(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=vyos%2Fcurrent 2025-03-14T15:05:05+00:00 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T20:11:58+00:00 urn:sha1:7b753820e79b5b38be59c40aaa7960eab0aae119 "gcc -fanalyzer" thinks that in simple_dir_filter(), we can get "next" to be a NULL pointer even when simple_dir_read_all() return success and we're iterating the total number of entries it claimed it returned. I don't think this is true, but to make it stop complaining I've added tests to that pointer that'll make it stop if it gets to the end of the list. Signed-off-by: Peter Jones <pjones@redhat.com> 2025-03-14T15:05:05+00:00 Peter Jones pjones@redhat.com 2025-03-12T17:43:46+00:00 urn:sha1:d45c610ba558c1b1673ff94590b71a156dd2fd3c If variable_create_esl_with_one_signature() succeeds but CreateTimeBasedPayload() fails, we leak the allocation for our certificate. This patch frees it. Resolves: Coverity CID 457504 Signed-off-by: Peter Jones <pjones@redhat.com> 2025-02-11T15:43:37+00:00 Ard Biesheuvel ardb@kernel.org 2023-06-29T15:58:18+00:00 urn:sha1:bb114a3b92a96875dc71e5e4925bedba5c02f958 Define a new protocol for loading and starting images, encapsulating shim's PE loading facilities and verification/authentication against the same set of certificates that shim_lock::verify() authenticates against. This removes the need for loaders like GRUB to implement their own PE loader in order to be able to invoke loaded images as PE applications, rather than implementing a bespoke OS dependent handover protocol (e.g., invoke Linux via its EFI stub) Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 2025-01-21T16:00:49+00:00 Michał Żygowski michal.zygowski@3mdeb.com 2023-12-16T12:01:29+00:00 urn:sha1:d6076cb61297c13a0c55c0b848b85b9f31a912ac If HandleProtocol or OpenVolume fails, the entries array will become non-contiguous, i.e. will have NULL pointers between valid volume names in the array. Because of that count_lines may return a lower number of entries than expected. As a result one may not browse all valid filesystems in the file explorer. Add a second index variable that will increment only on successfully created filesystem entries. As a result, count_lines should return proper length and there won't be any lost partitions or accesses to invalid entries. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> 2025-01-21T16:00:49+00:00 Michał Żygowski michal.zygowski@3mdeb.com 2023-12-16T11:58:47+00:00 urn:sha1:9415d3cada09f8043bb9a2c1b32fd1f909cefab0 In case GetInfo of volume root fails, it is still possible to form a volume name from the DevicePath. Do not skip given SimpleFS volume handle and try to form a name from DevicePath. That way we do not lose some filesystems from file browser. This change already fixes the problem of a hanging platform when trying to enroll a key from disk. However, there is still a chance of having a non-contiguous array of entries, which will be fixed in next commit. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> 2025-01-21T16:00:49+00:00 Michał Żygowski michal.zygowski@3mdeb.com 2023-12-16T11:45:42+00:00 urn:sha1:dc45aa6b3ce0c54c20ed284222297cdb29baa5d5 The loop retrieving the SimpleFS volume labels and names may skip some volumes if either HandleProtocol or OpenVolume or GetInfo fails. Those skipped volumes would have uninitialized pointers to their names in the respective entries indices. This would lead to accessing random memory in console_select, because count_lines would not catch the holes with non-existing entries. On affected platforms the result is a hang of the MokManager while trying to enroll a key from disk. The issue has been triggered on a TianoCore EDK2 UEFIPayload based firmware for x86 platforms with additional filesystem drivers: ExFAT, NTFS, EXT2 and EXT4. Use AllocateZeroPool to ensure entries array will be initialized with NULL pointers. Handling the non-existing entries will be added in subsequent commits. Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com> 2025-01-15T21:03:55+00:00 Dan Nicholson dbn@endlessos.org 2024-10-04T17:00:32+00:00 urn:sha1:d197220e834e7915326c6a99e17bafe0dcfb3f77 The define can be dropped when gnu-efi is updated to include de6f9259e8476495c78babbc25250a59de7f3942. Signed-off-by: Dan Nicholson <dbn@endlessos.org> 2023-12-05T18:20:00+00:00 Jan Setje-Eilers jan.setjeeilers@oracle.com 2023-04-29T02:54:14+00:00 urn:sha1:7dfb6871b8a54710d9e9d8d56146e7c083d2e6a8 This adds support for applying SkuSiPolicy UEFI BS variables. These varaibles are needed for non-dbx based Windows revocations and are described here: https://support.microsoft.com/en-us/topic/kb5027455-guidance-for-blocking-vulnerable-windows-boot-managers-522bb851-0a61-44ad-aa94-ad11119c5e91 Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com> 2023-06-21T18:19:51+00:00 Kamil Aronowski kamil.aronowski@yahoo.com 2023-04-12T16:50:12+00:00 urn:sha1:549d34691d68518e55c2edd6e759b19de7f8ddef The function msleep uses gBS->Stall which waits for a specified number of microseconds. Reference: https://edk2-docs.gitbook.io/edk-ii-uefi-driver-writer-s-guide/5_uefi_services/51_services_that_uefi_drivers_commonly_use/517_stall This reference even mentions an example sleeping for 10 microseconds: // Wait 10 uS. Notice the letter 'u'. Therefore it's a good idea to call the function 'usleep' rather than 'msleep', so no one confuses it with milliseconds, and to change the argument name to match as well. Signed-off-by: Kamil Aronowski <kamil.aronowski@yahoo.com> 2023-06-21T18:18:25+00:00 Kamil Aronowski kamil.aronowski@yahoo.com 2023-05-08T07:28:24+00:00 urn:sha1:f7a4338f1b5ef03dca83ce44075e9d6e5897e037 In preparation for renaming msleep() to usleep(), in some cases tests were failing due to a mismatch between our declaration of the usleep() function and what is being provided by unistd.h. This change simply makes our function declared only when not in a unit test environment. Signed-off-by: Kamil Aronowski <kamil.aronowski@yahoo.com>