diff options
| -rw-r--r-- | .syntastic_c_config | 36 | ||||
| -rw-r--r-- | Cryptlib/Include/OpenSslSupport.h | 10 | ||||
| -rw-r--r-- | Cryptlib/InternalCryptLib.h | 10 | ||||
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | MokManager.c | 9 | ||||
| -rw-r--r-- | PasswordCrypt.c | 4 | ||||
| -rw-r--r-- | crypt_blowfish.c | 2 | ||||
| -rw-r--r-- | httpboot.c | 7 | ||||
| -rw-r--r-- | include/PasswordCrypt.h (renamed from PasswordCrypt.h) | 0 | ||||
| -rw-r--r-- | include/crypt_blowfish.h (renamed from crypt_blowfish.h) | 0 | ||||
| -rw-r--r-- | include/hexdump.h (renamed from hexdump.h) | 0 | ||||
| -rw-r--r-- | include/httpboot.h (renamed from httpboot.h) | 0 | ||||
| -rw-r--r-- | include/netboot.h (renamed from netboot.h) | 0 | ||||
| -rw-r--r-- | include/replacements.h (renamed from replacements.h) | 0 | ||||
| -rw-r--r-- | include/tpm.h (renamed from tpm.h) | 0 | ||||
| -rw-r--r-- | include/ucs2.h (renamed from ucs2.h) | 0 | ||||
| -rw-r--r-- | lib/configtable.c | 3 | ||||
| -rw-r--r-- | lib/console.c | 9 | ||||
| -rw-r--r-- | lib/execute.c | 3 | ||||
| -rw-r--r-- | lib/security_policy.c | 2 | ||||
| -rw-r--r-- | lib/shell.c | 2 | ||||
| -rw-r--r-- | lib/simple_file.c | 7 | ||||
| -rw-r--r-- | lib/variables.c | 7 | ||||
| -rw-r--r-- | netboot.c | 3 | ||||
| -rw-r--r-- | replacements.c | 4 | ||||
| -rw-r--r-- | shim.h | 120 | ||||
| -rw-r--r-- | tpm.c | 3 |
27 files changed, 108 insertions, 139 deletions
diff --git a/.syntastic_c_config b/.syntastic_c_config index b93723b2..6b56e254 100644 --- a/.syntastic_c_config +++ b/.syntastic_c_config @@ -1,16 +1,3 @@ --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/.. --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include/ --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto --I/usr/lib/gcc/x86_64-redhat-linux/7/include --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include --I/usr/include/efi --I/usr/include/efi/x86_64 --I/usr/include/efi/protocol --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/asn1 --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/evp --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/modes --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/include -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE @@ -29,18 +16,21 @@ -Werror=sign-compare -ffreestanding -std=gnu89 --I/usr/lib/gcc/x86_64-redhat-linux/7/include -nostdinc --I/home/pjones/devel/github.com/shim/master/Cryptlib --I/home/pjones/devel/github.com/shim/master/Cryptlib/Include --I/usr/include/efi --I/usr/include/efi/x86_64 --I/usr/include/efi/protocol --I/home/pjones/devel/github.com/shim/master/include --iquote -/home/pjones/devel/github.com/shim/master +-I/usr/lib/gcc/x86_64-redhat-linux/7/include +-ICryptlib/ +-ICryptlib/Include/ +-ICryptlib/OpenSSL/ +-ICryptlib/OpenSSL/crypto/ +-I/usr/include/efi/ +-I/usr/include/efi/x86_64/ +-I/usr/include/efi/protocol/ +-ICryptlib/OpenSSL/crypto/asn1/ +-ICryptlib/OpenSSL/crypto/evp/ +-ICryptlib/OpenSSL/crypto/modes/ +-ICryptlib/OpenSSL/crypto/include/ -iquote -/home/pjones/devel/github.com/shim/master +. -mno-mmx -mno-sse -mno-red-zone diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 4da4d6cb..b38043cb 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <efi.h>
#include <efilib.h>
-#include <Base.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
+#include "Base.h"
+#include "Library/BaseLib.h"
+#include "Library/BaseMemoryLib.h"
+#include "Library/MemoryAllocationLib.h"
+#include "Library/DebugLib.h"
/*
* Include stddef.h to avoid redefining "offsetof"
diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index 92cc9630..e9a4c20a 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -15,11 +15,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __INTERNAL_CRYPT_LIB_H__
#define __INTERNAL_CRYPT_LIB_H__
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseCryptLib.h>
+#include "Library/BaseLib.h"
+#include "Library/BaseMemoryLib.h"
+#include "Library/MemoryAllocationLib.h"
+#include "Library/DebugLib.h"
+#include "Library/BaseCryptLib.h"
#include "OpenSslSupport.h"
