shim.h

   1 // SPDX-License-Identifier: BSD-2-Clause-Patent
   2
   3 #ifndef SHIM_H_
   4 #define SHIM_H_
   5
   6 #ifdef SHIM_UNIT_TEST
   7 #define _GNU_SOURCE
   8 #endif
   9
  10 #if defined __GNUC__ && defined __GNUC_MINOR__
  11 # define GNUC_PREREQ(maj, min) \
  12         ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
  13 #else
  14 # define GNUC_PREREQ(maj, min) 0
  15 #endif
  16 #if defined __clang_major__ && defined __clang_minor__
  17 # define CLANG_PREREQ(maj, min) \
  18   ((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min))
  19 #else
  20 # define CLANG_PREREQ(maj, min) 0
  21 #endif
  22
  23 #if defined(__x86_64__)
  24 /* gcc 4.5.4 is the first documented release with -mabi=ms */
  25 /* gcc 4.7.1 is the first one with __builtin_ms_va_list */
  26 #if !GNUC_PREREQ(4, 7) && !CLANG_PREREQ(3, 4)
  27 #error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__))
  28 #endif
  29
  30 #if !defined(GNU_EFI_USE_EXTERNAL_STDARG)
  31 #define GNU_EFI_USE_EXTERNAL_STDARG
  32 #endif
  33
  34 #if !defined(GNU_EFI_USE_MS_ABI)
  35 #define GNU_EFI_USE_MS_ABI
  36 #endif
  37
  38 #ifdef NO_BUILTIN_VA_FUNCS
  39 #undef NO_BUILTIN_VA_FUNCS
  40 #endif
  41 #endif
  42
  43 #include <ctype.h>
  44 #include <stdbool.h>
  45 #include <stddef.h>
  46 #include <stdint.h>
  47 #include <stdarg.h>
  48 #include <string.h>
  49 #include <strings.h>
  50
  51 #ifndef SHIM_UNIT_TEST
  52 #include <efi.h>
  53 #include <efilib.h>
  54 #undef uefi_call_wrapper
  55 #include <efierr.h>
  56 #include <efiip.h>
  57
  58 #if defined(__x86_64__) && !defined(HAVE_USE_MS_ABI)
  59 #error something has gone wrong with the gnu-efi includes and defines
  60 #endif
  61 #endif
  62
  63 #ifdef SHIM_UNIT_TEST
  64 #include "include/test.h"
  65 #endif
  66
  67 #ifdef __x86_64__
  68 #ifndef DEFAULT_LOADER
  69 #define DEFAULT_LOADER L"\\grubx64.efi"
  70 #endif
  71 #ifndef DEFAULT_LOADER_CHAR
  72 #define DEFAULT_LOADER_CHAR "\\grubx64.efi"
  73 #endif
  74 #ifndef EFI_ARCH
  75 #define EFI_ARCH L"x64"
  76 #endif
  77 #ifndef DEBUGDIR
  78 #define DEBUGDIR L"/usr/lib/debug/usr/share/shim/x64/"
  79 #endif
  80 #endif
  81
  82 #if defined(__i686__) || defined(__i386__)
  83 #ifndef DEFAULT_LOADER
  84 #define DEFAULT_LOADER L"\\grubia32.efi"
  85 #endif
  86 #ifndef DEFAULT_LOADER_CHAR
  87 #define DEFAULT_LOADER_CHAR "\\grubia32.efi"
  88 #endif
  89 #ifndef EFI_ARCH
  90 #define EFI_ARCH L"ia32"
  91 #endif
  92 #ifndef DEBUGDIR
  93 #define DEBUGDIR L"/usr/lib/debug/usr/share/shim/ia32/"
  94 #endif
  95 #endif
  96
  97 #if defined(__aarch64__)
  98 #ifndef DEFAULT_LOADER
  99 #define DEFAULT_LOADER L"\\grubaa64.efi"
 100 #endif
 101 #ifndef DEFAULT_LOADER_CHAR
 102 #define DEFAULT_LOADER_CHAR "\\grubaa64.efi"
 103 #endif
 104 #ifndef EFI_ARCH
 105 #define EFI_ARCH L"aa64"
 106 #endif
 107 #ifndef DEBUGDIR
 108 #define DEBUGDIR L"/usr/lib/debug/usr/share/shim/aa64/"
 109 #endif
 110 #endif
 111
 112 #if defined(__arm__)
 113 #ifndef DEFAULT_LOADER
 114 #define DEFAULT_LOADER L"\\grubarm.efi"
 115 #endif
 116 #ifndef DEFAULT_LOADER_CHAR
 117 #define DEFAULT_LOADER_CHAR "\\grubarm.efi"
 118 #endif
 119 #ifndef EFI_ARCH
 120 #define EFI_ARCH L"arm"
 121 #endif
 122 #ifndef DEBUGDIR
 123 #define DEBUGDIR L"/usr/lib/debug/usr/share/shim/arm/"
 124 #endif
 125 #endif
 126
 127 #ifndef DEBUGSRC
 128 #define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
 129 #endif
 130
 131 #define FALLBACK L"\\fb" EFI_ARCH L".efi"
 132 #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
 133
 134 #if defined(VENDOR_DB_FILE)
 135 # define vendor_authorized vendor_db
 136 # define vendor_authorized_size vendor_db_size
 137 # define vendor_authorized_category VENDOR_ADDEND_DB
 138 #elif defined(VENDOR_CERT_FILE)
 139 # define vendor_authorized vendor_cert
 140 # define vendor_authorized_size vendor_cert_size
 141 # define vendor_authorized_category VENDOR_ADDEND_X509
 142 #else
 143 # define vendor_authorized vendor_null
 144 # define vendor_authorized_size vendor_null_size
 145 # define vendor_authorized_category VENDOR_ADDEND_NONE
 146 #endif
 147
 148 #if defined(VENDOR_DBX_FILE)
 149 # define vendor_deauthorized vendor_dbx
 150 # define vendor_deauthorized_size vendor_dbx_size
 151 #else
 152 # define vendor_deauthorized vendor_deauthorized_null
 153 # define vendor_deauthorized_size vendor_deauthorized_null_size
