Get rid of unused patches.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2014-10-14 10:38:52 -04:00
parent b20ba9cc96
commit 2d3b876a4b
6 changed files with 0 additions and 429 deletions

View File

@ -1,146 +0,0 @@
From be73f6bd4f064015c9f12323e2fb2f51b8cdb631 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 22 Oct 2013 13:36:54 -0400
Subject: [PATCH 2/5] Don't reject all binaries without a certificate database.
If a binary isn't signed, but its hash is enrolled in db, it won't have
a certificate database. So in those cases, don't check it against
certificate databases in db/dbx/etc, but we don't need to reject it
outright.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 70 +++++++++++++++++++++++++++++++++++-------------------------------
1 file changed, 37 insertions(+), 33 deletions(-)
diff --git a/shim.c b/shim.c
index 58136db..3d1febb 100644
--- a/shim.c
+++ b/shim.c
@@ -371,8 +371,8 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
SHA1_DIGEST_SIZE, EFI_CERT_SHA1_GUID) ==
DATA_FOUND)
return EFI_ACCESS_DENIED;
- if (check_db_cert_in_ram(dbx, vendor_dbx_size, cert,
- sha256hash) == DATA_FOUND)
+ if (cert && check_db_cert_in_ram(dbx, vendor_dbx_size, cert,
+ sha256hash) == DATA_FOUND)
return EFI_ACCESS_DENIED;
if (check_db_hash(L"dbx", secure_var, sha256hash, SHA256_DIGEST_SIZE,
@@ -381,7 +381,8 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
if (check_db_hash(L"dbx", secure_var, sha1hash, SHA1_DIGEST_SIZE,
EFI_CERT_SHA1_GUID) == DATA_FOUND)
return EFI_ACCESS_DENIED;
- if (check_db_cert(L"dbx", secure_var, cert, sha256hash) == DATA_FOUND)
+ if (cert && check_db_cert(L"dbx", secure_var, cert, sha256hash) ==
+ DATA_FOUND)
return EFI_ACCESS_DENIED;
return EFI_SUCCESS;
@@ -414,7 +415,8 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
update_verification_method(VERIFIED_BY_HASH);
return EFI_SUCCESS;
}
- if (check_db_cert(L"db", secure_var, cert, sha256hash) == DATA_FOUND) {
+ if (cert && check_db_cert(L"db", secure_var, cert, sha256hash)
+ == DATA_FOUND) {
verification_method = VERIFIED_BY_CERT;
update_verification_method(VERIFIED_BY_CERT);
return EFI_SUCCESS;
@@ -427,7 +429,8 @@ static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
update_verification_method(VERIFIED_BY_HASH);
return EFI_SUCCESS;
}
- if (check_db_cert(L"MokList", shim_var, cert, sha256hash) == DATA_FOUND) {
+ if (cert && check_db_cert(L"MokList", shim_var, cert, sha256hash) ==
+ DATA_FOUND) {
verification_method = VERIFIED_BY_CERT;
update_verification_method(VERIFIED_BY_CERT);
return EFI_SUCCESS;
@@ -712,25 +715,24 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
UINT8 sha256hash[SHA256_DIGEST_SIZE];
UINT8 sha1hash[SHA1_DIGEST_SIZE];
EFI_STATUS status = EFI_ACCESS_DENIED;
- WIN_CERTIFICATE_EFI_PKCS *cert;
+ WIN_CERTIFICATE_EFI_PKCS *cert = NULL;
unsigned int size = datasize;
- if (context->SecDir->Size == 0) {
- Print(L"Empty security header\n");
- return EFI_INVALID_PARAMETER;
- }
-
- cert = ImageAddress (data, size, context->SecDir->VirtualAddress);
+ if (context->SecDir->Size != 0) {
+ cert = ImageAddress (data, size,
+ context->SecDir->VirtualAddress);
- if (!cert) {
- Print(L"Certificate located outside the image\n");
- return EFI_INVALID_PARAMETER;
- }
+ if (!cert) {
+ Print(L"Certificate located outside the image\n");
+ return EFI_INVALID_PARAMETER;
+ }
- if (cert->Hdr.wCertificateType != WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
- Print(L"Unsupported certificate type %x\n",
- cert->Hdr.wCertificateType);
- return EFI_UNSUPPORTED;
+ if (cert->Hdr.wCertificateType !=
+ WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
+ Print(L"Unsupported certificate type %x\n",
+ cert->Hdr.wCertificateType);
+ return EFI_UNSUPPORTED;
+ }
}
status = generate_hash(data, datasize, context, sha256hash, sha1hash);
@@ -761,27 +763,29 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
if (status == EFI_SUCCESS)
return status;
- /*
- * Check against the shim build key
- */
- if (AuthenticodeVerify(cert->CertData,
+ if (cert) {
+ /*
+ * Check against the shim build key
+ */
+ if (AuthenticodeVerify(cert->CertData,
context->SecDir->Size - sizeof(cert->Hdr),
shim_cert, sizeof(shim_cert), sha256hash,
SHA256_DIGEST_SIZE)) {
- status = EFI_SUCCESS;
- return status;
- }
+ status = EFI_SUCCESS;
+ return status;
+ }
- /*
- * And finally, check against shim's built-in key
- */
- if (AuthenticodeVerify(cert->CertData,
+ /*
+ * And finally, check against shim's built-in key
+ */
+ if (AuthenticodeVerify(cert->CertData,
context->SecDir->Size - sizeof(cert->Hdr),
vendor_cert, vendor_cert_size, sha256hash,
SHA256_DIGEST_SIZE)) {
- status = EFI_SUCCESS;
- return status;
+ status = EFI_SUCCESS;
+ return status;
+ }
}
status = EFI_ACCESS_DENIED;
--
1.8.3.1