@@ -35,15 +35,15 @@ TARGETS += $(MMNAME) $(FBNAME) endif OBJS = shim.o netboot.o cert.o replacements.o tpm.o version.o errlog.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h errlog.c +ORIG_SOURCES = shim.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h) MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o -ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h +ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) FALLBACK_OBJS = fallback.o tpm.o ORIG_FALLBACK_SRCS = fallback.c ifneq ($(origin ENABLE_HTTPBOOT), undefined) OBJS += httpboot.o - SOURCES += httpboot.c httpboot.h + SOURCES += httpboot.c include/httpboot.h endif SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c diff --git a/MokManager.c b/MokManager.c index 55af321b..603c2ee6 100644 --- a/MokManager.c +++ b/MokManager.c @@ -6,15 +6,8 @@ #include <openssl/x509v3.h> #include <openssl/asn1.h> #include <openssl/bn.h> + #include "shim.h" -#include "PeImage.h" -#include "PasswordCrypt.h" - -#include "guid.h" -#include "console.h" -#include "variables.h" -#include "simple_file.h" -#include "efiauthenticated.h" #define PASSWORD_MAX 256 #define PASSWORD_MIN 1 diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 2494549c..793cb72c 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -3,8 +3,8 @@ #include <Library/BaseCryptLib.h> #include <openssl/sha.h> #include <openssl/md5.h> -#include "PasswordCrypt.h" -#include "crypt_blowfish.h" + +#include "shim.h" #define TRAD_DES_HASH_SIZE 13 /* (64/6+1) + (12/6) */ #define BSDI_DES_HASH_SIZE 20 /* (64/6+1) + (24/6) + 4 + 1 */ diff --git a/crypt_blowfish.c b/crypt_blowfish.c index 366a81a0..54fc514a 100644 --- a/crypt_blowfish.c +++ b/crypt_blowfish.c @@ -47,7 +47,7 @@ #include <efilib.h> /* Just to make sure the prototypes match the actual definitions */ -#include "crypt_blowfish.h" +#include "shim.h" typedef unsigned int BF_word; typedef signed int BF_word_signed; @@ -33,11 +33,8 @@ #include <efi.h> #include <efilib.h> -#include "str.h" -#include "console.h" -#include "Http.h" -#include "Ip4Config2.h" -#include "Ip6Config.h" + +#include "shim.h" #define perror(fmt, ...) ({ \ UINTN __perror_ret = 0; \ diff --git a/PasswordCrypt.h b/include/PasswordCrypt.h index b726f320..b726f320 100644 --- a/PasswordCrypt.h +++ b/include/PasswordCrypt.h diff --git a/crypt_blowfish.h b/include/crypt_blowfish.h index dc3bd567..dc3bd567 100644 --- a/crypt_blowfish.h +++ b/include/crypt_blowfish.h diff --git a/hexdump.h b/include/hexdump.h index d5ece4dd..d5ece4dd 100644 --- a/hexdump.h +++ b/include/hexdump.h diff --git a/httpboot.h b/include/httpboot.h index 2d8d1a1f..2d8d1a1f 100644 --- a/httpboot.h +++ b/include/httpboot.h diff --git a/netboot.h b/include/netboot.h index 6417373b..6417373b 100644 --- a/netboot.h +++ b/include/netboot.h diff --git a/replacements.h b/include/replacements.h index e38cded1..e38cded1 100644 --- a/replacements.h +++ b/include/replacements.h diff --git a/lib/configtable.c b/lib/configtable.c index edf2ed74..194637ee 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -8,8 +8,7 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> -#include <configtable.h> +#include "shim.h" void * configtable_get_table(EFI_GUID *guid) diff --git a/lib/console.c b/lib/console.c index 0f50851b..b647dd1f 100644 --- a/lib/console.c +++ b/lib/console.c @@ -15,14 +15,7 @@ #include <openssl/err.h> #include <openssl/crypto.h> -static EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; - -static int min(int a, int b) -{ - if (a < b) - return a; - return b; -} +#include "shim.h" static int count_lines(CHAR16 *str_arr[]) diff --git a/lib/execute.c b/lib/execute.c index 89328c68..4abccc73 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -41,8 +41,7 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> -#include <execute.h> +#include "shim.h" EFI_STATUS generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 **PathName) diff --git a/lib/security_policy.c b/lib/security_policy.c index 53a2580a..889653d1 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -9,7 +9,7 @@ #include <efi.h> #include <efilib.h> -#include <guid.h> +#include "shim.h" #include <variables.h> #include <simple_file.h> #include <errors.h> diff --git a/lib/shell.c b/lib/shell.c index afd3952c..849f2660 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -8,7 +8,7 @@ #include <efi.h> #include <efilib.h> -#include <shell.h> +#include "shim.h" EFI_STATUS argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) diff --git a/lib/simple_file.c b/lib/simple_file.c index d345d870..f7762cc2 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -7,13 +7,8 @@ #include <efi.h> #include <efilib.h> -#include <console.h> -#include <simple_file.h> -#include <efiauthenticated.h> -#include <execute.h> /* for generate_path() */ +#include "shim.h" -static EFI_GUID IMAGE_PROTOCOL = LOADED_IMAGE_PROTOCOL; -static EFI_GUID SIMPLE_FS_PROTOCOL = SIMPLE_FILE_SYSTEM_PROTOCOL; static EFI_GUID FILE_INFO = EFI_FILE_INFO_ID; static EFI_GUID FS_INFO = EFI_FILE_SYSTEM_INFO_ID; diff --git a/lib/variables.c b/lib/variables.c index 59d7d054..8a993277 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -22,12 +22,7 @@ #include <efi.h> #include <efilib.h> -#include <efiauthenticated.h> - -#include <variables.h> -#include <guid.h> -#include <console.h> -#include <errors.h> +#include "shim.h" EFI_STATUS variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, @@ -34,9 +34,8 @@ */ #include "shim.h" + #include <string.h> -#include "netboot.h" -#include "str.h" #define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ #define htons(x) ntohs(x) diff --git a/replacements.c b/replacements.c index b3b7d819..93e1d6bb 100644 --- a/replacements.c +++ b/replacements.c @@ -50,10 +50,8 @@ #include <efi.h> #include <efiapi.h> #include <efilib.h> + #include "shim.h" -#include "replacements.h" -#include "console.h" -#include "errors.h" static EFI_SYSTEM_TABLE *systab; @@ -4,49 +4,7 @@ #include <efi.h> #include <efilib.h> -#include "PeImage.h" - -extern EFI_GUID SHIM_LOCK_GUID; - -INTERFACE_DECL(_SHIM_LOCK); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_VERIFY) ( - IN VOID *buffer, - IN UINT32 size - ); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_HASH) ( - IN char *data, - IN int datasize, - PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT8 *sha256hash, - UINT8 *sha1hash - ); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_CONTEXT) ( - IN VOID *data, - IN unsigned int datasize, - PE_COFF_LOADER_IMAGE_CONTEXT *context - ); - -typedef struct _SHIM_LOCK { - EFI_SHIM_LOCK_VERIFY Verify; - EFI_SHIM_LOCK_HASH Hash; - EFI_SHIM_LOCK_CONTEXT Context; -} SHIM_LOCK; - -extern EFI_STATUS shim_init(void); -extern void shim_fini(void); -extern EFI_STATUS LogError(const char *file, int line, const char *func, CHAR16 *fmt, ...); -extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args); -extern VOID PrintErrors(VOID); -extern VOID ClearErrors(VOID); +#define min(a, b) ({(a) < (b) ? (a) : (b);}) #ifdef __x86_64__ #ifndef DEFAULT_LOADER @@ -108,23 +66,77 @@ extern VOID ClearErrors(VOID); #endif #endif -#include "netboot.h" -#include "httpboot.h" -#include "replacements.h" -#include "tpm.h" -#include "ucs2.h" +#include "include/configtable.h" +#include "include/console.h" +#include "include/crypt_blowfish.h" +#include "include/efiauthenticated.h" +#include "include/errors.h" +#include "include/execute.h" +#include "include/guid.h" +#include "include/Http.h" +#include "include/httpboot.h" +#include "include/Ip4Config2.h" +#include "include/Ip6Config.h" +#include "include/netboot.h" +#include "include/PasswordCrypt.h" +#include "include/PeImage.h" +#include "include/replacements.h" +#if defined(OVERRIDE_SECURITY_POLICY) +#include "include/security_policy.h" +#endif +#include "include/simple_file.h" +#include "include/str.h" +#include "include/tpm.h" +#include "include/ucs2.h" +#include "include/variables.h" -#include "guid.h" -#include "variables.h" -#include "efiauthenticated.h" -#include "security_policy.h" -#include "console.h" #include "version.h" - #ifdef ENABLE_SHIM_CERT #include "shim_cert.h" #endif +extern EFI_GUID SHIM_LOCK_GUID; + +INTERFACE_DECL(_SHIM_LOCK); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_VERIFY) ( + IN VOID *buffer, + IN UINT32 size + ); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_HASH) ( + IN char *data, + IN int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, + UINT8 *sha1hash + ); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_CONTEXT) ( + IN VOID *data, + IN unsigned int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context + ); + +typedef struct _SHIM_LOCK { + EFI_SHIM_LOCK_VERIFY Verify; + EFI_SHIM_LOCK_HASH Hash; + EFI_SHIM_LOCK_CONTEXT Context; +} SHIM_LOCK; + +extern EFI_STATUS shim_init(void); +extern void shim_fini(void); +extern EFI_STATUS LogError(const char *file, int line, const char *func, CHAR16 *fmt, ...); +extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args); +extern VOID PrintErrors(VOID); +extern VOID ClearErrors(VOID); + #define LogError(fmt, ...) LogError(__FILE__, __LINE__, __func__, fmt, ## __VA_ARGS__) #endif /* SHIM_H_ */ @@ -3,8 +3,7 @@ #include <string.h> #include <stdint.h> -#include "tpm.h" -#include "console.h" +#include "shim.h" #define perror(fmt, ...) ({ \ UINTN __perror_ret = 0; \ |