(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.5 2022-02-15T18:06:21+00:00 2022-02-15T18:06:21+00:00 Robbie Harwood rharwood@redhat.com 2022-02-15T18:06:21+00:00 urn:sha1:f2c598bb2218da966872ba3e0c6e7e830dca6ef0 Mark this officially as shim 15.5 Signed-off-by: Robbie Harwood <rharwood@redhat.com> 2022-02-03T18:52:45+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-18T07:28:50+00:00 urn:sha1:382568eda8708ea8e4b062d230d136a4c6d65f8b perror(L"%d sections contain entry point\n") lacks an argument corresponding to %d. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2022-02-03T18:52:28+00:00 Peter Jones pjones@redhat.com 2022-02-03T18:30:49+00:00 urn:sha1:fee352a076999790da1a63460eda842525d324e4 This resolves issue #442 Signed-off-by: Peter Jones <pjones@redhat.com> 2022-02-03T18:52:15+00:00 Peter Jones pjones@redhat.com 2022-01-19T21:15:05+00:00 urn:sha1:8c52a84e0a4f39bbc937dcbcdad7cdf04b90b85b Currently, when you boot linux you get a bright red message in the log and the console like: Feb 03 13:18:45 localhost.localdomain kernel: mokvar: EFI MOKvar config table is not in EFI runtime memory We don't like bright red messages on the console, so this patch changes the memory allocation for the mokvar config table so that it's in runtime memory. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-02-03T18:52:15+00:00 Peter Jones pjones@redhat.com 2022-01-19T17:27:12+00:00 urn:sha1:7ccc6c398de381b45300e36a84729e42e47c6447 Signed-off-by: Peter Jones <pjones@redhat.com> 2021-12-10T22:08:21+00:00 Peter Jones pjones@redhat.com 2021-12-09T22:21:45+00:00 urn:sha1:d0df9304c7a777557e1925dc9f75406ec00e6179 - one missing free - one minor deadcode issue - two unchecked allocations - one debug hexdump of a variable we just freed Signed-off-by: Peter Jones <pjones@redhat.com> 2021-12-10T22:08:21+00:00 Peter Jones pjones@redhat.com 2021-12-10T21:18:41+00:00 urn:sha1:2e78cd93390f83648a20b5b3bb934f846537e54c cov-analysis-linux64-2020.09 is a lot more successful than the older versions at building, but it still has some... issues. Among them, it is of the belief that this: void foo(char *fmt, ...) { __builtin_va_list ap; __builtin_ms_va_start(ap, fmt); /* <- here */ ... } is an uninitialized use of "ap". This patch adds defined(__COVERITY__) to the list of criteria for using sysv va lists, which it has no such confusion about. Signed-off-by: Peter Jones <pjones@redhat.com> 2021-12-10T19:59:22+00:00 Renaud Métrich rmetrich@redhat.com 2021-12-03T12:28:13+00:00 urn:sha1:0dd4c78fc0846b36a334068ed5e5495e1d3d5f9f Requesting a keystroke when Secure Boot is not enabled and verbosity is enabled is really annoying. Signed-off-by: Renaud Métrich <rmetrich@redhat.com> 2021-12-10T19:56:54+00:00 Javier Martinez Canillas javierm@redhat.com 2021-11-09T15:39:37+00:00 urn:sha1:4804ba077381dcd0288d98e3d08bc87ee77afad1 The buffer used to read the data in the CSV is declared as a stack variable in the try_boot_csv() function, but a pointer to the arguments field of the first boot option is stored in the global first_new_option_args variable. Later, when is used set the arguments to boot the first entry, the variable points to memory that no longer exists. This leads to booting an entry with garbage as arguments instead of the correct value. Reported-by: Alexander Larsson <alexl@redhat.com> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> 2021-11-03T15:30:28+00:00 Eric Snowberg eric.snowberg@oracle.com 2021-10-05T16:06:05+00:00 urn:sha1:4e513405b4f1641710115780d19dcec130c5208f Introduce a new MOK variable called MokListTrustedRT. It allows an end-user to decide if they want to trust MOKList keys within the soon to be booted Linux kernel. This variable does not change any functionality within shim itself. When Linux boots, if MokListTrustedRT is set and EFI_VARIABLE_NON_VOLATILE is not set, keys in MokListRT are loaded into the .machine keyring instead of the .platform keyring. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>