diff options
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | cert.S | 71 | ||||
| -rw-r--r-- | dbx.S | 36 | ||||
| -rw-r--r-- | shim.c | 20 |
4 files changed, 67 insertions, 63 deletions
@@ -68,9 +68,6 @@ shim.o: $(SOURCES) shim_cert.h cert.o : cert.S $(CC) $(CFLAGS) -c -o $@ $< -dbx.o : dbx.S - $(CC) $(CFLAGS) -c -o $@ $< - shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) @@ -1,36 +1,67 @@ + .globl cert_table + .data + .align 16 + .type cert_table, @object + .size cert_table, 4 + .section .vendor_cert, "a", @progbits +cert_table: +#if defined(VENDOR_CERT_FILE) + .long vendor_cert_priv_end - vendor_cert_priv +#else + .long 0 +#endif +#if defined(VENDOR_DBX_FILE) + .long vendor_dbx_priv_end - vendor_dbx_priv +#else + .long 0 +#endif + .long vendor_cert_priv - cert_table + .long vendor_dbx_priv - cert_table #if defined(VENDOR_CERT_FILE) - .globl vendor_cert_size .data .align 1 - .type vendor_cert_size, @object - .size vendor_cert_size, 4 + .type vendor_cert_priv, @object + .size vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv .section .vendor_cert, "a", @progbits -vendor_cert_size: - .long .L0 - vendor_cert - .globl vendor_cert +vendor_cert_priv: +.incbin VENDOR_CERT_FILE +vendor_cert_priv_end: +#else + .bss + .type vendor_cert_priv, @object + .size vendor_cert_priv, 1 + .section .vendor_cert, "a", @progbits +vendor_cert_priv: + .zero 1 + + .data + .align 4 + .type vendor_cert_size_priv, @object + .size vendor_cert_size_priv, 4 + .section .vendor_cert, "a", @progbits +vendor_cert_priv_end: +#endif +#if defined(VENDOR_DBX_FILE) .data .align 1 - .type vendor_cert, @object - .size vendor_cert, .L0-vendor_cert + .type vendor_dbx_priv, @object + .size vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv .section .vendor_cert, "a", @progbits -vendor_cert: -.incbin VENDOR_CERT_FILE -.L0: +vendor_dbx_priv: +.incbin VENDOR_DBX_FILE +vendor_dbx_priv_end: #else - .globl vendor_cert .bss - .type vendor_cert, @object - .size vendor_cert, 1 + .type vendor_dbx_priv, @object + .size vendor_dbx_priv, 1 .section .vendor_cert, "a", @progbits -vendor_cert: +vendor_dbx_priv: .zero 1 - .globl vendor_cert_size .data .align 4 - .type vendor_cert_size, @object - .size vendor_cert_size, 4 + .type vendor_dbx_size_priv, @object + .size vendor_dbx_size_priv, 4 .section .vendor_cert, "a", @progbits -vendor_cert_size: - .long 0 +vendor_dbx_priv_end: #endif @@ -1,36 +0,0 @@ -#if defined(VENDOR_DBX_FILE) - .globl vendor_dbx_size - .data - .align 1 - .type vendor_dbx_size, @object - .size vendor_dbx_size, 4 - .section .vendor_cert, "a", @progbits -vendor_dbx_size: - .long .L0 - vendor_dbx - .globl vendor_dbx - .data - .align 1 - .type vendor_dbx, @object - .size vendor_dbx, .L0-vendor_dbx - .section .vendor_cert, "a", @progbits -vendor_dbx: -.incbin VENDOR_DBX_FILE -.L0: -#else - .globl vendor_dbx - .bss - .type vendor_dbx, @object - .size vendor_dbx, 1 - .section .vendor_cert, "a", @progbits -vendor_dbx: - .zero 1 - - .globl vendor_dbx_size - .data - .align 4 - .type vendor_dbx_size, @object - .size vendor_dbx_size, 4 - .section .vendor_cert, "a", @progbits -vendor_dbx_size: - .long 0 -#endif @@ -63,10 +63,17 @@ EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, /* * The vendor certificate used for validating the second stage loader */ -extern UINT8 vendor_cert[]; -extern UINT32 vendor_cert_size; -extern UINT8 vendor_dbx[]; -extern UINT32 vendor_dbx_size; +extern struct { + UINT32 vendor_cert_size; + UINT32 vendor_dbx_size; + UINT32 vendor_cert_offset; + UINT32 vendor_dbx_offset; +} cert_table; + +UINT32 vendor_cert_size; +UINT32 vendor_dbx_size; +UINT8 *vendor_cert; +UINT8 *vendor_dbx; #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} @@ -1493,6 +1500,11 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) UINTN verbose_check_size; EFI_GUID global_var = EFI_GLOBAL_VARIABLE; + vendor_cert_size = cert_table.vendor_cert_size; + vendor_dbx_size = cert_table.vendor_dbx_size; + vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset; + vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset; + /* * Set up the shim lock protocol so that grub and MokManager can * call back in and use shim functions |