efi-boot-shim.git/include, branch 15.4 (mirror of https://github.com/vyos/efi-boot-shim.git)
https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.42021-03-27T22:48:04+00:00Change SBAT variable name to SbatLevel2021-03-27T22:48:04+00:00Jan Setje-Eilersjan.setjeeilers@oracle.com2021-03-27T18:09:52+00:00urn:sha1:27da4170f0fb30acde91a37e0256dfcfe76ea69e
Because a few shim builds were signed that did not properly initialize
the SBAT variable, and in doing so deleted valid SBAT variables, we need
to use a different name.
This changes the name from "SBAT" to "SbatLevel".
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Move the check for the SBAT variable properties to its own function.2021-03-27T22:47:31+00:00Jan Setje-Eilersjan.setjeeilers@oracle.com2021-03-27T04:19:14+00:00urn:sha1:08a0ce01dbe9945287f37a9b139b25f46c53f878
This moves the check for the SBAT variable's attributes and contents
into its own function, so that test cases can be written against it.
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Make 'make test' work on gcc 4.8.52021-03-22T20:43:44+00:00Peter Jonespjones@redhat.com2021-03-21T19:57:03+00:00urn:sha1:33db42def2ce6fe040b5f77642347e8b3c6420e5Ensure that MOK variable mirroring creates well formed ESLs2021-03-19T02:47:43+00:00Chris Coulsonchris.coulson@canonical.com2021-03-18T14:32:24+00:00urn:sha1:3dd40ade68c6ff63e776b5f9acbd811a3c345d01
The MOK variable mirroring makes use of variable_create_esl, which
can only create a well-formed EFI_SIGNATURE_LIST containing a single
signature. Fix fill_esl and variable_create_esl to support creating
a EFI_SIGNATURE_LIST with one or more supplied EFI_SIGNATURE_DATA
structures.
Introduce variable_create_esl_with_one_signature and
fill_esl_with_one_signature for code that does want to create a
EFI_SIGNATURE_LIST containing a single signature constructed from
a supplied signature data buffer and owner GUID.
Fix up build of test code using gcc 82021-03-15T23:52:17+00:00Steve McIntyresteve@einval.com2021-03-15T23:12:08+00:00urn:sha1:f5a3de3264f87f48186f80297fb1dbcddfd6d945
Don't check SHIM_UNIT_TEST.
This fixes conflicting declarations for __builtin_ms_va_list on amd64:
In file included from shim.h:47,
from test.c:10:
../include/system/stdarg.h:30:27: error: conflicting types for '__builtin_ms_va_list'
typedef __builtin_va_list __builtin_ms_va_list;
^~~~~~~~~~~~~~~~~~~~
cc1: note: previous declaration of '__builtin_ms_va_list' was here
In file included from shim.h:47,
from test-csv.c:9:
../include/system/stdarg.h:30:27: error: conflicting types for '__builtin_ms_va_list'
typedef __builtin_va_list __builtin_ms_va_list;
^~~~~~~~~~~~~~~~~~~~
cc1: note: previous declaration of '__builtin_ms_va_list' was here
In file included from shim.h:47,
from csv.c:6:
../include/system/stdarg.h:30:27: error: conflicting types for '__builtin_ms_va_list'
typedef __builtin_va_list __builtin_ms_va_list;
^~~~~~~~~~~~~~~~~~~~
cc1: note: previous declaration of '__builtin_ms_va_list' was here
Signed-off-by: Steve McIntyre <93sam@debian.org>
'make test': try harder to make it build in the right order.2021-03-12T09:15:01+00:00Peter Jonespjones@redhat.com2021-03-12T02:56:37+00:00urn:sha1:39b96c01bfd4547f38c9e573ff5d551057ea272c
Signed-off-by: Peter Jones <pjones@redhat.com>
sbat variable: use UEFI_VAR_NV_BS_RT when we've got ENABLE_SHIM_DEVEL2021-03-12T09:15:01+00:00Peter Jonespjones@redhat.com2021-03-11T22:19:10+00:00urn:sha1:76f35c00ef9df3958c5479d74f8d6605c32901ec
This makes it so that if you build with ENABLE_SHIM_DEVEL, the SBAT we
use is named SBAT_DEVEL instead of SBAT, and it's expected to have
EFI_VARIABLE_RUNTIME_ACCESS set.
Signed-off-by: Peter Jones <pjones@redhat.com>
Don't even try to use builtins, just make sure we have the same types.2021-03-12T09:15:01+00:00Peter Jonespjones@redhat.com2021-03-12T01:07:03+00:00urn:sha1:b5a7c8ce6012ec8d5f9f2515537f918ef4ca9358
For some reason when we try to ever use the builtins, even with the
symbol there as a fallback, something goes horribly wrong somewhere
around here:
| (gdb) bt
| #0 strcmp (s1=0x7d492359 "MD5", s2=0x7d492359 "MD5") at include/system/string.h:57
| #1 0x000000007d460419 in getrn (lh=lh@entry=0x7e081318, data=data@entry=0x7e084398, rhash=rhash@entry=0x7f7c9268) at crypto/lhash/lhash.c:415
| #2 0x000000007d46076e in lh_insert (lh=0x7e081318, data=data@entry=0x7e084398) at crypto/lhash/lhash.c:188
| #3 0x000000007d43e027 in OBJ_NAME_add (name=name@entry=0x7d492359 "MD5", type=type@entry=1, data=data@entry=0x7d4ad3a0 <md5_md> "\004") at crypto/objects/o_names.c:202
As much as I love a Sisyphean challenge, in the interest of not having
bugs or time, this patch changes it to just not use them for anything
other than guaranteeing our implementations have the exact same types as
you would expect.
Signed-off-by: Peter Jones <pjones@redhat.com>
More va_* work2021-03-12T09:15:01+00:00Peter Jonespjones@redhat.com2021-03-11T21:48:44+00:00urn:sha1:4457d79ce0ea638e7732f5529bf13849e290940d
Be much more explicit about exactly which va_* stuff comes from which
ABI in both shim and gnu-efi. This fixes the problem where we see:
| (null):0:(null)() v->name:"(null)" v->rtname:"(null)"
| (null):0:(null)() v->data_size:0 v->data:0x0
and similar messages where everything is NULL.
Signed-off-by: Peter Jones <pjones@redhat.com>
Fix the compiler when invoking scan-build/fanalyzer/etc2021-03-12T09:15:01+00:00Peter Jonespjones@redhat.com2021-03-11T16:40:24+00:00urn:sha1:6ebae16cbb6856f80e891b710d4f76b49ff48c6d
Signed-off-by: Peter Jones <pjones@redhat.com>