New upstream version 13~git1505328970.9c1c35c5

parent 25f7fd1f
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
certdb certdb
shim_cert.h shim_cert.h
*.a *.a
*.CSV
*.cer *.cer
*.crl *.crl
*.crt *.crt
......
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/..
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include/
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto
-I/usr/lib/gcc/x86_64-redhat-linux/7/include
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/../Include
-I/usr/include/efi
-I/usr/include/efi/x86_64
-I/usr/include/efi/protocol
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/asn1
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/evp
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/modes
-I/home/pjones/devel/github.com/shim/master/Cryptlib/OpenSSL/crypto/include
-DL_ENDIAN
-D_CRT_SECURE_NO_DEPRECATE
-D_CRT_NONSTDC_NO_DEPRECATE
-DOPENSSL_SMALL_FOOTPRINT
-DPEDANTIC
-ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic
-fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin
-Werror=sign-compare
-ffreestanding
-std=gnu89
-I/usr/lib/gcc/x86_64-redhat-linux/7/include
-nostdinc
-I/home/pjones/devel/github.com/shim/master/Cryptlib
-I/home/pjones/devel/github.com/shim/master/Cryptlib/Include
-I/usr/include/efi
-I/usr/include/efi/x86_64
-I/usr/include/efi/protocol
-I/home/pjones/devel/github.com/shim/master/include
-iquote
/home/pjones/devel/github.com/shim/master
-iquote
/home/pjones/devel/github.com/shim/master
-mno-mmx
-mno-sse
-mno-red-zone
-nostdinc
-maccumulate-outgoing-args
-DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI
-DNO_BUILTIN_VA_FUNCS
-DMDE_CPU_X64
-DPAGE_SIZE=4096
It's pretty straightforward:
cp $MY_DER_ENCODED_CERT pub.cer
make VENDOR_CERT_FILE=pub.cer
make EFIDIR=my_esp_dir_name install
There are a couple of ways to customize the build:
Install targets:
- install
installs shim as if to a hard drive, including installing MokManager and
fallback appropriately.
- install-as-data
installs shim files to /usr/share/shim/$(EFI_ARCH)-$(VERSION)/
Variables you should set to customize the build:
- EFIDIR
This is the name of the ESP directory. The install targets won't work
without it.
- DESTDIR
This will be prepended to any install targets, so you don't have to
install to a live root directory.
- DEFAULT_LOADER
defaults to \\\\grub$(EFI_ARCH).efi , but you could set it to whatever.
Be careful with the leading backslashes, they can be hard to get
correct.
Variables you could set to customize the build:
- ENABLE_SHIM_CERT
if this variable is defined one the make command line, shim will
generate keys during the build and sign MokManager and fallback with
them, and the signed version will be what gets installed with the
install targets
- ENABLE_HTTPBOOT
build support for http booting
- ARCH
This allows you to do a build for a different arch that we support. For
instance, on x86_64 you could do "setarch linux32 make ARCH=ia32" to get
the ia32 build instead. (DEFAULT_LOADER will be automatically adjusted
in that case.)
- TOPDIR
You can use this along with make -f to build in a subdir. For instance,
on an x86_64 machine you could do:
mkdir build-ia32 build-x64 inst
cd build-ia32
setarch linux32 make TOPDIR=.. ARCH=ia32 -f ../Makefile
setarch linux32 make TOPDIR=.. ARCH=ia32 \
DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
cd ../build-x64
make TOPDIR=.. -f ../Makefile
make TOPDIR=.. DESTDIR=../inst EFIDIR=debian \
-f ../Makefile install
That would get you x86_64 and ia32 builds in the "inst" subdir.
- OSLABEL
This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
By default this is the same value as EFIDIR .
# vim:filetype=mail:tw=74
diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h
index 99ea347..f11cffe 100644
--- a/Cryptlib/Include/openssl/e_os2.h
+++ b/Cryptlib/Include/openssl/e_os2.h
@@ -234,6 +234,7 @@ extern "C" {
/* Standard integer types */
# if defined(OPENSSL_SYS_UEFI)
+#include <efi.h>
typedef INT8 int8_t;
typedef UINT8 uint8_t;
typedef INT16 int16_t;
diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c
index f390e0d..65e9938 100644 index 68bc25a..1abe78e 100644
--- a/Cryptlib/SysCall/BaseMemAllocation.c --- a/Cryptlib/SysCall/BaseMemAllocation.c
+++ b/Cryptlib/SysCall/BaseMemAllocation.c +++ b/Cryptlib/SysCall/BaseMemAllocation.c
@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size) @@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size)
// BUG: hardcode OldSize == size! We have no any knowledge about // BUG: hardcode OldSize == size! We have no any knowledge about
// memory size of original pointer ptr. // memory size of original pointer ptr.
