Remove all our patches, all upstream now.
+shim (15.5-1) UNRELEASED; urgency=medium
+
+ * New upstream release fixing more bugs
+ + Remove all our old patches, all now upstream:
+ - Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch
+ - MOK-BootServicesData.patch
+ - fix-broken-ia32-reloc.patch
+ - fix-import_one_mok_state.patch
+ - fix_arm64_rela_sections.patch
+ - relax_check_for_import_mok_state.patch
+
+ -- Steve McIntyre <93sam@debian.org> Wed, 27 Apr 2022 22:50:08 +0100
+
shim (15.4-7) unstable; urgency=high
* Tweak how we call grub-install; don't abort on error. Not ideal
+++ /dev/null
-From 8b59591775a0412863aab9596ab87bdd493a9c1e Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Sat, 10 Apr 2021 16:05:23 -0400
-Subject: [PATCH] Don't call QueryVariableInfo() on EFI 1.10 machines
-
-The EFI 1.10 spec (and presumably earlier revisions as well) didn't have
-RT->QueryVariableInfo(), and on Chris Murphy's MacBookPro8,2 , that
-memory appears to be initialized randomly.
-
-This patch changes it to not call RT->QueryVariableInfo() if the
-EFI_RUNTIME_SERVICES table's major revision is less than two, and
-assumes our maximum variable size is 1024 in that case.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- mok.c | 23 ++++++++++++++++++-----
- 1 file changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index 9b8fc2bc..beac0ff6 100644
---- a/mok.c
-+++ b/mok.c
-@@ -261,6 +261,9 @@ static const uint8_t null_sha256[32] = { 0, };
-
- typedef UINTN SIZE_T;
-
-+#define EFI_MAJOR_VERSION(tablep) ((UINT16)((((tablep)->Hdr.Revision) >> 16) & 0xfffful))
-+#define EFI_MINOR_VERSION(tablep) ((UINT16)(((tablep)->Hdr.Revision) & 0xfffful))
-+
- static EFI_STATUS
- get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp)
- {
-@@ -270,11 +273,21 @@ get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp)
- uint64_t max_var_sz = 0;
-
- *max_var_szp = 0;
-- efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
-- &remaining_sz, &max_var_sz);
-- if (EFI_ERROR(efi_status)) {
-- perror(L"Could not get variable storage info: %r\n", efi_status);
-- return efi_status;
-+ if (EFI_MAJOR_VERSION(gRT) < 2) {
-+ dprint(L"EFI %d.%d; no RT->QueryVariableInfo(). Using 1024!\n",
-+ EFI_MAJOR_VERSION(gRT), EFI_MINOR_VERSION(gRT));
-+ max_var_sz = remaining_sz = max_storage_sz = 1024;
-+ efi_status = EFI_SUCCESS;
-+ } else {
-+ dprint(L"calling RT->QueryVariableInfo() at 0x%lx\n",
-+ gRT->QueryVariableInfo);
-+ efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
-+ &remaining_sz, &max_var_sz);
-+ if (EFI_ERROR(efi_status)) {
-+ perror(L"Could not get variable storage info: %r\n",
-+ efi_status);
-+ return efi_status;
-+ }
- }
-
- /*
---
-2.20.1
-
+++ /dev/null
-commit 4068fd42c891ea6ebdec056f461babc6e4048844
-Author: Gary Lin <glin@suse.com>
-Date: Thu Apr 8 16:23:03 2021 +0800
-
- mok: allocate MOK config table as BootServicesData
-
- Linux kernel is picky when reserving the memory for x86 and it only
- expects BootServicesData:
-
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/platform/efi/quirks.c?h=v5.11#n254
-
- Otherwise, the following error would show during system boot:
-
- Apr 07 12:31:56.743925 localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000
-
- Although BootServicesData would be reclaimed after ExitBootService(),
- linux kernel reserves MOK config table when it detects the existence of
- the table, so it's fine to allocate the table as BootServicesData.
-
- Signed-off-by: Gary Lin <glin@suse.com>
-
-diff --git a/mok.c b/mok.c
-index 9e37d6ab..9b8fc2bc 100644
---- a/mok.c
-+++ b/mok.c
-@@ -999,7 +999,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- npages = ALIGN_VALUE(config_sz, PAGE_SIZE) >> EFI_PAGE_SHIFT;
- config_table = NULL;
- efi_status = gBS->AllocatePages(AllocateAnyPages,
-- EfiRuntimeServicesData,
-+ EfiBootServicesData,
- npages,
- (EFI_PHYSICAL_ADDRESS *)&config_table);
- if (EFI_ERROR(efi_status) || !config_table) {
+++ /dev/null
-commit 1bea91ba72165d97c3b453cf769cb4bc5c07207a
-Author: Peter Jones <pjones@redhat.com>
-Date: Wed Mar 31 14:54:52 2021 -0400
-
- Fix a broken file header on ia32
-
- Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)"
- directive before .reloc, but fails to do so.
