Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misc fixups from scan-build. #477

Merged
merged 7 commits into from
May 18, 2022
Merged

Misc fixups from scan-build. #477

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8ad4443
make: unbreak scan-build again for gnu-efi
vathpela May 18, 2022
813f7cb
sbat.h: minor reformatting for legibility
vathpela May 18, 2022
0d4df7c
peimage.h: make our signature macros force the type
vathpela May 18, 2022
dc8a7c0
Always initialize data/datasize before calling read_image()
vathpela May 18, 2022
337dfaa
sbat policy: make our policy change actions symbolic
vathpela May 18, 2022
04dd062
load_certs: trust dir->Read() slightly less.
vathpela May 18, 2022
ac041ed
mok.c: fix a trivial dead assignment
vathpela May 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
mkdir -p gnu-efi/lib gnu-efi/gnuefi
$(MAKE) -C gnu-efi \
COMPILER="$(COMPILER)" \
CCC_CC="$(COMPILER)" \
CC="$(CC)" \
ARCH=$(ARCH_GNUEFI) \
TOPDIR=$(TOPDIR)/gnu-efi \
Expand Down
12 changes: 8 additions & 4 deletions include/peimage.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,14 @@

#include "wincert.h"

#define SIGNATURE_16(A, B) ((A) | (B << 8))
#define SIGNATURE_32(A, B, C, D) (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16))
#define SIGNATURE_64(A, B, C, D, E, F, G, H) \
(SIGNATURE_32 (A, B, C, D) | ((UINT64) (SIGNATURE_32 (E, F, G, H)) << 32))
#define SIGNATURE_16(A, B) \
((UINT16)(((UINT16)(A)) | (((UINT16)(B)) << ((UINT16)8))))
#define SIGNATURE_32(A, B, C, D) \
((UINT32)(((UINT32)SIGNATURE_16(A, B)) | \
(((UINT32)SIGNATURE_16(C, D)) << (UINT32)16)))
#define SIGNATURE_64(A, B, C, D, E, F, G, H) \
((UINT64)((UINT64)SIGNATURE_32(A, B, C, D) | \
((UINT64)(SIGNATURE_32(E, F, G, H)) << (UINT64)32)))

#define ALIGN_VALUE(Value, Alignment) ((Value) + (((Alignment) - (Value)) & ((Alignment) - 1)))
#define ALIGN_POINTER(Pointer, Alignment) ((VOID *) (ALIGN_VALUE ((UINTN)(Pointer), (Alignment))))
Expand Down
28 changes: 18 additions & 10 deletions include/sbat.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,29 +9,33 @@
#define SBAT_VAR_SIG "sbat,"
#define SBAT_VAR_VERSION "1,"
#define SBAT_VAR_ORIGINAL_DATE "2021030218"
#define SBAT_VAR_ORIGINAL SBAT_VAR_SIG SBAT_VAR_VERSION \
SBAT_VAR_ORIGINAL_DATE "\n"
#define SBAT_VAR_ORIGINAL \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"

#if defined(ENABLE_SHIM_DEVEL)
#define SBAT_VAR_PREVIOUS_DATE "2022020101"
#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
#define SBAT_VAR_PREVIOUS SBAT_VAR_SIG SBAT_VAR_VERSION \
SBAT_VAR_PREVIOUS_DATE "\n" SBAT_VAR_PREVIOUS_REVOCATIONS
#define SBAT_VAR_PREVIOUS \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
SBAT_VAR_PREVIOUS_REVOCATIONS

#define SBAT_VAR_LATEST_DATE "2022050100"
#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
#define SBAT_VAR_LATEST SBAT_VAR_SIG SBAT_VAR_VERSION \
SBAT_VAR_LATEST_DATE "\n" SBAT_VAR_LATEST_REVOCATIONS
#define SBAT_VAR_LATEST \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
SBAT_VAR_LATEST_REVOCATIONS
#else /* !ENABLE_SHIM_DEVEL */
#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
#define SBAT_VAR_PREVIOUS_REVOCATIONS
#define SBAT_VAR_PREVIOUS SBAT_VAR_SIG SBAT_VAR_VERSION \
SBAT_VAR_PREVIOUS_DATE "\n" SBAT_VAR_PREVIOUS_REVOCATIONS
#define SBAT_VAR_PREVIOUS \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
SBAT_VAR_PREVIOUS_REVOCATIONS

