diff --git a/.syntastic_c_config b/.syntastic_c_config index b93723b..6b56e25 100644 --- a/.syntastic_c_config +++ b/.syntastic_c_config @@ -1,16 +1,3 @@ --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/.. --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include/ --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto --I/usr/lib/gcc/x86_64-redhat-linux/7/include --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include --I/usr/include/efi --I/usr/include/efi/x86_64 --I/usr/include/efi/protocol --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/asn1 --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/evp --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/modes --I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/include -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE @@ -29,18 +16,21 @@ -Werror=sign-compare -ffreestanding -std=gnu89 --I/usr/lib/gcc/x86_64-redhat-linux/7/include -nostdinc --I/home/pjones/devel/github.com/shim/master/Cryptlib --I/home/pjones/devel/github.com/shim/master/Cryptlib/Include --I/usr/include/efi --I/usr/include/efi/x86_64 --I/usr/include/efi/protocol --I/home/pjones/devel/github.com/shim/master/include +-I/usr/lib/gcc/x86_64-redhat-linux/7/include +-ICryptlib/ +-ICryptlib/Include/ +-ICryptlib/OpenSSL/ +-ICryptlib/OpenSSL/crypto/ +-I/usr/include/efi/ +-I/usr/include/efi/x86_64/ +-I/usr/include/efi/protocol/ +-ICryptlib/OpenSSL/crypto/asn1/ +-ICryptlib/OpenSSL/crypto/evp/ +-ICryptlib/OpenSSL/crypto/modes/ +-ICryptlib/OpenSSL/crypto/include/ -iquote -/home/pjones/devel/github.com/shim/master --iquote -/home/pjones/devel/github.com/shim/master +. -mno-mmx -mno-sse -mno-red-zone diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 4da4d6c..b38043c 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -#include -#include -#include -#include -#include +#include "Base.h" +#include "Library/BaseLib.h" +#include "Library/BaseMemoryLib.h" +#include "Library/MemoryAllocationLib.h" +#include "Library/DebugLib.h" /* * Include stddef.h to avoid redefining "offsetof" diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h index 92cc963..e9a4c20 100644 --- a/Cryptlib/InternalCryptLib.h +++ b/Cryptlib/InternalCryptLib.h @@ -15,11 +15,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __INTERNAL_CRYPT_LIB_H__ #define __INTERNAL_CRYPT_LIB_H__ -#include -#include -#include -#include -#include +#include "Library/BaseLib.h" +#include "Library/BaseMemoryLib.h" +#include "Library/MemoryAllocationLib.h" +#include "Library/DebugLib.h" +#include "Library/BaseCryptLib.h" #include "OpenSslSupport.h" diff --git a/Makefile b/Makefile index 6db144c..a61e60b 100644 --- a/Makefile +++ b/Makefile @@ -35,15 +35,15 @@ TARGETS += $(MMNAME) $(FBNAME) endif OBJS = shim.o netboot.o cert.o replacements.o tpm.o version.o errlog.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h errlog.c +ORIG_SOURCES = shim.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h) MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o -ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h +ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) FALLBACK_OBJS = fallback.o tpm.o ORIG_FALLBACK_SRCS = fallback.c ifneq ($(origin ENABLE_HTTPBOOT), undefined) OBJS += httpboot.o - SOURCES += httpboot.c httpboot.h + SOURCES += httpboot.c include/httpboot.h endif SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c diff --git a/MokManager.c b/MokManager.c index 55af321..603c2ee 100644 --- a/MokManager.c +++ b/MokManager.c @@ -6,15 +6,8 @@ #include #include #include -#include "shim.h" -#include "PeImage.h" -#include "PasswordCrypt.h" -#include "guid.h" -#include "console.h" -#include "variables.h" -#include "simple_file.h" -#include "efiauthenticated.h" +#include "shim.h" #define PASSWORD_MAX 256 #define PASSWORD_MIN 1 diff --git a/PasswordCrypt.c b/PasswordCrypt.c index 2494549..793cb72 100644 --- a/PasswordCrypt.c +++ b/PasswordCrypt.c @@ -3,8 +3,8 @@ #include #include #include -#include "PasswordCrypt.h" -#include "crypt_blowfish.h" + +#include "shim.h" #define TRAD_DES_HASH_SIZE 13 /* (64/6+1) + (12/6) */ #define BSDI_DES_HASH_SIZE 20 /* (64/6+1) + (24/6) + 4 + 1 */ diff --git a/crypt_blowfish.c b/crypt_blowfish.c index 366a81a..54fc514 100644 --- a/crypt_blowfish.c +++ b/crypt_blowfish.c @@ -47,7 +47,7 @@ #include /* Just to make sure the prototypes match the actual definitions */ -#include "crypt_blowfish.h" +#include "shim.h" typedef unsigned int BF_word; typedef signed int BF_word_signed; diff --git a/httpboot.c b/httpboot.c index ecb1247..3493183 100644 --- a/httpboot.c +++ b/httpboot.c @@ -33,11 +33,8 @@ #include #include -#include "str.h" -#include "console.h" -#include "Http.h" -#include "Ip4Config2.h" -#include "Ip6Config.h" + +#include "shim.h" #define perror(fmt, ...) ({ \ UINTN __perror_ret = 0; \ diff --git a/PasswordCrypt.h b/include/PasswordCrypt.h similarity index 100% rename from PasswordCrypt.h rename to include/PasswordCrypt.h diff --git a/crypt_blowfish.h b/include/crypt_blowfish.h similarity index 100% rename from crypt_blowfish.h rename to include/crypt_blowfish.h diff --git a/hexdump.h b/include/hexdump.h similarity index 100% rename from hexdump.h rename to include/hexdump.h diff --git a/httpboot.h b/include/httpboot.h similarity index 100% rename from httpboot.h rename to include/httpboot.h diff --git a/netboot.h b/include/netboot.h similarity index 100% rename from netboot.h rename to include/netboot.h diff --git a/replacements.h b/include/replacements.h similarity index 100% rename from replacements.h rename to include/replacements.h diff --git a/tpm.h b/include/tpm.h similarity index 100% rename from tpm.h rename to include/tpm.h diff --git a/ucs2.h b/include/ucs2.h similarity index 100% rename from ucs2.h rename to include/ucs2.h diff --git a/lib/configtable.c b/lib/configtable.c index edf2ed7..194637e 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -8,8 +8,7 @@ #include #include -#include -#include +#include "shim.h" void * configtable_get_table(EFI_GUID *guid) diff --git a/lib/console.c b/lib/console.c index 0f50851..b647dd1 100644 --- a/lib/console.c +++ b/lib/console.c @@ -15,14 +15,7 @@ #include #include -static EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }; - -static int min(int a, int b) -{ - if (a < b) - return a; - return b; -} +#include "shim.h" static int count_lines(CHAR16 *str_arr[]) diff --git a/lib/execute.c b/lib/execute.c index 89328c6..4abccc7 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -41,8 +41,7 @@ #include #include -#include -#include +#include "shim.h" EFI_STATUS generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 **PathName) diff --git a/lib/security_policy.c b/lib/security_policy.c index 53a2580..889653d 100644 --- a/lib/security_policy.c +++ b/lib/security_policy.c @@ -9,7 +9,7 @@ #include #include -#include +#include "shim.h" #include #include #include diff --git a/lib/shell.c b/lib/shell.c index afd3952..849f266 100644 --- a/lib/shell.c +++ b/lib/shell.c @@ -8,7 +8,7 @@ #include #include -#include +#include "shim.h" EFI_STATUS argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) diff --git a/lib/simple_file.c b/lib/simple_file.c index d345d87..f7762cc 100644 --- a/lib/simple_file.c +++ b/lib/simple_file.c @@ -7,13 +7,8 @@ #include #include -#include -#include -#include -#include /* for generate_path() */ +#include "shim.h" -static EFI_GUID IMAGE_PROTOCOL = LOADED_IMAGE_PROTOCOL; -static EFI_GUID SIMPLE_FS_PROTOCOL = SIMPLE_FILE_SYSTEM_PROTOCOL; static EFI_GUID FILE_INFO = EFI_FILE_INFO_ID; static EFI_GUID FS_INFO = EFI_FILE_SYSTEM_INFO_ID; diff --git a/lib/variables.c b/lib/variables.c index 59d7d05..8a99327 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -22,12 +22,7 @@ #include #include -#include - -#include -#include -#include -#include +#include "shim.h" EFI_STATUS variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, diff --git a/netboot.c b/netboot.c index 115663e..25bdbc9 100644 --- a/netboot.c +++ b/netboot.c @@ -34,9 +34,8 @@ */ #include "shim.h" + #include -#include "netboot.h" -#include "str.h" #define ntohs(x) __builtin_bswap16(x) /* supported both by GCC and clang */ #define htons(x) ntohs(x) diff --git a/replacements.c b/replacements.c index b3b7d81..93e1d6b 100644 --- a/replacements.c +++ b/replacements.c @@ -50,10 +50,8 @@ #include #include #include + #include "shim.h" -#include "replacements.h" -#include "console.h" -#include "errors.h" static EFI_SYSTEM_TABLE *systab; diff --git a/shim.h b/shim.h index 9126253..51e9c20 100644 --- a/shim.h +++ b/shim.h @@ -4,49 +4,7 @@ #include #include -#include "PeImage.h" - -extern EFI_GUID SHIM_LOCK_GUID; - -INTERFACE_DECL(_SHIM_LOCK); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_VERIFY) ( - IN VOID *buffer, - IN UINT32 size - ); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_HASH) ( - IN char *data, - IN int datasize, - PE_COFF_LOADER_IMAGE_CONTEXT *context, - UINT8 *sha256hash, - UINT8 *sha1hash - ); - -typedef -EFI_STATUS -(*EFI_SHIM_LOCK_CONTEXT) ( - IN VOID *data, - IN unsigned int datasize, - PE_COFF_LOADER_IMAGE_CONTEXT *context - ); - -typedef struct _SHIM_LOCK { - EFI_SHIM_LOCK_VERIFY Verify; - EFI_SHIM_LOCK_HASH Hash; - EFI_SHIM_LOCK_CONTEXT Context; -} SHIM_LOCK; - -extern EFI_STATUS shim_init(void); -extern void shim_fini(void); -extern EFI_STATUS LogError(const char *file, int line, const char *func, CHAR16 *fmt, ...); -extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args); -extern VOID PrintErrors(VOID); -extern VOID ClearErrors(VOID); +#define min(a, b) ({(a) < (b) ? (a) : (b);}) #ifdef __x86_64__ #ifndef DEFAULT_LOADER @@ -108,23 +66,77 @@ extern VOID ClearErrors(VOID); #endif #endif -#include "netboot.h" -#include "httpboot.h" -#include "replacements.h" -#include "tpm.h" -#include "ucs2.h" +#include "include/configtable.h" +#include "include/console.h" +#include "include/crypt_blowfish.h" +#include "include/efiauthenticated.h" +#include "include/errors.h" +#include "include/execute.h" +#include "include/guid.h" +#include "include/Http.h" +#include "include/httpboot.h" +#include "include/Ip4Config2.h" +#include "include/Ip6Config.h" +#include "include/netboot.h" +#include "include/PasswordCrypt.h" +#include "include/PeImage.h" +#include "include/replacements.h" +#if defined(OVERRIDE_SECURITY_POLICY) +#include "include/security_policy.h" +#endif +#include "include/simple_file.h" +#include "include/str.h" +#include "include/tpm.h" +#include "include/ucs2.h" +#include "include/variables.h" -#include "guid.h" -#include "variables.h" -#include "efiauthenticated.h" -#include "security_policy.h" -#include "console.h" #include "version.h" - #ifdef ENABLE_SHIM_CERT #include "shim_cert.h" #endif +extern EFI_GUID SHIM_LOCK_GUID; + +INTERFACE_DECL(_SHIM_LOCK); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_VERIFY) ( + IN VOID *buffer, + IN UINT32 size + ); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_HASH) ( + IN char *data, + IN int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context, + UINT8 *sha256hash, + UINT8 *sha1hash + ); + +typedef +EFI_STATUS +(*EFI_SHIM_LOCK_CONTEXT) ( + IN VOID *data, + IN unsigned int datasize, + PE_COFF_LOADER_IMAGE_CONTEXT *context + ); + +typedef struct _SHIM_LOCK { + EFI_SHIM_LOCK_VERIFY Verify; + EFI_SHIM_LOCK_HASH Hash; + EFI_SHIM_LOCK_CONTEXT Context; +} SHIM_LOCK; + +extern EFI_STATUS shim_init(void); +extern void shim_fini(void); +extern EFI_STATUS LogError(const char *file, int line, const char *func, CHAR16 *fmt, ...); +extern EFI_STATUS VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args); +extern VOID PrintErrors(VOID); +extern VOID ClearErrors(VOID); + #define LogError(fmt, ...) LogError(__FILE__, __LINE__, __func__, fmt, ## __VA_ARGS__) #endif /* SHIM_H_ */ diff --git a/tpm.c b/tpm.c index 43e53c1..340f0ce 100644 --- a/tpm.c +++ b/tpm.c @@ -3,8 +3,7 @@ #include #include -#include "tpm.h" -#include "console.h" +#include "shim.h" #define perror(fmt, ...) ({ \ UINTN __perror_ret = 0; \