[Buildroot] [PATCH 3/4] boot/shim: bump to version 15.4
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Apr 5 20:21:54 UTC 2021
- Use the tarball provided by upstream developers instead of the one
generated by Github. Indeed
https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
usual, please use the shim-15.4.tar.bz2 tarball, rather than the
other two archives github automatically produces."
- The tarball now includes the gnu-efi code, so we no longer need to
select gnu-efi and have it as a build dependency. We continue to use
BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
architectures that have gnu-efi support. We also drop the
EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
needs to be searched in STAGING_DIR.
- Drop all four patches, which were backports from upstream.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
...po-in-the-EFI-warning-list-in-gnu-ef.patch | 57 ---------
...tuff-Waddress-of-packed-member-finds.patch | 90 --------------
...ompareMem-on-MokListNode.Type-instea.patch | 73 ------------
...void-Werror-address-of-packed-member.patch | 112 ------------------
boot/shim/Config.in | 2 +-
boot/shim/shim.hash | 2 +-
boot/shim/shim.mk | 11 +-
7 files changed, 6 insertions(+), 341 deletions(-)
delete mode 100644 boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
delete mode 100644 boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
delete mode 100644 boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
delete mode 100644 boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
diff --git a/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch b/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
deleted file mode 100644
index 77d1b54f16..0000000000
--- a/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From b00d7f63df7ee6f74a63515f1469768e9cb2aa7a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones at redhat.com>
-Date: Mon, 26 Aug 2019 16:12:05 -0400
-Subject: [PATCH] console: Fix a typo in the EFI warning list in gnu-efi
-
-Some versions of gnu-efi have a typo, in which "EFI_WARN_UNKNOWN_GLYPH"
-is accidentally "EFI_WARN_UNKOWN_GLYPH". Work around that, so that we
-can use the not-silly one in console.c's list of error and warning
-messages.
-
-This is a backport from devel for:
-
- commit 5f62b22ccd636d326b3229a2b196118701c6f3f7
- Author: Peter Jones <pjones at redhat.com>
- Date: Mon Aug 26 16:12:05 2019 -0400
-
-Signed-off-by: Peter Jones <pjones at redhat.com>
-Upstream: d230d02f990f02293736dca78b108f86c86d1bd0
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
----
- include/console.h | 6 ++++++
- lib/console.c | 2 +-
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/include/console.h b/include/console.h
-index deb4fa3..00da98d 100644
---- a/include/console.h
-+++ b/include/console.h
-@@ -7,6 +7,12 @@
- #define PrintAt(fmt, ...) \
- ({"Do not directly call PrintAt() use console_print_at() instead" = 1;});
-
-+#if !defined(EFI_WARN_UNKNOWN_GLYPH) && defined(EFI_WARN_UNKOWN_GLYPH)
-+#define EFI_WARN_UNKNOWN_GLYPH EFI_WARN_UNKOWN_GLYPH
-+#elif !defined(EFI_WARN_UNKNOWN_GLYPH)
-+#define EFI_WARN_UNKNOWN_GLYPH EFIWARN(1)
-+#endif
-+
- EFI_STATUS
- console_get_keystroke(EFI_INPUT_KEY *key);
- UINTN
-diff --git a/lib/console.c b/lib/console.c
-index 3aee41c..ccd4d4d 100644
---- a/lib/console.c
-+++ b/lib/console.c
-@@ -445,7 +445,7 @@ static struct {
- { EFI_SECURITY_VIOLATION, L"Security Violation"},
-
- // warnings
-- { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"},
-+ { EFI_WARN_UNKNOWN_GLYPH, L"Warning Unknown Glyph"},
- { EFI_WARN_DELETE_FAILURE, L"Warning Delete Failure"},
- { EFI_WARN_WRITE_FAILURE, L"Warning Write Failure"},
- { EFI_WARN_BUFFER_TOO_SMALL, L"Warning Buffer Too Small"},
---
-2.30.2
-
diff --git a/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch b/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
deleted file mode 100644
index 9a6187b1a1..0000000000
--- a/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 7c1d3d8116b78bf096b7b8c6da5486f37efeb75f Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones at redhat.com>
-Date: Mon, 13 May 2019 16:34:35 -0400
-Subject: [PATCH] Work around stuff -Waddress-of-packed-member finds.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In MokManager we get a lot of these:
-
-../src/MokManager.c:1063:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1063 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
- | ^~~~~~~~~~~~~~~
-
-The reason for this is that gnu-efi takes EFI_GUID * as its argument
-instead of VOID *, and there's nothing telling the compiler that it
-doesn't have alignment constraints on the input, so the compiler wants
-it to have 16-byte alignment.
