Commit ab4c731c authored by Steve Langasek's avatar Steve Langasek

* New upstream release.

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.
parents 0d63079c 9c12130f
......@@ -2,6 +2,7 @@
certdb
shim_cert.h
*.a
*.CSV
*.cer
*.crl
*.crt
......@@ -24,3 +25,5 @@ shim_cert.h
*.srl.old
*.tar.*
version.c
cov-int/
scan-results/
-DL_ENDIAN
-D_CRT_SECURE_NO_DEPRECATE
-D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_SMALL_FOOTPRINT
-DPEDANTIC
-ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic
-fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin
-Werror=sign-compare
-ffreestanding
-std=gnu89
-nostdinc
-I/usr/lib/gcc/x86_64-redhat-linux/7/include
-Iinclude
-ICryptlib/
-ICryptlib/Include/
-ICryptlib/OpenSSL/
-ICryptlib/OpenSSL/crypto/
-I/usr/include/efi/
-I/usr/include/efi/x86_64/
-I/usr/include/efi/protocol/
-ICryptlib/OpenSSL/crypto/asn1/
-ICryptlib/OpenSSL/crypto/evp/
-ICryptlib/OpenSSL/crypto/modes/
-ICryptlib/OpenSSL/crypto/include/
-iquote
.
-mno-mmx
-mno-sse
-mno-red-zone
-nostdinc
-maccumulate-outgoing-args
-DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI
-DNO_BUILTIN_VA_FUNCS
-DMDE_CPU_X64
-DPAGE_SIZE=4096
language: c
cache: ccache
branches:
except:
- travis
matrix:
include:
- os: linux
dist: trusty
services: docker
before_install:
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then docker pull vathpela/efi-ci-rawhide:v0 ; fi
script:
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then docker run vathpela/efi-ci-rawhide:v0 /bin/sh -c "cd /root/ && ./build.sh --branch \"$TRAVIS_BRANCH\" --commit \"$TRAVIS_COMMIT\" --commit-range \"$TRAVIS_COMMIT_RANGE\" --event-type \"$TRAVIS_EVENT_TYPE\" --pull-request \"$TRAVIS_PULL_REQUEST\" --pr-branch \"$TRAVIS_PULL_REQUEST_BRANCH\" --pr-sha \"$TRAVIS_PULL_REQUEST_SHA\" --remote \"$TRAVIS_PULL_REQUEST_SLUG\" --repo \"$TRAVIS_REPO_SLUG\" --test-subject shim" ; fi
It's pretty straightforward:
cp $MY_DER_ENCODED_CERT pub.cer
make VENDOR_CERT_FILE=pub.cer
make EFIDIR=my_esp_dir_name install
There are a couple of ways to customize the build:
Install targets:
- install
installs shim as if to a hard drive, including installing MokManager and
fallback appropriately.
- install-as-data
installs shim files to /usr/share/shim/$(EFI_ARCH)-$(VERSION)/
Variables you should set to customize the build:
- EFIDIR
This is the name of the ESP directory. The install targets won't work
without it.
- DESTDIR
This will be prepended to any install targets, so you don't have to
install to a live root directory.
- DEFAULT_LOADER
defaults to \\\\grub$(EFI_ARCH).efi , but you could set it to whatever.
Be careful with the leading backslashes, they can be hard to get
correct.
Variables you could set to customize the build:
- ENABLE_SHIM_CERT
if this variable is defined on the make command line, shim will
generate keys during the build and sign MokManager and fallback with
them, and the signed version will be what gets installed with the
install targets
- ENABLE_HTTPBOOT
build support for http booting
- REQUIRE_TPM
if tpm logging or extends return an error code, treat that as a fatal error.
- ARCH
This allows you to do a build for a different arch that we support. For
instance, on x86_64 you could do "setarch linux32 make ARCH=ia32" to get
the ia32 build instead. (DEFAULT_LOADER will be automatically adjusted
in that case.)
- TOPDIR
You can use this along with make -f to build in a subdir. For instance,
on an x86_64 machine you could do:
mkdir build-ia32 build-x64 inst
cd build-ia32
setarch linux32 make TOPDIR=.. ARCH=ia32 -f ../Makefile
setarch linux32 make TOPDIR=.. ARCH=ia32 \
DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
cd ../build-x64
make TOPDIR=.. -f ../Makefile
make TOPDIR=.. DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
That would get you x86_64 and ia32 builds in the "inst" subdir.
- OSLABEL
This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
By default this is the same value as EFIDIR .
# vim:filetype=mail:tw=74
/** @file
ARC4 Wrapper Implementation over OpenSSL.
