efi-boot-shim.git, branch 13

Bump the version to 13

2017-09-29T15:10:49+00:00

shim 13: - OpenSSL reverted to 1.0.2k to make the cert chaining of existing deployments stay working - Better PCR usage for TPM - TPM documentation in README.tpm - More configurable build via make variables: ENABLE_SHIM_CERT ENABLE_SHIM_HASH ENABLE_SBSIGN LIBDIR EFIDIR VENDOR_CERT_FILE VENDOR_DB_FILE - Better MoK documentation in MokVars.txt - Better debuginfo generation - Lots of minor bug fixes. Signed-off-by: Peter Jones

buildid: Check the return values of write() calls

2017-09-29T15:10:32+00:00

Signed-off-by: Mathieu Trudel-Lapierre

Make shim_cert.h able to be included more safely.

2017-09-29T15:10:32+00:00

If you build with ENABLE_SHIM_CERT=1, the include chain right now winds up meaning shim_cert is defined in a header that gets included in netboot.c as well, which never uses it: In file included from shim.h:125:0, from netboot.c:36: shim_cert.h:1:14: error: ‘shim_cert’ defined but not used [-Werror=unused-variable] static UINT8 shim_cert[] = { ^~~~~~~~~ cc1: all warnings being treated as errors So make that okay by adding __attribute__((__unused__)) to the variable decl. Signed-off-by: Peter Jones

buildid: make 'make clean' remove it.

2017-09-29T15:10:32+00:00

Use iconv for UCS-2 encoding.

2017-09-26T15:16:45+00:00

Cyphermox discovered that when you run this: ( printf "\xff\x00\xfe\x00" ; echo "shimx64.efi,foo,,This is the boot entry for foo" ) | sed -z 's/./&\x00/g' on some debian machines, printf(1) doesn't interpret the \x.. characters, and that results in this being the encoded text: 00000000 5c 78 66 66 5c 78 66 65 73 00 68 00 69 00 6d 00 |\xff\xfes.h.i.m.| 00000010 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 2c 00 |x.6.4...e.f.i.,.| 00000020 66 00 6f 00 6f 00 2c 00 2c 00 54 00 68 00 69 00 |f.o.o.,.,.T.h.i.| which... yeah, that's wrong. So instead, use iconv instead of printf+sed to encode it in UCS-2. Unfortunately, that means we don't get endian markers, because for some reason iconv(1) doesn't have any way to say it should include them. But that's okay; fallback already handles not having them and just assumes the second byte being \x00 means UCS-2LE. Signed-off-by: Peter Jones

Fix an LDFLAGS issue on arm and aarch64

2017-09-19T18:58:51+00:00

Commit 1e71734992 inadvertantly switched ARM's LDFLAGS+=--defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) to be before LDFLAGS is set, and so it got clobbered away. Signed-off-by: Peter Jones

Try to do a slightly better job at 'make clean'

2017-09-19T18:58:51+00:00

Signed-off-by: Peter Jones

Don't build shim_cert.h in parallel with other targets.

2017-09-14T22:07:10+00:00

shim_cert.h is required by other pieces (such as netboot.o, cert.o) and might not be built by the time these targets are reached. In that case the build would fail as it can't find a required header. Signed-off-by: Mathieu Trudel-Lapierre

Clean up after BOOT$(ARCH).CSV.

2017-09-14T22:07:10+00:00

It should not be left around after clean since it's a generated file. Signed-off-by: Mathieu Trudel-Lapierre

try to show errors more usefully.

2017-09-13T19:18:28+00:00

Signed-off-by: Peter Jones