View File

@ -1,30 +0,0 @@
From 83b3a7cf6d4d4e91579864cfc75dadf2b7304da9 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 28 Oct 2013 10:41:03 -0400
Subject: [PATCH 4/5] We should be checking both mok and the system's SB
settings
When we call hook_system_services(), we're currently only checking mok's
setting. We should use secure_mode() instead so it'll check both.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 537177d..9d0d884 100644
--- a/shim.c
+++ b/shim.c
@@ -1718,7 +1718,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
/*
* Tell the user that we're in insecure mode if necessary
*/
- if (insecure_mode) {
+ if (!secure_mode()) {
Print(L"Booting in insecure mode\n");
uefi_call_wrapper(BS->Stall, 1, 2000000);
} else {
--
1.8.3.1

View File

@ -1,54 +0,0 @@
From 556c445ea19fc257fe35ac1a67477e7352ba3fcd Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 30 Oct 2013 16:36:01 -0400
Subject: [PATCH 5/5] Don't free GetVariable() return data without checking the
status code.
This breaks every machine from before Secure Boot was a thing.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
shim.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/shim.c b/shim.c
index 9d0d884..0081342 100644
--- a/shim.c
+++ b/shim.c
@@ -456,21 +456,30 @@ static BOOLEAN secure_mode (void)
return FALSE;
status = get_variable(L"SecureBoot", &Data, &len, global_var);
+ if (status != EFI_SUCCESS) {
+ if (verbose)
+ console_notify(L"Secure boot not enabled\n");
+ return FALSE;
+ }
sb = *Data;
FreePool(Data);
- /* FIXME - more paranoia here? */
- if (status != EFI_SUCCESS || sb != 1) {
+ if (sb != 1) {
if (verbose)
console_notify(L"Secure boot not enabled\n");
return FALSE;
}
status = get_variable(L"SetupMode", &Data, &len, global_var);
+ if (status == EFI_SUCCESS) {
+ if (verbose)
+ console_notify(L"Platform is in setup mode\n");
+ return FALSE;
+ }
setupmode = *Data;
FreePool(Data);
- if (status == EFI_SUCCESS && setupmode == 1) {
+ if (setupmode == 1) {
if (verbose)
console_notify(L"Platform is in setup mode\n");
return FALSE;
--
1.8.3.1

File diff suppressed because one or more lines are too long

View File

@ -1,63 +0,0 @@
From d3a9d4e8404e0f402fb371066f0e405ed3cecc29 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Tue, 14 Aug 2012 06:50:00 -0400
Subject: [PATCH] Use the file size, not the image size field, for
verification.
---
shim.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/shim.c b/shim.c
index 2d9044d..6a3c054 100644
--- a/shim.c
+++ b/shim.c
@@ -555,7 +555,7 @@ done:
/*
* Read the binary header and grab appropriate information from it
*/
-static EFI_STATUS read_header(void *data,
+static EFI_STATUS read_header(void *data, unsigned int datasize,
PE_COFF_LOADER_IMAGE_CONTEXT *context)
{
EFI_IMAGE_DOS_HEADER *DosHdr = data;
@@ -590,7 +590,7 @@ static EFI_STATUS read_header(void *data,
context->FirstSection = (EFI_IMAGE_SECTION_HEADER *)((char *)PEHdr + PEHdr->Pe32.FileHeader.SizeOfOptionalHeader + sizeof(UINT32) + sizeof(EFI_IMAGE_FILE_HEADER));
context->SecDir = (EFI_IMAGE_DATA_DIRECTORY *) &PEHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
- if (context->SecDir->VirtualAddress >= context->ImageSize) {
+ if (context->SecDir->VirtualAddress >= datasize) {
Print(L"Malformed security header\n");
return EFI_INVALID_PARAMETER;
}
@@ -606,7 +606,8 @@ static EFI_STATUS read_header(void *data,
/*
* Once the image has been loaded it needs to be validated and relocated
*/
-static EFI_STATUS handle_grub (void *data, int datasize, EFI_LOADED_IMAGE *li)
+static EFI_STATUS handle_grub (void *data, unsigned int datasize,
+ EFI_LOADED_IMAGE *li)
{
EFI_STATUS efi_status;
char *buffer;
@@ -615,7 +616,7 @@ static EFI_STATUS handle_grub (void *data, int datasize, EFI_LOADED_IMAGE *li)
char *base, *end;
PE_COFF_LOADER_IMAGE_CONTEXT context;
- efi_status = read_header(data, &context);
+ efi_status = read_header(data, datasize, &context);
if (efi_status != EFI_SUCCESS) {
Print(L"Failed to read header\n");
return efi_status;
@@ -843,7 +844,7 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
if (!secure_mode())
return EFI_SUCCESS;
- status = read_header(buffer, &context);
+ status = read_header(buffer, size, &context);
if (status != EFI_SUCCESS)
return status;
--
1.7.11.2

