diff options
| -rw-r--r-- | debian/changelog | 13 | ||||
| -rw-r--r-- | debian/control | 3 | ||||
| -rw-r--r-- | debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch | 71 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
4 files changed, 87 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 8911474f..8dc7b8ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium + + [ Steve Langasek ] + * Merge (not yet NEW cleared) changes from Debian branch. + + [ Mathieu Trudel-Lapierre ] + * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard + against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu + for the patch. This will fix issues updating MokSBStateRT if the variable + already exists with different attributes. (LP: #1644806) + + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 01 Dec 2016 16:55:50 -0500 + shim (0.9+1474479173.6c180c6-1) unstable; urgency=medium * Initial Debian upload. Closes: #820052. diff --git a/debian/control b/debian/control index 25b0b47e..06d4239b 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,8 @@ Source: shim Section: admin Priority: optional -Maintainer: Steve Langasek <vorlon@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Steve Langasek <vorlon@debian.org> Standards-Version: 3.9.8 Build-Depends: debhelper (>= 9), gnu-efi (>= 3.0u), sbsigntool, openssl Vcs-Bzr: lp:~ubuntu-core-dev/shim/trunk diff --git a/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch b/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch new file mode 100644 index 00000000..61117d80 --- /dev/null +++ b/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch @@ -0,0 +1,71 @@ +From 1681bd7282e606e961c0d1bfafcf807a32bc912d Mon Sep 17 00:00:00 2001 +From: Ivan Hu <ivan.hu@canonical.com> +Date: Tue, 22 Nov 2016 06:26:01 +0800 +Subject: [PATCH] shim: fix the mirroring MokSBState fail +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1644806 + +Some machines have already embedded MokSBStateRT varaible with +EFI_VARIABLE_NON_VOLATILE attribute, and some users might disable shim +vailidation manually by creating MokSBStateRT. It causes mirroring MokSBState +fail because the variable cannot be set with different attribute again, and gets +error massage every time when booting. + +Fix it with checking the MokSBStateRT existence and deleting it before +mirroring it. + +Signed-off-by: Ivan Hu <ivan.hu@canonical.com> +Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> +--- + shim.c | 34 ++++++++++++++++++++++++---------- + 1 file changed, 24 insertions(+), 10 deletions(-) + +diff --git a/shim.c b/shim.c +index c69961b..90ea784 100644 +--- a/shim.c ++++ b/shim.c +@@ -2013,18 +2013,32 @@ EFI_STATUS mirror_mok_sb_state() + UINTN DataSize = 0; + + efi_status = get_variable(L"MokSBState", &Data, &DataSize, shim_lock_guid); +- if (efi_status != EFI_SUCCESS) +- return efi_status; ++ if (efi_status == EFI_SUCCESS) { ++ UINT8 *Data_RT = NULL; ++ UINTN DataSize_RT = 0; ++ ++ efi_status = get_variable(L"MokSBStateRT", &Data_RT, ++ &DataSize_RT, shim_lock_guid); ++ if (efi_status == EFI_SUCCESS) { ++ efi_status = uefi_call_wrapper(RT->SetVariable, 5, ++ L"MokSBStateRT", ++ &shim_lock_guid, ++ EFI_VARIABLE_BOOTSERVICE_ACCESS ++ | EFI_VARIABLE_RUNTIME_ACCESS ++ | EFI_VARIABLE_NON_VOLATILE, ++ 0, NULL); ++ } + +- efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokSBStateRT", +- &shim_lock_guid, +- EFI_VARIABLE_BOOTSERVICE_ACCESS +- | EFI_VARIABLE_RUNTIME_ACCESS, +- DataSize, Data); +- if (efi_status != EFI_SUCCESS) { +- console_error(L"Failed to set MokSBStateRT", efi_status); ++ efi_status = uefi_call_wrapper(RT->SetVariable, 5, ++ L"MokSBStateRT", ++ &shim_lock_guid, ++ EFI_VARIABLE_BOOTSERVICE_ACCESS ++ | EFI_VARIABLE_RUNTIME_ACCESS, ++ DataSize, Data); ++ if (efi_status != EFI_SUCCESS) { ++ console_error(L"Failed to set MokSBStateRT", efi_status); ++ } + } +- + return efi_status; + } + +-- +2.7.4 + diff --git a/debian/patches/series b/debian/patches/series index a5f3392d..34c3f92b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ second-stage-path sbsigntool-not-pesign +0001-shim-fix-the-mirroring-MokSBState-fail.patch |