<feed xmlns='http://www.w3.org/2005/Atom'>
<title>efi-boot-shim.git/pe.c, branch rolling</title>
<subtitle> (mirror of https://github.com/vyos/efi-boot-shim.git)
</subtitle>
<id>https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/'/>
<updated>2025-02-26T00:40:54+00:00</updated>
<entry>
<title>pe: read_header(): allow skipping SecDir content validation</title>
<updated>2025-02-26T00:40:54+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2025-02-25T16:44:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=3bce11831343ba6e67740f23ab3a6c6f09bc0bca'/>
<id>urn:sha1:3bce11831343ba6e67740f23ab3a6c6f09bc0bca</id>
<content type='text'>
When we're parsing the PE header of shim itself from the Loaded Image
object, the signatures aren't present, but the Certificate Table entry
in the Data Directory has not been cleared, so it'll fail verification.

We know when we're doing that, so this patch makes that test optional.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Move memory attribute support to its own file.</title>
<updated>2025-02-24T20:24:24+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2025-02-20T18:51:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=589c3f289e05454be23507767439cb9769a2264a'/>
<id>urn:sha1:589c3f289e05454be23507767439cb9769a2264a</id>
<content type='text'>
This moves the EFI Memory Attribute Protocol helper functions to their
own file, since they're not related to PE things.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>get_mem_attrs(): ensure an error code is set on failure</title>
<updated>2025-02-24T20:24:24+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2025-01-18T16:27:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=3d7c0572c2296f1c31c1f0fb051412ab76828dd2'/>
<id>urn:sha1:3d7c0572c2296f1c31c1f0fb051412ab76828dd2</id>
<content type='text'>
This changes get_mem_attrs() to return EFI_UNSUPPORTED if
LibLocateProtocol() does not return an error but does give us a NULL
pointer.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Don't print full screen error dialog from handle_image() when called in_protocol</title>
<updated>2025-02-11T15:43:37+00:00</updated>
<author>
<name>Mate Kukri</name>
<email>mate.kukri@canonical.com</email>
</author>
<published>2024-05-24T10:25:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=fe2ad36cbe13f9f304502d6b803828117593e0a9'/>
<id>urn:sha1:fe2ad36cbe13f9f304502d6b803828117593e0a9</id>
<content type='text'>
This isn't desirable when GRUB has control of the screen, and would mess
its content up.

Signed-off-by: Mate Kukri &lt;mate.kukri@canonical.com&gt;
</content>
</entry>
<entry>
<title>pe: Enhance debug report for update_mem_attrs</title>
<updated>2025-02-04T16:54:43+00:00</updated>
<author>
<name>Jianyong Wu</name>
<email>jianyong.wu@arm.com</email>
</author>
<published>2023-07-31T02:40:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=c66c157c2d581408385577daa824c5c3124d7f61'/>
<id>urn:sha1:c66c157c2d581408385577daa824c5c3124d7f61</id>
<content type='text'>
When memory attributes cannot be updated due to misalignment with 4K or
when the size is 0, the debug printout lacks sufficient clarity to
indicate the issue. To enhance troubleshooting, it is crucial to
generate an error log that explicitly states the failure to execute the
expected action. This error log will be visible even when the debug
level log is not enabled, thereby significantly reducing debugging time.

Signed-off-by: Jianyong Wu &lt;jianyong.wu@arm.com&gt;
</content>
</entry>
<entry>
<title>Print errors when setting/clearing memory attrs</title>
<updated>2023-12-05T18:20:00+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2023-09-05T20:25:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=6f0c8d2c920c82359f231205b26eb4ddd3718e1d'/>
<id>urn:sha1:6f0c8d2c920c82359f231205b26eb4ddd3718e1d</id>
<content type='text'>
When working on issues with the memory attributes API, shim does not
currently display any errors which are returned from the API itself.

This adds those error messages.

Resolves #575

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system</title>
<updated>2023-12-05T18:20:00+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2023-07-27T19:21:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=96dccc255b16e9465dbee50b3cef6b3db74d11c8'/>
<id>urn:sha1:96dccc255b16e9465dbee50b3cef6b3db74d11c8</id>
<content type='text'>
In verify_sbat_section(), we do some math on data that comes from the
binary being verified - in this case, we add 1 to the size of the
".sbat" section as reported in the section header, which is then used as
the input to the size of an allocation.  The original value is then used
for a size in a memcpy(), which means there's an out-of-bounds write in
the overflow case.

Due to the type of the variable being size_t, but the type in the
section header being uint32_t, this is only plausibly accomplished on
32-bit systems.

This patch makes the arithmetic use a checked add operation to avoid
overflow.  Additionally, it adds a check in verify_buffer_sbat() to
guarantee that the data is within the binary.

It's not currently known if this is actually exploitable on such
systems; the memory layout on a particular machine may further mitigate
this scenario.

Resolves: CVE-2023-40548
Reported-by: gkirkpatrick@google.com
Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>Correctly free memory allocated in handle_image()</title>
<updated>2023-07-19T20:07:02+00:00</updated>
<author>
<name>Dennis Tseng</name>
<email>dennis.tseng@suse.com</email>
</author>
<published>2023-06-25T07:07:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=1e985a3a238100ca5f4bda3e269a9eaec9bda74b'/>
<id>urn:sha1:1e985a3a238100ca5f4bda3e269a9eaec9bda74b</id>
<content type='text'>
Currently pe's handle_image() function has two related issues, which are
a memory leak in most error paths and an incorrect FreePool() call in
some error paths.

This patch adds the correct FreePages() calls to most error paths, and
switches the FreePool() call to match them.

[commit message re-written to be more informative by pjones]

Signed-off-by: Dennis Tseng &lt;dennis.tseng@suse.com&gt;
</content>
</entry>
<entry>
<title>Split pe.c up even more.</title>
<updated>2023-06-23T21:13:13+00:00</updated>
<author>
<name>Peter Jones</name>
<email>pjones@redhat.com</email>
</author>
<published>2023-04-28T18:44:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=996496065e9231dc51ca99b903615df8640bb797'/>
<id>urn:sha1:996496065e9231dc51ca99b903615df8640bb797</id>
<content type='text'>
This moves the parts of pe.c that *don't* depend on Cryptlib into
pe-relocate.c, so we can write test cases for them without having to
make a second openssl build without EFI support.

Signed-off-by: Peter Jones &lt;pjones@redhat.com&gt;
</content>
</entry>
<entry>
<title>pe: only process RelocDir-&gt;Size of reloc section</title>
<updated>2023-06-21T17:45:57+00:00</updated>
<author>
<name>Mike Beaton</name>
<email>mjsbeaton@gmail.com</email>
</author>
<published>2023-04-10T07:25:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/efi-boot-shim.git/commit/?id=a8b0b600ddcf02605da8582b4eac1932a3bb13fa'/>
<id>urn:sha1:a8b0b600ddcf02605da8582b4eac1932a3bb13fa</id>
<content type='text'>
Previously processing full padding-aligned Section-&gt;Misc.VirtualSize
relied on padding reloc entries being inserted by GenFw, which is
not required by spec.

This changes it to only process the amount referenced by Size, rather
than VirtualSize which may be bigger than the data present.

Signed-off-by: Mike Beaton &lt;mjsbeaton@gmail.com&gt;
</content>
</entry>
</feed>