// //
...@@ -23,33 +11,8 @@ index f390e0d..65e9938 100644 ...@@ -23,33 +11,8 @@ index f390e0d..65e9938 100644
} }
/* De-allocates or frees a memory block */ /* De-allocates or frees a memory block */
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index 20c9656..7878953 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
return 0;
}
-//
-// -- Dummy OpenSSL Support Routines --
-//
-
-int BIO_printf (void *bio, const char *format, ...)
-{
- return 0;
-}
-
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
- return 0;
-}
-
#ifdef __GNUC__
typedef
diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c
index 581b8fb..04fe4ef 100644 index 805e6b4..bb7bcba 100644
--- a/Cryptlib/SysCall/TimerWrapper.c --- a/Cryptlib/SysCall/TimerWrapper.c
+++ b/Cryptlib/SysCall/TimerWrapper.c +++ b/Cryptlib/SysCall/TimerWrapper.c
@@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
...@@ -57,12 +20,12 @@ index 581b8fb..04fe4ef 100644 ...@@ -57,12 +20,12 @@ index 581b8fb..04fe4ef 100644
**/ **/
-#include <Uefi.h> -#include <Uefi.h>
#include <CrtLibSupport.h> #include <OpenSslSupport.h>
-#include <Library/UefiRuntimeServicesTableLib.h> -#include <Library/UefiRuntimeServicesTableLib.h>
// //
// -- Time Management Routines -- // -- Time Management Routines --
@@ -79,7 +77,7 @@ time_t time (time_t *timer) @@ -78,7 +76,7 @@ time_t time (time_t *timer)
// //
// Get the current time and date information // Get the current time and date information
// //
...@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644 ...@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644
// //
// Years Handling // Years Handling
diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c
index fb446b6..5a8322d 100644
--- a/Cryptlib/SysCall/CrtWrapper.c
+++ b/Cryptlib/SysCall/CrtWrapper.c
@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream)
// -- Dummy OpenSSL Support Routines --
//
-int BIO_printf (void *bio, const char *format, ...)
-{
- return 0;
-}
-
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
- return 0;
-}
-
void *UI_OpenSSL(void)
{
return NULL;
/** @file /** @file
HMAC-MD5 Wrapper Implementation which does not provide real capabilities. HMAC-MD5 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/** /**
Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations.
(NOTE: This API is deprecated.
Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.)
Return zero to indicate this interface is not supported. Return zero to indicate this interface is not supported.
...@@ -34,42 +32,6 @@ HmacMd5GetContextSize ( ...@@ -34,42 +32,6 @@ HmacMd5GetContextSize (
return 0; return 0;
} }
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use.
Return NULL to indicate this interface is not supported.
@retval NULL This interface is not supported.
**/
VOID *
EFIAPI
HmacMd5New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacMd5Free (
IN VOID *HmacMd5Ctx
)
{
ASSERT (FALSE);
return;
}
/** /**
Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for
subsequent use. subsequent use.
......
/** @file /** @file
HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. HMAC-SHA1 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/** /**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations.
(NOTE: This API is deprecated.
Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.)
Return zero to indicate this interface is not supported. Return zero to indicate this interface is not supported.
...@@ -34,42 +32,6 @@ HmacSha1GetContextSize ( ...@@ -34,42 +32,6 @@ HmacSha1GetContextSize (
return 0; return 0;
} }
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use.
Return NULL to indicate this interface is not supported.
@return NULL This interface is not supported..
**/
VOID *
EFIAPI
HmacSha1New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacSha1Free (
IN VOID *HmacSha1Ctx
)
{
ASSERT (FALSE);
return;
}
/** /**
Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for
subsequent use. subsequent use.
......
/** @file /** @file
HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. HMAC-SHA256 Wrapper Implementation which does not provide real capabilities.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ...@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/** /**
Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations.
(NOTE: This API is deprecated.
Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.)
Return zero to indicate this interface is not supported. Return zero to indicate this interface is not supported.
...@@ -34,42 +32,6 @@ HmacSha256GetContextSize ( ...@@ -34,42 +32,6 @@ HmacSha256GetContextSize (
return 0; return 0;
} }
/**
Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use.
Return NULL to indicate this interface is not supported.
@return NULL This interface is not supported..
**/
VOID *
EFIAPI
HmacSha256New (
VOID
)
{
ASSERT (FALSE);
return NULL;
}
/**
Release the specified HMAC_CTX context.
This function will do nothing.
@param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released.
**/
VOID
EFIAPI
HmacSha256Free (
IN VOID *HmacSha256Ctx
)
{