-
- As a result, binutils, which does not care about the actual binary
- format's constraints in any way, does not enforce the section alignment,
- and it will not load.
-
- Signed-off-by: Peter Jones <pjones@redhat.com>
-
-diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
-index 742e0a47..497a3a15 100644
---- a/elf_ia32_efi.lds
-+++ b/elf_ia32_efi.lds
-@@ -15,6 +15,7 @@ SECTIONS
- *(.gnu.linkonce.t.*)
- _etext = .;
- }
-+ . = ALIGN(4096);
- .reloc :
- {
- *(.reloc)
+++ /dev/null
-commit 822d07ad4f07ef66fe447a130e1027c88d02a394
-Author: Adam Williamson <awilliam@redhat.com>
-Date: Thu Apr 8 22:39:02 2021 -0700
-
- Fix handling of ignore_db and user_insecure_mode
-
- In 65be350308783a8ef537246c8ad0545b4e6ad069, import_mok_state() is split
- up into a function that manages the whole mok state, and one that
- handles the state machine for an individual state variable.
- Unfortunately, the code that initializes the global ignore_db and
- user_insecure_mode was copied from import_mok_state() into the new
- import_one_mok_state() function, and thus re-initializes that state each
- time it processes a MoK state variable, before even assessing if that
- variable is set. As a result, we never honor either flag, and the
- machine owner cannot disable trusting the system firmware's db/dbx
- databases or disable validation altogether.
-
- This patch removes the extra re-initialization, allowing those variables
- to be set properly.
-
- Signed-off-by: Adam Williamson <awilliam@redhat.com>
-
-diff --git a/mok.c b/mok.c
-index 5ad9072b..9e37d6ab 100644
---- a/mok.c
-+++ b/mok.c
-@@ -888,9 +888,6 @@ EFI_STATUS import_one_mok_state(struct mok_state_variable *v,
- EFI_STATUS ret = EFI_SUCCESS;
- EFI_STATUS efi_status;
-
-- user_insecure_mode = 0;
-- ignore_db = 0;
--
- UINT32 attrs = 0;
- BOOLEAN delete = FALSE;
-
+++ /dev/null
-From 9828f65f3e9de29da7bc70cb71069cc1d7ca1b4a Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 16 Jun 2021 16:13:32 +0800
-Subject: [PATCH] arm/aa64: fix the size of .rela* sections
-
-The previous commit(*) merged .rel* and .dyn* into .rodata, and this
-made ld to generate the wrong size for .rela* sections that covered
-other unrelated sections. When the EFI image was loaded, _relocate()
-went through the unexpected data and may cause unexpected crash.
-This commit moves .rel* and .dyn* out of .rodata in the ld script but
-also moves the related variables, such as _evrodata, _rodata_size,
-and _rodata_vsize, to the end of the new .dyn section, so that the
-crafted pe-coff section header for .rodata still covers our new
-.rela and .dyn sections.
-
-(*) 212ba30544f ("arm/aa64 targets: put .rel* and .dyn* in .rodata")
-
-Fix issue: https://github.com/rhboot/shim/issues/371
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- Makefile | 4 ++--
- elf_aarch64_efi.lds | 24 ++++++++++++++++--------
- elf_arm_efi.lds | 24 ++++++++++++++++--------
- 3 files changed, 34 insertions(+), 18 deletions(-)
-
-Index: shim.git/Makefile
-===================================================================
---- shim.git.orig/Makefile
-+++ shim.git/Makefile
-@@ -244,7 +244,7 @@ endif
- $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
- -j .dynamic -j .rodata -j .rel* \
- -j .rela* -j .reloc -j .eh_frame \
-- -j .vendor_cert -j .sbat \
-+ -j .vendor_cert -j .dyn -j .sbat \
- $(FORMAT) $< $@
- # I am tired of wasting my time fighting binutils timestamp code.
- dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@
-@@ -260,7 +260,7 @@ ifneq ($(OBJCOPY_GTE224),1)
- endif
- $(OBJCOPY) -D -j .text -j .sdata -j .data \
- -j .dynamic -j .rodata -j .rel* \
-- -j .rela* -j .reloc -j .eh_frame -j .sbat \
-+ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \
- -j .debug_info -j .debug_abbrev -j .debug_aranges \
- -j .debug_line -j .debug_str -j .debug_ranges \
- -j .note.gnu.build-id \
-Index: shim.git/elf_aarch64_efi.lds
-===================================================================
---- shim.git.orig/elf_aarch64_efi.lds
-+++ shim.git/elf_aarch64_efi.lds
-@@ -70,21 +70,29 @@ SECTIONS
- .rodata :
- {
- _rodata = .;
-- *(.rela.dyn)
-- *(.rela.plt)
-- *(.rela.got)
-- *(.rela.data)
-- *(.rela.data*)
--
- *(.rodata*)
- *(.srodata)
-- *(.dynsym)
-- *(.dynstr)
- . = ALIGN(16);
- *(.note.gnu.build-id)
- . = ALIGN(4096);
- *(.vendor_cert)
- *(.data.ident)
-+ . = ALIGN(4096);
-+ }
-+ . = ALIGN(4096);
-+ .rela :
-+ {
-+ *(.rela.dyn)
-+ *(.rela.plt)
-+ *(.rela.got)
-+ *(.rela.data)
-+ *(.rela.data*)
-+ }
-+ . = ALIGN(4096);
-+ .dyn :
-+ {
-+ *(.dynsym)
-+ *(.dynstr)
- _evrodata = .;
- . = ALIGN(4096);
- }
-Index: shim.git/elf_arm_efi.lds
-===================================================================
---- shim.git.orig/elf_arm_efi.lds
-+++ shim.git/elf_arm_efi.lds
-@@ -70,21 +70,29 @@ SECTIONS
- .rodata :
- {
- _rodata = .;
-- *(.rel.dyn)
-- *(.rel.plt)
-- *(.rel.got)
-- *(.rel.data)
-- *(.rel.data*)
--
- *(.rodata*)
- *(.srodata)
-- *(.dynsym)
-- *(.dynstr)
- . = ALIGN(16);
- *(.note.gnu.build-id)
- . = ALIGN(4096);
- *(.vendor_cert)
- *(.data.ident)
-+ . = ALIGN(4096);
-+ }
-+ . = ALIGN(4096);
-+ .rela :
-+ {
-+ *(.rela.dyn)
-+ *(.rela.plt)
-+ *(.rela.got)
-+ *(.rela.data)
-+ *(.rela.data*)
-+ }
-+ . = ALIGN(4096);
-+ .dyn :
-+ {
-+ *(.dynsym)
-+ *(.dynstr)
- _evrodata = .;
- . = ALIGN(4096);
- }
+++ /dev/null
-From: Gary Lin <glin@suse.com>
-Date: Tue, 11 May 2021 10:41:43 +0800
-Subject: Relax the check for import_mok_state()
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-An openSUSE user reported(*) that shim 15.4 failed to boot the system
-with the following message:
-
- "Could not create MokListXRT: Out of Resources"
-
-In the beginning, I thought it's caused by the growing size of
-vendor-dbx. However, we found the following messages after set
-SHIM_VERBOSE:
-
- max_var_sz:8000 remaining_sz:85EC max_storage_sz:9000
- SetVariable(“MokListXRT”, ... varsz=0x1404) = Out of Resources
-
-Even though the firmware claimed the remaining storage size is 0x85EC
-and the maximum variable size is 0x8000, it still rejected MokListXRT
-with size 0x1404. It seems that the return values from QueryVariableInfo()
-are not reliable. Since this firmware didn't really support Secure Boot,
-the variable mirroring is not so critical, so we can just accept the
-failure of import_mok_state() and continue boot.
-
-(*) https://bugzilla.suse.com/show_bug.cgi?id=1185261
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- shim.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index c5cfbb8..40e4894 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1973,10 +1973,13 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
- * boot-services-only state variables are what we think they are.
- */
- efi_status = import_mok_state(image_handle);
-- if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
-+ if (!secure_mode() &&
-+ (efi_status == EFI_INVALID_PARAMETER ||
-+ efi_status == EFI_OUT_OF_RESOURCES)) {
- /*
- * Make copy failures fatal only if secure_mode is enabled, or
-- * the error was anything else than EFI_INVALID_PARAMETER.
-+ * the error was anything else than EFI_INVALID_PARAMETER or
-+ * EFI_OUT_OF_RESOURCES.
- * There are non-secureboot firmware implementations that don't
- * reserve enough EFI variable memory to fit the variable.
- */
-fix-import_one_mok_state.patch
-fix-broken-ia32-reloc.patch
-MOK-BootServicesData.patch
-Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch
-relax_check_for_import_mok_state.patch
-fix_arm64_rela_sections.patch