esl(const uint8_t *data, const size_t data_len,
-+ const EFI_GUID *type, const EFI_GUID *owner,
-+ uint8_t *out, size_t *outlen);
-
- #endif /* SHIM_VARIABLES_H */
-diff --git a/shim.h b/shim.h
-index 555498c6673..c1d7e7c7197 100644
---- a/shim.h
-+++ b/shim.h
-@@ -97,7 +97,11 @@
- #define FALLBACK L"\\fb" EFI_ARCH L".efi"
- #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
-
--#if defined(VENDOR_CERT_FILE)
-+#if defined(VENDOR_DB_FILE)
-+# define vendor_authorized vendor_db
-+# define vendor_authorized_size vendor_db_size
-+# define vendor_authorized_category VENDOR_ADDEND_DB
-+#elif defined(VENDOR_CERT_FILE)
- # define vendor_authorized vendor_cert
- # define vendor_authorized_size vendor_cert_size
- # define vendor_authorized_category VENDOR_ADDEND_X509
-@@ -116,6 +120,7 @@
- #endif
-
- #include "include/asm.h"
-+#include "include/compiler.h"
- #include "include/configtable.h"
- #include "include/console.h"
- #include "include/crypt_blowfish.h"
-diff --git a/cert.S b/cert.S
-index 520caaef3af..e636fcbbf2d 100644
---- a/cert.S
-+++ b/cert.S
-@@ -1,5 +1,12 @@
-
--#if defined(VENDOR_CERT_FILE)
-+#if defined(VENDOR_DB_FILE) && defined(VENDOR_CERT_FILE)
-+# error both VENDOR_DB_FILE and VENDOR_CERT_FILE have been configured
-+#elif defined(VENDOR_DB_FILE)
-+# define vendor_authorized vendor_db
-+# define vendor_authorized_end vendor_db_end
-+# define vendor_authorized_size vendor_db_size
-+# define vendor_authorized_size_end vendor_db_size_end
-+#elif defined(VENDOR_CERT_FILE)
- # define vendor_authorized vendor_cert
- # define vendor_authorized_end vendor_cert_end
- # define vendor_authorized_size vendor_cert_size
-@@ -28,7 +35,9 @@ cert_table:
- .size vendor_authorized, .Lvendor_authorized_end - vendor_authorized
- .section .vendor_cert, "a", %progbits
- vendor_authorized:
--#if defined(VENDOR_CERT_FILE)
-+#if defined(VENDOR_DB_FILE)
-+.incbin VENDOR_DB_FILE
-+#elif defined(VENDOR_CERT_FILE)
- .incbin VENDOR_CERT_FILE
- #endif
- .Lvendor_authorized_end:
-diff --git a/Make.defaults b/Make.defaults
-index f0bfa9fd573..2e01646a35d 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -125,6 +125,9 @@ BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
-
- CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\""
-
-+ifneq ($(origin VENDOR_DB_FILE), undefined)
-+ CFLAGS += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
-+endif
- ifneq ($(origin VENDOR_CERT_FILE), undefined)
- CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
- endif
-diff --git a/README.tpm b/README.tpm
-index c060dbe22db..62308d5c71a 100644
---- a/README.tpm
-+++ b/README.tpm
-@@ -13,6 +13,7 @@ PCR7:
- - MokListX - the Mok blacklist, logged as "MokListX"
- - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx"
- - DB - the system whitelist, logged as "db"
-+ - vendor_db - shim's built-in vendor whitelist, logged as "db"
- - MokList the Mok whitelist, logged as "MokList"
- - vendor_cert - shim's built-in vendor whitelist, logged as "Shim"
- - shim_cert - shim's build-time generated whitelist, logged as "Shim"
---
-2.26.2
-
diff --git a/SOURCES/0058-Handle-binaries-with-multiple-signatures.patch b/SOURCES/0058-Handle-binaries-with-multiple-signatures.patch
deleted file mode 100644
index 84482de..0000000
--- a/SOURCES/0058-Handle-binaries-with-multiple-signatures.patch
+++ /dev/null
@@ -1,366 +0,0 @@
-From 76c0447e204c7e4ce918c4887ce8aae0e0816271 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 16:32:05 -0400
-Subject: [PATCH 58/62] Handle binaries with multiple signatures.
-
-This adds support for multiple signatures. It first tries validating
-the binary by hash, first against our dbx lists, then against our db
-lists. If it isn't allowed or rejected at that step, it continues to
-the normal routine of checking all the signatures.
-
-At this point it does *not* reject a binary just because a signature is
-by a cert on a dbx list, though that will override any db list that
-certificate is listed on. If at any point any assertion about the
-binary or signature list being well-formed fails, the binary is
-immediately rejected, though we do allow skipping over signatures
-which have an unsupported sig->Hdr.wCertificateType.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#210
----
- shim.c | 287 +++++++++++++++++++++++++++++++++++++++------------------
- 1 file changed, 198 insertions(+), 89 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index ee62248ca4e..d10a1ba1cac 100644
---- a/shim.c
-+++ b/shim.c
-@@ -690,7 +690,7 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
- }
-
- update_verification_method(VERIFIED_BY_NOTHING);
-- return EFI_SECURITY_VIOLATION;
-+ return EFI_NOT_FOUND;
- }
-
- /*
-@@ -1004,6 +1004,103 @@ done:
- return efi_status;
- }
-
-+static EFI_STATUS
-+verify_one_signature(WIN_CERTIFICATE_EFI_PKCS *sig,
-+ UINT8 *sha256hash, UINT8 *sha1hash)
-+{
-+ EFI_STATUS efi_status;
-+
-+ /*
-+ * Ensure that the binary isn't blacklisted
-+ */
-+ drain_openssl_errors();
-+ efi_status = check_blacklist(sig, sha256hash, sha1hash);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Binary is blacklisted: %r\n", efi_status);
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(efi_status);
-+ return efi_status;
-+ }
-+
-+ /*
-+ * Check whether the binary is whitelisted in any of the firmware
-+ * databases
-+ */
-+ drain_openssl_errors();
-+ efi_status = check_whitelist(sig, sha256hash, sha1hash);
-+ if (EFI_ERROR(efi_status)) {
-+ if (efi_status != EFI_NOT_FOUND) {
-+ dprint(L"check_whitelist(): %r\n", efi_status);
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(efi_status);
-+ }
-+ } else {
-+ drain_openssl_errors();
-+ return efi_status;
-+ }
-+
-+ efi_status = EFI_NOT_FOUND;
-+#if defined(ENABLE_SHIM_CERT)
-+ /*
-+ * Check against the shim build key
-+ */
-+ drain_openssl_errors();
-+ if (build_cert && build_cert_size) {
-+ dprint("verifying against shim cert\n");
-+ }
-+ if (build_cert && build_cert_size &&
-+ AuthenticodeVerify(sig->CertData,
-+ sig->Hdr.dwLength - sizeof(sig->Hdr),
-+ build_cert, build_cert_size, sha256hash,
-+ SHA256_DIGEST_SIZE)) {
-+ dprint(L"AuthenticodeVerify(shim_cert) succeeded\n");
-+ update_verification_method(VERIFIED_BY_CERT);
-+ tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
-+ build_cert_size, build_cert);
-+ efi_status = EFI_SUCCESS;
-+ drain_openssl_errors();
-+ return efi_status;
-+ } else {
-+ dprint(L"AuthenticodeVerify(shim_cert) failed\n");
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(EFI_NOT_FOUND);
-+ }
-+#endif /* defined(ENABLE_SHIM_CERT) */
-+
-+#if defined(VENDOR_CERT_FILE)
-+ /*
-+ * And finally, check against shim's built-in key
-+ */
-+ drain_openssl_errors();
-+ if (vendor_cert_size) {
-+ dprint("verifying against vendor_cert\n");
-+ }
-+ if (vendor_cert_size &&
-+ AuthenticodeVerify(sig->CertData,
-+ sig->Hdr.dwLength - sizeof(sig->Hdr),
-+ vendor_cert, vendor_cert_size,
-+ sha256hash, SHA256_DIGEST_SIZE)) {
-+ dprint(L"AuthenticodeVerify(vendor_cert) succeeded\n");
-+ update_verification_method(VERIFIED_BY_CERT);
-+ tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
-+ vendor_cert_size, vendor_cert);
-+ efi_status = EFI_SUCCESS;
-+ drain_openssl_errors();
-+ return efi_status;
-+ } else {
-+ dprint(L"AuthenticodeVerify(vendor_cert) failed\n");
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(EFI_NOT_FOUND);
-+ }
-+#endif /* defined(VENDOR_CERT_FILE) */
-+
-+ return efi_status;
-+}
-+
- /*
- * Check that the signature is valid and matches the binary
- */
-@@ -1011,40 +1108,14 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- PE_COFF_LOADER_IMAGE_CONTEXT *context,
- UINT8 *sha256hash, UINT8 *sha1hash)
- {
-- EFI_STATUS efi_status = EFI_SECURITY_VIOLATION;
-- WIN_CERTIFICATE_EFI_PKCS *cert = NULL;
-- unsigned int size = datasize;
-+ EFI_STATUS ret_efi_status;
-+ size_t size = datasize;
-+ size_t offset = 0;
-+ unsigned int i = 0;
-
- if (datasize < 0)
- return EFI_INVALID_PARAMETER;
-
-- if (context->SecDir->Size != 0) {
-- if (context->SecDir->Size >= size) {
-- perror(L"Certificate Database size is too large\n");
-- return EFI_INVALID_PARAMETER;
-- }
--
-- cert = ImageAddress (data, size,
-- context->SecDir->VirtualAddress);
--
-- if (!cert) {
-- perror(L"Certificate located outside the image\n");
-- return EFI_INVALID_PARAMETER;
-- }
--
-- if (cert->Hdr.dwLength > context->SecDir->Size) {
-- perror(L"Certificate list size is inconsistent with PE headers");
-- return EFI_INVALID_PARAMETER;
-- }
--
-- if (cert->Hdr.wCertificateType !=
-- WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
-- perror(L"Unsupported certificate type %x\n",
-- cert->Hdr.wCertificateType);
-- return EFI_UNSUPPORTED;
-- }
-- }
--
- /*
- * Clear OpenSSL's error log, because we get some DSO unimplemented
- * errors during its intialization, and we don't want those to look
-@@ -1052,81 +1123,119 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- */
- drain_openssl_errors();
-
-- efi_status = generate_hash(data, datasize, context, sha256hash, sha1hash);
-- if (EFI_ERROR(efi_status)) {
-- LogError(L"generate_hash: %r\n", efi_status);
-- return efi_status;
-+ ret_efi_status = generate_hash(data, datasize, context, sha256hash, sha1hash);
-+ if (EFI_ERROR(ret_efi_status)) {
-+ dprint(L"generate_hash: %r\n", ret_efi_status);
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(ret_efi_status);
-+ return ret_efi_status;
- }
-
- /*
-- * Ensure that the binary isn't blacklisted
-+ * Ensure that the binary isn't blacklisted by hash
- */
-- efi_status = check_blacklist(cert, sha256hash, sha1hash);
-- if (EFI_ERROR(efi_status)) {
-+ drain_openssl_errors();
-+ ret_efi_status = check_blacklist(NULL, sha256hash, sha1hash);
-+ if (EFI_ERROR(ret_efi_status)) {
- perror(L"Binary is blacklisted\n");
-- LogError(L"Binary is blacklisted: %r\n", efi_status);
-- return efi_status;
-+ dprint(L"Binary is blacklisted: %r\n", ret_efi_status);
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(ret_efi_status);
-+ return ret_efi_status;
- }
-
- /*
-- * Check whether the binary is whitelisted in any of the firmware
-- * databases
-+ * Check whether the binary is whitelisted by hash in any of the
-+ * firmware databases
- */
-- efi_status = check_whitelist(cert, sha256hash, sha1hash);
-- if (EFI_ERROR(efi_status)) {
-- LogError(L"check_whitelist(): %r\n", efi_status);
-+ drain_openssl_errors();
-+ ret_efi_status = check_whitelist(NULL, sha256hash, sha1hash);
-+ if (EFI_ERROR(ret_efi_status)) {
-+ dprint(L"check_whitelist: %r\n", ret_efi_status);
-+ if (ret_efi_status != EFI_NOT_FOUND) {
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(ret_efi_status);
-+ return ret_efi_status;
-+ }
- } else {
- drain_openssl_errors();
-- return efi_status;
-+ return ret_efi_status;
- }
-
-- if (cert) {
--#if defined(ENABLE_SHIM_CERT)
-- /*
-- * Check against the shim build key
-- */
-- if (sizeof(shim_cert) &&
-- AuthenticodeVerify(cert->CertData,
-- cert->Hdr.dwLength - sizeof(cert->Hdr),
-- shim_cert, sizeof(shim_cert), sha256hash,
-- SHA256_DIGEST_SIZE)) {
-- update_verification_method(VERIFIED_BY_CERT);
-- tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
-- sizeof(shim_cert), shim_cert);
-- efi_status = EFI_SUCCESS;
-- drain_openssl_errors();
-- return efi_status;
-- } else {
-- LogError(L"AuthenticodeVerify(shim_cert) failed\n");
-+ if (context->SecDir->Size == 0) {
-+ dprint(L"No signatures found\n");
-+ return EFI_SECURITY_VIOLATION;
-+ }
-+
-+ if (context->SecDir->Size >= size) {
-+ perror(L"Certificate Database size is too large\n");
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ ret_efi_status = EFI_NOT_FOUND;
-+ do {
-+ WIN_CERTIFICATE_EFI_PKCS *sig = NULL;
-+ size_t sz;
-+
-+ sig = ImageAddress(data, size,
-+ context->SecDir->VirtualAddress + offset);
-+ if (!sig)
-+ break;
-+
-+ sz = offset + offsetof(WIN_CERTIFICATE_EFI_PKCS, Hdr.dwLength)
-+ + sizeof(sig->Hdr.dwLength);
-+ if (sz > context->SecDir->Size) {
-+ perror(L"Certificate size is too large for secruity database");
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ sz = sig->Hdr.dwLength;
-+ if (sz > context->SecDir->Size - offset) {
-+ perror(L"Certificate size is too large for secruity database");
-+ return EFI_INVALID_PARAMETER;
- }
--#endif /* defined(ENABLE_SHIM_CERT) */
--
--#if defined(VENDOR_CERT_FILE)
-- /*
-- * And finally, check against shim's built-in key
-- */
-- if (vendor_authorized_size &&
-- AuthenticodeVerify(cert->CertData,
-- cert->Hdr.dwLength - sizeof(cert->Hdr),
-- vendor_authorized, vendor_authorized_size,
-- sha256hash, SHA256_DIGEST_SIZE)) {
-- update_verification_method(VERIFIED_BY_CERT);
-- tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
-- vendor_authorized_size, vendor_authorized);
-- efi_status = EFI_SUCCESS;
-- drain_openssl_errors();
-- return efi_status;
-+
-+ if (sz < sizeof(sig->Hdr)) {
-+ perror(L"Certificate size is too small for certificate data");
-+ return EFI_INVALID_PARAMETER;
-+ }
-+
-+ if (sig->Hdr.wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
-+ EFI_STATUS efi_status;
-+
-+ dprint(L"Attempting to verify signature %d:\n", i++);
-+
-+ efi_status = verify_one_signature(sig, sha256hash, sha1hash);
-+
-+ /*
-+ * If we didn't get EFI_SECURITY_VIOLATION from
-+ * checking the hashes above, then any dbx entries are
-+ * for a certificate, not this individual binary.
