shim: Update EFI_LOADED_IMAGE with the second stage loader file path

When shim loads the second stage loader (e.g: GRUB) the FilePath field of
the EFI_LOADED_IMAGE structure isn't updated with the path of the loaded
binary. So it still contains the file path of the shim binary.

This isn't a problem since the file path is currently not used. But should
be used to set the DevicePath field of the EFI_IMAGE_LOAD_EVENT structure
that is logged when measuring the PE/COFF binaries. In that case the TPM
Event Log will have an incorrect file path for the measured binary, i.e:

$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
...
00000a50  00 00 00 00 00 00 04 04  34 00 5c 00 45 00 46 00  |........4.\.E.F.|
00000a60  49 00 5c 00 72 00 65 00  64 00 68 00 61 00 74 00  |I.\.r.e.d.h.a.t.|
00000a70  5c 00 73 00 68 00 69 00  6d 00 78 00 36 00 34 00  |\.s.h.i.m.x.6.4.|
00000a80  2e 00 65 00 66 00 69 00  00 00 7f ff 04 00 00 00  |..e.f.i.........|
00000a90  00 00 00 00 00 00 af 08  00 00 00 0d 00 00 00 b5  |................|
00000aa0  cd d0 8f bb 16 31 e2 80  8b e8 58 75 c9 89 18 95  |.....1....Xu....|
00000ab0  d2 de 15 15 00 00 00 67  72 75 62 5f 63 6d 64 20  |.......grub_cmd |
00000ac0  73 65 74 20 70 61 67 65  72 3d 31 00 08 00 00 00  |set pager=1.....|
...

So update the EFI_LOADED_IMAGE structure with the second stage loader file
path to have the correct value in the log, i.e:

$ hexdump -Cv /sys/kernel/security/tpm0/binary_bios_measurements
...
00000a50  00 00 00 00 00 00 04 04  34 00 5c 00 45 00 46 00  |........4.\.E.F.|
00000a60  49 00 5c 00 72 00 65 00  64 00 68 00 61 00 74 00  |I.\.r.e.d.h.a.t.|
00000a70  5c 00 67 00 72 00 75 00  62 00 78 00 36 00 34 00  |\.g.r.u.b.x.6.4.|
00000a80  2e 00 65 00 66 00 69 00  00 00 7f ff 04 00 00 00  |..e.f.i.........|
00000a90  00 00 00 00 00 00 af 08  00 00 00 0d 00 00 00 b5  |................|
00000aa0  cd d0 8f bb 16 31 e2 80  8b e8 58 75 c9 89 18 95  |.....1....Xu....|
00000ab0  d2 de 15 15 00 00 00 67  72 75 62 5f 63 6d 64 20  |.......grub_cmd |
00000ac0  73 65 74 20 70 61 67 65  72 3d 31 00 08 00 00 00  |set pager=1.....|
...

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Upstream-commit-id: cd7d42d493d

1 files changed, 15 insertions, 2 deletions

diff --git a/shim.c b/shim.c
index 5329795c..a4f7769b 100644
--- a/shim.c
+++ b/shim.c
@@ -1926,6 +1926,16 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
 	CopyMem(&li_bak, li, sizeof(li_bak));
 
 	/*
+	 * Update the loaded image with the second stage loader file path
+	 */
+	li->FilePath = FileDevicePath(NULL, PathName);
+	if (!li->FilePath) {
+		perror(L"Unable to update loaded image file path\n");
+		efi_status = EFI_OUT_OF_RESOURCES;
+		goto restore;
+	}
+
+	/*
 	 * Verify and, if appropriate, relocate and execute the executable
 	 */
 	efi_status = handle_image(data, datasize, li, &entry_point,
@@ -1934,8 +1944,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
 		perror(L"Failed to load image: %r\n", efi_status);
 		PrintErrors();
 		ClearErrors();
-		CopyMem(li, &li_bak, sizeof(li_bak));
-		goto done;
+		goto restore;
 	}
 
 	loader_is_participating = 0;
@@ -1945,6 +1954,10 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
 	 */
 	efi_status = entry_point(image_handle, systab);
 
+restore:
+	if (li->FilePath)
+		FreePool(li->FilePath);
+
 	/*
 	 * Restore our original loaded image values
 	 */