| Age | Commit message (Collapse) | Author |
|---|
|
We see various reports of boot failures because the generated
boot entries contain garbage/tagging that we do not expect, and
that we then parse as a second stage boot loader.
|
|
A couple of places snuck in where building with COMPILER=clang didn't
work right; this makes them work again.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
On some versions of binutils[0], including binutils-2.23.52.0.1-55.el7,
do not correctly initialize the data when computing the PE optional
header checksum. Unfortunately, this means that any time you get a
build that reproduces correctly using the version of objcopy from those
versions, it's just a matter of luck.
This patch introduces a new utility program, post-process-pe, which does
some basic validation of the resulting binaries, and if necessary,
performs some minor repairs:
- sets the timestamp to 0
- this was previously done with dd using constant offsets that aren't
really safe.
- re-computes the checksum.
[0] I suspect, but have not yet fully verified, that this is
accidentally fixed by the following upstream binutils commit:
commit cf7a3c01d82abdf110ef85ab770e5997d8ac28ac
Author: Alan Modra <amodra@gmail.com>
Date: Tue Dec 15 22:09:30 2020 +1030
Lose some COFF/PE static vars, and peicode.h constify
This patch tidies some COFF and PE code that unnecessarily used static
variables to communicate between functions.
v2 - MAP_PRIVATE was totally wrong...
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This also makes the cross-build targets (and not the others) /use/ this
functionality, so we'll catch it if we break it again.
This fixes issue #340.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
If the file Make.local exists, use it as a source of local build
configuration by including it in Make.defaults.
(cherry picked from commit 57e38a1ebf73 in the shim-15.2 branch)
Signed-off-by: Paul Moore <pmoore2@cisco.com>
|
|
We need to be using our patched version of gnu-efi
Signed-off-by: Steve McIntyre <93sam@debian.org>
|
|
scan-build helpfully notes:
| In file included from shim.c:14:
| In file included from /home/pjones/devel/github.com/shim/sbat-aarch64/shim.h:183:
| /home/pjones/devel/github.com/shim/sbat-aarch64/include/hexdump.h:123:2: error: 'va_start' used in Win64 ABI function
| va_start(ap, at);
| ^
| /usr/lib/gcc/x86_64-redhat-linux/10/include/stdarg.h:47:23: note: expanded from macro 'va_start'
| #define va_start(v,l) __builtin_va_start(v,l)
| ^
This is because one of the patches for the builtin swizzling is missing
a correction for the include order. This patch fixes that order.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Alex Burmashev <alexander.burmashev@oracle.com>
|
|
gcc -Wextra, has a lot of good, useful checks, a few obnoxious checks,
and a few absolutely insane checks.
This enables -Wextra, but disables -Wmissing-field-initializers, because
it is irrational nonsense that just leads to worse code. It also
disables some specific things in the Cryptlib and Cryptlib/OpenSSL
trees:
Both:
-Wno-unused-parameter
- there are a fair number of functions that have to conform to some API
or another but have arguments that are unused, but haven't been
marked with UNUSED; we don't need to see warnings about them.
Cryptlib/OpenSSL:
-Wno-empty-body
- functions that exist merely to populate some API
-Wno-implicit-fallthrough
- these probably should get fixed someday, but I bet upstream will do
it and rebasing will solve it
-Wno-old-style-declaration
- this gripes if you write "const static" instead of "static const".
Again I expect rebasing will fix it at some point.
-Wno-unused-but-set-variable
- self explanatory, and again, I expect a rebase to solve it someday.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This gets us the same working definition for VA_* va_* etc everywhere,
and it's the same definition edk2 is using.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Some time ago, commit e571428e212 ("Update to openssl to 1.0.2e")
changed the way we define the va_* (and VA_*) functions and macros.
Unfortunately, it only changed for some parts of the tree, and the
different parts of the tree need to both call each other and use the
same types in all cases. Additionally, they need to all be able to call
gnu-efi functions such as VPrint, which means they need the same va_list
type definitions everywhere.
This partially reverts that patch, adding EFIAPI back and unsetting
NO_BUILTIN_VA_FUNCS everywhere.
|
|
This re-structures our includes so we can be sure everything is always
including all the system headers in a uniform, predictable way.
Temporarily it also adds a bunch of junk at all the places we use
variadic functions to specifically pick either the MS (cdecl) or ELF
ABIs.
I'm not 100% sure that's all correct (see later patch) but it's enough
to allow this to build.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Shim is rather more friendly with EFI internals than most code, and as a
result can end up making assumptions that are out of step with those made
by gnu-efi. Since both projects are developed independently, and since
distributions are often trying to build versions of shim against whatever
version of gnu-efi they are shipping, this can result in awkward build
failures. The easiest way to handle this is to use a git submodule and
import a known-good version of shim directly into the build tree. Given
static linking, this will also make reproducible builds easier.
Plus some changes from pjones:
- Fix up some more include paths
- more fine grained clean rules
- use our make ARCH
- use an rhboot/ repo for the gnu-efi remote
Signed-off-by: Matthew Garrett <mjg59@google.com>
|
|
There's no actual reason we're using -std=gnu89, but it means we get the
"gnu89-inline" semantics, which we would prefer to have to specify
manually when we want it, if ever, which so far we don't.
