From fc986307fb200fdf493b9dd083ad39ae3561b0c9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Thu, 3 Oct 2013 11:01:36 -0400 Subject: [PATCH] Add ident-like blobs to shim.efi for version checking. I feel dirty. --- .gitignore | 1 + Makefile | 14 +++++++++++--- include/console.h | 2 ++ lib/console.c | 14 ++++++++++++++ shim.c | 4 ++++ version.c.in | 8 ++++++++ version.h | 8 ++++++++ 7 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 version.c.in create mode 100644 version.h diff --git a/.gitignore b/.gitignore index 85da8e7..586bc24 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ shim_cert.h *.srl *.srl.old *.tar.* +version.c diff --git a/Makefile b/Makefile index 53c4e00..4a8b553 100644 --- a/Makefile +++ b/Makefile @@ -40,9 +40,9 @@ LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH VERSION = 0.4 TARGET = shim.efi MokManager.efi.signed fallback.efi.signed -OBJS = shim.o netboot.o cert.o replacements.o +OBJS = shim.o netboot.o cert.o replacements.o version.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h +SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h FALLBACK_OBJS = fallback.o @@ -61,6 +61,12 @@ shim_cert.h: shim.cer hexdump -v -e '1/1 "0x%02x, "' $< >> $@ echo "};" >> $@ +version.c : version.c.in + sed -e "s,@@VERSION@@,$(VERSION)," \ + -e "s,@@UNAME@@,$(shell uname -a)," \ + -e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \ + < version.c.in > version.c + certdb/secmod.db: shim.crt -mkdir certdb certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt @@ -115,7 +121,7 @@ clean: $(MAKE) -C Cryptlib/OpenSSL clean $(MAKE) -C lib clean rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb - rm -f *.debug *.so *.efi *.tar.* + rm -f *.debug *.so *.efi *.tar.* version.c GITTAG = $(VERSION) @@ -125,6 +131,7 @@ test-archive: @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ + @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) @rm -rf /tmp/shim-$(VERSION) @echo "The archive is in shim-$(VERSION).tar.bz2" @@ -135,6 +142,7 @@ archive: @mkdir -p /tmp/shim-$(VERSION)-tmp @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ + @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) @rm -rf /tmp/shim-$(VERSION) @echo "The archive is in shim-$(VERSION).tar.bz2" diff --git a/include/console.h b/include/console.h index d699d27..fbeb7e6 100644 --- a/include/console.h +++ b/include/console.h @@ -20,6 +20,8 @@ console_alertbox(CHAR16 **title); void console_notify(CHAR16 *string); void +console_notify_ascii(CHAR8 *string); +void console_reset(void); #define NOSEL 0x7fffffff diff --git a/lib/console.c b/lib/console.c index 72d6427..44b08f2 100644 --- a/lib/console.c +++ b/lib/console.c @@ -312,6 +312,20 @@ console_notify(CHAR16 *string) console_alertbox(str_arr); } +void +console_notify_ascii(CHAR8 *string) +{ + CHAR16 *str = AllocateZeroPool((strlena(string) + 1) * 2); + int i, j; + + if (!str) + return; + + for (i = 0, j = 1; string[i] != '\0'; i++, j+=2) + str[j] = string[i]; + console_notify(str); +} + #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) /* Copy of gnu-efi-3.0 with the added secure boot strings */ diff --git a/shim.c b/shim.c index 690cb09..873fd2e 100644 --- a/shim.c +++ b/shim.c @@ -48,6 +48,7 @@ #include "efiauthenticated.h" #include "security_policy.h" #include "console.h" +#include "version.h" #define FALLBACK L"\\fallback.efi" #define MOK_MANAGER L"\\MokManager.efi" @@ -1668,6 +1669,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) if (!EFI_ERROR(efi_status)) verbose = verbose_check; + if (verbose) + console_notify_ascii(shim_version); + /* Set the second stage loader */ set_second_stage (image_handle); diff --git a/version.c.in b/version.c.in new file mode 100644 index 0000000..9e71970 --- /dev/null +++ b/version.c.in @@ -0,0 +1,8 @@ + +#include "version.h" + +CHAR8 shim_version[] = + "UEFI SHIM\n" + "$Version: @@VERSION@@ $\n" + "$BuildMachine: @@UNAME@@ $\n" + "$Commit: @@COMMIT@@ $\n"; diff --git a/version.h b/version.h new file mode 100644 index 0000000..7fb3d81 --- /dev/null +++ b/version.h @@ -0,0 +1,8 @@ +#ifndef _SHIM_VERSION_H +#define _SHIM_VERSION_H 1 + +#include + +extern CHAR8 shim_version[]; + +#endif /* SHIM_VERSION_H */