(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.6 2022-05-24T20:28:35+00:00 2022-05-24T20:28:35+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2022-05-10T21:09:26+00:00 urn:sha1:9a09faf390eea083c3bef1b07c7e043ebe0cc1f6 bump shim SBAT generation requirement to 2 for CVE-2022-28737 bump GRUB2 SBAT generation requirement to 2 for CVE-2021-3695 Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> 2022-05-23T20:49:53+00:00 Peter Jones pjones@redhat.com 2022-05-19T19:55:40+00:00 urn:sha1:aa61fdf490d16aaa23de0cbe5e9f16d3bc72e582 Coverity complains: CID 373676 (#3 of 3): Unrecoverable parse warning (PARSE_ERROR) 1. arguments_provided_for_attribute: attribute "__malloc__" does not take arguments This is, of course, just plain wrong. Even so, I'm tired of looking at it, so this patch wraps the #define we use for that attribute in a check to see if it's being built by Coverity. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-18T20:37:23+00:00 Peter Jones pjones@redhat.com 2022-05-18T19:14:12+00:00 urn:sha1:a50d3645467fcfef970a00154d6d49494355afc9 There are a couple of places where the code we've got right now just uses integers to decode one of our MoK variables. That's bad. This patch replaces those with symbolic names. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-18T20:37:23+00:00 Peter Jones pjones@redhat.com 2022-05-18T18:54:06+00:00 urn:sha1:f28833f7cbb3f536081b19c8a2cc6f709e772128 scan-build invoked clang in a way that complains about our SIGNATURE_XX() macro's sizes being used to assign to things that are that size in post-process-pe.c. This patch makes them cast the results to the appropriately sized type. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-18T20:37:23+00:00 Peter Jones pjones@redhat.com 2022-05-18T18:39:39+00:00 urn:sha1:610a1ac7614d2ad97b81b250dc37643df610d4f5 Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T23:01:46+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2022-04-22T20:13:20+00:00 urn:sha1:f81a7cc34e0b1a4f2d3104f44df80f93497eaa9e Support for updating SBAT revocations to latest or previous revocations. Allow SBAT revocations to be reset to empty metadata only when UEFI Secure Boot is disabled. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2022-05-17T23:01:03+00:00 Peter Jones pjones@redhat.com 2022-03-31T20:19:53+00:00 urn:sha1:df96f48f28fa94b62d06f39a3b014133dd38def5 This adds a new MoK variable, MokPolicy (&MokPolicyRT) that's intended as a bitmask of machine owner policy choices, and the bit MOK_POLICY_REQUIRE_NX. This bit specifies whether it is permissible to load binaries which do not support NX mitigations, and it currently defaults to allowing such binaries to be loaded. The broader intention here is to migrate all of the MoK policy variables that are really just on/off flags to this variable. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T23:01:03+00:00 Peter Jones pjones@redhat.com 2021-12-02T23:29:50+00:00 urn:sha1:226fee25ffcbd29988399ba080c7706eb1d52251 This adds support in our PE loader for NX support utilizing the EFI_MEMORY_ATTRIBUTE protocol. Specifically, it changes the loader such that: - binaries without the EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag set in the Optional Header are rejected as EFI_UNSUPPORTED - binaries with non-discardable sections that have both the EFI_SCN_MEM_WRITE and EFI_SCN_MEM_EXECUTE flags set are rejected as EFI_UNSUPPORTED - if the EFI_MEMORY_ATTRIBUTE protocol is installed, then: - sections without the EFI_SCN_MEM_READ flag set will be marked with EFI_MEMORY_RP - sections without the EFI_SCN_MEM_WRITE flag set will be marked with EFI_MEMORY_RO - sections without the EFI_SCN_MEM_EXECUTE flag set will be marked with EFI_MEMORY_XP Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T23:01:03+00:00 Peter Jones pjones@redhat.com 2021-12-02T22:43:29+00:00 urn:sha1:465663e5f6b350abdb18f0ab51ec8924e739bc78 This patch adds some missing definitions for PE header flags. We don't use all of them, but it's less confusing with the list matching the spec, except where the spec is obviously wrong. Signed-off-by: Peter Jones <pjones@redhat.com> 2022-05-17T22:30:52+00:00 Eric Snowberg eric.snowberg@oracle.com 2022-02-01T20:49:51+00:00 urn:sha1:35d7378d29b9ad6f664df20efc4121e210859e65 Heavily inspired by Matthew Garrett's patch "Allow additional certificates to be loaded from a signed binary". Add support for loading a binary, verifying its signature, and then scanning it for embedded certificates. This is intended to make it possible to decouple shim builds from vendor signatures. In order to add new signatures to shim, an EFI Signature List should be generated and then added to the .db section of a well-formed EFI binary. This binary should then be signed with a key that shim already trusts (either a built-in key, one present in the platform firmware or one present in MOK) and placed in the same directory as shim with a filename starting "shim_certificate" (eg, "shim_certificate_oracle"). Shim will read multiple files and incorporate the signatures from all of them. Note that each section *must* be an EFI Signature List, not a raw certificate. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>