(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=vyos%2Fcurrent 2025-07-07T17:44:23+00:00 2025-07-07T17:44:23+00:00 Christian Breunig christian@breunig.cc 2025-07-06T20:45:39+00:00 urn:sha1:7c1e9cc39ab56632cc981e9fbd4a9e6dc2fe7122 2025-07-06T19:59:18+00:00 Christian Breunig christian@breunig.cc 2025-07-06T19:59:18+00:00 urn:sha1:02acad285c74015e8120ade2b41d51b39ae66b63 shim-16.0 What's Changed * Validate that a supplied vendor cert is not in PEM format by @steve-mcintyre in https://github.com/rhboot/shim/pull/646 * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) by @julian-klode in https://github.com/rhboot/shim/pull/651 * sbat: Also bump latest for grub,4 (and to todays date) by @julian-klode in https://github.com/rhboot/shim/pull/653 * undo change that limits certificate files to a single file by @jsetje in https://github.com/rhboot/shim/pull/659 * shim: don't set second_stage to the empty string by @jjd27 in https://github.com/rhboot/shim/pull/640 * Fix SBAT.md for today's consensus about numbers by @aronowski in https://github.com/rhboot/shim/pull/672 * Update Code of Conduct contact address by @aronowski in https://github.com/rhboot/shim/pull/683 * make-certs: Handle missing OpenSSL installation by @aronowski in https://github.com/rhboot/shim/pull/595 * Update MokVars.txt by @mikebeaton in https://github.com/rhboot/shim/pull/598 * export DEFINES for sub makefile by @bryteise in https://github.com/rhboot/shim/pull/600 * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition by @vittyvk in https://github.com/rhboot/shim/pull/609 * Null-terminate 'arguments' in fallback by @vittyvk in https://github.com/rhboot/shim/pull/611 * Fix "Verifiying" typo in error message by @chrisbainbridge in https://github.com/rhboot/shim/pull/706 * Update Fedora CI targets by @vathpela in https://github.com/rhboot/shim/pull/708 * Force gcc to produce DWARF4 so that gdb can use it by @mikebeaton in https://github.com/rhboot/shim/pull/607 * Minor housekeeping 2024121700 by @vathpela in https://github.com/rhboot/shim/pull/709 * Discard load-options that start with WINDOWS by @Metabolix in https://github.com/rhboot/shim/pull/621 * Fix the issue that the gBS->LoadImage pointer was empty. by @15058718379 in https://github.com/rhboot/shim/pull/703 * shim: Allow data after the end of device path node in load options by @dbnicholson in https://github.com/rhboot/shim/pull/694 * Handle network file not found like disks by @dbnicholson in https://github.com/rhboot/shim/pull/695 * Update gnu-efi submodule for EFI_HTTP_ERROR by @vathpela in https://github.com/rhboot/shim/pull/674 * Increase EFI file alignment by @lumag in https://github.com/rhboot/shim/pull/673 * avoid EFIv2 runtime services on Apple x86 machines by @eduardacatrinei in https://github.com/rhboot/shim/pull/690 * Improve shortcut performance when comparing two boolean expressions by @dennis-tseng99 in https://github.com/rhboot/shim/pull/667 * Provide better error message when MokManager is not found by @rmetrich in https://github.com/rhboot/shim/pull/663 * tpm: Boot with a warning if the event log is full by @kukrimate in https://github.com/rhboot/shim/pull/657 * MokManager: remove redundant logical constraints by @xypron in https://github.com/rhboot/shim/pull/409 * Test import_mok_state() when MokListRT would be bigger than available size by @vathpela in https://github.com/rhboot/shim/pull/417 * test-mok-mirror: minor bug fix by @vathpela in https://github.com/rhboot/shim/pull/715 * Fix file system browser hang when enrolling MOK from disk by @miczyg1 in https://github.com/rhboot/shim/pull/622 * Ignore a minor clang-tidy nit by @vathpela in https://github.com/rhboot/shim/pull/716 * Allow fallback to default loader when encountering errors on network boot by @nathan-omeara in https://github.com/rhboot/shim/pull/666 * test.mk: don't use a temporary random.bin