Make vendor_cert/vendor_dbx actually replaceable by an external tool.

This moves them both to be computed at runtime from a pointer+offset rather than just a pointer, so that their real address can be entirely derived from the section they're in. This means you can replace the whole .vendor_cert section with a new one with certs that don't have the same size.
2025-06-06 04:36:13 +00:00 · 2013-09-09 14:43:04 -04:00 · 2013-09-09 14:43:04 -04:00 · 02388bcd58
commit 02388bcd58
parent 73de2ec2d8
4 changed files with 79 additions and 75 deletions
--- a/3
+++ b/3
@ -68,9 +68,6 @@ shim.o: $(SOURCES) shim_cert.h
 cert.o : cert.S
 	$(CC) $(CFLAGS) -c -o $@ $<

-dbx.o : dbx.S
-	$(CC) $(CFLAGS) -c -o $@ $<
-
 shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
 	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)

--- a/cert.S
+++ b/cert.S
@ -1,36 +1,67 @@
+	.globl cert_table
+	.data
+	.align 16
+	.type	cert_table, @object
+	.size	cert_table, 4
+	.section .vendor_cert, "a", @progbits
+cert_table:
 #if defined(VENDOR_CERT_FILE)
-	.globl	vendor_cert_size
-	.data
-	.align	1
-	.type	vendor_cert_size, @object
-	.size	vendor_cert_size, 4
-	.section .vendor_cert, "a", @progbits
-vendor_cert_size:
-	.long	.L0 - vendor_cert
-	.globl	vendor_cert
-	.data
-	.align	1
-	.type	vendor_cert, @object
-	.size	vendor_cert, .L0-vendor_cert
-	.section .vendor_cert, "a", @progbits
-vendor_cert:
-.incbin VENDOR_CERT_FILE
-.L0:
+	.long	vendor_cert_priv_end - vendor_cert_priv
 #else
-	.globl	vendor_cert
-	.bss
-	.type	vendor_cert, @object
-	.size	vendor_cert, 1
-	.section .vendor_cert, "a", @progbits
-vendor_cert:
-	.zero	1
-
-	.globl	vendor_cert_size
-	.data
-	.align 4
-	.type	vendor_cert_size, @object
-	.size	vendor_cert_size, 4
-	.section .vendor_cert, "a", @progbits
-vendor_cert_size:
 	.long	0
 #endif
+#if defined(VENDOR_DBX_FILE)
+	.long	vendor_dbx_priv_end - vendor_dbx_priv
+#else
+	.long	0
+#endif
+	.long	vendor_cert_priv - cert_table
+	.long	vendor_dbx_priv - cert_table
+#if defined(VENDOR_CERT_FILE)
+	.data
+	.align	1
+	.type	vendor_cert_priv, @object
+	.size	vendor_cert_priv, vendor_cert_priv_end-vendor_cert_priv
+	.section .vendor_cert, "a", @progbits
+vendor_cert_priv:
+.incbin VENDOR_CERT_FILE
+vendor_cert_priv_end:
+#else
+	.bss
+	.type	vendor_cert_priv, @object
+	.size	vendor_cert_priv, 1
+	.section .vendor_cert, "a", @progbits
+vendor_cert_priv:
+	.zero	1
+
+	.data
+	.align 4
+	.type	vendor_cert_size_priv, @object
+	.size	vendor_cert_size_priv, 4
+	.section .vendor_cert, "a", @progbits
+vendor_cert_priv_end:
+#endif
+#if defined(VENDOR_DBX_FILE)
+	.data
+	.align	1
+	.type	vendor_dbx_priv, @object
+	.size	vendor_dbx_priv, vendor_dbx_priv_end-vendor_dbx_priv
+	.section .vendor_cert, "a", @progbits
+vendor_dbx_priv:
+.incbin VENDOR_DBX_FILE
+vendor_dbx_priv_end:
+#else
+	.bss
+	.type	vendor_dbx_priv, @object
+	.size	vendor_dbx_priv, 1
+	.section .vendor_cert, "a", @progbits
+vendor_dbx_priv:
+	.zero	1
+
+	.data
+	.align 4
+	.type	vendor_dbx_size_priv, @object
+	.size	vendor_dbx_size_priv, 4
+	.section .vendor_cert, "a", @progbits
+vendor_dbx_priv_end:
+#endif
--- a/dbx.S
+++ b/dbx.S
@ -1,36 +0,0 @@
-#if defined(VENDOR_DBX_FILE)
-	.globl	vendor_dbx_size
-	.data
-	.align	1
-	.type	vendor_dbx_size, @object
-	.size	vendor_dbx_size, 4
-	.section .vendor_cert, "a", @progbits
-vendor_dbx_size:
-	.long	.L0 - vendor_dbx
-	.globl	vendor_dbx
-	.data
-	.align	1
-	.type	vendor_dbx, @object
-	.size	vendor_dbx, .L0-vendor_dbx
-	.section .vendor_cert, "a", @progbits
-vendor_dbx:
-.incbin VENDOR_DBX_FILE
-.L0:
-#else
-	.globl	vendor_dbx
-	.bss
-	.type	vendor_dbx, @object
-	.size	vendor_dbx, 1
-	.section .vendor_cert, "a", @progbits
-vendor_dbx:
-	.zero	1
-
-	.globl	vendor_dbx_size
-	.data
-	.align 4
-	.type	vendor_dbx_size, @object
-	.size	vendor_dbx_size, 4
-	.section .vendor_cert, "a", @progbits
-vendor_dbx_size:
-	.long	0
-#endif
--- a/shim.c
+++ b/shim.c
@ -63,10 +63,17 @@ EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8,
 /*
 * The vendor certificate used for validating the second stage loader
 */
-extern UINT8 vendor_cert[];
-extern UINT32 vendor_cert_size;
-extern UINT8 vendor_dbx[];
-extern UINT32 vendor_dbx_size;
+extern struct {
+	UINT32 vendor_cert_size;
+	UINT32 vendor_dbx_size;
+	UINT32 vendor_cert_offset;
+	UINT32 vendor_dbx_offset;
+} cert_table;
+
+UINT32 vendor_cert_size;
+UINT32 vendor_dbx_size;
+UINT8 *vendor_cert;
+UINT8 *vendor_dbx;

 #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}

@ -1493,6 +1500,11 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	UINTN verbose_check_size;
 	EFI_GUID global_var = EFI_GLOBAL_VARIABLE;

+	vendor_cert_size = cert_table.vendor_cert_size;
+	vendor_dbx_size = cert_table.vendor_dbx_size;
+	vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
+	vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
+
 	/*
 	 * Set up the shim lock protocol so that grub and MokManager can
 	 * call back in and use shim functions