-+ *
-+ * So don't clobber successes with security violation
-+ * here; that just means it isn't a success.
-+ */
-+ if (ret_efi_status != EFI_SUCCESS)
-+ ret_efi_status = efi_status;
- } else {
-- LogError(L"AuthenticodeVerify(vendor_authorized) failed\n");
-+ perror(L"Unsupported certificate type %x\n",
-+ sig->Hdr.wCertificateType);
- }
--#endif /* defined(VENDOR_CERT_FILE) */
-- }
-+ offset = ALIGN_VALUE(offset + sz, 8);
-+ } while (offset < context->SecDir->Size);
-
-- LogError(L"Binary is not whitelisted\n");
-- crypterr(EFI_SECURITY_VIOLATION);
-- PrintErrors();
-- efi_status = EFI_SECURITY_VIOLATION;
-- return efi_status;
-+ if (ret_efi_status != EFI_SUCCESS) {
-+ dprint(L"Binary is not whitelisted\n");
-+ PrintErrors();
-+ ClearErrors();
-+ crypterr(EFI_SECURITY_VIOLATION);
-+ ret_efi_status = EFI_SECURITY_VIOLATION;
-+ }
-+ drain_openssl_errors();
-+ return ret_efi_status;
- }
-
- /*
---
-2.26.2
-
diff --git a/SOURCES/0059-Make-openssl-accept-the-right-set-of-KU-EKUs.patch b/SOURCES/0059-Make-openssl-accept-the-right-set-of-KU-EKUs.patch
deleted file mode 100644
index 87d6f0c..0000000
--- a/SOURCES/0059-Make-openssl-accept-the-right-set-of-KU-EKUs.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 705d47ac2c90b8de07a4ef3e1930de6c4b8fece0 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 22 Jul 2020 19:54:58 -0400
-Subject: [PATCH 59/62] Make openssl accept the right set of KU/EKUs
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#211
----
- Cryptlib/Pk/CryptPkcs7Verify.c | 87 ++++++++++++++++++++++++++++++++++
- 1 file changed, 87 insertions(+)
-
-diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c
-index dcaba436797..09895d8c66a 100644
---- a/Cryptlib/Pk/CryptPkcs7Verify.c
-+++ b/Cryptlib/Pk/CryptPkcs7Verify.c
-@@ -30,6 +30,91 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
- UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
-
-+#if 1
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
-+#define X509_OBJECT_get_type(obj) ((obj)->type)
-+#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
-+#define X509_STORE_get0_objects(certs) ((certs)->objs)
-+#define X509_get_extended_key_usage(cert) ((cert)->ex_xkusage)
-+#if OPENSSL_VERSION_NUMBER < 0x10020000L
-+#define X509_STORE_CTX_get0_store(ctx) ((ctx)->ctx)
-+#endif
-+#endif
-+
-+static int cert_in_store(X509 *cert, X509_STORE_CTX *ctx)
-+{
-+ X509_OBJECT obj;
-+ obj.type = X509_LU_X509;
-+ obj.data.x509 = cert;
-+ return X509_OBJECT_retrieve_match(ctx->ctx->objs, &obj) != NULL;
-+}
-+#else
-+/*
-+ * Later versions of openssl will need this instead.
-+ */
-+static int cert_in_store(X509 *cert, X509_STORE_CTX *ctx)
-+{
-+ STACK_OF(X509_OBJECT) *objs;
-+ X509_OBJECT *obj;
-+ int i;
-+
-+ objs = X509_STORE_get0_objects(X509_STORE_CTX_get0_store(ctx));
-+
-+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
-+ obj = sk_X509_OBJECT_value(objs, i);
-+
-+ if (X509_OBJECT_get_type(obj) == X509_LU_X509 &&
-+ !X509_cmp(X509_OBJECT_get0_X509(obj), cert))
-+ return 1;
-+ }
-+
-+ return 0;
-+}
-+#endif
-+
-+int
-+X509VerifyCb (
-+ IN int Status,
-+ IN X509_STORE_CTX *Context
-+ )
-+{
-+ INTN Error;
-+
-+ Error = (INTN) X509_STORE_CTX_get_error (Context);
-+
-+ /* Accept code-signing keys */
-+ if (Error == X509_V_ERR_INVALID_PURPOSE &&
-+ X509_get_extended_key_usage(X509_STORE_CTX_get0_cert(Context)) == XKU_CODE_SIGN) {
-+ Status = 1;
-+ } else if (Error == X509_V_ERR_CERT_UNTRUSTED ||
-+ Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT ||
-+ Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
-+ Error == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) {
-+ /* all certs in our cert database are explicitly trusted */
-+
-+ if (cert_in_store(X509_STORE_CTX_get_current_cert(Context), Context))
-+ Status = 1;
-+ } else if (Error == X509_V_ERR_CERT_HAS_EXPIRED ||
-+ Error == X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD ||
-+ Error == X509_V_ERR_CERT_NOT_YET_VALID ||
-+ Error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
-+ Error == X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD) {
-+ /* UEFI explicitly allows expired certificates */
-+ Status = 1;
-+#if 0
-+ } else if (Error == X509_V_ERR_INVALID_CA) {
-+ /* Due to the historical reason, we have to relax the the x509 v3 extension
-+ * check to allow the CA certificates without the CA flag in the basic
-+ * constraints or KeyCertSign in the key usage to be loaded. In the future,
-+ * this callback should be removed to enforce the proper check. */
-+ Status = 1;
-+#endif
-+ }
-+
-+ return Status;
-+}
-+
- /**
- Check input P7Data is a wrapped ContentInfo structure or not. If not construct
- a new structure to wrap P7Data.
-@@ -844,6 +929,8 @@ Pkcs7Verify (
- goto _Exit;
- }
-
-+ X509_STORE_set_verify_cb (CertStore, X509VerifyCb);
-+
- //
- // For generic PKCS#7 handling, InData may be NULL if the content is present
- // in PKCS#7 structure. So ignore NULL checking here.
---
-2.26.2
-
diff --git a/SOURCES/0060-Improve-debug-output-some.patch b/SOURCES/0060-Improve-debug-output-some.patch
deleted file mode 100644
index b48e54b..0000000
--- a/SOURCES/0060-Improve-debug-output-some.patch
+++ /dev/null
@@ -1,451 +0,0 @@
-From fc4368fed53837e00d303600d8b628cb0392b629 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 20:29:52 -0400
-Subject: [PATCH 60/62] Improve debug output some
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: pr#213
----
- errlog.c | 26 ++++++-
- shim.c | 36 ++++++++--
- include/console.h | 3 +
- include/hexdump.h | 172 ++++++++++++++++++++++++++++------------------
- shim.h | 5 +-
- 5 files changed, 164 insertions(+), 78 deletions(-)
-
-diff --git a/errlog.c b/errlog.c
-index 6669c800233..08f7a82a6b2 100644
---- a/errlog.c
-+++ b/errlog.c
-@@ -3,12 +3,28 @@
- * Copyright 2017 Peter Jones <pjones@redhat.com>
- */
- #include "shim.h"
-+#include "hexdump.h"
-
- static CHAR16 **errs = NULL;
- static UINTN nerrs = 0;
-
- EFI_STATUS
--VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
-+vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args)
-+{
-+ va_list args2;
-+ EFI_STATUS efi_status = EFI_SUCCESS;
-+
-+ if (verbose) {
-+ va_copy(args2, args);
-+ console_print(L"%a:%d:%a() ", file, line, func);
-+ efi_status = VPrint(fmt, args2);
-+ va_end(args2);
-+ }
-+ return efi_status;
-+}
-+
-+EFI_STATUS
-+VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args)
- {
- va_list args2;
- CHAR16 **newerrs;
-@@ -35,7 +51,7 @@ VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list arg
- }
-
- EFI_STATUS
--LogError_(const char *file, int line, const char *func, CHAR16 *fmt, ...)
-+LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...)
- {
- va_list args;
- EFI_STATUS efi_status;
-@@ -47,6 +63,12 @@ LogError_(const char *file, int line, const char *func, CHAR16 *fmt, ...)
- return efi_status;
- }
-
-+VOID
-+LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz)
-+{
-+ hexdumpat(file, line, func, data, sz, 0);
-+}
-+
- VOID
- PrintErrors(VOID)
- {
-diff --git a/shim.c b/shim.c
-index d10a1ba1cac..9248642bd57 100644
---- a/shim.c
-+++ b/shim.c
-@@ -34,6 +34,7 @@
- */
-
- #include "shim.h"
-+#include "hexdump.h"
- #if defined(ENABLE_SHIM_CERT)
- #include "shim_cert.h"
- #endif /* defined(ENABLE_SHIM_CERT) */
-@@ -373,12 +374,18 @@ static BOOLEAN verify_x509(UINT8 *Cert, UINTN CertSize)
- * and 64KB. For convenience, assume the number of value bytes
- * is 2, i.e. the second byte is 0x82.
