shim: don't set CSV boot entry as the first boot option

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-08-01 13:13:06 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-08-01 13:13:06 +0800
commit: a3e1038d7161cb5506884c3aec92e47d0d4464ee (patch)
tree: 3d8708c512d714a35d77937a7255392039aed87d
parent: 7f3143523d107826a92a500455531cfe5da03422 (diff)
download: meta-secure-core-a3e1038d7161cb5506884c3aec92e47d0d4464ee.tar.gz
2 files changed, 50 insertions, 0 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch
new file mode 100644
index 0000000..03d62b8
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch
@@ -0,0 +1,49 @@
+From 9f6d9f6b7f88b9d15dd2f25ae7f16b68a980922a Mon Sep 17 00:00:00 2001
+From: Lans Zhang <jia.zhang@windriver.com>
+Date: Tue, 1 Aug 2017 10:25:45 +0800
+Subject: [PATCH] fallback: don't set the csv entry as the first boot by
+ default
+Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+---
+ fallback.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+diff --git a/fallback.c b/fallback.c
+index 8c408fd..c39f280 100644
+--- a/fallback.c
+++ b/fallback.c
+@@ -138,6 +138,11 @@ make_full_path(CHAR16 *dirname, CHAR16 *filename, CHAR16 **out, UINT64 *outlen)
+ CHAR16 *bootorder = NULL;
+ int nbootorder = 0;
+ 
+#ifdef FALLBACK_RUN_AS_FIRST_BOOT
+UINTN run_as_first_boot = 1;
+#else
+UINTN run_as_first_boot = 0;
+#endif
+ EFI_DEVICE_PATH *first_new_option = NULL;
+ VOID *first_new_option_args = NULL;
+ UINTN first_new_option_size = 0;
+@@ -199,6 +204,9 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
+                                return rc;
+                        }
+ 
+                       if (!run_as_first_boot)
+                               return EFI_SUCCESS;
+
+                        CHAR16 *newbootorder = AllocateZeroPool(sizeof (CHAR16)
+                                                        * (nbootorder + 1));
+                        if (!newbootorder)
+@@ -414,7 +422,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 *dirname, CHAR16 *filename, CHAR16 *
+        rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option);
+        if (EFI_ERROR(rc)) {
+                add_boot_option(dp, full_device_path, fullpath, label, arguments);
+-       } else if (option != 0) {
+       } else if (run_as_first_boot && option != 0) {
+                CHAR16 *newbootorder;
+                newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder);
+                if (!newbootorder)
+-- 
+2.7.5
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
index 6428eeb..3c34b7b 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -32,6 +32,7 @@ SRC_URI = "\
    file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
    file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
    file://0013-fallback-allow-to-search-.csv-in-EFI-BOOT.patch \
+    file://0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch \
 "
 SRC_URI_append_x86-64 = "\
    ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
author	Lans Zhang <jia.zhang@windriver.com>	2017-08-01 13:13:06 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-08-01 13:13:06 +0800
commit	a3e1038d7161cb5506884c3aec92e47d0d4464ee (patch)
tree	3d8708c512d714a35d77937a7255392039aed87d
parent	7f3143523d107826a92a500455531cfe5da03422 (diff)
download	meta-secure-core-a3e1038d7161cb5506884c3aec92e47d0d4464ee.tar.gz

diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch new file mode 100644 index 0000000..03d62b8 --- /dev/null +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch
@@ -0,0 +1,49 @@
		1	From 9f6d9f6b7f88b9d15dd2f25ae7f16b68a980922a Mon Sep 17 00:00:00 2001
		2	From: Lans Zhang <jia.zhang@windriver.com>
		3	Date: Tue, 1 Aug 2017 10:25:45 +0800
		4	Subject: [PATCH] fallback: don't set the csv entry as the first boot by
		5	default
		6
		7	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
		8	---
		9	fallback.c \| 10 +++++++++-
		10	1 file changed, 9 insertions(+), 1 deletion(-)
		11
		12	diff --git a/fallback.c b/fallback.c
		13	index 8c408fd..c39f280 100644
		14	--- a/fallback.c
		15	+++ b/fallback.c
		16	@@ -138,6 +138,11 @@ make_full_path(CHAR16 dirname, CHAR16 filename, CHAR16 *out, UINT64 outlen)
		17	CHAR16 *bootorder = NULL;
		18	int nbootorder = 0;
		19
		20	+#ifdef FALLBACK_RUN_AS_FIRST_BOOT
		21	+UINTN run_as_first_boot = 1;
		22	+#else
		23	+UINTN run_as_first_boot = 0;
		24	+#endif
		25	EFI_DEVICE_PATH *first_new_option = NULL;
		26	VOID *first_new_option_args = NULL;
		27	UINTN first_new_option_size = 0;
		28	@@ -199,6 +204,9 @@ add_boot_option(EFI_DEVICE_PATH hddp, EFI_DEVICE_PATH fulldp,
		29	return rc;
		30	}
		31
		32	+ if (!run_as_first_boot)
		33	+ return EFI_SUCCESS;
		34	+
		35	CHAR16 *newbootorder = AllocateZeroPool(sizeof (CHAR16)
		36	* (nbootorder + 1));
		37	if (!newbootorder)
		38	@@ -414,7 +422,7 @@ add_to_boot_list(EFI_FILE_HANDLE fh, CHAR16 dirname, CHAR16 filename, CHAR16 *
		39	rc = find_boot_option(dp, full_device_path, fullpath, label, arguments, &option);
		40	if (EFI_ERROR(rc)) {
		41	add_boot_option(dp, full_device_path, fullpath, label, arguments);
		42	- } else if (option != 0) {
		43	+ } else if (run_as_first_boot && option != 0) {
		44	CHAR16 *newbootorder;
		45	newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder);
		46	if (!newbootorder)
		47	--
		48	2.7.5
		49


diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb index 6428eeb..3c34b7b 100644 --- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -32,6 +32,7 @@ SRC_URI = "\
32	file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \	32	file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
33	file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \	33	file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
34	file://0013-fallback-allow-to-search-.csv-in-EFI-BOOT.patch \	34	file://0013-fallback-allow-to-search-.csv-in-EFI-BOOT.patch \
		35	file://0014-fallback-don-t-set-the-csv-entry-as-the-first-boot-b.patch \
35	"	36	"
36	SRC_URI_append_x86-64 = "\	37	SRC_URI_append_x86-64 = "\
37	${@bb.utils.contains('DISTRO_FEATURES', 'msft', \	38	${@bb.utils.contains('DISTRO_FEATURES', 'msft', \