proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-24 19:31:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add ident-like blobs to shim.efi for version checking.

Browse Source 
I feel dirty.
This commit is contained in:
Peter Jones 2013-10-03 11:01:36 -04:00
parent d83213cec3
commit fc986307fb
7 changed files with 48 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -23,3 +23,4 @@ shim_cert.h
*.srl
*.srl.old
*.tar.*
version.c

14
Makefile
View File

@ -40,9 +40,9 @@ LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH
VERSION = 0.4
TARGET = shim.efi MokManager.efi.signed fallback.efi.signed
OBJS = shim.o netboot.o cert.o replacements.o
OBJS = shim.o netboot.o cert.o replacements.o version.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h
SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o
@ -61,6 +61,12 @@ shim_cert.h: shim.cer
hexdump -v -e '1/1 "0x%02x, "' $< >> $@
echo "};" >> $@
version.c : version.c.in
sed -e "s,@@VERSION@@,$(VERSION)," \
-e "s,@@UNAME@@,$(shell uname -a)," \
-e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
< version.c.in > version.c
certdb/secmod.db: shim.crt
-mkdir certdb
certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
@ -115,7 +121,7 @@ clean:
$(MAKE) -C Cryptlib/OpenSSL clean
$(MAKE) -C lib clean
rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
rm -f *.debug *.so *.efi *.tar.*
rm -f *.debug *.so *.efi *.tar.* version.c
GITTAG = $(VERSION)
@ -125,6 +131,7 @@ test-archive:
@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"
@ -135,6 +142,7 @@ archive:
@mkdir -p /tmp/shim-$(VERSION)-tmp
@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
@rm -rf /tmp/shim-$(VERSION)
@echo "The archive is in shim-$(VERSION).tar.bz2"

2
include/console.h
View File

@ -20,6 +20,8 @@ console_alertbox(CHAR16 **title);
void
console_notify(CHAR16 *string);
void
console_notify_ascii(CHAR8 *string);
void
console_reset(void);
#define NOSEL 0x7fffffff

14
lib/console.c
View File

@ -312,6 +312,20 @@ console_notify(CHAR16 *string)
console_alertbox(str_arr);
}
void
console_notify_ascii(CHAR8 *string)
{
CHAR16 *str = AllocateZeroPool((strlena(string) + 1) * 2);
int i, j;
if (!str)
return;
for (i = 0, j = 1; string[i] != '\0'; i++, j+=2)
str[j] = string[i];
console_notify(str);
}
#define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
/* Copy of gnu-efi-3.0 with the added secure boot strings */

4
shim.c
View File

@ -48,6 +48,7 @@
#include "efiauthenticated.h"
#include "security_policy.h"
#include "console.h"
#include "version.h"
#define FALLBACK L"\\fallback.efi"
#define MOK_MANAGER L"\\MokManager.efi"
@ -1668,6 +1669,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
if (!EFI_ERROR(efi_status))
verbose = verbose_check;
if (verbose)
console_notify_ascii(shim_version);
/* Set the second stage loader */
set_second_stage (image_handle);

8
version.c.in Normal file
View File

@ -0,0 +1,8 @@
#include "version.h"
CHAR8 shim_version[] =
"UEFI SHIM\n"
"$Version: @@VERSION@@ $\n"
"$BuildMachine: @@UNAME@@ $\n"
"$Commit: @@COMMIT@@ $\n";

8
version.h Normal file
View File

@ -0,0 +1,8 @@
#ifndef _SHIM_VERSION_H
#define _SHIM_VERSION_H 1
#include <efi.h>
extern CHAR8 shim_version[];
#endif /* SHIM_VERSION_H */