Move the countdown function from MokManager to console.c to make the
function public
Also make console_save_and_set_mode() and console_restore_mode() public
Signed-off-by: Gary Lin <glin@suse.com>
print_crypto_errors() will pull in the whole openssl library which
bloats the size of fallback.efi. Move the function to an independent
file (lib/print_crypto.c) to reduce the file size of fallback.efi from
1.3MB to 93KB.
Signed-off-by: Gary Lin <glin@suse.com>
If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
user wants the build to be fully reproducible, so use a fixed string.
In case of a cross build, using uname -s -m -p -i o will still report
the host's kernel architecture, which will trip some CIs like
Debian's.
This is a backport from devel of:
commit 11fd3197d21f94b491ccfc1da6d38b14060e62d7
Author: Luca Boccassi <bluca@debian.org>
Date: Fri Feb 15 21:42:10 2019 +0000
Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined
If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
user wants the build to be fully reproducible, so use a fixed string.
In case of a cross build, using uname -s -m -p -i o will still report
the host's kernel architecture, which will trip some CIs like
Debian's.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Peter Jones <pjones@redhat.com>
At the time, this was explicitly contributed under the Tiano license,
even though the original code[0] is LGPLv2.1.
[0]: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
Signed-off-by: Peter Jones <pjones@redhat.com>
The license statements in our source files were getting to be a giant
mess, and mostly they all just say the same thing. I've switched most
of it to SPDX labels, but left copyright statements in place (where they
were not obviously incorrect copy-paste jobs that I did...).
If there's some change here you don't think is valid, let me know and
we can fix it up together.
Signed-off-by: Peter Jones <pjones@redhat.com>
One of the really great things about Github IMO is how
"front and center" the README file in a repository is (just
compare with Sourceforge).
Github renders it more nicely if the file is declared to be Markdown,
so let's do that. Add a bit of formatting: using code fences
for code, hyperlinks for other files etc.
I also added a title block from the Fedora package `Summary`
since while I know in theory shim is independent of bootloaders,
let's say what the 95% case is here.
This adds stuff that only ever gets made as an artifact of building
(though build*/ generally doesn't, as of this commit.)
Signed-off-by: Peter Jones <pjones@redhat.com>
This is a backport from devel for:
commit 852091d63f73011742c61c976e40f35edd74d598
Author: Nicholas Bishop <nicholasbishop@gmail.com>
Date: Thu May 17 19:28:53 2018 -0400
Fix typo
Signed-off-by: Peter Jones <pjones@redhat.com>
This was previously on devel as:
commit 2e29c0358888412e9addfb016cc72f6e89ffb536
Author: Peter Jones <pjones@redhat.com>
Date: Mon Jun 29 14:06:34 2020 -0400
Add .cer/.crt/.esl to .gitignore
But .cer and .crt were added independently in another commit since then.
Signed-off-by: Peter Jones <pjones@redhat.com>
Sometimes we're loading structures that are parsed in string-like ways,
but can't necessarily be trusted to be zero-terminated. Solve that by
making sure we always have enough aligned, trailing zero bytes to always
have at least one NUL character, no matter which character type is being
parsed.
Signed-off-by: Peter Jones <pjones@redhat.com>
Add a file that contains example workflows for SBAT and better illustrate
what type of content is expected to be present in both the .sbat section
and the SBAT authenticated EFI variable.
Signed-off-by: Peter Jones <pjones@redhat.com>
SBAT is a new Generation Number Based Revocation meant to replace the DBX
Revocation List Files mechanism. It is more flexible and allow to revoke
sets of binaries, instead of having to list all of them as with the DBX.
Metadata that includes the vendor, product family, product, component,
version and generation are added to artifacts in a .sbat section. This
is protected by the digital signature and so it cannot be tampered.
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Gary Lin <glin@suse.com>
Right now we allocate the PE file's contents in RW memory, but hopefully
that won't always be the case. Our SBAT parsing, however, very much
expects to be able to edit it. We also don't actually know that shim's
.sbat section is loaded r/w, so we can't necessarily write there.
This patch copies the SBAT data to its own buffer, plus one NUL byte at
the end, so we can always be sure that will work.
Signed-off-by: Peter Jones <pjones@redhat.com>
Parse the SBAT [0] Version-Based Revocation Metadata that's contained in a
.sbat data section of the loaded PE binary. This information is used along
with data in a SBAT variable to determine if a EFI binary has been revoked.
[0]: https://github.com/rhboot/shim/blob/sbat/SBAT.md
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Unfortunately GNU-EFI doesn't currently implement ascii versions of
strchr() or strchrnul(), and we kind of need them, so add an
implementation here for now.
Signed-off-by: Peter Jones <pjones@redhat.com>
In cases where we accept vendor shim binaries with additional patches,
it may become necessary to identify those builds with additional SBAT
data. When we consider such patches, we should be proactive in asking
vendors to include that data in the .sbat sections of their trusted EFI
binaries.
This patch adds any data in data/sbat.*.csv (after a quick sanitizing
pass) after data/sbat.csv in the .sbat section, so that no changes to
the upstream data/sbat.csv are ever required.
Signed-off-by: Peter Jones <pjones@redhat.com>
The Secure Boot Advanced Targeting (SBAT) [0] is a Generation Number Based
Revocation mechanism that is meant to replace the DBX revocation file list.
Binaries must contain a .sbat data section that has a set entries, each of
them consisting of UTF-8 strings as comma separated values. Allow to embed
this information into the fwupd EFI binary at build time.
The SBAT metadata must contain at least two entries. One that defines the
SBAT version used and another one that defines the component generation.
This patch adds a sbat.csv that contains these two entries and downstream
users can override if additional entries are needed due changes that make
them diverge from upstream code and potentially add other vulnerabilities.
The same SBAT metadata is added to the fallback and MOK manager binaries
because these are built from the same shim source. These need to have SBAT
metadata as well to be booted if a .sbat section is mandatory.
[0]: https://github.com/rhboot/shim/blob/sbat/SBAT.md
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
This adds the "sbat" branch to the list of branches where a build is
done if a PR is submitted against that branch.
Signed-off-by: Peter Jones <pjones@redhat.com>
This makes each of the f32/f33/f34 distro builds use the same steps to
do the build, as well as making each of them build both x64 and ia32
targets.
Signed-off-by: Peter Jones <pjones@redhat.com>
I renamed PeImage.h to pe.h when I de-capitalized them, but this turns
out to be a bad idea because we already have a pe.h on the SBAT branch.
Woops.
This moves it to peimage.h
Signed-off-by: Peter Jones <pjones@redhat.com>
In the version of clang-format I've got locally[0],
WhitespaceSensitiveMacros seems to only work sometimes. That means that
if we ever run it on some particular things, it could seriously mess up
a bunch of our debugging output. That's not great.
In this patch, I've gone ahead and run clang-format on all the macros
that use __LINE__, which are the obvious places this is dangerous, and
then audited the result and fixed anything that's broken (including a
couple of places where it was already broken.)
[0] random:~/devel/github.com/shim/clang-format$ clang-format --version
clang-format version 11.0.0 (Fedora 11.0.0-2.fc33)
Signed-off-by: Peter Jones <pjones@redhat.com>