#define SBAT_VAR_LATEST_DATE SBAT_VAR_ORIGINAL_DATE
#define SBAT_VAR_LATEST_REVOCATIONS
#define SBAT_VAR_LATEST SBAT_VAR_SIG SBAT_VAR_VERSION \
SBAT_VAR_LATEST_DATE "\n" SBAT_VAR_LATEST_REVOCATIONS
#define SBAT_VAR_LATEST \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
SBAT_VAR_LATEST_REVOCATIONS
#endif /* ENABLE_SHIM_DEVEL */

#define UEFI_VAR_NV_BS \
Expand Down Expand Up @@ -59,6 +63,10 @@
#define SBAT_POLICY L"SbatPolicy"
#define SBAT_POLICY8 "SbatPolicy"

#define SBAT_POLICY_LATEST 1
#define SBAT_POLICY_PREVIOUS 2
#define SBAT_POLICY_RESET 3

extern UINTN _sbat, _esbat;

struct sbat_var_entry {
Expand Down
1 change: 0 additions & 1 deletion mok.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -873,7 +873,6 @@ EFI_STATUS import_one_mok_state(struct mok_state_variable *v,
v->data = AllocateZeroPool(4);
v->data[0] = 0x01;
v->data_size = 1;
efi_status = EFI_SUCCESS;
} else if (efi_status == EFI_NOT_FOUND) {
v->data = NULL;
v->data_size = 0;
Expand Down
16 changes: 13 additions & 3 deletions sbat.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,15 +353,15 @@ set_sbat_uefi_variable(void)
sbat_var = SBAT_VAR_PREVIOUS;
} else {
switch (*sbat_policy) {
case 1:
case SBAT_POLICY_LATEST:
dprint("Custom sbat policy: latest\n");
sbat_var = SBAT_VAR_LATEST;
break;
case 2:
case SBAT_POLICY_PREVIOUS:
dprint("Custom sbat policy: previous\n");
sbat_var = SBAT_VAR_PREVIOUS;
break;
case 3:
case SBAT_POLICY_RESET:
if (secure_mode()) {
console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n");
sbat_var = SBAT_VAR_PREVIOUS;
Expand All @@ -374,6 +374,16 @@ set_sbat_uefi_variable(void)
if (EFI_ERROR(efi_status))
console_error(L"Could not reset SBAT Policy",
efi_status);
break;
default:
console_error(L"SBAT policy state %llu is invalid",
EFI_INVALID_PARAMETER);
efi_status = del_variable(SBAT_POLICY, SHIM_LOCK_GUID);
if (EFI_ERROR(efi_status))
console_error(L"Could not reset SBAT Policy",
efi_status);
sbat_var = SBAT_VAR_PREVIOUS;
break;
}
}

Expand Down
11 changes: 5 additions & 6 deletions shim.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1138,7 +1138,7 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
UINTN alloc_pages;
CHAR16 *PathName = NULL;
void *data = NULL;
int datasize;
int datasize = 0;

efi_status = read_image(image_handle, ImagePath, PathName, &data,
&datasize);
Expand Down Expand Up @@ -1402,13 +1402,12 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename)
CHAR16 *PathName = NULL;
void *pointer;
UINT32 original;
int datasize;
void *data;
int datasize = 0;
void *data = NULL;
int i;

efi_status = read_image(image_handle, filename, PathName,
&data, &datasize);

if (EFI_ERROR(efi_status))
return efi_status;

Expand Down Expand Up @@ -1497,10 +1496,10 @@ load_certs(EFI_HANDLE image_handle)
goto done;
}

if (buffersize == 0)
info = (EFI_FILE_INFO *)buffer;
if (buffersize == 0 || !info)
goto done;

info = (EFI_FILE_INFO *)buffer;
if (StrnCaseCmp(info->FileName, L"shim_certificate", 16) == 0) {
load_cert_file(image_handle, info->FileName);
}
Expand Down