proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-06-04 07:58:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
329 Commits 1 Branch 3 Tags 11 MiB
C 97.8%
Makefile 0.8%
Shell 0.7%
Assembly 0.7%
0e7ba5947e
Go to file
Peter Jones 0e7ba5947e Generate a sane PE header on shim, fallback, and MokManager. 
It turns out a7249a65 was masking a second problem - on some binaries,
when we actually don't have any base relocations at all, binutils'
"objcopy --target efi-app-x86_64" is generating a PE header with a base
relocations pointer that happily points into the middle of our text
section.  So with shim processing base relocations correctly, it refuses
to load those binaries.

For example, on one binary I just built:

00000130  00 a0 00 00 0a 00 00 00  00 00 00 00 00 00 00 00 |................|

which says there's a Base Relocation Table at 0xa000 that's 0xa bytes long.
That's here:

0000a000  58 00 29 00 00 00 00 00  48 00 44 00 28 00 50 00 |X.).....H.D.(.P.|
0000a010  61 00 72 00 74 00 25 00  64 00 2c 00 53 00 69 00 |a.r.t.%.d.,.S.i.|
0000a020  67 00 25 00 67 00 29 00  00 00 00 00 00 00 00 00 |g.%.g.).........|
0000a030  48 00 44 00 28 00 50 00  61 00 72 00 74 00 25 00 |H.D.(.P.a.r.t.%.|

So the table is:

0000a000  58 00 29 00 00 00 00 00  48 00                   |X.).....H.      |

That wouldn't be so bad, except those binaries are MokManager.efi,
fallback.efi, and shim.efi, and sometimes they're .reloc, which we're
actually trying to handle correctly now because grub builds with a real
and valid .reloc table.  So though I didn't think there was any hair
left on this yak, more shaving ensues.

With this change, instead of letting objcopy do whatever it likes, we
switch to "-O binary" and merely link in a header that's appropriate for
our binaries.  This is the same method Ard wrote for aarch64, and it
seems to work fine in either place (modulo some minor changes.)

At some point this should be merged into gnu-efi instead of carrying our
own crt0-efi-x86_64.S, but that's a less immediate problem.

I did not need this problem.

Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-21 16:25:27 -04:00
Cryptlib Update openssl to 0.9.8zb 2014-08-19 14:20:23 -04:00
include Make sure we don't try to load a binary from a different arch. 2014-08-27 16:40:57 -04:00
lib Factor out x86-isms and add cross compile support 2014-08-12 10:54:05 -04:00
.gitignore Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00
cert.S Add support for 32-bit ARM 2014-08-12 10:54:05 -04:00
COPYRIGHT Add copyright file 2012-07-09 11:03:12 -04:00
crt0-efi-x86_64.S Generate a sane PE header on shim, fallback, and MokManager. 2014-09-21 16:25:27 -04:00
crypt_blowfish.c MokManager: support blowfish-based crypt() hash 2013-09-26 11:58:01 -04:00
crypt_blowfish.h MokManager: support blowfish-based crypt() hash 2013-09-26 11:58:01 -04:00
elf_aarch64_efi.lds Add support for 64-bit ARM (AArch64) 2014-08-12 10:54:05 -04:00
elf_arm_efi.lds Fix typo from Ard's old tree 32-bit ARM patch. 2014-08-27 11:49:39 -04:00
elf_ia32_efi.lds Move embedded certificates to their own section. 2013-06-10 17:35:33 -04:00
elf_ia64_efi.lds Move embedded certificates to their own section. 2013-06-10 17:35:33 -04:00
elf_x86_64_efi.lds Generate a sane PE header on shim, fallback, and MokManager. 2014-09-21 16:25:27 -04:00
fallback.c [fallback] Try to boot the first boot option anyway 2014-05-13 13:30:07 -04:00
make-certs Sign MokManager with a locally-generated key 2012-11-26 13:43:50 -05:00
Makefile Generate a sane PE header on shim, fallback, and MokManager. 2014-09-21 16:25:27 -04:00
MokManager.c MokManager: handle the error status from ReadKeyStroke 2014-06-25 10:02:18 -04:00
MokVars.txt Add support for disabling db for verification 2013-10-02 11:29:34 -04:00
netboot.c Factor out x86-isms and add cross compile support 2014-08-12 10:54:05 -04:00
netboot.h netboot.h: fix build error on 32-bit systems 2013-11-12 10:25:40 -05:00
PasswordCrypt.c additional bounds-checking on section sizes 2014-04-11 14:41:22 -04:00
PasswordCrypt.h MokManager: support Tradition DES hash 2013-09-26 11:58:01 -04:00
README Replace build instructions in README with something not completely wrong. 2014-07-21 16:15:07 -04:00
replacements.c Don't name something exit(). 2014-08-27 16:40:57 -04:00
replacements.h Allow fallback to use the system's LoadImage/StartImage . 2014-02-14 17:48:01 -05:00
shim.c Fix our "in_protocol" printing. 2014-09-21 16:25:27 -04:00
shim.h Make SHIM_LOCK_GUID a first-class object with a symbol. 2013-09-23 10:40:49 -04:00
testplan.txt Add a failure case to the test plan and fix an ordering error. 2014-02-14 17:48:01 -05:00
TODO Update for Josh's changes. 2013-10-02 13:33:52 -04:00
ucs2.h Add StrCSpn() 2013-04-30 09:46:22 -04:00
version.c.in Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00
version.h Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00

README 

shim is a trivial EFI application that, when run, attempts to open and
execute another application. It will initially attempt to do this via the
standard EFI LoadImage() and StartImage() calls. If these fail (because secure
boot is enabled and the binary is not signed with an appropriate key, for
instance) it will then validate the binary against a built-in certificate. If
this succeeds and if the binary or signing key are not blacklisted then shim
will relocate and execute the binary.

shim will also install a protocol which permits the second-stage bootloader
to perform similar binary validation. This protocol has a GUID as described
in the shim.h header file and provides a single entry point. On 64-bit systems
this entry point expects to be called with SysV ABI rather than MSABI, and
so calls to it should not be wrapped.

To use shim, simply place a DER-encoded public certificate in a file such as
pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".