-
-
15.3630b8ded · ·
shim 15.3 Some highlights: - Support for revocations via the ".sbat" section and SBAT EFI variable - A new unit test framework and a bunch of unit tests - No external gnu-efi dependency - Better CI (with more yet needed) Many thanks to all who helped out, including but not limited to these contributions: Alex Burmashev (4): strndupa: allocate len + 1, so that \0 is not lost add list_empty to linked list primitives pe.c: parse SBAT variable and perform basic verification Fix compilation for older gcc Chris Co (2): sbat: add minor fixes to parse_sbat Add initial sbat unit testing code Chris Coulson (8): Fix sbsign command usage Rename check_{white,black}list to check_{allow,deny}list build: Pass the correct paths to sbsign Include missing .text sections in PE/COFF binary sbat: Don't assume VirtualSize == SizeOfRawData Ensure that MOK variable mirroring creates well formed ESLs Avoid creating unnecessary mirrored MOK variables Fix boot failures due to variable size constraints Colin Walters (1): Convert README -> README.md Dimitri John Ledkov (2): Add testsuite to the github pull request workflow. Drop comments, and make push workflow use same matrix as pullrequest. Gary Lin (9): src/netboot.c: remove the execute bit lib: move print_crypto_errors() out of console.c console: Move the countdown function to console.c fallback: show a countdown menu before reset sbat: fix the gcc warnings sbat: fix the residual "resource section" for SBAT Restore loaded image of shim at Exit() Set the section flags for .sbat arm and aarch64: include the aligned part in SizeOfRawData of sbat Hai Huang (1): Fix EV_EFI_VARIABLE_AUTHORITY event in eventlog Jan Setje-Eilers (8): Add Secure Boot Advanced Targeting (SBAT) specification document Add --set-section-alignment '.sbat=512' to objcopy command line Drop --set-section-alignment from Makefile since linker ALIGN(4096) already enforces the alignment, clarify that objcopy only needs to do the alignment in the SBAT spec. If the SBAT UEFI variable is not set, initialize it as a bootservices variable. Javier Martinez Canillas (10): Add a .sbat section to EFI binaries Add a function to parse the SBAT metadata from the .sbat section sbat: remove unused buffer parameter in parse_sbat() function sbat: use correct type for parse_sbat_var() return value Don't re-parse the SBAT EFI variable for each binary we load. sbat: include NULL terminator when calculating buffer end in parse_sbat() shim: initialize OpenSSL after parsing SBAT data sbat: make shim to parse it's own .sbat section on init shim: Fix a NULL pointer dereference caused by start not being set shim: Use the default loader if an EFI_LOAD_OPTION can't be parsed Jia Zhang (1): Ignore *.hash João Paulo Rechi Vita (8): fallback: Store label size instead of calculating on every use fallback: Consider all Boot* vars when checking for duplicates fallback: Only use VerbosePrint for debug messages fallback: Be silent by default fallback: Print original BootOrder value in verbose mode fallback: Wait before chainloading in verbose mode fallback: Make verbose mode's wait time configurable fallback: Allow defining FALLBACK_VERBOSE at build time Lisa White (1): Fix typo in a comment Luca Boccassi (1): Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined Mathieu Trudel-Lapierre (1): Add mm/fb hashing to TODO, put that and related things under 'Reproducible builds' Matthew Garrett (1): build: Import gnu-efi as a submodule and build against it Nicholas Bishop (1): BUILDING: Fix a typo Paul Menzel (1): README: Remove superfluous *and* Paul Moore (7): shim: compile time option to bypass the ExitBootServices() check build: add some basic $EFI_PATH checking SBAT: fix some typos in the SBAT docs SBAT: update the raw Markdown to look less terrible openssl: fix various build errors and warnings shim: attempt to improve the argument handling build: load local build configuration from Make.local if present Peter Jones (119): Use github actions for CI builds Split up push and PR CI/CD and build all patches in series on PRs Try to kick the github PR workflow... Add a .clang-format file. Always use lower case for our local include file names. Work around some clang-format oddnesses Renaming PeImage.h to pe.h wasn't actually a good idea. Fix pe.h -> peimage.h in /both/ places. github workflows: Unify the x86 pull request build rules steps github workflows: add the sbat branch to one PR builds run for efi bins: add an easy way for vendors to add .sbat data Remove my .syntastic_c_config, it doesn't belong in the repo. includes: add strchra() and strchrnula() impls Move a bunch of PE-related stuff out of shim.c Refactor some PE handling code Add some more PE helpers we need for SBAT Add the beginning of .sbat parsing stuff SBAT: parse a copy of the table that's got a NUL at the end Add an example SBAT workflow document Add some linked list primitives. get_variable: always allocate a NUL character at the end. add an ascii strndup() implementation. sbat: make the includes work like everything else. We're not using travis-build.sh any more. Try to make coverity.mk work without cov-build installed. Try to make scan-build.mk work without scan-build installed. Add some more TODOs for shim 16 Add another unfortunate TODO entry. Add some *more* TODO tasks. Add fallback boot loop detection to TODO Also ignore .sw? Add screen logs to .gitignore Add .cer/.crt/.esl to .gitignore BUILDING: fix missing DISABLE_EBS_PROTECTION section Re-alphabetize .gitignore. .gitignore: add build dirs and shim_cert.h .gitignore: ignore .gdbinit Fix up a bunch of our license statements and add SPDX most places SPDX: Clarify the attribution for crypt_blowfish SPDX: Clarify the attribution for James's lib/ code Make sure MIN() and MAX() are always defined. console: Fix a typo in the EFI warning list in gnu-efi Fix a bunch of trivial trailing whitespace issues. Make httpboot.c always get built. Make the variable name and pointer const in all of our efi vars functions Add ENABLE_SHIM_DEVEL config to change what our debug variable name is Use gcc -Os instead of -O0. sbat: clang-format the whole thing. SBAT: make the variable be CSV in our spec. SBAT: Fix all the docs examples to start with version 1 Fix an off by one in strnlena() shim: use an enum for efi_main's error messages. sbat: drop the struct sbat and just use two variables instead parse_sbat: handle the realloc failure leak and batch allocations. pe.c: move sbat verification to its own function. sbat: Fix two NULL derefs found with "gcc -fanalyzer" tpm: minor cleanup: use EV_IPL not 0xd Document struct mok_state_variable better. SBAT: mirror SBAT to SbatRT and extend to PCR7 + log Move the coverity and scan-build makefiles out of the top directory Make 'make fanalyzer' targets compiler.h: fix a typo and add some more function attribute macros Fix all the places we need UNUSED on arguments. Tidy up our string primitives... Add a list_size() primitive Move is_utf8_bom() to str.h includes: include all gnu-efi includes at one place. Fix our debuginfo paths hopefully Add a stand-alone CSV parser. SBAT: make our sbat section parser use the csv parser SBAT: make our SBAT variable parser use the CSV parser make 'make test' able to run unit test harnesses Add a tester for our string functions. Add test cases for our CSV parser. Fix-up and enable a bunch of .sbat section parsing tests. Make verify_sbat() more testable Fix two errant 'shim,0' outdated sbat cases. Add get_variable_size()/set_variable()del_variable() wrappers. CI: try to update submodules CI: show our compilation when it fails Re-organize a bunch of CFLAGS-related makefile bits Minor OpenSSL fixes static analysis: make our build targets work better More minor makefile cleanups Switch to using -std=gnu11 Don't use WCHAR even when we're assigning wide string literals Cryptlib: make some Str*() args const. Restructure our includes. Fix