diff options
| author | Chris Coulson <chris.coulson@canonical.com> | 2021-03-19 16:50:05 +0000 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2021-03-22 16:44:03 -0400 |
| commit | f9294c2fa9feaf5353c0b7a4a7ce102a820c1a3f (patch) | |
| tree | 06dfe992e4fb9a85ac31ff18c7008c002809bf05 /Make.rules | |
| parent | 4bc72543eadd3908a8da55027c207e1c24b0d8a1 (diff) | |
| download | efi-boot-shim-shim-15.3-rc4.tar.gz efi-boot-shim-shim-15.3-rc4.zip | |
Fix boot failures due to variable size constraintsupstream/shim-15.3-rc4shim-15.3-rc4
There are multiple issues in the MOK variable mirroring code due
to volatile variable size constraints, which all result in boot
failures:
- If a signature is encountered which doesn't fit in to a single
variable, the code enters an infinite loop because the cursor
isn't advanced in mirror_mok_db() after the call to
mirror_one_esl().
- If an ESL is encountered which doesn't fit in to a single
variable, it looks like the intention is for the ESL to be split
across multiple variables. However, mirror_one_esl() will write
the maximum variable size on each call, regardless of how much
data is remaining for the current ESL. If the size of a ESL isn't
a multiple of the maximum variable size, the final call to
mirror_one_esl() will append data from the start of the next
ESL and the cursor in mirror_mok_db() will be advanced to an
arbitrary location in the next ESL. This either results in garbage
being mirrored (if you're lucky), or in my case - another infinite
loop as it appears to encounter a signature that doesn't fit in to
a single variable.
- If no signatures can be mirrored when mirror_mok_db() is called
with only_first=TRUE, it tries to create a variable with a single
SHA256 signature in it. But mirror_mok_db() returns an error
(EFI_INVALID_PARAMETER) regardless of whether this succeeds.
Diffstat (limited to 'Make.rules')
0 files changed, 0 insertions, 0 deletions