by @vathpela in https://github.com/rhboot/shim/pull/718 * pe: Enhance debug report for update_mem_attrs by @jongwu in https://github.com/rhboot/shim/pull/594 * Multiple certificate handling improvements by @rosslagerwall in https://github.com/rhboot/shim/pull/644 * Generate SbatLevel Metadata from SbatLevel_Variable.txt by @jsetje in https://github.com/rhboot/shim/pull/711 * Apply EKU check with compile option by @dennis-tseng99 in https://github.com/rhboot/shim/pull/664 * Add configuration option to boot an alternative 2nd stage by @esnowberg in https://github.com/rhboot/shim/pull/608 * Loader protocol (with Device Path resolution support) by @kukrimate in https://github.com/rhboot/shim/pull/656 * netboot cleanup for additional files by @jsetje in https://github.com/rhboot/shim/pull/686 * Document how revocations can be delivered by @jsetje in https://github.com/rhboot/shim/pull/722 * post-process-pe: add tests to validate NX compliance by @vathpela in https://github.com/rhboot/shim/pull/705 * regression: CopyMem() in ad8692e copies out of bounds by @jsetje in https://github.com/rhboot/shim/pull/725 * Save the debug and error logs in mok-variables by @vathpela in https://github.com/rhboot/shim/pull/726 * Add features for the Host Security ID program by @vathpela in https://github.com/rhboot/shim/pull/660 * Mirror some more efi variables to mok-variables by @vathpela in https://github.com/rhboot/shim/pull/723 * This adds DXE Services measurements to HSI and uses them for NX by @vathpela in https://github.com/rhboot/shim/pull/724 * Add shim's current NX_COMPAT status to HSIStatus by @vathpela in https://github.com/rhboot/shim/pull/727 * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" by @jsetje in https://github.com/rhboot/shim/pull/728 * Reject HTTP message with duplicate Content-Length header fields by @dennis-tseng99 in https://github.com/rhboot/shim/pull/637 * Disable log saving by @vathpela in https://github.com/rhboot/shim/pull/729 * fallback: don't add new boot order entries backwards by @vathpela in https://github.com/rhboot/shim/pull/730 * Misc fixes... by @vathpela in https://github.com/rhboot/shim/pull/735 * README.tpm: Update MokList entry to MokListRT by @trungams in https://github.com/rhboot/shim/pull/732 * SBAT Level update for February 2025 GRUB CVEs by @jsetje in https://github.com/rhboot/shim/pull/736 New Contributors * @jjd27 made their first contribution in https://github.com/rhboot/shim/pull/640 * @mikebeaton made their first contribution in https://github.com/rhboot/shim/pull/598 * @bryteise made their first contribution in https://github.com/rhboot/shim/pull/600 * @vittyvk made their first contribution in https://github.com/rhboot/shim/pull/609 * @chrisbainbridge made their first contribution in https://github.com/rhboot/shim/pull/706 * @Metabolix made their first contribution in https://github.com/rhboot/shim/pull/621 * @15058718379 made their first contribution in https://github.com/rhboot/shim/pull/703 * @dbnicholson made their first contribution in https://github.com/rhboot/shim/pull/694 * @lumag made their first contribution in https://github.com/rhboot/shim/pull/673 * @eduardacatrinei made their first contribution in https://github.com/rhboot/shim/pull/690 * @kukrimate made their first contribution in https://github.com/rhboot/shim/pull/657 * @miczyg1 made their first contribution in https://github.com/rhboot/shim/pull/622 * @nathan-omeara made their first contribution in https://github.com/rhboot/shim/pull/666 * @jongwu made their first contribution in https://github.com/rhboot/shim/pull/594 * @rosslagerwall made their first contribution in https://github.com/rhboot/shim/pull/644 * @trungams made their first contribution in https://github.com/rhboot/shim/pull/732 **Full Changelog**: https://github.com/rhboot/shim/compare/15.8...16.0 * tag '16.0': (451 commits) Update