 154 #endif
 155
 156 #include "include/asm.h"
 157 #include "include/compiler.h"
 158 #include "include/list.h"
 159 #include "include/configtable.h"
 160 #include "include/console.h"
 161 #include "include/crypt_blowfish.h"
 162 #include "include/efiauthenticated.h"
 163 #include "include/errors.h"
 164 #include "include/execute.h"
 165 #include "include/guid.h"
 166 #include "include/http.h"
 167 #include "include/httpboot.h"
 168 #include "include/ip4config2.h"
 169 #include "include/ip6config.h"
 170 #include "include/netboot.h"
 171 #include "include/passwordcrypt.h"
 172 #include "include/peimage.h"
 173 #include "include/pe.h"
 174 #include "include/replacements.h"
 175 #include "include/sbat.h"
 176 #if defined(OVERRIDE_SECURITY_POLICY)
 177 #include "include/security_policy.h"
 178 #endif
 179 #include "include/simple_file.h"
 180 #include "include/str.h"
 181 #include "include/tpm.h"
 182 #include "include/ucs2.h"
 183 #include "include/variables.h"
 184 #include "include/hexdump.h"
 185
 186 #include "version.h"
 187
 188 #ifndef SHIM_UNIT_TEST
 189 #include "Cryptlib/Include/OpenSslSupport.h"
 190 #endif
 191
 192 INTERFACE_DECL(_SHIM_LOCK);
 193
 194 typedef
 195 EFI_STATUS
 196 (*EFI_SHIM_LOCK_VERIFY) (
 197         IN VOID *buffer,
 198         IN UINT32 size
 199         );
 200
 201 typedef
 202 EFI_STATUS
 203 (*EFI_SHIM_LOCK_HASH) (
 204         IN char *data,
 205         IN int datasize,
 206         PE_COFF_LOADER_IMAGE_CONTEXT *context,
 207         UINT8 *sha256hash,
 208         UINT8 *sha1hash
 209         );
 210
 211 typedef
 212 EFI_STATUS
 213 (*EFI_SHIM_LOCK_CONTEXT) (
 214         IN VOID *data,
 215         IN unsigned int datasize,
 216         PE_COFF_LOADER_IMAGE_CONTEXT *context
 217         );
 218
 219 typedef struct _SHIM_LOCK {
 220         EFI_SHIM_LOCK_VERIFY Verify;
 221         EFI_SHIM_LOCK_HASH Hash;
 222         EFI_SHIM_LOCK_CONTEXT Context;
 223 } SHIM_LOCK;
 224
 225 extern EFI_STATUS shim_init(void);
 226 extern void shim_fini(void);
 227 extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func,
 228                                    const CHAR16 *fmt, ...);
 229 extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func,
 230                                    const CHAR16 *fmt, ms_va_list args);
 231 extern VOID LogHexdump_(const char *file, int line, const char *func,
 232                         const void *data, size_t sz);
 233 extern VOID PrintErrors(VOID);
 234 extern VOID ClearErrors(VOID);
 235 extern VOID restore_loaded_image(VOID);
 236 extern EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath);
 237 extern EFI_STATUS import_mok_state(EFI_HANDLE image_handle);
 238
 239 extern UINT32 vendor_authorized_size;
 240 extern UINT8 *vendor_authorized;
 241
 242 extern UINT32 vendor_deauthorized_size;
 243 extern UINT8 *vendor_deauthorized;
 244
 245 #if defined(ENABLE_SHIM_CERT)
 246 extern UINT32 build_cert_size;
 247 extern UINT8 *build_cert;
 248 #endif /* defined(ENABLE_SHIM_CERT) */
 249
 250 extern UINT8 user_insecure_mode;
 251 extern UINT8 ignore_db;
 252 extern UINT8 in_protocol;
 253 extern void *load_options;
 254 extern UINT32 load_options_size;
 255
 256 BOOLEAN secure_mode (void);
 257
 258 EFI_STATUS
 259 verify_buffer (char *data, int datasize,
 260                PE_COFF_LOADER_IMAGE_CONTEXT *context,
 261                UINT8 *sha256hash, UINT8 *sha1hash);
 262
 263 #ifndef SHIM_UNIT_TEST
 264 #define perror_(file, line, func, fmt, ...) ({                                  \
 265                 UINTN __perror_ret = 0;                                         \
 266                 if (!in_protocol)                                               \
 267                         __perror_ret = console_print((fmt), ##__VA_ARGS__);     \
 268                 LogError_(file, line, func, fmt, ##__VA_ARGS__);                \
 269                 __perror_ret;                                                   \
 270         })
 271 #define perror(fmt, ...) \
 272         perror_(__FILE__, __LINE__ - 1, __func__, fmt, ##__VA_ARGS__)
 273 #define LogError(fmt, ...) \
 274         LogError_(__FILE__, __LINE__ - 1, __func__, fmt, ##__VA_ARGS__)
 275 #else
 276 #define perror(fmt, ...)
 277 #define LogError(fmt, ...)
 278 #endif
 279
 280 char *translate_slashes(char *out, const char *str);
 281
 282 #endif /* SHIM_H_ */