- */
-- if (Cert[0] != 0x30 || Cert[1] != 0x82)
-+ if (Cert[0] != 0x30 || Cert[1] != 0x82) {
-+ dprint(L"cert[0:1] is [%02x%02x], should be [%02x%02x]\n",
-+ Cert[0], Cert[1], 0x30, 0x82);
- return FALSE;
-+ }
-
- length = Cert[2]<<8 | Cert[3];
-- if (length != (CertSize - 4))
-+ if (length != (CertSize - 4)) {
-+ dprint(L"Cert length is %ld, expecting %ld\n",
-+ length, CertSize);
- return FALSE;
-+ }
-
- return TRUE;
- }
-@@ -426,19 +433,23 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertSize;
- BOOLEAN IsFound = FALSE;
-+ int i = 0;
-
- while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
- if (CompareGuid (&CertList->SignatureType, &EFI_CERT_TYPE_X509_GUID) == 0) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertSize = CertList->SignatureSize - sizeof(EFI_GUID);
-+ dprint(L"trying to verify cert %d (%s)\n", i++, dbname);
- if (verify_x509(Cert->SignatureData, CertSize)) {
- if (verify_eku(Cert->SignatureData, CertSize)) {
-+ drain_openssl_errors();
- IsFound = AuthenticodeVerify (data->CertData,
- data->Hdr.dwLength - sizeof(data->Hdr),
- Cert->SignatureData,
- CertSize,
- hash, SHA256_DIGEST_SIZE);
- if (IsFound) {
-+ dprint(L"AuthenticodeVerify() succeeded: %d\n", IsFound);
- tpm_measure_variable(dbname, guid, CertSize, Cert->SignatureData);
- drain_openssl_errors();
- return DATA_FOUND;
-@@ -447,7 +458,9 @@ static CHECK_STATUS check_db_cert_in_ram(EFI_SIGNATURE_LIST *CertList,
- }
- }
- } else if (verbose) {
-- console_notify(L"Not a DER encoding x.509 Certificate");
-+ console_print(L"Not a DER encoded x.509 Certificate");
-+ dprint(L"cert:\n");
-+ dhexdumpat(Cert->SignatureData, CertSize, 0);
- }
- }
-
-@@ -641,7 +654,7 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
- verification_method = VERIFIED_BY_CERT;
- update_verification_method(VERIFIED_BY_CERT);
- return EFI_SUCCESS;
-- } else {
-+ } else if (cert) {
- LogError(L"check_db_cert(db, sha256hash) != DATA_FOUND\n");
- }
- }
-@@ -666,7 +679,7 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
- verification_method = VERIFIED_BY_CERT;
- update_verification_method(VERIFIED_BY_CERT);
- return EFI_SUCCESS;
-- } else {
-+ } else if (cert) {
- LogError(L"check_db_cert(vendor_db, sha256hash) != DATA_FOUND\n");
- }
- #endif
-@@ -685,7 +698,7 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
- verification_method = VERIFIED_BY_CERT;
- update_verification_method(VERIFIED_BY_CERT);
- return EFI_SUCCESS;
-- } else {
-+ } else if (cert) {
- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n");
- }
-
-@@ -993,6 +1006,11 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
- goto done;
- }
-
-+ dprint(L"sha1 authenticode hash:\n");
-+ dhexdumpat(sha1hash, SHA1_DIGEST_SIZE, 0);
-+ dprint(L"sha256 authenticode hash:\n");
-+ dhexdumpat(sha256hash, SHA256_DIGEST_SIZE, 0);
-+
- done:
- if (SectionHeader)
- FreePool(SectionHeader);
-@@ -1155,6 +1173,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
- if (EFI_ERROR(ret_efi_status)) {
- dprint(L"check_whitelist: %r\n", ret_efi_status);
- if (ret_efi_status != EFI_NOT_FOUND) {
-+ dprint(L"check_whitelist(): %r\n", ret_efi_status);
- PrintErrors();
- ClearErrors();
- crypterr(ret_efi_status);
-@@ -1803,6 +1822,7 @@ static EFI_STATUS load_image (EFI_LOADED_IMAGE *li, void **data,
-
- device = li->DeviceHandle;
-
-+ dprint(L"attempting to load %s\n", PathName);
- /*
- * Open the device
- */
-@@ -2778,6 +2798,10 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- */
- InitializeLib(image_handle, systab);
-
-+ dprint(L"vendor_authorized:0x%08lx vendor_authorized_size:%lu\n",
-+ __FILE__, __LINE__, __func__, vendor_authorized, vendor_authorized_size);
-+ dprint(L"vendor_deauthorized:0x%08lx vendor_deauthorized_size:%lu\n",
-+ __FILE__, __LINE__, __func__, vendor_deauthorized, vendor_deauthorized_size);
- init_openssl();
-
- /*
-diff --git a/include/console.h b/include/console.h
-index 810bf13a1f1..ac6fdf61d18 100644
---- a/include/console.h
-+++ b/include/console.h
-@@ -85,6 +85,9 @@ extern UINT32 verbose;
- __dprint_ret; \
- })
- #define dprint(fmt, ...) dprint_(L"%a:%d:%a() " fmt, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-+extern EFI_STATUS
-+vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, va_list args);
-+#define vdprint(fmt, ...) vdprint_(fmt, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
-
- extern EFI_STATUS print_crypto_errors(EFI_STATUS rc, char *file, const char *func, int line);
- #define crypterr(rc) print_crypto_errors((rc), __FILE__, __func__, __LINE__)
-diff --git a/include/hexdump.h b/include/hexdump.h
-index d337b571d8d..f3f3ac284a3 100644
---- a/include/hexdump.h
-+++ b/include/hexdump.h
-@@ -1,104 +1,140 @@
- #ifndef STATIC_HEXDUMP_H
- #define STATIC_HEXDUMP_H
-
--static int
--__attribute__((__unused__))
--isprint(char c)
--{
-- if (c < 0x20)
-- return 0;
-- if (c > 0x7e)
-- return 0;
-- return 1;
--}
-+#include <stdint.h>
-
--static UINTN
--__attribute__((__unused__))
--format_hex(UINT8 *data, UINTN size, CHAR16 *buf)
-+static inline unsigned long UNUSED
-+prepare_hex(const void *data, size_t size, char *buf, int position)
- {
-- UINTN sz = (UINTN)data % 16;
-- CHAR16 hexchars[] = L"0123456789abcdef";
-+ char hexchars[] = "0123456789abcdef";
- int offset = 0;
-- UINTN i;
-- UINTN j;
-+ unsigned long i;
-+ unsigned long j;
-+ unsigned long ret;
-
-- for (i = 0; i < sz; i++) {
-- buf[offset++] = L' ';
-- buf[offset++] = L' ';
-- buf[offset++] = L' ';
-+ unsigned long before = (position % 16);
-+ unsigned long after = (before+size >= 16) ? 0 : 16 - (before+size);
-+
-+ for (i = 0; i < before; i++) {
-+ buf[offset++] = 'X';
-+ buf[offset++] = 'X';
-+ buf[offset++] = ' ';
- if (i == 7)
-- buf[offset++] = L' ';
-+ buf[offset++] = ' ';
- }
-- for (j = sz; j < 16 && j < size; j++) {
-- UINT8 d = data[j-sz];
-+ for (j = 0; j < 16 - after - before; j++) {
-+ uint8_t d = ((uint8_t *)data)[j];
- buf[offset++] = hexchars[(d & 0xf0) >> 4];
- buf[offset++] = hexchars[(d & 0x0f)];
-- if (j != 15)
-- buf[offset++] = L' ';
-- if (j == 7)
-- buf[offset++] = L' ';
-+ if (i+j != 15)
-+ buf[offset++] = ' ';
-+ if (i+j == 7)
-+ buf[offset++] = ' ';
- }
-- for (i = j; i < 16; i++) {
-- buf[offset++] = L' ';
-- buf[offset++] = L' ';
-- if (i != 15)
-- buf[offset++] = L' ';
-- if (i == 7)
-- buf[offset++] = L' ';
-+ ret = 16 - after - before;
-+ j += i;
-+ for (i = 0; i < after; i++) {
-+ buf[offset++] = 'X';
-+ buf[offset++] = 'X';
-+ if (i+j != 15)
-+ buf[offset++] = ' ';
-+ if (i+j == 7)
-+ buf[offset++] = ' ';
- }
-- buf[offset] = L'\0';
-- return j - sz;
-+ buf[offset] = '\0';
-+ return ret;
- }
-
--static void
--__attribute__((__unused__))
--format_text(UINT8 *data, UINTN size, CHAR16 *buf)
-+#define isprint(c) ((c) >= 0x20 && (c) <= 0x7e)
-+
-+static inline void UNUSED
-+prepare_text(const void *data, size_t size, char *buf, int position)
- {
-- UINTN sz = (UINTN)data % 16;
- int offset = 0;
-- UINTN i;
-- UINTN j;
-+ unsigned long i;
-+ unsigned long j;
-
-- for (i = 0; i < sz; i++)
-- buf[offset++] = L' ';
-- buf[offset++] = L'|';
-- for (j = sz; j < 16 && j < size; j++) {
-- if (isprint(data[j-sz]))
-- buf[offset++] = data[j-sz];
-+ unsigned long before = position % 16;
-+ unsigned long after = (before+size > 16) ? 0 : 16 - (before+size);
-+
-+ if (size == 0) {
-+ buf[0] = '\0';
-+ return;
-+ }
-+ for (i = 0; i < before; i++)
-+ buf[offset++] = 'X';
-+ buf[offset++] = '|';
-+ for (j = 0; j < 16 - after - before; j++) {
-+ if (isprint(((uint8_t *)data)[j]))
-+ buf[offset++] = ((uint8_t *)data)[j];
- else
-- buf[offset++] = L'.';
-+ buf[offset++] = '.';
- }
-- buf[offset++] = L'|';
-- for (i = j; i < 16; i++)
-- buf[offset++] = L' ';
-- buf[offset] = L'\0';
-+ buf[offset++] = size > 0 ? '|' : 'X';
-+ buf[offset] = '\0';
- }
-
--static void
--__attribute__((__unused__))
--hexdump(UINT8 *data, UINTN size)
-+/*
-+ * variadic hexdump formatted
-+ * think of it as: printf("%s%s\n", vformat(fmt, ap), hexdump(data,size));
-+ */
-+static inline void UNUSED
-+vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, va_list ap)
- {
-- UINTN display_offset = (UINTN)data & 0xffffffff;
-- UINTN offset = 0;
-- //console_print(L"hexdump: data=0x%016x size=0x%x\n", data, size);
-+ unsigned long display_offset = at;
-+ unsigned long offset = 0;
-
- while (offset < size) {
-- CHAR16 hexbuf[49];
-- CHAR16 txtbuf[19];
-- UINTN sz;
-+ char hexbuf[49];
-+ char txtbuf[19];
-+ unsigned long sz;
-
-- sz = format_hex(data+offset, size-offset, hexbuf);
-+ sz = prepare_hex(data+offset, size-offset, hexbuf,
-+ (unsigned long)data+offset);
- if (sz == 0)
- return;
-- msleep(200000);
-
-- format_text(data+offset, size-offset, txtbuf);
-- console_print(L"%08x %s %s\n", display_offset, hexbuf, txtbuf);
-- msleep(200000);
-+ prepare_text(data+offset, size-offset, txtbuf,
-+ (unsigned long)data+offset);
-+ if (fmt && fmt[0] != 0)
-+ vdprint_(fmt, file, line, func, ap);
-+ dprint_(L"%a:%d:%a() %08lx %a %a\n", file, line, func, display_offset, hexbuf, txtbuf);
-
- display_offset += sz;
- offset += sz;
- }
- }
-
-+/*
-+ * hexdump formatted
-+ * think of it as: printf("%s%s", format(fmt, ...), hexdump(data,size)[lineN]);
-+ */
-+static inline void UNUSED
-+hexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt, const void *data, unsigned long size, size_t at, ...)
-+{
-+ va_list ap;
-+
-+ va_start(ap, at);
-+ vhexdumpf(file, line, func, fmt, data, size, at, ap);
-+ va_end(ap);
-+}
-+
-+static inline void UNUSED
-+hexdump(const char *file, int line, const char *func, const void *data, unsigned long size)
-+{
-+ hexdumpf(file, line, func, L"", data, size, (intptr_t)data);
-+}
-+
-+static inline void UNUSED
-+hexdumpat(const char *file, int line, const char *func, const void *data, unsigned long size, size_t at)
-+{
-+ hexdumpf(file, line, func, L"", data, size, at);
-+}
-+
-+#define LogHexdump(data, sz) LogHexdump_(__FILE__, __LINE__, __func__, data, sz)
-+#define dhexdump(data, sz) hexdump(__FILE__, __LINE__, __func__, data, sz)
-+#define dhexdumpat(data, sz, at) hexdumpat(__FILE__, __LINE__, __func__, data, sz, at)
-+#define dhexdumpf(fmt, data, sz, at, ...) hexdumpf(__FILE__, __LINE__, __func__, fmt, data, sz, at, ##__VA_ARGS__)
-+
- #endif /* STATIC_HEXDUMP_H */
-+// vim:fenc=utf-8:tw=75:noet
-diff --git a/shim.h b/shim.h
-index c1d7e7c7197..0b3ad4f2d20 100644
---- a/shim.h
-+++ b/shim.h
-@@ -182,8 +182,9 @@ typedef struct _SHIM_LOCK {
-
- extern EFI_STATUS shim_init(void);
- extern void shim_fini(void);
--extern EFI_STATUS LogError_(const char *file, int line, const char *func, CHAR16 *fmt, ...);
--extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args);
-+extern EFI_STATUS LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...);
-+extern EFI_STATUS VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, va_list args);
-+extern VOID LogHexdump_(const char *file, int line, const char *func, const void *data, size_t sz);
- extern VOID PrintErrors(VOID);
- extern VOID ClearErrors(VOID);
- extern EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath);
---
-2.26.2
-
diff --git a/SOURCES/0061-Also-use-a-config-table-to-mirror-mok-variables.patch b/SOURCES/0061-Also-use-a-config-table-to-mirror-mok-variables.patch
deleted file mode 100644
index a2095b1..0000000
--- a/SOURCES/0061-Also-use-a-config-table-to-mirror-mok-variables.patch
+++ /dev/null
@@ -1,352 +0,0 @@
-From fecc2dfb8e408526221091923d9345796b8e294e Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 23 Jul 2020 22:09:03 -0400
-Subject: [PATCH 61/62] Also use a config table to mirror mok variables.
-
-Everything was going just fine until I made a vendor_db with 17kB of
-sha256 sums in it. And then the same source tree that had worked fine
-without that threw errors and failed all over the place. I wrote some
-code to diagnose the problem, and of course it was a failure in
-mirroring MokList to MokListRT.
-
-As Patrick noted in 741c61abba7, some systems have obnoxiously low
-amounts of variable storage available:
-
-mok.c:550:import_mok_state() BS+RT variable info:
- MaximumVariableStorageSize:0x000000000000DFE4
- RemainingVariableStorageSize:0x000000000000D21C
- MaximumVariableSize:0x0000000000001FC4
-
-The most annoying part is that on at least this edk2 build,
-SetVariable() /does actually appear to set the variable/, but it returns
-EFI_INVALID_PARAMETER. I'm not planning on relying on that behavior.