-
-Just use CompareMem() for these, as that's all CompareGuid is calling
-anyway.
-
-Signed-off-by: Peter Jones <pjones at redhat.com>
-Upstream: 2cbf56b82a5102777b37c4f7f47c8cf058cea027
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
----
- MokManager.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 7e40a38..5d0a979 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -22,6 +22,8 @@
- #define CERT_STRING L"Select an X509 certificate to enroll:\n\n"
- #define HASH_STRING L"Select a file to trust:\n\n"
-
-+#define CompareMemberGuid(x, y) CompareMem(x, y, sizeof(EFI_GUID))
-+
- typedef struct {
- UINT32 MokSize;
- UINT8 *Mok;
-@@ -1078,7 +1080,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-+ if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1100,7 +1102,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
-+ if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1141,7 +1143,7 @@ static void delete_cert(void *key, UINT32 key_size,
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
-+ if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1192,7 +1194,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
-+ if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1356,7 +1358,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+ if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.30.2
-
diff --git a/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch b/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
deleted file mode 100644
index 5f8f44519d..0000000000
--- a/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 694a91664a7f5018bdc1e1092e07a8ac7fc35fc0 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin at suse.com>
-Date: Tue, 26 Feb 2019 11:33:53 +0800
-Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of
- CompareGuid
-
-Fix the errors from gcc9 '-Werror=address-of-packed-member'
-
-https://github.com/rhboot/shim/issues/161
-
-Signed-off-by: Gary Lin <glin at suse.com>
-Upstream: 5d30a31fef4eb7e773da24c5e6c20576282a9c3a
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
----
- MokManager.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 5d0a979..e13400b 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1080,7 +1080,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
-+ if (CompareMem(&(list[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1102,7 +1103,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
-+ if (CompareMem(&(list[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1143,7 +1145,8 @@ static void delete_cert(void *key, UINT32 key_size,
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
-+ if (CompareMem(&(mok[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1194,7 +1197,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
-+ if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1358,7 +1361,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+ if (CompareMem(&(del_key[i].Type), &X509_GUID,
-+ sizeof(EFI_GUID)) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.30.2
-
diff --git a/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch b/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
deleted file mode 100644
index d86c5bb005..0000000000
--- a/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From f17f67fef7ae05cbad8609aacef41a448a2d8d54 Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas at gmx.de>
-Date: Thu, 5 Sep 2019 10:39:37 +0200
-Subject: [PATCH] MokManager: avoid -Werror=address-of-packed-member
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When compiling with GCC 9, there are a couple of errors of the form
-
-MokManager.c: In function ‘write_back_mok_list’:
-MokManager.c:1056:19: error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1056 | if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
- | ^~~~~~~~~~~~~~~
-
-Copying the member of the packed struct to a temporary variable and
-pointing to that variable solves the problem.