This also allows us to use some saner syntax without having to nerf
various -W options and similar later, and enables some language features
that are pretty useful, but that's just icing.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This patch does some makefile cleanups, to fix the parts that are
actually just bad that the previous patch left in for clarity:
- removes -fno-builtin . This flag is implied by -ffreestanding , which
we use everywhere.
- gets rid of the two places where ARM has their own -O flags for no
real reason. Note that this will make those use -Os instead of -O2.
- export VERBOSE and DEBUG if they're set.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This improves our static analysis targets by making them work better
with our make variables, and inhibits the use of ccache while building
those.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Some of our makefile bits are a mess, as you may have noticed, making
changes to them difficult to review.
This patch attempts to make some parts of them vaguely less of a mess,
in order to facilitate review of follow-up changes. To so it:
- coalesces feature flags, optimizations, -W{no-,}, -W{no-}error,
include directives, and define/undefine directives into (mostly)
separate groups.
- exports them as appropriate so the sub-makes can use them
- Makes sure we have -Wextra -Werror everywhere, but adds -Wno-foo and
-Wno-error=foo directives at the appropriate places to keep the net
warnings the same.
- makes the arch defines in Cryptlib and Cryptlib/OpenSSL use the
appropriate ones, with no attempt to make them less stupid, without
changing the overall order.
- coalesces the various includes, with no attempt to make them less
stupid, without changing the overall order.
- One giant glaring whitespace fix in Cryptlib/OpenSSL/Makefile
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Not all distributions put the crt0-efi-$(ARCH).o file under
$LIB_DIR/gnuefi, some stash it directly in $LIB_DIR. In an effort
to make the build a bit more user friendly, check if $LIB_DIR/gnuefi
exits before setting $EFI_PATH to that value; if $LIB_DIR/gnuefi does
not exist, fallback to $LIB_DIR for $EFI_PATH.
Signed-off-by: Paul Moore <pmoore2@cisco.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This is a backport from devel of:
commit 634fd72ac6a6c6c9010c32506d524586826a8637
Author: Peter Jones <pjones@redhat.com>
Date: Fri Nov 22 15:14:22 2019 -0500
Make httpboot.c always get built.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
In cases where we accept vendor shim binaries with additional patches,
it may become necessary to identify those builds with additional SBAT
data. When we consider such patches, we should be proactive in asking
vendors to include that data in the .sbat sections of their trusted EFI
binaries.
This patch adds any data in data/sbat.*.csv (after a quick sanitizing
pass) after data/sbat.csv in the .sbat section, so that no changes to
the upstream data/sbat.csv are ever required.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The Secure Boot Advanced Targeting (SBAT) [0] is a Generation Number Based
Revocation mechanism that is meant to replace the DBX revocation file list.
Binaries must contain a .sbat data section that has a set entries, each of
them consisting of UTF-8 strings as comma separated values. Allow to embed
this information into the fwupd EFI binary at build time.
The SBAT metadata must contain at least two entries. One that defines the
SBAT version used and another one that defines the component generation.
This patch adds a sbat.csv that contains these two entries and downstream
users can override if additional entries are needed due changes that make
them diverge from upstream code and potentially add other vulnerabilities.
The same SBAT metadata is added to the fallback and MOK manager binaries
because these are built from the same shim source. These need to have SBAT
metadata as well to be booted if a .sbat section is mandatory.
[0]: https://github.com/rhboot/shim/blob/sbat/SBAT.md
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
On systems where a second stage bootloader is not used, and the Linux
Kernel is booted directly from shim, shim's ExitBootServices() hook
can cause problems as the kernel never calls the shim's verification
protocol. In this case calling the shim verification protocol is
unnecessary and redundant as shim has already verified the kernel
when shim loaded the kernel as the second stage loader.
This functionality is disabled by default and must be enabled via the
DISABLE_EBS_PROTECTION macro/define at build time.
Signed-off-by: Paul Moore <pmoore2@cisco.com>
|
|
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
|
|
$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'
Time/Date Thu Jan 1 00:00:08 1970
$ _
"What is despair? I have known it—hear my song. Despair is when you’re
debugging a kernel driver and you look at a memory dump and you see that
a pointer has a value of 7."
- http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf
objcopy only knows about -D for some targets.
ld only believes in --no-insert-timestamp in some versions.
dd takes off and nukes the site from orbit.
It's the only way to be sure.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: a4a1fbe728c
|
|
The GCC flag to disable unaligned access on 32bit ARM is
-mno-unaligned-access, not -mstrict-align (which is used on aarch64):
https://lkml.org/lkml/2018/8/3/294
Otherwise build dies with:
arm-linux-gnueabihf-gcc: error: unrecognized command line option
‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream-commit-id: 41b93358e8c
|
|
'gcc -print-file-name=include' and 'gcc -print-libgcc-file-name' both
need -m32 when we're building 32-on-64 on some distros, so ensure that
gets propogated correctly.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: 104d6e54ac7
|
|
I don't think the x86 binaries clang builds will actually work unless
they just infer -maccumulate-outgoing-args from __attribute__((__ms_abi__),
but it's nice to have the analyzer working.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