-
-So... yeah, the largest *volatile* (i.e. RAM only) variable this edk2
-build will let you create is less than two pages. It's only got 7.9G
-free, so I guess it's feeling like space is a little tight.
-
-We're also not quite preserving that return code well enough for his
-workaround to work.
-
-New plan. We try to create variables the normal way, but we don't
-consider not having enough space to be fatal. In that case, we create
-an EFI_SECURITY_LIST with one sha256sum in it, with a value of all 0,
-and try to add that so we're sure there's /something/ there that's
-innocuous. On systems where the first SetVariable() /
-QueryVariableInfo() lied to us, the correct variable should be there,
-otherwise the one with the zero-hash will be.
-
-We then also build a config table to hold this info and install that.
-
-The config table is a packed array of this struct:
-
-struct mok_variable_config_entry {
- CHAR8 name[256];
- UINT64 data_size;
- UINT8 data[];
-};
-
-There will be N+1 entries, and the last entry is all 0 for name and
-data_size. The total allocation size will always be a multiple of 4096.
-In the typical RHEL 7.9 case that means it'll be around 5 pages.
-
-It's installed with this guid:
-
-c451ed2b-9694-45d3-baba-ed9f8988a389
-
-Anything that can go wrong will.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: not yet, I don't want people to read this before Wednesday.
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- lib/guid.c | 2 +
- mok.c | 150 ++++++++++++++++++++++++++++++++++++++++++++-----
- include/guid.h | 2 +
- 3 files changed, 140 insertions(+), 14 deletions(-)
-
-diff --git a/lib/guid.c b/lib/guid.c
-index 57c02fbeecd..99ff400a0ab 100644
---- a/lib/guid.c
-+++ b/lib/guid.c
-@@ -36,4 +36,6 @@ EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc,
- EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL;
- EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } };
- EFI_GUID SECURITY2_PROTOCOL_GUID = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } };
-+
- EFI_GUID SHIM_LOCK_GUID = {0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } };
-+EFI_GUID MOK_VARIABLE_STORE = {0xc451ed2b, 0x9694, 0x45d3, {0xba, 0xba, 0xed, 0x9f, 0x89, 0x88, 0xa3, 0x89} };
-diff --git a/mok.c b/mok.c
-index e69857f3c37..4e141fb21fc 100644
---- a/mok.c
-+++ b/mok.c
-@@ -68,6 +68,7 @@ struct mok_state_variable {
- CHAR16 *name;
- char *name8;
- CHAR16 *rtname;
-+ char *rtname8;
- EFI_GUID *guid;
-
- UINT8 *data;
-@@ -121,6 +122,7 @@ struct mok_state_variable mok_state_variables[] = {
- {.name = L"MokList",
- .name8 = "MokList",
- .rtname = L"MokListRT",
-+ .rtname8 = "MokListRT",
- .guid = &SHIM_LOCK_GUID,
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
-@@ -133,12 +135,14 @@ struct mok_state_variable mok_state_variables[] = {
- .build_cert_size = &build_cert_size,
- #endif /* defined(ENABLE_SHIM_CERT) */
- .flags = MOK_MIRROR_KEYDB |
-+ MOK_MIRROR_DELETE_FIRST |
- MOK_VARIABLE_LOG,
- .pcr = 14,
- },
- {.name = L"MokListX",
- .name8 = "MokListX",
- .rtname = L"MokListXRT",
-+ .rtname8 = "MokListXRT",
- .guid = &SHIM_LOCK_GUID,
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
-@@ -147,12 +151,14 @@ struct mok_state_variable mok_state_variables[] = {
- .addend = &vendor_deauthorized,
- .addend_size = &vendor_deauthorized_size,
- .flags = MOK_MIRROR_KEYDB |
-+ MOK_MIRROR_DELETE_FIRST |
- MOK_VARIABLE_LOG,
- .pcr = 14,
- },
- {.name = L"MokSBState",
- .name8 = "MokSBState",
- .rtname = L"MokSBStateRT",
-+ .rtname8 = "MokSBStateRT",
- .guid = &SHIM_LOCK_GUID,
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
-@@ -166,6 +172,7 @@ struct mok_state_variable mok_state_variables[] = {
- {.name = L"MokDBState",
- .name8 = "MokDBState",
- .rtname = L"MokIgnoreDB",
-+ .rtname8 = "MokIgnoreDB",
- .guid = &SHIM_LOCK_GUID,
- .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_NON_VOLATILE,
-@@ -204,6 +211,7 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- * we're always mirroring the original data, whether this is an efi
- * security database or not
- */
-+ dprint(L"v->name:\"%s\" v->rtname:\"%s\"\n", v->name, v->rtname);
- dprint(L"v->data_size:%lu v->data:0x%08llx\n", v->data_size, v->data);
- dprint(L"FullDataSize:%lu FullData:0x%08llx\n", FullDataSize, FullData);
- if (v->data_size) {
-@@ -299,6 +307,7 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- }
- }
-
-+
- /*
- * Now we have the full size
- */
-@@ -417,28 +426,72 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- }
-
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%016llx p:0x%016llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- if (FullDataSize) {
-- dprint(L"Setting %s with %lu bytes of data\n",
-- v->rtname, FullDataSize);
-+ uint32_t attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+ EFI_VARIABLE_RUNTIME_ACCESS;
-+ uint64_t max_storage_sz = 0;
-+ uint64_t remaining_sz = 0;
-+ uint64_t max_var_sz = 0;
-+ UINT8 *tmp = NULL;
-+ UINTN tmpsz = 0;
-+
-+ efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
-+ &remaining_sz, &max_var_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not get variable storage info: %r\n", efi_status);
-+ return efi_status;
-+ }
-+ dprint(L"calling SetVariable(\"%s\", 0x%016llx, 0x%08lx, %lu, 0x%016llx)\n",
-+ v->rtname, v->guid,
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS
-+ | EFI_VARIABLE_RUNTIME_ACCESS,
-+ FullDataSize, FullData);
- efi_status = gRT->SetVariable(v->rtname, v->guid,
-- EFI_VARIABLE_BOOTSERVICE_ACCESS |
-- EFI_VARIABLE_RUNTIME_ACCESS,
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS
-+ | EFI_VARIABLE_RUNTIME_ACCESS,
- FullDataSize, FullData);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Failed to set %s: %r\n",
-- v->rtname, efi_status);
-+ if (efi_status == EFI_INVALID_PARAMETER && max_var_sz < FullDataSize) {
-+ /*
-+ * In this case we're going to try to create a
-+ * dummy variable so that there's one there. It
-+ * may or may not work, because on some firmware
-+ * builds when the SetVariable call above fails it
-+ * does actually set the variable(!), so aside from
-+ * not using the allocation if it doesn't work, we
-+ * don't care about failures here.
-+ */
-+ console_print(L"WARNING: Maximum volatile variable size is %lu.\n", max_var_sz);
-+ console_print(L"WARNING: Cannot set %s (%lu bytes)\n", v->rtname, FullDataSize);
-+ perror(L"Failed to set %s: %r\n", v->rtname, efi_status);
-+ efi_status = variable_create_esl(
-+ null_sha256, sizeof(null_sha256),
-+ &EFI_CERT_SHA256_GUID, &SHIM_LOCK_GUID,
-+ &tmp, &tmpsz);
-+ /*
-+ * from here we don't really care if it works or
-+ * doens't.
-+ */
-+ if (!EFI_ERROR(efi_status) && tmp && tmpsz) {
-+ gRT->SetVariable(v->rtname, v->guid,
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS
-+ | EFI_VARIABLE_RUNTIME_ACCESS,
-+ tmpsz, tmp);
-+ FreePool(tmp);
-+ }
-+ efi_status = EFI_INVALID_PARAMETER;
-+ } else if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to set %s: %r\n", v->rtname, efi_status);
- }
- }
-- if (v->data && v->data_size) {
-+ if (v->data && v->data_size && v->data != FullData) {
- FreePool(v->data);
- v->data = NULL;
- v->data_size = 0;
- }
-- if (FullData && FullDataSize) {
-- FreePool(FullData);
-- }
-+ v->data = FullData;
-+ v->data_size = FullDataSize;
- dprint(L"returning %r\n", efi_status);
- return efi_status;
- }
-@@ -454,8 +507,11 @@ maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
- BOOLEAN present = FALSE;
-
- if (v->rtname) {
-- if (v->flags & MOK_MIRROR_DELETE_FIRST)
-- LibDeleteVariable(v->rtname, v->guid);
-+ if (v->flags & MOK_MIRROR_DELETE_FIRST) {
-+ dprint(L"deleting \"%s\"\n", v->rtname);
-+ efi_status = LibDeleteVariable(v->rtname, v->guid);
-+ dprint(L"LibDeleteVariable(\"%s\",...) => %r\n", v->rtname, efi_status);
-+ }
-
- efi_status = mirror_one_mok_variable(v);
- if (EFI_ERROR(efi_status)) {
-@@ -505,6 +561,12 @@ maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
- return ret;
- }
-
-+struct mok_variable_config_entry {
-+ CHAR8 name[256];
-+ UINT64 data_size;
-+ UINT8 data[];
-+};
-+
- /*
- * Verify our non-volatile MoK state. This checks the variables above
- * accessable and have valid attributes. If they don't, it removes
-@@ -527,6 +589,11 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- user_insecure_mode = 0;
- ignore_db = 0;
-
-+ UINT64 config_sz = 0;
-+ UINT8 *config_table = NULL;
-+ size_t npages = 0;
-+ struct mok_variable_config_entry config_template;
-+
- dprint(L"importing mok state\n");
- for (i = 0; mok_state_variables[i].name != NULL; i++) {
- struct mok_state_variable *v = &mok_state_variables[i];
-@@ -579,6 +646,61 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- }
-
- ret = maybe_mirror_one_mok_variable(v, ret);
-+ if (v->data && v->data_size) {
-+ config_sz += v->data_size;
-+ config_sz += sizeof(config_template);
-+ }
-+ }
-+
-+ /*
-+ * Alright, so we're going to copy these to a config table. The
-+ * table is a packed array of N+1 struct mok_variable_config_entry
-+ * items, with the last item having all zero's in name and
-+ * data_size.