/** @file
ARC4 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
......@@ -13,12 +13,14 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "InternalCryptLib.h"
#include <openssl/rc4.h>
/**
Retrieves the size, in bytes, of the context buffer required for ARC4 operations.
@return The size, in bytes, of the context buffer required for ARC4 operations.
Return zero to indicate this interface is not supported.
@retval 0 This interface is not supported.
**/
UINTN
......@@ -27,31 +29,20 @@ Arc4GetContextSize (
VOID
)
{
//
// Memory for 2 copies of RC4_KEY is allocated, one for working copy, and the other
// for backup copy. When Arc4Reset() is called, we can use the backup copy to restore
// the working copy to the initial state.
//
return (UINTN) (2 * sizeof (RC4_KEY));
ASSERT (FALSE);
return 0;
}
/**
Initializes user-supplied memory as ARC4 context for subsequent use.
This function initializes user-supplied memory pointed by Arc4Context as ARC4 context.
In addition, it sets up all ARC4 key materials for subsequent encryption and decryption
operations.
If Arc4Context is NULL, then return FALSE.
If Key is NULL, then return FALSE.
If KeySize does not in the range of [5, 256] bytes, then return FALSE.
Return FALSE to indicate this interface is not supported.
@param[out] Arc4Context Pointer to ARC4 context being initialized.
@param[in] Key Pointer to the user-supplied ARC4 key.
@param[in] KeySize Size of ARC4 key in bytes.
@retval TRUE ARC4 context initialization succeeded.
@retval FALSE ARC4 context initialization failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
......@@ -62,43 +53,21 @@ Arc4Init (
IN UINTN KeySize
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Key == NULL || (KeySize < 5 || KeySize > 256)) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4_set_key (Rc4Key, (UINT32) KeySize, Key);
CopyMem (Rc4Key + 1, Rc4Key, sizeof (RC4_KEY));
return TRUE;
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 encryption on a data buffer of the specified size.
This function performs ARC4 encryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be encrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 encryption output.
@retval TRUE ARC4 encryption succeeded.
@retval FALSE ARC4 encryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
......@@ -109,42 +78,22 @@ Arc4Encrypt (
IN UINTN InputSize,
OUT UINT8 *Output
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
return TRUE;
{
ASSERT (FALSE);
return FALSE;
}
/**
Performs ARC4 decryption on a data buffer of the specified size.
This function performs ARC4 decryption on data buffer pointed by Input, of specified
size of InputSize.
Arc4Context should be already correctly initialized by Arc4Init(). Behavior with
invalid ARC4 context is undefined.
If Arc4Context is NULL, then return FALSE.
If Input is NULL, then return FALSE.
If Output is NULL, then return FALSE.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@param[in] Input Pointer to the buffer containing the data to be decrypted.
@param[in] InputSize Size of the Input buffer in bytes.
@param[out] Output Pointer to a buffer that receives the ARC4 decryption output.
@retval TRUE ARC4 decryption succeeded.
@retval FALSE ARC4 decryption failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
......@@ -156,36 +105,18 @@ Arc4Decrypt (
OUT UINT8 *Output
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL || Input == NULL || Output == NULL || InputSize > INT_MAX) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
RC4 (Rc4Key, (UINT32) InputSize, Input, Output);
return TRUE;
ASSERT (FALSE);
return FALSE;
}
/**
Resets the ARC4 context to the initial state.
The function resets the ARC4 context to the state it had immediately after the
ARC4Init() function call.
Contrary to ARC4Init(), Arc4Reset() requires no secret key as input, but ARC4 context
should be already correctly initialized by ARC4Init().
If Arc4Context is NULL, then return FALSE.
Return FALSE to indicate this interface is not supported.
@param[in, out] Arc4Context Pointer to the ARC4 context.
@retval TRUE ARC4 reset succeeded.
@retval FALSE ARC4 reset failed.
@retval FALSE This interface is not supported.
**/
BOOLEAN
......@@ -194,18 +125,6 @@ Arc4Reset (
IN OUT VOID *Arc4Context
)
{
RC4_KEY *Rc4Key;
//
// Check input parameters.
//
if (Arc4Context == NULL) {
return FALSE;
}
Rc4Key = (RC4_KEY *) Arc4Context;
CopyMem (Rc4Key, Rc4Key + 1, sizeof (RC4_KEY));
return TRUE;
ASSERT (FALSE);
return FALSE;
}
This diff is collapsed.
/** @file
TDES Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "InternalCryptLib.h"
/**
Retrieves the size, in bytes, of the context buffer required for TDES operations.
Return zero to indicate this interface is not supported.