version to 16.0 SBAT Level update for February 2025 GRUB CVEs README.tpm: Update MokList entry to MokListRT Make 'make fanalyzer' work again. simple_dir_filter(): test our 'next' pointer shim_load_image(): initialize the buffer fully mirror_mok_db(): Free our mok variable name correctly mirror_one_mok_variable(): fix a memory leak on TPM log error. mirror_mok_db(): get rid of an unused variable+allocation generate_sbat_var_defs: Ensure revlistentry->revocations is initialized. generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak. generate_sbat_var_defs: run clang-format on readfile() SetSecureVariable(): free Cert on failure Update version to 16.0~rc1 make-archive: some minor housekeeping makefiles: Make GITTAG swizzle tildes to dashes fallback: don't add new boot order entries backwards Disable log saving for now. Some save_logs() improvements. reject message with different values in multiple Content-Length header field ... 2025-03-18T22:12:50+00:00 Peter Jones pjones@redhat.com 2025-03-04T15:09:49+00:00 urn:sha1:18d98bfb34be583a5fe2987542e4b15e0db9cb61 Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-18T22:10:37+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2025-02-17T23:05:03+00:00 urn:sha1:893252718ebd8e3777a5209e84f2819e1ae59108 Moves the minimum GRUB SBAT Level to 5 in order to require fixes for the following GRUB CVEs: CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125 This also bumps the default SBAT_AUTOMATIC_DATE to 2024040900. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2025-03-18T13:56:58+00:00 Thien Trung Vuong tvuong@microsoft.com 2025-03-08T00:49:32+00:00 urn:sha1:28d8871bdd17f3c52be9b370ec45238ef6816130 Commit 092c2b2bbed950727e41cf450b61c794881c33e7 switched to using MokListRT instead of MokList during PCR7 measurement. Updating the README to reflect the correct behaviour. Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T20:28:14+00:00 urn:sha1:db1f1dac7e7f49b985d1c338c667c34424cb8d54 It breaks every time somehow. Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T20:11:58+00:00 urn:sha1:7b753820e79b5b38be59c40aaa7960eab0aae119 "gcc -fanalyzer" thinks that in simple_dir_filter(), we can get "next" to be a NULL pointer even when simple_dir_read_all() return success and we're iterating the total number of entries it claimed it returned. I don't think this is true, but to make it stop complaining I've added tests to that pointer that'll make it stop if it gets to the end of the list. Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T20:00:30+00:00 urn:sha1:db0432183680121df2fcaba2b697025fef9db6ac scan-build notes that we assign bprop.hnd, an EFI_HANDLE for the device path protocol, to our loaded_image->li.DeviceHandle, and it thinks since bprop is uninitialized that means it can be NULL or garbage. I don't think that's actually true, because every path to that requires either returning an error or doing some variety of: status = BS->LocateDevicePath(&gEfiDevicePathProtocolGuid, &bp, &hnd) and checking its error, but only one of those paths explicitly sets a value, and static checkers can't tell what BS->LocateDevicePath does with the pointer. This patch avoids the issue by initializing the whole bprop structure to begin with. Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T18:19:17+00:00 urn:sha1:38f0a9c2ee9635cbaab9d7d4aa4664027c913cee When we've split a mok variable into name0..nameN, we re-use the same buffer over and over, but we never free it at the end. This frees it. Resolves: Coverity CID 457501 Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T18:14:41+00:00 urn:sha1:92630f2e2d63f89bf78842bd0d18fa115270b39c If measuring a mok variable to the TPM returns failure, this function returns, but never frees the data intended to be measured. This frees it. Resolves: Coverity CID 457503 Signed-off-by: Peter Jones <pjones@redhat.com>