-+ */
-+ if (config_sz) {
-+ config_sz += sizeof(config_template);
-+ npages = ALIGN_VALUE(config_sz, PAGE_SIZE) >> EFI_PAGE_SHIFT;
-+ config_table = NULL;
-+ efi_status = gBS->AllocatePages(AllocateAnyPages,
-+ EfiRuntimeServicesData,
-+ npages,
-+ (EFI_PHYSICAL_ADDRESS *)&config_table);
-+ if (EFI_ERROR(efi_status) || !config_table) {
-+ console_print(L"Allocating %lu pages for mok config table failed: %r\n",
-+ npages, efi_status);
-+ if (ret != EFI_SECURITY_VIOLATION)
-+ ret = efi_status;
-+ config_table = NULL;
-+ } else {
-+ ZeroMem(config_table, npages << EFI_PAGE_SHIFT);
-+ }
-+ }
-+
-+ UINT8 *p = (UINT8 *)config_table;
-+ for (i = 0; p && mok_state_variables[i].name != NULL; i++) {
-+ struct mok_state_variable *v = &mok_state_variables[i];
-+
-+ ZeroMem(&config_template, sizeof(config_template));
-+ strncpya(config_template.name, (CHAR8 *)v->rtname8, 255);
-+ config_template.name[255] = '\0';
-+
-+ config_template.data_size = v->data_size;
-+
-+ CopyMem(p, &config_template, sizeof(config_template));
-+ p += sizeof(config_template);
-+ CopyMem(p, v->data, v->data_size);
-+ p += v->data_size;
-+ }
-+ if (p) {
-+ ZeroMem(&config_template, sizeof(config_template));
-+ CopyMem(p, &config_template, sizeof(config_template));
-+
-+ efi_status = gBS->InstallConfigurationTable(&MOK_VARIABLE_STORE,
-+ config_table);
-+ if (EFI_ERROR(efi_status)) {
-+ console_print(L"Couldn't install MoK configuration table\n");
-+ }
- }
-
- /*
-diff --git a/include/guid.h b/include/guid.h
-index 81689d6cc1a..91b14d96146 100644
---- a/include/guid.h
-+++ b/include/guid.h
-@@ -35,4 +35,6 @@ extern EFI_GUID SECURITY_PROTOCOL_GUID;
- extern EFI_GUID SECURITY2_PROTOCOL_GUID;
- extern EFI_GUID SHIM_LOCK_GUID;
-
-+extern EFI_GUID MOK_VARIABLE_STORE;
-+
- #endif /* SHIM_GUID_H */
---
-2.26.2
-
diff --git a/SOURCES/0062-Implement-lennysz-s-suggestions-for-MokListRT.patch b/SOURCES/0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
deleted file mode 100644
index 86467e3..0000000
--- a/SOURCES/0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
+++ /dev/null
@@ -1,991 +0,0 @@
-From 65be350308783a8ef537246c8ad0545b4e6ad069 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sat, 25 Jul 2020 22:13:57 -0400
-Subject: [PATCH 62/62] Implement lennysz's suggestions for MokListRT
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- mok.c | 726 ++++++++++++++++++++++++++++++++--------------
- shim.c | 7 +-
- include/PeImage.h | 3 +-
- 3 files changed, 515 insertions(+), 221 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 4e141fb21fc..3e6c7e43025 100644
---- a/mok.c
-+++ b/mok.c
-@@ -7,6 +7,8 @@
-
- #include <stdint.h>
-
-+#include "hexdump.h"
-+
- /*
- * Check if a variable exists
- */
-@@ -25,6 +27,15 @@ static BOOLEAN check_var(CHAR16 *varname)
- return FALSE;
- }
-
-+#define SetVariable(name, guid, attrs, varsz, var) ({ \
-+ EFI_STATUS efi_status_; \
-+ efi_status_ = gRT->SetVariable(name, guid, attrs, varsz, var); \
-+ dprint_(L"%a:%d:%a() SetVariable(\"%s\", ... varsz=0x%llx) = %r\n",\
-+ __FILE__, __LINE__, __func__, \
-+ name, varsz, efi_status_); \
-+ efi_status_; \
-+})
-+
- /*
- * If the OS has set any of these variables we need to drop into MOK and
- * handle them appropriately
-@@ -193,33 +204,296 @@ should_mirror_build_cert(struct mok_state_variable *v)
-
- static const uint8_t null_sha256[32] = { 0, };
-
-+typedef UINTN SIZE_T;
-+
-+static EFI_STATUS
-+get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp)
-+{
-+ EFI_STATUS efi_status;
-+ uint64_t max_storage_sz = 0;
-+ uint64_t remaining_sz = 0;
-+ uint64_t max_var_sz = 0;
-+
-+ *max_var_szp = 0;
-+ efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
-+ &remaining_sz, &max_var_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not get variable storage info: %r\n", efi_status);
-+ return efi_status;
-+ }
-+
-+ /*
-+ * I just don't trust implementations to not be showing static data
-+ * for max_var_sz
-+ */
-+ *max_var_szp = (max_var_sz < remaining_sz) ? max_var_sz : remaining_sz;
-+ dprint("max_var_sz:%lx remaining_sz:%lx max_storage_sz:%lx\n",
-+ max_var_sz, remaining_sz, max_storage_sz);
-+ return efi_status;
-+}
-+
-+/*
-+ * If any entries fit in < maxsz, and nothing goes wrong, create a variable
-+ * of the given name and guid with as many esd entries as possible in it,
-+ * and updates *esdp with what would be the next entry (even if makes *esdp
-+ * > esl+esl->SignatureListSize), and returns whatever SetVariable()
-+ * returns
-+ *
-+ * If no entries fit (i.e. sizeof(esl) + esl->SignatureSize > maxsz),
-+ * returns EFI_BUFFER_TOO_SMALL;
-+ */
-+static EFI_STATUS
-+mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
-+ EFI_SIGNATURE_LIST *esl, EFI_SIGNATURE_DATA *esd,
-+ UINTN *newsz, SIZE_T maxsz)
-+{
-+ EFI_STATUS efi_status;
-+ SIZE_T howmany, varsz = 0, esdsz;
-+ UINT8 *var, *data;
-+
-+ howmany = min((maxsz - sizeof(*esl)) / esl->SignatureSize,
-+ (esl->SignatureListSize - sizeof(*esl)) / esl->SignatureSize);
-+ if (howmany < 1) {
-+ return EFI_BUFFER_TOO_SMALL;
-+ }
-+
-+ /*
-+ * We always assume esl->SignatureHeaderSize is 0 (and so far,
-+ * that's true as per UEFI 2.8)
-+ */
-+ esdsz = howmany * esl->SignatureSize;
-+ data = (UINT8 *)esd;
-+ dprint(L"Trying to add %lx signatures to \"%s\" of size %lx\n",
-+ howmany, name, esl->SignatureSize);
-+
-+ /*
-+ * Because of the semantics of variable_create_esl(), the first
-+ * owner guid from the data is not part of esdsz, or the data.
-+ *
-+ * Compensate here.
-+ */
-+ efi_status = variable_create_esl(data + sizeof(EFI_GUID),
-+ esdsz - sizeof(EFI_GUID),
-+ &esl->SignatureType,
-+ &esd->SignatureOwner,
-+ &var, &varsz);
-+ if (EFI_ERROR(efi_status) || !var || !varsz) {
-+ LogError(L"Couldn't allocate %lu bytes for mok variable \"%s\": %r\n",
-+ varsz, var, efi_status);
-+ return efi_status;
-+ }
-+
-+ dprint(L"new esl:\n");
-+ dhexdumpat(var, varsz, 0);
-+
-+ efi_status = SetVariable(name, guid, attrs, varsz, var);
-+ FreePool(var);
-+ if (EFI_ERROR(efi_status)) {
-+ LogError(L"Couldn't create mok variable \"%s\": %r\n",
-+ varsz, var, efi_status);
-+ return efi_status;
-+ }
-+
-+ *newsz = esdsz;
-+
-+ return efi_status;
-+}
-+
-+static EFI_STATUS
-+mirror_mok_db(CHAR16 *name, CHAR8 *name8, EFI_GUID *guid, UINT32 attrs,
-+ UINT8 *FullData, SIZE_T FullDataSize, BOOLEAN only_first)
-+{
-+ EFI_STATUS efi_status = EFI_SUCCESS;
-+ SIZE_T max_var_sz;
-+
-+ if (only_first) {
-+ efi_status = get_max_var_sz(attrs, &max_var_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ LogError(L"Could not get maximum variable size: %r",
-+ efi_status);
-+ return efi_status;
-+ }
-+
-+ if (FullDataSize <= max_var_sz) {
-+ efi_status = SetVariable(name, guid, attrs,
-+ FullDataSize, FullData);
-+ return efi_status;
-+ }
-+ }
-+
-+ CHAR16 *namen;
-+ CHAR8 *namen8;
-+ UINTN namelen, namesz;
-+
-+ namelen = StrLen(name);
-+ namesz = namelen * 2;
-+ if (only_first) {
-+ namen = name;
-+ namen8 = name8;
-+ } else {
-+ namelen += 18;
-+ namesz += 34;
-+ namen = AllocateZeroPool(namesz);
-+ if (!namen) {
-+ LogError(L"Could not allocate %lu bytes", namesz);
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+ namen8 = AllocateZeroPool(namelen);
-+ if (!namen8) {
-+ FreePool(namen);
-+ LogError(L"Could not allocate %lu bytes", namelen);
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+ }
-+
-+ UINTN pos, i;
-+ const SIZE_T minsz = sizeof(EFI_SIGNATURE_LIST)
-+ + sizeof(EFI_SIGNATURE_DATA)
-+ + SHA1_DIGEST_SIZE;
-+ BOOLEAN did_one = FALSE;
-+
-+ /*
-+ * Create any entries that can fit.
-+ */
-+ if (!only_first) {
-+ dprint(L"full data for \"%s\":\n", name);
-+ dhexdumpat(FullData, FullDataSize, 0);
-+ }
-+ EFI_SIGNATURE_LIST *esl = NULL;
-+ UINTN esl_end_pos = 0;
-+ for (i = 0, pos = 0; FullDataSize - pos >= minsz && FullData; ) {
-+ EFI_SIGNATURE_DATA *esd = NULL;
-+
-+ dprint(L"pos:0x%llx FullDataSize:0x%llx\n", pos, FullDataSize);
-+ if (esl == NULL || pos >= esl_end_pos) {
-+ UINT8 *nesl = FullData + pos;
-+ dprint(L"esl:0x%llx->0x%llx\n", esl, nesl);
-+ esl = (EFI_SIGNATURE_LIST *)nesl;
-+ esl_end_pos = pos + esl->SignatureListSize;
-+ dprint(L"pos:0x%llx->0x%llx\n", pos, pos + sizeof(*esl));
-+ pos += sizeof(*esl);
-+ }
-+ esd = (EFI_SIGNATURE_DATA *)(FullData + pos);
-+ if (pos >= FullDataSize)
-+ break;
-+ if (esl->SignatureListSize == 0 || esl->SignatureSize == 0)
-+ break;
-+
-+ dprint(L"esl[%lu] 0x%llx = {sls=0x%lx, ss=0x%lx} esd:0x%llx\n",
-+ i, esl, esl->SignatureListSize, esl->SignatureSize, esd);
-+
-+ if (!only_first) {
-+ SPrint(namen, namelen, L"%s%lu", name, i);
-+ namen[namelen-1] = 0;
-+ /* uggggh */
-+ UINTN j;
-+ for (j = 0; j < namelen; j++)
-+ namen8[j] = (CHAR8)(namen[j] & 0xff);
-+ namen8[namelen - 1] = 0;
-+ }
-+
-+ /*
-+ * In case max_var_sz is computed dynamically, refresh the
-+ * value here.
-+ */
-+ efi_status = get_max_var_sz(attrs, &max_var_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ LogError(L"Could not get maximum variable size: %r",
-+ efi_status);
-+ if (!only_first) {
-+ FreePool(namen);
-+ FreePool(namen8);
-+ }
-+ return efi_status;
-+ }
-+
-+ SIZE_T howmany;
-+ UINTN adj = 0;
-+ howmany = min((max_var_sz - sizeof(*esl)) / esl->SignatureSize,
-+ (esl->SignatureListSize - sizeof(*esl)) / esl->SignatureSize);
-+ if (!only_first && i == 0 && howmany >= 1) {
-+ adj = howmany * esl->SignatureSize;
-+ dprint(L"pos:0x%llx->0x%llx\n", pos, pos + adj);
-+ pos += adj;
-+ i++;
-+ continue;
-+
-+ }
-+
-+ efi_status = mirror_one_esl(namen, guid, attrs,
-+ esl, esd, &adj, max_var_sz);
-+ dprint(L"esd:0x%llx adj:0x%llx\n", esd, adj);
-+ if (EFI_ERROR(efi_status) && efi_status != EFI_BUFFER_TOO_SMALL) {
-+ LogError(L"Could not mirror mok variable \"%s\": %r\n",
-+ namen, efi_status);
-+ break;
-+ }
-+
-+ if (!EFI_ERROR(efi_status)) {
-+ did_one = TRUE;
-+ if (only_first)
-+ break;
-+ dprint(L"pos:0x%llx->0x%llx\n", pos, pos + adj);
-+ pos += adj;
-+ i++;
-+ }
-+ }
-+
-+ if (only_first && !did_one) {
-+ /*
-+ * In this case we're going to try to create a
-+ * dummy variable so that there's one there. It
-+ * may or may not work, because on some firmware
-+ * builds when the SetVariable call above fails it
-+ * does actually set the variable(!), so aside from
-+ * not using the allocation if it doesn't work, we
-+ * don't care about failures here.
-+ */
-+ UINT8 *var;
-+ UINTN varsz;
-+
-+ efi_status = variable_create_esl(
-+ null_sha256, sizeof(null_sha256),
-+ &EFI_CERT_SHA256_GUID, &SHIM_LOCK_GUID,
-+ &var, &varsz);
-+ /*
-+ * from here we don't really care if it works or
-+ * doesn't.
