(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.8 2024-01-22T19:17:20+00:00 2024-01-22T19:17:20+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-12-15T22:49:04+00:00 urn:sha1:993a345dc3657d47f0e5e1c55cfddfd5f9866053 Network booting tends to expose things like a tfpt server as a filesystem that doesn't implement directory listing This will blindly try to ingest a revocations.efi file in those cases, even if that may result in some console noise when the file does not exist. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2024-01-22T19:17:20+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-12-16T05:31:48+00:00 urn:sha1:a23e2f0de7a61b6e895a915676eba3a1fda2cd78 The netboot path up until now hardcodes DEFAULT_LOADER as the only possible filename to load. This is pretty limiting and needs to be fixed. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2024-01-22T19:17:20+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-12-14T04:32:10+00:00 urn:sha1:6f395c23466a2bc08a28bbc216d6665ade0b117d The ability to automatically apply SBATLevel revocations varies from distro to distro. This allows distros that are able to automatically apply SBATLevel revocations when shim is updated to select a level by supplying SBAT_AUTOMATIC_DATE=<datestamp> on the make command line. Currently the following options are available: 2021030218 no revocations - useful for distros that need to rely on an externally delivered revocations.efi 2022052400 grub,2 2022111500 shim,2 grub,3 2023012900 shim,2 grub,3 grub.debian,4 If no datestamp is specified the build will default to the most recent 2023012900. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2024-01-22T19:17:20+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-12-14T01:59:28+00:00 urn:sha1:30a4f3751a8da09ab0853f1a384b80096828cc34 When the term previous was introduced for revocations to be automatically applied there was a hope that everytime a new revocation was built into shim, the previous revocation could be applied automatically. Further experience has shown the real world to be more complex than that. The automatic payload will realistically contain a set of revocations governed by both the cadence at which a distro's customer base updates as well as the severity of the issue being revoked. This is not a functional change. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2024-01-22T19:17:20+00:00 Peter Jones pjones@redhat.com 2023-12-06T22:07:01+00:00 urn:sha1:13abd9f51b285db7eb46bf375cae623bf1153404 GCC 4 doesn't have __builtin_add_overflow() and friends, so this results in a compiler error. On platforms using that version, do the arithmetic without it. Signed-off-by: Peter Jones <pjones@redhat.com> 2024-01-17T19:49:38+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-09-21T01:03:41+00:00 urn:sha1:57c0eedfa1ebf6e2132a9cb26a7b0fcdee82557f Since shim is inherently updated by shipping a new shim, the latest built in revocations can include the most recent shim revocations. Since CVE-2023-40547 is high impact, this revocation should be available to everyone as soon as possible. GRUB2 CVE-2023-4692 and CVE-2023-4693 are in the ntfs module that only some vendors ship. Since some vendors did not ship an updated GRUB2 for these issues, the revocation for these CVEs is not included in the payload at this time. Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com> 2023-12-05T18:20:00+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-07-07T20:21:30+00:00 urn:sha1:a967c0e7a0a27a310958f5b64a4c4ef8dc1b546e Before applying an updated SbatLevel shim should re-run introspection and never apply a revocation level that would prevent the currently running shim from booting. The proper way forward is to update shim first. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2023-12-05T18:20:00+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-04-29T02:54:14+00:00 urn:sha1:7dfb6871b8a54710d9e9d8d56146e7c083d2e6a8 This adds support for applying SkuSiPolicy UEFI BS variables. These varaibles are needed for non-dbx based Windows revocations and are described here: https://support.microsoft.com/en-us/topic/kb5027455-guidance-for-blocking-vulnerable-windows-boot-managers-522bb851-0a61-44ad-aa94-ad11119c5e91 Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2023-12-05T18:20:00+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2022-11-10T03:37:53+00:00 urn:sha1:ea0f9dfe8ae49ead3204be4c3166b08cc96fad7e Ingest SBAT Levels from revocations binary thereby allowing level requirements to be updated independently from shipping a new shim. Do not automatically apply any revocations from a stock shim at this point. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2023-12-05T18:17:19+00:00 Peter Jones pjones@redhat.com 2023-07-27T19:13:08+00:00 urn:sha1:f27182695d88350b48c8b9a6dce54bb513d7aa4e We need to do arithmetic on untrusted values sometimes, so this patch adds the following primitives as macros that wrap the compiler builtins. bool checked_add(TYPE addend0, TYPE addend1, TYPE *sum) bool checked_sub(TYPE minuend, TYPE subtrahend, TYPE *difference) bool checked_mul(TYPE factor0, TYPE factor1, TYPE *product) And also the following primitive which returns True if divisor is 0 and False otherwise: bool checked_div(TYPE dividend, TYPE divisor, TYPE *quotient) Signed-off-by: Peter Jones <pjones@redhat.com>