View File

@ -1,129 +0,0 @@
From be817236507a104ec9b0e8be57daab0e2bab40ce Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 13 Aug 2012 17:06:46 -0400
Subject: [PATCH] Allow specification of vendor_cert through a build command
line option.
This allows you to specify the vendor_cert as a file on the command line
during build.
---
Makefile | 16 +++++++++++-----
cert.S | 32 ++++++++++++++++++++++++++++++++
cert.h | 1 -
shim.c | 6 +++---
4 files changed, 46 insertions(+), 9 deletions(-)
create mode 100644 cert.S
delete mode 100644 cert.h
diff --git a/Makefile b/Makefile
index 1e3a020..66b105f 100644
--- a/Makefile
+++ b/Makefile
@@ -14,24 +14,30 @@ EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/
EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS = $(EFI_PATH)/elf_$(ARCH)_efi.lds
-
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \
-Wall -mno-red-zone \
$(EFI_INCLUDES)
ifeq ($(ARCH),x86_64)
CFLAGS += -DEFI_FUNCTION_WRAPPER
endif
+ifneq ($(origin VENDOR_CERT_FILE), undefined)
+ CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+endif
+
LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
-TARGET = shim.efi
-OBJS = shim.o shim.so
-SOURCES = shim.c shim.h signature.h PeImage.h cert.h
+TARGET = shim.efi
+OBJS = shim.o cert.o
+SOURCES = shim.c shim.h signature.h PeImage.h
all: $(TARGET)
shim.o: $(SOURCES)
-shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a
+cert.o : cert.S
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a cert.o
$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
Cryptlib/libcryptlib.a:
diff --git a/cert.S b/cert.S
new file mode 100644
index 0000000..129bab5
--- /dev/null
+++ b/cert.S
@@ -0,0 +1,32 @@
+#if defined(VENDOR_CERT_FILE)
+ .globl vendor_cert
+ .data
+ .align 16
+ .type vendor_cert, @object
+ .size vendor_cert_size, vendor_cert_size-vendor_cert
+vendor_cert:
+.incbin VENDOR_CERT_FILE
+
+ .globl vendor_cert_size
+ .data
+ .align 16
+ .type vendor_cert_size, @object
+ .size vendor_cert_size, 4
+vendor_cert_size:
+ .long vendor_cert_size - vendor_cert
+#else
+ .globl vendor_cert
+ .bss
+ .type vendor_cert, @object
+ .size vendor_cert, 1
+vendor_cert:
+ .zero 1
+
+ .globl vendor_cert_size
+ .data
+ .align 4
+ .type vendor_cert_size, @object
+ .size vendor_cert_size, 4
+vendor_cert_size:
+ .long 1
+#endif
diff --git a/cert.h b/cert.h
deleted file mode 100644
index 380bc04..0000000
--- a/cert.h
+++ /dev/null
@@ -1 +0,0 @@
-static UINT8 vendor_cert[] = {0x00};
diff --git a/shim.c b/shim.c
index fc3dafc..2d9044d 100644
--- a/shim.c
+++ b/shim.c
@@ -48,8 +48,8 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB
/*
* The vendor certificate used for validating the second stage loader
*/
-
-#include "cert.h"
+extern UINT8 vendor_cert[];
+extern UINT32 vendor_cert_size;
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
@@ -535,7 +535,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
if (!AuthenticodeVerify(cert->CertData,
context->SecDir->Size - sizeof(cert->Hdr),
- vendor_cert, sizeof(vendor_cert), hash,
+ vendor_cert, vendor_cert_size, hash,
SHA256_DIGEST_SIZE)) {
Print(L"Invalid signature\n");
status = EFI_ACCESS_DENIED;
--
1.7.11.2