-+ */
-+ if (!EFI_ERROR(efi_status) && var && varsz) {
-+ SetVariable(name, guid,
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS
-+ | EFI_VARIABLE_RUNTIME_ACCESS,
-+ varsz, var);
-+ FreePool(var);
-+ }
-+ efi_status = EFI_INVALID_PARAMETER;
-+ } else if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to set %s: %r\n", name, efi_status);
-+ }
-+ return efi_status;
-+}
-+
-+
- static EFI_STATUS nonnull(1)
--mirror_one_mok_variable(struct mok_state_variable *v)
-+mirror_one_mok_variable(struct mok_state_variable *v,
-+ BOOLEAN only_first)
- {
- EFI_STATUS efi_status = EFI_SUCCESS;
- uint8_t *FullData = NULL;
- size_t FullDataSize = 0;
- vendor_addend_category_t addend_category = VENDOR_ADDEND_NONE;
- uint8_t *p = NULL;
--
-+ uint32_t attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+ EFI_VARIABLE_RUNTIME_ACCESS;
-+ BOOLEAN measure = v->flags & MOK_VARIABLE_MEASURE;
-+ BOOLEAN log = v->flags & MOK_VARIABLE_LOG;
- size_t build_cert_esl_sz = 0, addend_esl_sz = 0;
-+ bool reuse = FALSE;
-
- if (v->categorize_addend)
- addend_category = v->categorize_addend(v);
-
-- /*
-- * we're always mirroring the original data, whether this is an efi
-- * security database or not
-- */
-- dprint(L"v->name:\"%s\" v->rtname:\"%s\"\n", v->name, v->rtname);
-- dprint(L"v->data_size:%lu v->data:0x%08llx\n", v->data_size, v->data);
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n", FullDataSize, FullData);
-- if (v->data_size) {
-- FullDataSize = v->data_size;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-- FullDataSize, FullData);
-- }
--
- /*
- * if it is, there's more data
- */
-@@ -227,7 +501,7 @@ mirror_one_mok_variable(struct mok_state_variable *v)
-
- /*
- * We're mirroring (into) an efi security database, aka an
-- * array of efi_signature_list_t. Its layout goes like:
-+ * array of EFI_SIGNATURE_LIST. Its layout goes like:
- *
- * existing_variable_data
- * existing_variable_data_size
-@@ -251,30 +525,7 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- */
-
- /*
-- * first bit is existing data, but we added that above
-- */
--
-- /*
-- * then the build cert if it's there
-- */
-- if (should_mirror_build_cert(v)) {
-- efi_status = fill_esl(*v->build_cert,
-- *v->build_cert_size,
-- &EFI_CERT_TYPE_X509_GUID,
-- &SHIM_LOCK_GUID,
-- NULL, &build_cert_esl_sz);
-- if (efi_status != EFI_BUFFER_TOO_SMALL) {
-- perror(L"Could not add built-in cert to %s: %r\n",
-- v->name, efi_status);
-- return efi_status;
-- }
-- FullDataSize += build_cert_esl_sz;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-- FullDataSize, FullData);
-- }
--
-- /*
-- * then the addend data
-+ * *first* vendor_db or vendor_cert
- */
- switch (addend_category) {
- case VENDOR_ADDEND_DB:
-@@ -282,7 +533,7 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- * if it's an ESL already, we use it wholesale
- */
- FullDataSize += *v->addend_size;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx\n",
- FullDataSize, FullData);
- break;
- case VENDOR_ADDEND_X509:
-@@ -296,17 +547,51 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- return efi_status;
- }
- FullDataSize += addend_esl_sz;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx\n",
- FullDataSize, FullData);
- break;
- default:
- case VENDOR_ADDEND_NONE:
-- dprint(L"FullDataSize:%lu FullData:0x%08llx\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx\n",
- FullDataSize, FullData);
- break;
- }
-+
-+ /*
-+ * then the build cert if it's there
-+ */
-+ if (should_mirror_build_cert(v)) {
-+ efi_status = fill_esl(*v->build_cert,
-+ *v->build_cert_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ NULL, &build_cert_esl_sz);
-+ if (efi_status != EFI_BUFFER_TOO_SMALL) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ FullDataSize += build_cert_esl_sz;
-+ dprint(L"FullDataSize:0x%lx FullData:0x%llx\n",
-+ FullDataSize, FullData);
-+ }
-+
- }
-
-+ /*
-+ * we're always mirroring the original data, whether this is an efi
-+ * security database or not
-+ */
-+ dprint(L"v->name:\"%s\" v->rtname:\"%s\"\n", v->name, v->rtname);
-+ dprint(L"v->data_size:%lu v->data:0x%llx\n", v->data_size, v->data);
-+ dprint(L"FullDataSize:%lu FullData:0x%llx\n", FullDataSize, FullData);
-+ if (v->data_size) {
-+ FullDataSize += v->data_size;
-+ dprint(L"FullDataSize:%lu FullData:0x%llx\n",
-+ FullDataSize, FullData);
-+ }
-+ if (v->data_size == FullDataSize)
-+ reuse = TRUE;
-
- /*
- * Now we have the full size
-@@ -316,38 +601,33 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- * allocate the buffer, or use the old one if it's just the
- * existing data.
- */
-- if (FullDataSize != v->data_size) {
-- dprint(L"FullDataSize:%lu FullData:0x%08llx allocating FullData\n",
-+ if (FullDataSize == v->data_size) {
-+ FullData = v->data;
-+ FullDataSize = v->data_size;
-+ p = FullData + FullDataSize;
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ v->data = NULL;
-+ v->data_size = 0;
-+ } else {
-+ dprint(L"FullDataSize:%lu FullData:0x%llx allocating FullData\n",
- FullDataSize, FullData);
-- FullData = AllocatePool(FullDataSize);
-+ /*
-+ * make sure we've got some zeroes at the end, just
-+ * in case.
-+ */
-+ UINTN allocsz = FullDataSize + sizeof(EFI_SIGNATURE_LIST);
-+ allocsz = ALIGN_VALUE(allocsz, 4096);
-+ FullData = AllocateZeroPool(FullDataSize);
- if (!FullData) {
-- FreePool(v->data);
-- v->data = NULL;
-- v->data_size = 0;
- perror(L"Failed to allocate %lu bytes for %s\n",
- FullDataSize, v->name);
- return EFI_OUT_OF_RESOURCES;
- }
- p = FullData;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- if (v->data && v->data_size) {
-- CopyMem(p, v->data, v->data_size);
-- p += v->data_size;
-- }
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- } else {
-- FullData = v->data;
-- FullDataSize = v->data_size;
-- p = FullData + FullDataSize;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- v->data = NULL;
-- v->data_size = 0;
- }
- }
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-
- /*
-@@ -355,35 +635,13 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- */
- if (v->flags & MOK_MIRROR_KEYDB) {
- /*
-- * first bit is existing data, but again, we added that above
-+ * first vendor_cert or vendor_db
- */
--
-- /*
-- * second is the build cert
-- */
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- if (should_mirror_build_cert(v)) {
-- efi_status = fill_esl(*v->build_cert,
-- *v->build_cert_size,
-- &EFI_CERT_TYPE_X509_GUID,
-- &SHIM_LOCK_GUID,
-- p, &build_cert_esl_sz);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Could not add built-in cert to %s: %r\n",
-- v->name, efi_status);
-- return efi_status;
-- }
-- p += build_cert_esl_sz;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- }
--
- switch (addend_category) {
- case VENDOR_ADDEND_DB:
- CopyMem(p, *v->addend, *v->addend_size);
- p += *v->addend_size;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- break;
- case VENDOR_ADDEND_X509:
-@@ -397,16 +655,53 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- return efi_status;
- }
- p += addend_esl_sz;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- break;
- default:
- case VENDOR_ADDEND_NONE:
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- break;
- }
-+
-+ /*
-+ * then is the build cert
-+ */
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ if (should_mirror_build_cert(v)) {
-+ efi_status = fill_esl(*v->build_cert,
-+ *v->build_cert_size,
-+ &EFI_CERT_TYPE_X509_GUID,
-+ &SHIM_LOCK_GUID,
-+ p, &build_cert_esl_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not add built-in cert to %s: %r\n",
-+ v->name, efi_status);
-+ return efi_status;
-+ }
-+ p += build_cert_esl_sz;
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ }
- }
-+
-+ /*
-+ * last bit is existing data, unless it's the only thing,
-+ * in which case it's already there.
-+ */
-+ if (!reuse) {
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ if (v->data && v->data_size) {
-+ CopyMem(p, v->data, v->data_size);
-+ p += v->data_size;
-+ }
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
-+ FullDataSize, FullData, p, p-(uintptr_t)FullData);
-+ }
-+
- /*
- * We always want to create our key databases, so in this case we
- * need a dummy entry
-@@ -422,68 +717,55 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- return efi_status;
- }
- p = FullData + FullDataSize;
-- dprint(L"FullDataSize:%lu FullData:0x%08llx p:0x%08llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
- }
-
-- dprint(L"FullDataSize:%lu FullData:0x%016llx p:0x%016llx pos:%lld\n",
-+ dprint(L"FullDataSize:%lu FullData:0x%llx p:0x%llx pos:%lld\n",
- FullDataSize, FullData, p, p-(uintptr_t)FullData);
-- if (FullDataSize) {
-- uint32_t attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
-- EFI_VARIABLE_RUNTIME_ACCESS;
-- uint64_t max_storage_sz = 0;
-- uint64_t remaining_sz = 0;
-- uint64_t max_var_sz = 0;
-- UINT8 *tmp = NULL;
-- UINTN tmpsz = 0;
--
-- efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
-- &remaining_sz, &max_var_sz);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Could not get variable storage info: %r\n", efi_status);
-- return efi_status;
-- }
-- dprint(L"calling SetVariable(\"%s\", 0x%016llx, 0x%08lx, %lu, 0x%016llx)\n",
-- v->rtname, v->guid,
-- EFI_VARIABLE_BOOTSERVICE_ACCESS
-- | EFI_VARIABLE_RUNTIME_ACCESS,
-- FullDataSize, FullData);
-- efi_status = gRT->SetVariable(v->rtname, v->guid,
-- EFI_VARIABLE_BOOTSERVICE_ACCESS
-- | EFI_VARIABLE_RUNTIME_ACCESS,
-- FullDataSize, FullData);
-- if (efi_status == EFI_INVALID_PARAMETER && max_var_sz < FullDataSize) {
-+ if (FullDataSize && v->flags & MOK_MIRROR_KEYDB) {
-+ dprint(L"calling mirror_mok_db(\"%s\", datasz=%lu)\n",
-+ v->rtname, FullDataSize);
-+ efi_status = mirror_mok_db(v->rtname, (CHAR8 *)v->rtname8, v->guid,
-+ attrs, FullData, FullDataSize,
-+ only_first);
-+ dprint(L"mirror_mok_db(\"%s\", datasz=%lu) returned %r\n",
-+ v->rtname, FullDataSize, efi_status);
-+ } else if (FullDataSize && only_first) {
-+ efi_status = SetVariable(v->rtname, v->guid, attrs,
-+ FullDataSize, FullData);
-+ }
-+ if (FullDataSize && only_first) {
-+ if (measure) {
- /*
-- * In this case we're going to try to create a
-- * dummy variable so that there's one there. It
-- * may or may not work, because on some firmware
-- * builds when the SetVariable call above fails it
-- * does actually set the variable(!), so aside from
-- * not using the allocation if it doesn't work, we
-- * don't care about failures here.
-+ * Measure this into PCR 7 in the Microsoft format
- */
-- console_print(L"WARNING: Maximum volatile variable size is %lu.\n", max_var_sz);
-- console_print(L"WARNING: Cannot set %s (%lu bytes)\n", v->rtname, FullDataSize);
-- perror(L"Failed to set %s: %r\n", v->rtname, efi_status);
-- efi_status = variable_create_esl(
-- null_sha256, sizeof(null_sha256),
-- &EFI_CERT_SHA256_GUID, &SHIM_LOCK_GUID,
-- &tmp, &tmpsz);
-+ efi_status = tpm_measure_variable(v->name, *v->guid,
-+ FullDataSize, FullData);
-+ if (EFI_ERROR(efi_status)) {
-+ dprint(L"tpm_measure_variable(\"%s\",%lu,0x%llx)->%r\n",
-+ v->name, FullDataSize, FullData, efi_status);
-+ return efi_status;
-+ }
-+ }
-+
-+ if (log) {
- /*
-- * from here we don't really care if it works or
-- * doens't.
-+ * Log this variable into whichever PCR the table
-+ * says.
- */
-- if (!EFI_ERROR(efi_status) && tmp && tmpsz) {
-- gRT->SetVariable(v->rtname, v->guid,
-- EFI_VARIABLE_BOOTSERVICE_ACCESS
-- | EFI_VARIABLE_RUNTIME_ACCESS,
-- tmpsz, tmp);
-- FreePool(tmp);
-+ EFI_PHYSICAL_ADDRESS datap =
-+ (EFI_PHYSICAL_ADDRESS)(UINTN)FullData,
-+ efi_status = tpm_log_event(datap, FullDataSize,
-+ v->pcr, (CHAR8 *)v->name8);
-+ if (EFI_ERROR(efi_status)) {
-+ dprint(L"tpm_log_event(0x%llx, %lu, %lu, \"%s\")->%r\n",
-+ FullData, FullDataSize, v->pcr, v->name,
-+ efi_status);
-+ return efi_status;
- }
-- efi_status = EFI_INVALID_PARAMETER;
-- } else if (EFI_ERROR(efi_status)) {
-- perror(L"Failed to set %s: %r\n", v->rtname, efi_status);
- }
-+
- }
- if (v->data && v->data_size && v->data != FullData) {
- FreePool(v->data);
-@@ -501,19 +783,20 @@ mirror_one_mok_variable(struct mok_state_variable *v)
- * EFI_SECURITY_VIOLATION status at the same time.
- */
- static EFI_STATUS nonnull(1)
--maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
-+maybe_mirror_one_mok_variable(struct mok_state_variable *v,
-+ EFI_STATUS ret, BOOLEAN only_first)
- {
- EFI_STATUS efi_status;
- BOOLEAN present = FALSE;
-
- if (v->rtname) {
-- if (v->flags & MOK_MIRROR_DELETE_FIRST) {
-+ if (!only_first && (v->flags & MOK_MIRROR_DELETE_FIRST)) {
- dprint(L"deleting \"%s\"\n", v->rtname);
- efi_status = LibDeleteVariable(v->rtname, v->guid);
- dprint(L"LibDeleteVariable(\"%s\",...) => %r\n", v->rtname, efi_status);
- }
-
-- efi_status = mirror_one_mok_variable(v);
-+ efi_status = mirror_one_mok_variable(v, only_first);
- if (EFI_ERROR(efi_status)) {
- if (ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
-@@ -530,34 +813,6 @@ maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
- *v->state = v->data[0];
- }
-
-- if (v->flags & MOK_VARIABLE_MEASURE) {
-- /*
-- * Measure this into PCR 7 in the Microsoft format
-- */
-- efi_status = tpm_measure_variable(v->name, *v->guid,
-- v->data_size,
-- v->data);
-- if (EFI_ERROR(efi_status)) {
-- if (ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-- }
--
-- if (v->flags & MOK_VARIABLE_LOG) {
-- /*
-- * Log this variable into whichever PCR the table
-- * says.