Cryptlib's va_* definitions. Consolidate most of our standard lib functions to lib Fix stdarg to work the same everywhere. Add some test cases, and make "make test" actually work. make: use -Wextra (minus some obnoxious bits) Test our strncmp vs known failing ones as well Add more string test cases. set_sbat_uefi_variable(): avoid comparing unsafe data shim: simplify sbat self-check logic. linker scripts: put .sbat after _edata arm arches: include .sbat in our section headers. Fix the compiler when invoking scan-build/fanalyzer/etc openssl: nerf some -W flags for clang. get_variable_attr(): fix a nit scan-build found. Fix include order More va_* work Don't even try to use builtins, just make sure we have the same types. Make ENABLE_SHIM_DEVEL work better. sbat variable: use UEFI_VAR_NV_BS_RT when we've got ENABLE_SHIM_DEVEL set_sbat_uefi_variable(): add a pile of debug prints. set_sbat_uefi_variable(): align some decisions that are off-by-one. Fix a plausible NULL dereference. 'make test': try harder to make it build in the right order. Nerf an unnecessary string test on arm. arm and aarch64: fix some PE headers. Make 'make test' work on gcc 4.8.5 Don't set LIBDIR in CI builds any more. Fix cross-compilation from x86_64->i686 Try multi-arch CI building using cross compilation Update 'make archive' to include gnu-efi Bump version to 15.3 Steve McIntyre (5): Second attempt at SBAT doc tweaks Fixups after Peter's review Fix bashisms in Make.coverity Stop using EFI_PATH, and error out if people try to use it Fix up build of test code using gcc 8 Thomas Frauendorfer | Miray Software (2): Fix column size check in SBAT variable parsing. Sort input file names in lib/Makefile -
shim-15.3-rc4f9294c2f · ·
shim 15.3 release candidate 4 Hopefully the last release candidate. Here's the shortlog since rc3: Chris Coulson (1): Fix boot failures due to variable size constraints Peter Jones (4): Make 'make test' work on gcc 4.8.5 Don't set LIBDIR in CI builds any more. Fix cross-compilation from x86_64->i686 Try multi-arch CI building using cross compilation -
shim-15.3-rc3d4494b5c · ·
shim 15.3 release candidate 3 Yet another release candidate. Here's the shortlog since rc2: Chris Coulson (2): Ensure that MOK variable mirroring creates well formed ESLs Avoid creating unnecessary mirrored MOK variables Gary Lin (1): arm and aarch64: include the aligned part in SizeOfRawData of sbat Javier Martinez Canillas (1): shim: Use the default loader if an EFI_LOAD_OPTION can't be parsed Paul Moore (1): build: load local build configuration from Make.local if present Thomas Frauendorfer | Miray Software (1): Sort input file names in lib/Makefile -
shim-15.3-rc250c19e93 · ·
shim 15.3 release candidate 2 Yay, another release candidate. Here's the shortlog since rc1: Javier Martinez Canillas (1): shim: Fix a NULL pointer dereference caused by start not being set Peter Jones (2): Nerf an unnecessary string test on arm. arm and aarch64: fix some PE headers. Steve McIntyre (2): Stop using EFI_PATH, and error out if people try to use it Fix up build of test code using gcc 8 -
shim-15.3-rc139b96c01 · ·
shim 15.3 release candidate 1 Well, here it is, a release candidate for shim-15.3. Maybe some features and contributors should be listed. Here's the shortlog: Alex Burmashev (4): strndupa: allocate len + 1, so that \0 is not lost add list_empty to linked list primitives pe.c: parse SBAT variable and perform basic verification Fix compilation for older gcc Chris Co (2): sbat: add minor fixes to parse_sbat Add initial sbat unit testing code Chris Coulson (5): Fix sbsign command usage Rename check_{white,black}list to check_{allow,deny}list build: Pass the correct paths to sbsign Include missing .text sections in PE/COFF binary sbat: Don't assume VirtualSize == SizeOfRawData Colin Walters (1): Convert README -> README.md Dimitri John Ledkov (2): Add testsuite to the github pull request workflow. Drop comments, and make push workflow use same