-
-Upstream: d57e53f3bddc4bc7299b3d5efd5ba8c547e8dfa5
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
----
- MokManager.c | 22 +++++++++++++---------
- 1 file changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index e13400b..1a8d666 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1065,6 +1065,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- EFI_STATUS efi_status;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *CertData;
-+ EFI_GUID type;
- void *Data = NULL, *ptr;
- INTN DataSize = 0;
- int i;
-@@ -1080,8 +1081,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- continue;
-
- DataSize += sizeof(EFI_SIGNATURE_LIST);
-- if (CompareMem(&(list[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0)
-+ type = list[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) == 0)
- DataSize += sizeof(EFI_GUID);
- DataSize += list[i].MokSize;
- }
-@@ -1103,8 +1104,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- CertList->SignatureType = list[i].Type;
- CertList->SignatureHeaderSize = 0;
-
-- if (CompareMem(&(list[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0) {
-+ if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) {
- CertList->SignatureListSize = list[i].MokSize +
- sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- CertList->SignatureSize =
-@@ -1142,11 +1142,12 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- static void delete_cert(void *key, UINT32 key_size,
- MokListNode * mok, INTN mok_num)
- {
-+ EFI_GUID type;
- int i;
-
- for (i = 0; i < mok_num; i++) {
-- if (CompareMem(&(mok[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) != 0)
-+ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) != 0)
- continue;
-
- if (mok[i].MokSize == key_size &&
-@@ -1188,6 +1189,7 @@ static void mem_move(void *dest, void *src, UINTN size)
- static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- MokListNode * mok, INTN mok_num)
- {
-+ EFI_GUID type;
- UINT32 sig_size;
- UINT32 list_num;
- int i, del_ind;
-@@ -1197,7 +1199,8 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- sig_size = hash_size + sizeof(EFI_GUID);
-
- for (i = 0; i < mok_num; i++) {
-- if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
-+ type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if ((CompareGuid(&type, &Type) != 0) ||
- (mok[i].MokSize < sig_size))
- continue;
-
-@@ -1253,6 +1256,7 @@ static void delete_hash_list(EFI_GUID Type, void *hash_list, UINT32 list_size,
- static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- {
- EFI_STATUS efi_status;
-+ EFI_GUID type;
- CHAR16 *db_name;
- CHAR16 *auth_name;
- CHAR16 *err_strs[] = { NULL, NULL, NULL };
-@@ -1361,8 +1365,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
-
- /* Search and destroy */
- for (i = 0; i < del_num; i++) {
-- if (CompareMem(&(del_key[i].Type), &X509_GUID,
-- sizeof(EFI_GUID)) == 0) {
-+ type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
-+ if (CompareGuid(&type, &X509_GUID) == 0) {
- delete_cert(del_key[i].Mok, del_key[i].MokSize,
- mok, mok_num);
- } else if (is_sha2_hash(del_key[i].Type)) {
---
-2.30.2
-
diff --git a/boot/shim/Config.in b/boot/shim/Config.in
index ea6650f54c..596ff5b2cf 100644
--- a/boot/shim/Config.in
+++ b/boot/shim/Config.in
@@ -1,9 +1,9 @@
config BR2_TARGET_SHIM
bool "shim"
+ # it includes gnu-efi
depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS
# ARM32 build currently broken
depends on !BR2_ARM_CPU_HAS_ARM
- select BR2_PACKAGE_GNU_EFI
help
Boot loader to chain-load signed boot loaders under Secure
Boot.
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash
index 318390f80b..15c763abca 100644
--- a/boot/shim/shim.hash
+++ b/boot/shim/shim.hash
@@ -1,3 +1,3 @@
# locally computed hash
-sha256 279d19cc95b9974ea2379401a6a0653d949c3fa3d61f0c4bd6a7b9e840bdc425 shim-15.tar.gz
+sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297 shim-15.4.tar.bz2
sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2 COPYRIGHT
diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk
index e0f01a8a9d..0a6d1527aa 100644
--- a/boot/shim/shim.mk
+++ b/boot/shim/shim.mk
@@ -4,22 +4,19 @@
#
################################################################################
-SHIM_VERSION = 15
-SHIM_SITE = $(call github,rhboot,shim,$(SHIM_VERSION))
+SHIM_VERSION = 15.4
+SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
+SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
SHIM_LICENSE_FILES = COPYRIGHT
SHIM_CPE_ID_VENDOR = redhat
-SHIM_DEPENDENCIES = gnu-efi
SHIM_INSTALL_TARGET = NO
SHIM_INSTALL_IMAGES = YES
SHIM_MAKE_OPTS = \
ARCH="$(GNU_EFI_PLATFORM)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
- DASHJ="-j$(PARALLEL_JOBS)" \
- EFI_INCLUDE="$(STAGING_DIR)/usr/include/efi" \
- EFI_PATH="$(STAGING_DIR)/usr/lib" \
- LIBDIR="$(STAGING_DIR)/usr/lib"
+ DASHJ="-j$(PARALLEL_JOBS)"
define SHIM_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) $(SHIM_MAKE_OPTS)
--
2.30.2
More information about the buildroot
mailing list