From: Dmitry Eremin-Solenikov <dmitry_eremin-soleni...@mentor.com> Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-soleni...@mentor.com> --- ...ompareMem-on-MokListNode.Type-instea.patch | 69 ++++++++++++++++++ meta/recipes-bsp/shim/shim_git.bb | 72 +++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 meta/recipes-bsp/shim/shim/0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch create mode 100644 meta/recipes-bsp/shim/shim_git.bb
diff --git a/meta/recipes-bsp/shim/shim/0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch b/meta/recipes-bsp/shim/shim/0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch new file mode 100644 index 000000000000..12ee342e9f64 --- /dev/null +++ b/meta/recipes-bsp/shim/shim/0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch @@ -0,0 +1,69 @@ +From f30cd0b6330be8ea72a93bf25e43829c222ba611 Mon Sep 17 00:00:00 2001 +From: Gary Lin <g...@suse.com> +Date: Tue, 26 Feb 2019 11:33:53 +0800 +Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of + CompareGuid + +Fix the errors from gcc9 '-Werror=address-of-packed-member' + +https://github.com/rhboot/shim/issues/161 + +Signed-off-by: Gary Lin <g...@suse.com> +Upstream-Status: Submitted[https://github.com/rhboot/shim/pull/170] +--- + MokManager.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/MokManager.c b/MokManager.c +index d69b4dbe..05dc1622 100644 +--- a/MokManager.c ++++ b/MokManager.c +@@ -1053,7 +1053,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + continue; + + DataSize += sizeof(EFI_SIGNATURE_LIST); +- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) ++ if (CompareMem(&(list[i].Type), &X509_GUID, ++ sizeof(EFI_GUID)) == 0) + DataSize += sizeof(EFI_GUID); + DataSize += list[i].MokSize; + } +@@ -1075,7 +1076,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, + CertList->SignatureType = list[i].Type; + CertList->SignatureHeaderSize = 0; + +- if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) { ++ if (CompareMem(&(list[i].Type), &X509_GUID, ++ sizeof(EFI_GUID)) == 0) { + CertList->SignatureListSize = list[i].MokSize + + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); + CertList->SignatureSize = +@@ -1116,7 +1118,8 @@ static void delete_cert(void *key, UINT32 key_size, + int i; + + for (i = 0; i < mok_num; i++) { +- if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0) ++ if (CompareMem(&(mok[i].Type), &X509_GUID, ++ sizeof(EFI_GUID)) != 0) + continue; + + if (mok[i].MokSize == key_size && +@@ -1167,7 +1170,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, + sig_size = hash_size + sizeof(EFI_GUID); + + for (i = 0; i < mok_num; i++) { +- if ((CompareGuid(&(mok[i].Type), &Type) != 0) || ++ if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) || + (mok[i].MokSize < sig_size)) + continue; + +@@ -1331,7 +1334,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) + + /* Search and destroy */ + for (i = 0; i < del_num; i++) { +- if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) { ++ if (CompareMem(&(del_key[i].Type), &X509_GUID, ++ sizeof(EFI_GUID)) == 0) { + delete_cert(del_key[i].Mok, del_key[i].MokSize, + mok, mok_num); + } else if (is_sha2_hash(del_key[i].Type)) { diff --git a/meta/recipes-bsp/shim/shim_git.bb b/meta/recipes-bsp/shim/shim_git.bb new file mode 100644 index 000000000000..10769ac75a0a --- /dev/null +++ b/meta/recipes-bsp/shim/shim_git.bb @@ -0,0 +1,72 @@ +SUMMARY = "shim is a first stage EFI bootloader." +DESCRIPTION = "shim is a trivial EFI application that, when run, \ +attempts to open and execute another application. It will initially \ +attempt to do this via the standard EFI LoadImage() and StartImage() \ +calls. If these fail (because secure boot is enabled and the binary \ +is not signed with an appropriate key, for instance) it will then \ +validate the binary against a built-in certificate. If this succeeds \ +and if the binary or signing key are not blacklisted then shim will \ +relocate and execute the binary." +HOMEPAGE = "https://github.com/rhboot/shim.git" +SECTION = "bootloaders" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b92e63892681ee4e8d27e7a7e87ef2bc" + +DEPENDS += "\ + gnu-efi \ +" + +PV = "15+git${SRCPV}" + +SRC_URI = "\ + git://github.com/rhboot/shim.git \ + file://0001-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch \ +" + +SRCREV = "a4a1fbe728c9545fc5647129df0cf1593b953bec" + +S = "${WORKDIR}/git" + +SHIM_IMAGE = "shim-${EFI_BOOT_IMAGE}" + +# install to the image as boot*.efi if its the EFI_PROVIDER, +# otherwise install as the full name. +# This allows multiple bootloaders to coexist in a single image. +python __anonymous () { + if d.getVar('EFI_PROVIDER') == "shim": + d.setVar("SHIM_EFI_BOOT_IMAGE", d.getVar("EFI_BOOT_IMAGE")) + else: + d.setVar("SHIM_EFI_BOOT_IMAGE", d.getVar("SHIM_IMAGE")) +} + +inherit deploy + +TUNE_CCARGS_remove = "-mfpmath=sse" + +EXTRA_OEMAKE = "\ + CROSS_COMPILE="${TARGET_PREFIX}" \ + COMPILER="gcc ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}" \ + EFI_INCLUDE="${STAGING_INCDIR}/efi" \ + EFI_PATH="${STAGING_LIBDIR}" \ + LIBDIR="${STAGING_LIBDIR}" \ +" + +COMPATIBLE_HOST = "${EFI_COMPATIBLE_HOST}" + +require conf/image-uefi.conf + +do_install() { + install -d ${D}${EFI_FILES_PATH} + install -m 0755 mm${EFI_ARCH}.efi fb${EFI_ARCH}.efi ${D}${EFI_FILES_PATH}/ + install -m 0755 shim${EFI_ARCH}.efi ${D}${EFI_FILES_PATH}/${SHIM_EFI_BOOT_IMAGE} +} + +# Install the unsigned images for manual signing +do_deploy() { + install -m 0755 mm${EFI_ARCH}.efi fb${EFI_ARCH}.efi ${DEPLOYDIR} + install -m 0755 shim${EFI_ARCH}.efi ${DEPLOYDIR}/${SHIM_IMAGE} +} +addtask deploy after do_install before do_build + +FILES_${PN} += "${EFI_FILES_PATH}" -- 2.23.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core