-- */
-- EFI_PHYSICAL_ADDRESS datap =
-- (EFI_PHYSICAL_ADDRESS)(UINTN)v->data,
-- efi_status = tpm_log_event(datap, v->data_size,
-- v->pcr, (CHAR8 *)v->name8);
-- if (EFI_ERROR(efi_status)) {
-- if (ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
-- }
-- }
--
- return ret;
- }
-
-@@ -567,6 +822,66 @@ struct mok_variable_config_entry {
- UINT8 data[];
- };
-
-+EFI_STATUS import_one_mok_state(struct mok_state_variable *v,
-+ BOOLEAN only_first)
-+{
-+ EFI_STATUS ret = EFI_SUCCESS;
-+ EFI_STATUS efi_status;
-+
-+ user_insecure_mode = 0;
-+ ignore_db = 0;
-+
-+ UINT32 attrs = 0;
-+ BOOLEAN delete = FALSE;
-+
-+ dprint(L"importing mok state for \"%s\"\n", v->name);
-+
-+ efi_status = get_variable_attr(v->name,
-+ &v->data, &v->data_size,
-+ *v->guid, &attrs);
-+ if (efi_status == EFI_NOT_FOUND) {
-+ v->data = NULL;
-+ v->data_size = 0;
-+ } else if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not verify %s: %r\n", v->name,
-+ efi_status);
-+ delete = TRUE;
-+ } else {
-+ if (!(attrs & v->yes_attr)) {
-+ perror(L"Variable %s is missing attributes:\n",
-+ v->name);
-+ perror(L" 0x%08x should have 0x%08x set.\n",
-+ attrs, v->yes_attr);
-+ delete = TRUE;
-+ }
-+ if (attrs & v->no_attr) {
-+ perror(L"Variable %s has incorrect attribute:\n",
-+ v->name);
-+ perror(L" 0x%08x should not have 0x%08x set.\n",
-+ attrs, v->no_attr);
-+ delete = TRUE;
-+ }
-+ }
-+ if (delete == TRUE) {
-+ perror(L"Deleting bad variable %s\n", v->name);
-+ efi_status = LibDeleteVariable(v->name, v->guid);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Failed to erase %s\n", v->name);
-+ ret = EFI_SECURITY_VIOLATION;
-+ }
-+ FreePool(v->data);
-+ v->data = NULL;
-+ v->data_size = 0;
-+ }
-+
-+ dprint(L"maybe mirroring \"%s\". original data:\n", v->name);
-+ dhexdumpat(v->data, v->data_size, 0);
-+
-+ ret = maybe_mirror_one_mok_variable(v, ret, only_first);
-+ dprint(L"returning %r\n", ret);
-+ return ret;
-+}
-+
- /*
- * Verify our non-volatile MoK state. This checks the variables above
- * accessable and have valid attributes. If they don't, it removes
-@@ -594,58 +909,22 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- size_t npages = 0;
- struct mok_variable_config_entry config_template;
-
-- dprint(L"importing mok state\n");
-+ dprint(L"importing minimal mok state variables\n");
- for (i = 0; mok_state_variables[i].name != NULL; i++) {
- struct mok_state_variable *v = &mok_state_variables[i];
-- UINT32 attrs = 0;
-- BOOLEAN delete = FALSE;
-
-- efi_status = get_variable_attr(v->name,
-- &v->data, &v->data_size,
-- *v->guid, &attrs);
-- dprint(L"maybe mirroring %s\n", v->name);
-- if (efi_status == EFI_NOT_FOUND) {
-- v->data = NULL;
-- v->data_size = 0;
-- } else if (EFI_ERROR(efi_status)) {
-- perror(L"Could not verify %s: %r\n", v->name,
-- efi_status);
-+ efi_status = import_one_mok_state(v, TRUE);
-+ if (EFI_ERROR(efi_status)) {
-+ dprint(L"import_one_mok_state(ih, \"%s\", TRUE): %r\n",
-+ v->rtname);
- /*
- * don't clobber EFI_SECURITY_VIOLATION from some
- * other variable in the list.
- */
- if (ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
-- delete = TRUE;
-- } else {
-- if (!(attrs & v->yes_attr)) {
-- perror(L"Variable %s is missing attributes:\n",
-- v->name);
-- perror(L" 0x%08x should have 0x%08x set.\n",
-- attrs, v->yes_attr);
-- delete = TRUE;
-- }
-- if (attrs & v->no_attr) {
-- perror(L"Variable %s has incorrect attribute:\n",
-- v->name);
-- perror(L" 0x%08x should not have 0x%08x set.\n",
-- attrs, v->no_attr);
-- delete = TRUE;
-- }
-- }
-- if (delete == TRUE) {
-- perror(L"Deleting bad variable %s\n", v->name);
-- efi_status = LibDeleteVariable(v->name, v->guid);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Failed to erase %s\n", v->name);
-- ret = EFI_SECURITY_VIOLATION;
-- }
-- FreePool(v->data);
-- v->data = NULL;
-- v->data_size = 0;
- }
-
-- ret = maybe_mirror_one_mok_variable(v, ret);
- if (v->data && v->data_size) {
- config_sz += v->data_size;
- config_sz += sizeof(config_template);
-@@ -669,8 +948,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- if (EFI_ERROR(efi_status) || !config_table) {
- console_print(L"Allocating %lu pages for mok config table failed: %r\n",
- npages, efi_status);
-- if (ret != EFI_SECURITY_VIOLATION)
-- ret = efi_status;
- config_table = NULL;
- } else {
- ZeroMem(config_table, npages << EFI_PAGE_SHIFT);
-@@ -703,6 +980,16 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- }
- }
-
-+ /*
-+ * This is really just to make it easy for userland.
-+ */
-+ dprint(L"importing full mok state variables\n");
-+ for (i = 0; mok_state_variables[i].name != NULL; i++) {
-+ struct mok_state_variable *v = &mok_state_variables[i];
-+
-+ import_one_mok_state(v, FALSE);
-+ }
-+
- /*
- * Enter MokManager if necessary. Any actual *changes* here will
- * cause MokManager to demand a machine reboot, so this is safe to
-@@ -712,6 +999,9 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- efi_status = check_mok_request(image_handle);
- dprint(L"mok returned %r\n", efi_status);
- if (EFI_ERROR(efi_status)) {
-+ /*
-+ * don't clobber EFI_SECURITY_VIOLATION
-+ */
- if (ret != EFI_SECURITY_VIOLATION)
- ret = efi_status;
- return ret;
-diff --git a/shim.c b/shim.c
-index 9248642bd57..1a4d7bb9ded 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1445,7 +1445,10 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
- sha256hash, sha1hash);
-
- if (EFI_ERROR(efi_status)) {
-- console_error(L"Verification failed", efi_status);
-+ if (verbose)
-+ console_print(L"Verification failed: %r\n", efi_status);
-+ else
-+ console_error(L"Verification failed", efi_status);
- return efi_status;
- } else {
- if (verbose)
-@@ -2648,7 +2651,6 @@ shim_init(void)
- {
- EFI_STATUS efi_status;
-
-- setup_verbosity();
- dprint(L"%a", shim_version);
-
- /* Set the second stage loader */
-@@ -2797,6 +2799,7 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- * Ensure that gnu-efi functions are available
- */
- InitializeLib(image_handle, systab);
-+ setup_verbosity();
-
- dprint(L"vendor_authorized:0x%08lx vendor_authorized_size:%lu\n",
- __FILE__, __LINE__, __func__, vendor_authorized, vendor_authorized_size);
-diff --git a/include/PeImage.h b/include/PeImage.h
-index a606e8b2a9f..209b96fb8ff 100644
---- a/include/PeImage.h
-+++ b/include/PeImage.h
-@@ -768,7 +768,8 @@ typedef struct {
- UINT8 CertData[1];
- } WIN_CERTIFICATE_EFI_PKCS;
-
--#define SHA256_DIGEST_SIZE 32
-+#define SHA1_DIGEST_SIZE 20
-+#define SHA256_DIGEST_SIZE 32
- #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002
-
- typedef struct {
---
-2.26.2
-
diff --git a/SOURCES/0063-hexdump.h-fix-arithmetic-error.patch b/SOURCES/0063-hexdump.h-fix-arithmetic-error.patch
deleted file mode 100644
index 42eb048..0000000
--- a/SOURCES/0063-hexdump.h-fix-arithmetic-error.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 9313a515432ba938e66f2edc1e22d548fed1eb5c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 30 Jul 2020 14:34:22 -0400
-Subject: [PATCH] hexdump.h: fix arithmetic error.
-
-When I modified the hexdumper to help debug MokListRT mirroring not
-working because of PcdMaxVolatileVariableSize being tiny, I
-inadvertently added something that is effectively:
-
-hexdump(..., char *buf, ..., int position)
-{
- unsigned long begin = (position % 16);
- unsigned long i;
- ...
- for (i = 0; i < begin; i++) {
- ...
- }
- ...
-}
-
-Unfortunately, in c if 0x8 is set in position, that means begin is
-0xfffffffffffff8, because signed integer math is horrifying:
-
-include/hexdump.h:99:vhexdumpf() &data[offset]:0x9E77E6BC size-offset:0x14
-include/hexdump.h:15:prepare_hex() position:0x9E77E6BC
-include/hexdump.h:17:prepare_hex() before:0xFFFFFFFFFFFFFFFC size:0x14
-include/hexdump.h:19:prepare_hex() before:0xFFFFFFFFFFFFFFFC after:0x0
-include/hexdump.h:21:prepare_hex() buf:0x000000009E77E2BC offset:0 &buf[offset]:0x000000009E77E2BC
-
-Woops.
-
-This could further have been prevented in /some/ cases by simply not
-preparing the hexdump buffer when "verbose" is disabled.
-
-This patch makes "pos" be unsigned in all cases, and also checks for
-verbose in vhexdumpf() and simply returns if it is 0.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- include/hexdump.h | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/include/hexdump.h b/include/hexdump.h
-index f3f3ac284a3..b2968cd4f85 100644
---- a/include/hexdump.h
-+++ b/include/hexdump.h
-@@ -4,7 +4,7 @@
- #include <stdint.h>
-
- static inline unsigned long UNUSED
--prepare_hex(const void *data, size_t size, char *buf, int position)
-+prepare_hex(const void *data, size_t size, char *buf, unsigned int position)
- {
- char hexchars[] = "0123456789abcdef";
- int offset = 0;
-@@ -48,7 +48,7 @@ prepare_hex(const void *data, size_t size, char *buf, int position)
- #define isprint(c) ((c) >= 0x20 && (c) <= 0x7e)
-
- static inline void UNUSED
--prepare_text(const void *data, size_t size, char *buf, int position)
-+prepare_text(const void *data, size_t size, char *buf, unsigned int position)
- {
- int offset = 0;
- unsigned long i;
-@@ -84,6 +84,9 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt
- unsigned long display_offset = at;
- unsigned long offset = 0;
-
-+ if (verbose == 0)
-+ return;
-+
- while (offset < size) {
- char hexbuf[49];
- char txtbuf[19];
---
-2.26.2
-
diff --git a/SOURCES/0064-Fix-some-mokmanager-stuff.patch b/SOURCES/0064-Fix-some-mokmanager-stuff.patch
deleted file mode 100644
index 901f439..0000000
--- a/SOURCES/0064-Fix-some-mokmanager-stuff.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 18843127dc0eace16d43d479bd091e221e8785c4 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 17 Aug 2020 15:47:19 -0400
-Subject: [PATCH] Fix some mokmanager stuff
-
----
- MokManager.c | 24 +++++++++++++++++++++++-
- Makefile | 2 +-
- 2 files changed, 24 insertions(+), 2 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index c9949e33bcf..9bae3414fe7 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -9,6 +9,8 @@
-
- #include "shim.h"
-
-+#include "hexdump.h"
-+
- #define PASSWORD_MAX 256
- #define PASSWORD_MIN 1
- #define SB_PASSWORD_LEN 16
-@@ -1050,9 +1052,11 @@ static EFI_STATUS mok_reset_prompt(BOOLEAN MokX)
- if (MokX) {
- LibDeleteVariable(L"MokXNew", &SHIM_LOCK_GUID);
- LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
-+ LibDeleteVariable(L"MokListX", &SHIM_LOCK_GUID);
- } else {
- LibDeleteVariable(L"MokNew", &SHIM_LOCK_GUID);
- LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
-+ LibDeleteVariable(L"MokList", &SHIM_LOCK_GUID);
- }
-
- return EFI_SUCCESS;
-@@ -1075,6 +1079,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- else
- db_name = L"MokList";
-
-+ dprint(L"Writing back %s (%d entries)\n", db_name, key_num);
- for (i = 0; i < key_num; i++) {
- if (list[i].Mok == NULL)
- continue;
-@@ -1085,8 +1090,15 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-- if (DataSize == 0)
-+ if (DataSize == 0) {
-+ dprint(L"DataSize = 0; deleting variable %s\n", db_name);
-+ efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
-+ EFI_VARIABLE_NON_VOLATILE |
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
-+ DataSize, Data);
-+ dprint(L"efi_status:%llu\n", efi_status);
- return EFI_SUCCESS;
-+ }
-
- Data = AllocatePool(DataSize);
- if (Data == NULL)
-@@ -1291,11 +1303,15 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- }
-
- if (auth_size == PASSWORD_CRYPT_SIZE) {
-+ dprint(L"matching password with CRYPT");
- efi_status = match_password((PASSWORD_CRYPT *) auth, NULL, 0,
- NULL, NULL);
-+ dprint(L"match_password(0x%llx, NULL, 0, NULL, NULL) = %lu\n", auth, efi_status);
- } else {
-+ dprint(L"matching password as sha256sum");
- efi_status =
- match_password(NULL, MokDel, MokDelSize, auth, NULL);
-+ dprint(L"match_password(NULL, 0x%llx, %llu, 0x%llx, NULL) = %lu\n", MokDel, MokDelSize, auth, efi_status);
- }
- if (EFI_ERROR(efi_status))
- return EFI_ACCESS_DENIED;
-@@ -1365,12 +1381,17 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- }
-
- /* Search and destroy */
-+ dprint(L"deleting certs from %a\n", MokX ? "MokListX" : "MokList");
- for (i = 0; i < del_num; i++) {
- type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
- if (CompareGuid(&type, &X509_GUID) == 0) {
-+ dprint(L"deleting key %d (total %d):\n", i, mok_num);
-+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
-+ dprint(L"deleting hash %d (total %d):\n", i, mok_num);
-+ dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
- delete_hash_list(del_key[i].Type, del_key[i].Mok,
- del_key[i].MokSize, mok, mok_num);
- }
-@@ -2564,6 +2585,7 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE * systab)
-
- InitializeLib(image_handle, systab);
-
-+ setup_verbosity();
- setup_rand();
-
- console_mode_handle();
-diff --git a/Makefile b/Makefile
-index 49e14a26521..a17fa2bef14 100644
---- a/Makefile
-+++ b/Makefile
-@@ -36,7 +36,7 @@ endif
- OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o
- KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
- ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h)
--MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
-+MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o
- ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
- FALLBACK_OBJS = fallback.o tpm.o errlog.o
- ORIG_FALLBACK_SRCS = fallback.c
---
-2.26.2
-
diff --git a/SOURCES/0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch b/SOURCES/0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch
deleted file mode 100644
index 9b67776..0000000
--- a/SOURCES/0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From ac610fe45491deccaab2c4ee689cbbdac117930a Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Tue, 8 Sep 2020 12:26:45 +0200
-Subject: [PATCH] Fix buffer overrun due DEFAULT_LOADER length miscalculation
-
-The DEFAULT_LOADER is a UCS-2 string and the StrLen() function returns the
-number of UCS-2 encoded characters in the string. But the allocated memory
-is in bytes, so only half of the needed memory to store it is allocated.