matrix as pullrequest. Gary Lin (8): src/netboot.c: remove the execute bit lib: move print_crypto_errors() out of console.c console: Move the countdown function to console.c fallback: show a countdown menu before reset sbat: fix the gcc warnings sbat: fix the residual "resource section" for SBAT Restore loaded image of shim at Exit() Set the section flags for .sbat Hai Huang (1): Fix EV_EFI_VARIABLE_AUTHORITY event in eventlog Jan Setje-Eilers (8): Add Secure Boot Advanced Targeting (SBAT) specification document Add --set-section-alignment '.sbat=512' to objcopy command line Drop --set-section-alignment from Makefile since linker ALIGN(4096) already enforces the alignment, clarify that objcopy only needs to do the alignment in the SBAT spec. If the SBAT UEFI variable is not set, initialize it as a bootservices variable. Javier Martinez Canillas (8): Add a .sbat section to EFI binaries Add a function to parse the SBAT metadata from the .sbat section sbat: remove unused buffer parameter in parse_sbat() function sbat: use correct type for parse_sbat_var() return value Don't re-parse the SBAT EFI variable for each binary we load. sbat: include NULL terminator when calculating buffer end in parse_sbat() shim: initialize OpenSSL after parsing SBAT data sbat: make shim to parse it's own .sbat section on init Jia Zhang (1): Ignore *.hash João Paulo Rechi Vita (8): fallback: Store label size instead of calculating on every use fallback: Consider all Boot* vars when checking for duplicates fallback: Only use VerbosePrint for debug messages fallback: Be silent by default fallback: Print original BootOrder value in verbose mode fallback: Wait before chainloading in verbose mode fallback: Make verbose mode's wait time configurable fallback: Allow defining FALLBACK_VERBOSE at build time Lisa White (1): Fix typo in a comment Luca Boccassi (1): Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined Mathieu Trudel-Lapierre (1): Add mm/fb hashing to TODO, put that and related things under 'Reproducible builds' Matthew Garrett (1): build: Import gnu-efi as a submodule and build against it Nicholas Bishop (1): BUILDING: Fix a typo Paul Menzel (1): README: Remove superfluous *and* Paul Moore (6): shim: compile time option to bypass the ExitBootServices() check build: add some basic $EFI_PATH checking SBAT: fix some typos in the SBAT docs SBAT: update the raw Markdown to look less terrible openssl: fix various build errors and warnings shim: attempt to improve the argument handling Peter Jones (111): Use github actions for CI builds Split up push and PR CI/CD and build all patches in series on PRs Try to kick the github PR workflow... Add a .clang-format file. Always use lower case for our local include file names. Work around some clang-format oddnesses Renaming PeImage.h to pe.h wasn't actually a good idea. Fix pe.h -> peimage.h in /both/ places. github workflows: Unify the x86 pull request build rules steps github workflows: add the sbat branch to one PR builds run for efi bins: add an easy way for vendors to add .sbat data Remove my .syntastic_c_config, it doesn't belong in the repo. includes: add strchra() and strchrnula() impls Move a bunch of PE-related stuff out of shim.c Refactor some PE handling code Add some more PE helpers we need for SBAT Add the beginning of .sbat parsing stuff SBAT: parse a copy of the table that's got a NUL at the end Add an example SBAT workflow document Add some linked list primitives. get_variable: always allocate a NUL character at the end. add an ascii strndup() implementation. sbat: make the includes work like everything else. We're not using travis-build.sh any more. Try to make coverity.mk work without cov-build installed. Try to make scan-build.mk work without scan-build installed. Add some more TODOs for shim 16 Add another unfortunate TODO entry. Add some *more* TODO tasks. Add fallback boot loop detection to TODO Also ignore .sw? Add screen logs to .gitignore Add .cer/.crt/.esl to .gitignore BUILDING: fix missing DISABLE_EBS_PROTECTION section Re-alphabetize .gitignore. .gitignore: add build dirs and shim_cert.h .gitignore: ignore .gdbinit Fix up a bunch of our license statements and add SPDX most places SPDX: Clarify the attribution for crypt_blowfish SPDX: Clarify the attribution for James's lib/ code Make sure MIN() and MAX() are always defined. console: Fix a typo in the EFI warning list in gnu-efi Fix a bunch of trivial trailing whitespace issues. Make httpboot.c always get built. Make the variable name and pointer const in all of our efi vars functions Add ENABLE_SHIM_DEVEL config to change what our debug variable name is Use gcc -Os instead of -O0. sbat: clang-format the whole thing. SBAT: make the variable be CSV in our spec. SBAT: Fix all the docs examples to start with version 1 Fix an off by one in strnlena() shim: use an enum for efi_main's error messages. sbat: drop the struct sbat and just use two variables instead parse_sbat: handle the realloc failure leak and batch allocations. pe.c: move sbat verification to its own function. sbat: Fix two NULL derefs found with "gcc -fanalyzer" tpm: minor cleanup: use EV_IPL not 0xd Document struct mok_state_variable better. SBAT: mirror SBAT to SbatRT and extend to PCR7 + log Move the coverity and scan-build makefiles out of the top directory Make 'make fanalyzer' targets compiler.h: fix a typo and add some more function attribute macros Fix all the places we need UNUSED on arguments. Tidy up our string primitives... Add a list_size() primitive Move is_utf8_bom() to str.h includes: include all gnu-efi includes at one place. Fix our debuginfo paths hopefully Add a stand-alone CSV parser. SBAT: make our sbat section parser use the csv parser SBAT: make our SBAT variable parser use the CSV parser make 'make test' able to run unit test harnesses Add a tester for our string functions. Add test cases for our CSV parser. Fix-up and enable a bunch of .sbat section parsing tests. Make verify_sbat() more testable Fix two errant 'shim,0' outdated sbat cases. Add get_variable_size()/set_variable()del_variable() wrappers. CI: try to update submodules CI: show our compilation when it fails Re-organize a bunch of CFLAGS-related makefile bits Minor OpenSSL fixes static analysis: make our build targets work better More minor makefile cleanups Switch to using -std=gnu11 Don't use WCHAR even when we're assigning wide string literals Cryptlib: make some Str*() args const. Restructure our includes. Fix Cryptlib's va_* definitions. Consolidate most of our standard lib functions to lib Fix stdarg to work the same everywhere. Add some test cases, and make "make test" actually work. make: use -Wextra (minus some obnoxious bits) Test our strncmp vs known failing ones as well Add more string test cases. set_sbat_uefi_variable(): avoid comparing unsafe data shim: simplify sbat self-check logic. linker scripts: put .sbat after _edata arm arches: include .sbat in our section headers. Fix the compiler when invoking scan-build/fanalyzer/etc openssl: nerf some -W flags for clang. get_variable_attr(): fix a nit scan-build found. Fix include order More va_* work Don't even try to use builtins, just make sure we have the same types. Make ENABLE_SHIM_DEVEL work better. sbat variable: use UEFI_VAR_NV_BS_RT when we've got ENABLE_SHIM_DEVEL set_sbat_uefi_variable(): add a pile of debug prints. set_sbat_uefi_variable(): align some decisions that are off-by-one. Fix a plausible NULL dereference. 'make test': try harder to make it build in the right order. Steve McIntyre (3): Second attempt at SBAT doc tweaks Fix bashisms in Make.coverity Thomas Frauendorfer | Miray Software (1): Fix column size check in SBAT variable parsing. -
-
-
debian/15+1533136590.3beb971-10379f0954 · ·
releasing package shim version 15+1533136590.3beb971-10
-
debian/15+1533136590.3beb971-7+deb10u18f4159e8 · ·
releasing package shim version 15+1533136590.3beb971-7+deb10u1
-