-
-This leads to a buffer overrun when the StrCpy() function attempts to copy
-the DEFAULT_LOADER to the allocated buffer.
-
-Fixes: 354bd9b1931 ("Actually check for errors from set_second_stage()")
-Reported-by: Stuart Hayes <stuart_hayes@dell.com>
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
----
- shim.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/shim.c b/shim.c
-index 34dce25c330..82913c934f6 100644
---- a/shim.c
-+++ b/shim.c
-@@ -2096,8 +2096,9 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
- unsigned int i;
- UINTN second_stage_len;
-
-- second_stage_len = StrLen(DEFAULT_LOADER) + 1;
-+ second_stage_len = (StrLen(DEFAULT_LOADER) + 1) * sizeof(CHAR16);
- second_stage = AllocatePool(second_stage_len);
-+
- if (!second_stage) {
- perror(L"Could not allocate %lu bytes\n", second_stage_len);
- return EFI_OUT_OF_RESOURCES;
---
-2.28.0
-
diff --git a/SOURCES/shim.patches b/SOURCES/shim.patches
new file mode 100644
index 0000000..5ee5430
--- /dev/null
+++ b/SOURCES/shim.patches
@@ -0,0 +1,14 @@
+Patch0001: 0001-Make-SBAT-variable-payload-introspectable.patch
+Patch0002: 0002-Reference-MokListRT-instead-of-MokList.patch
+Patch0003: 0003-Add-a-link-to-the-test-plan-in-the-readme.patch
+Patch0004: 0004-Enable-TDX-measurement-to-RTMR-register.patch
+Patch0005: 0005-Discard-load-options-that-start-with-a-NUL.patch
+Patch0006: 0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
+Patch0007: 0007-load_cert_file-Fix-stack-issue.patch
+Patch0008: 0008-load_cert_file-Use-EFI-RT-memory-function.patch
+Patch0009: 0009-Add-malign-double-to-IA32-compiler-flags.patch
+Patch0010: 0010-pe-Fix-image-section-entry-point-validation.patch
+Patch0011: 0011-make-archive-Build-reproducible-tarball.patch
+Patch0012: 0012-mok-remove-MokListTrusted-from-PCR-7.patch
+Patch0013: 0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
+Patch0014: 0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index ecb0b1f..c7ca2b6 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,89 +1,30 @@
Name: shim
-Version: 15
-Release: 9.el7
+Version: 15.6
+Release: 3.el7
Summary: First-stage UEFI bootloader
License: BSD
-URL: http://www.codon.org.uk/~mjg59/shim/
-Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim-%{version}.tar.bz2
+URL: https://github.com/rhboot/shim
+Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: shim-find-debuginfo.sh
-
-#Source100: db.aa64.esl
-#Source101: dbx.aa64.esl
-#Source200: db.x64.esl
-#Source201: dbx.x64.esl
-
-Source200: centos.db.x64.esl
-
-Patch0001: 0001-Make-some-things-dprint-instead-of-console_print.patch
-Patch0002: 0002-Makefiles-ensure-m32-gets-propogated-to-our-gcc-para.patch
-Patch0003: 0003-Let-MokManager-follow-a-MokTimeout-var-for-timeout-l.patch
-Patch0004: 0004-httpboot-return-EFI_NOT_FOUND-when-it-fails-to-find-.patch
-Patch0005: 0005-httpboot-print-more-messages-when-it-fails-to-set-IP.patch
-Patch0006: 0006-httpboot-allow-the-IPv4-gateway-to-be-empty.patch
-Patch0007: 0007-httpboot-show-the-error-message-for-the-ChildHandle.patch
-Patch0008: 0008-Fix-typo-in-debug-path-in-shim.h.patch
-Patch0009: 0009-MokManager-Stop-using-EFI_VARIABLE_APPEND_WRITE.patch
-Patch0010: 0010-shim-Extend-invalid-reloc-size-warning-message.patch
-Patch0011: 0011-Add-GRUB-s-PCR-Usage-to-README.tpm.patch
-Patch0012: 0012-Fix-the-compile-error-of-mkdir-wrong-directory.patch
-Patch0013: 0013-shim-Properly-generate-absolute-paths-from-relative-.patch
-Patch0014: 0014-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
-Patch0015: 0015-Fix-for-Section-0-has-negative-size-error-when-loadi.patch
-Patch0016: 0016-Fix-apparent-typo-in-ARM-32-on-64-code.patch
-Patch0017: 0017-Makefile-do-not-run-git-on-clean-if-there-s-no-.git-.patch
-Patch0018: 0018-Make.default-use-correct-flags-to-disable-unaligned-.patch
-Patch0019: 0019-Cryptlib-fix-build-on-32bit-ARM.patch
-Patch0020: 0020-Make-sure-that-MOK-variables-always-get-mirrored.patch
-Patch0021: 0021-mok-fix-the-mirroring-of-RT-variables.patch
-Patch0022: 0022-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
-Patch0023: 0023-shim-only-include-shim_cert.h-in-shim.c.patch
-Patch0024: 0024-mok-also-mirror-the-build-cert-to-MokListRT.patch
-Patch0025: 0025-mok-minor-cleanups.patch
-Patch0026: 0026-Remove-call-to-TPM2-get_event_log.patch
-Patch0027: 0027-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
-Patch0028: 0028-VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch
-Patch0029: 0029-Once-again-try-even-harder-to-get-binaries-without-t.patch
-Patch0030: 0030-shim-Rework-pause-functions-and-add-read_counter.patch
-Patch0031: 0031-Hook-exit-when-shim_lock-protocol-installed.patch
-Patch0032: 0032-Work-around-stuff-Waddress-of-packed-member-finds.patch
-Patch0033: 0033-Fix-a-use-of-strlen-instead-of-Strlen.patch
-Patch0034: 0034-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
-Patch0035: 0035-OpenSSL-always-provide-OBJ_create-with-name-strings.patch
-Patch0036: 0036-Use-portable-shebangs-bin-bash-usr-bin-env-bash.patch
-Patch0037: 0037-tpm-Fix-off-by-one-error-when-calculating-event-size.patch
-Patch0038: 0038-tpm-Define-EFI_VARIABLE_DATA_TREE-as-packed.patch
-Patch0039: 0039-MokManager-console-mode-modification-for-hi-dpi-scre.patch
-Patch0040: 0040-MokManager-avoid-Werror-address-of-packed-member.patch
-Patch0041: 0041-tpm-Don-t-log-duplicate-identical-events.patch
-Patch0042: 0042-Slightly-better-debugging-messages.patch
-Patch0043: 0043-Actually-check-for-errors-from-set_second_stage.patch
-Patch0044: 0044-translate_slashes-don-t-write-to-string-literals.patch
-Patch0045: 0045-shim-Update-EFI_LOADED_IMAGE-with-the-second-stage-l.patch
-Patch0046: 0046-tpm-Include-information-about-PE-COFF-images-in-the-.patch
-Patch0047: 0047-Fix-the-license-on-our-buildid-extractor.patch
-Patch0048: 0048-Update-README.tpm.patch
-Patch0049: 0049-Check-PxeReplyReceived-as-fallback-in-netboot.patch
-Patch0050: 0050-Remove-a-couple-of-incorrect-license-claims.patch
-Patch0051: 0051-MokManager-fix-uninitialized-value.patch
-Patch0052: 0052-Fix-some-volatile-usage-gcc-whines-about.patch
-Patch0053: 0053-MokManager-fix-a-wrong-allocation-failure-check.patch
-Patch0054: 0054-simple_file-fix-uninitialized-variable-unchecked-ret.patch
-Patch0055: 0055-Fix-a-broken-tpm-type.patch
-Patch0056: 0056-Make-cert.S-not-impossible-to-read.patch
-Patch0057: 0057-Add-support-for-vendor_db-built-in-shim-authorized-l.patch
-Patch0058: 0058-Handle-binaries-with-multiple-signatures.patch
-Patch0059: 0059-Make-openssl-accept-the-right-set-of-KU-EKUs.patch
-Patch0060: 0060-Improve-debug-output-some.patch
-Patch0061: 0061-Also-use-a-config-table-to-mirror-mok-variables.patch
-Patch0062: 0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
-Patch0063: 0063-hexdump.h-fix-arithmetic-error.patch
-Patch0064: 0064-Fix-some-mokmanager-stuff.patch
-Patch0065: 0065-Fix-buffer-overrun-due-DEFAULT_LOADER-length-miscalc.patch
-
-BuildRequires: git openssl-devel openssl
+Source2: shim.patches
+
+Source100: db.aa64.esl
+Source101: dbx.aa64.esl
+Source200: db.x64.esl
+Source201: dbx.x64.esl
+
+%include %{SOURCE2}
+
+BuildRequires: binutils
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: efivar-devel efivar-libs
+BuildRequires: gnu-efi >= 1:3.0.5-6.el7
+BuildRequires: gnu-efi-devel >= 1:3.0.5-6.el7
+BuildRequires: openssl-devel
+BuildRequires: openssl
BuildRequires: pesign >= 0.106-1
-BuildRequires: gnu-efi >= 1:3.0.5-6.el7, gnu-efi-devel >= 1:3.0.5-6.el7
# for xxd
BuildRequires: vim-common
@@ -96,7 +37,7 @@ Provides: bundled(openssl) = 1.0.2j
# Shim is only required on platforms implementing the UEFI secure boot
# protocol. The only one of those we currently wish to support is 64-bit x86.
# Adding further platforms will require adding appropriate relocation code.
-ExclusiveArch: x86_64 aarch64
+ExclusiveArch: x86_64
%ifarch x86_64
%global efiarch x64
@@ -205,6 +146,7 @@ if [ -s "%{SOURCE201}" ]; then
fi
%endif
cd %{name}-%{version}-%{efiarch}
+make 'DEFAULT_LOADER=\\\\grub%{efiarch}.efi' ${MAKEFLAGS} test
make 'DEFAULT_LOADER=\\\\grub%{efiarch}.efi' ${MAKEFLAGS} shim%{efiarch}.efi mm%{efiarch}.efi fb%{efiarch}.efi
%ifarch x86_64
@@ -286,6 +228,15 @@ cd ../%{name}-%{version}-%{efiarch}
%endif
%changelog
+* Wed Dec 07 2022 Peter Jones <pjones@redhat.com> - 15.6-3.el7
+- Patch to work around upstream issue #533
+ Related: CVE-2020-14372
+- Run the test suite during the build, to be sure.
+
+* Wed Nov 16 2022 Peter Jones <pjones@redhat.com> - 15.6-2.el7
+- Update shim for RHEL 7 so we can revoke everything pre-SBAT there.
+ Resolves: CVE-2020-14372
+
* Wed Sep 09 2020 Peter Jones <pjones@redhat.com> - 15-9.el7
- Fix an incorrect allocation size.
Related: rhbz#1875486