shim: fix OVMF crash

- httpboot.o cannot be built if ".PRECIOUS: " is placed ahead of "<tab>CFLAGS +=". - uri pointer should not be freed if NULL. Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-06-30 17:06:07 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-06-30 17:07:20 +0800
commit: 5233d3cf5e4cfe77a2e918c9c5db9b739269e690 (patch)
tree: fc0c1847b3551c72ac8134ec836bc056e7a4953f /meta-efi-secure-boot
parent: dcfd67c60b7692b44786caafbebc8ed2cf2963e4 (diff)
download: meta-secure-core-5233d3cf5e4cfe77a2e918c9c5db9b739269e690.tar.gz
3 files changed, 45 insertions, 13 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch
index fbbf94b..970c992 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch
@@ -1,7 +1,7 @@
-From 1f03018aa0b7df2eab576d410ec88e8cf66b06e0 Mon Sep 17 00:00:00 2001
+From 8cfbeee2979f0049bf018f207afc01b55d1a7bcd Mon Sep 17 00:00:00 2001
 From: Lans Zhang <jia.zhang@windriver.com>
-Date: Wed, 21 Sep 2016 11:25:14 +0800
+Date: Fri, 30 Jun 2017 16:59:34 +0800
-Subject: [PATCH 06/11] Prevent from removing intermediate .efi
+Subject: [PATCH] Prevent from removing intermediate .efi
 Upstream-Status: Pending
@@ -16,18 +16,18 @@ Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
 1 file changed, 2 insertions(+)
 diff --git a/Makefile b/Makefile
-index efab050..7c71993 100644
+index 0497e4d..19e1b4f 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -100,6 +100,8 @@ MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCryp
+@@ -108,6 +108,8 @@ ifneq ($(origin ENABLE_HTTPBOOT), undefined)
- FALLBACK_OBJS = fallback.o
+        SOURCES += httpboot.c httpboot.h
- FALLBACK_SRCS = fallback.c
+ endif
 
 +.PRECIOUS: $(MMNAME).efi $(FBNAME).efi
 +
- ifneq ($(origin ENABLE_HTTPBOOT), undefined)
+ all: $(TARGET)
-        OBJS += httpboot.o
+ 
-        SOURCES += httpboot.c httpboot.h
+ shim.crt shim.key:
 -- 
-2.11.0
+2.7.5
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch
new file mode 100644
index 0000000..539dc36
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch
@@ -0,0 +1,32 @@
+From 9c1636249d1bb8e0e7d108309b2747c6ede62cbb Mon Sep 17 00:00:00 2001
+From: Lans Zhang <jia.zhang@windriver.com>
+Date: Fri, 30 Jun 2017 15:50:24 +0800
+Subject: [PATCH] httpboot: fix OVMF crash
+This is a typical typo. The free operation should be done if uri
+was allocated.
+Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+---
+ httpboot.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/httpboot.c b/httpboot.c
+index f8fbc73..e4657c1 100644
+--- a/httpboot.c
+++ b/httpboot.c
+@@ -110,8 +110,10 @@ find_httpboot (EFI_HANDLE device)
+        URI_DEVICE_PATH *UriNode;
+        UINTN uri_size;
+ 
+-       if (!uri)
+       if (uri) {
+                FreePool(uri);
+               uri = NULL;
+       }
+ 
+        devpath = DevicePathFromHandle(device);
+        if (!devpath) {
+-- 
+2.7.5
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
index 5ceac6f..f5e274b 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -28,6 +28,7 @@ SRC_URI = "\
    file://0010-Makefile-do-not-sign-the-efi-file.patch \
    file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
    file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
+    file://0013-httpboot-fix-OVMF-crash.patch \
 "
 SRC_URI_append_x86-64 = "\
    ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
@@ -35,7 +36,7 @@ SRC_URI_append_x86-64 = "\
                         if uks_signing_model(d) == 'sample' else '', '', d)} \
 "
-SRCREV = "55c65546e46a78edbe41e88cb4ccbd2522e09625"
+SRCREV = "919c17a45fe722dcc2b9bdaba538c738f97f88cd"
 S = "${WORKDIR}/git"
@@ -57,7 +58,6 @@ EXTRA_OEMAKE = "\
        AR=${AR} \
        ${@'VENDOR_CERT_FILE=${WORKDIR}/vendor_cert.cer' if d.getVar('MOK_SB', True) == '1' else ''} \
        ${@'VENDOR_DBX_FILE=${WORKDIR}/vendor_dbx.esl' if uks_signing_model(d) == 'user' else ''} \
-        ENABLE_HTTPBOOT=1 \
 "
 PARALLEL_MAKE = ""
author	Lans Zhang <jia.zhang@windriver.com>	2017-06-30 17:06:07 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-06-30 17:07:20 +0800
commit	5233d3cf5e4cfe77a2e918c9c5db9b739269e690 (patch)
tree	fc0c1847b3551c72ac8134ec836bc056e7a4953f /meta-efi-secure-boot
parent	dcfd67c60b7692b44786caafbebc8ed2cf2963e4 (diff)
download	meta-secure-core-5233d3cf5e4cfe77a2e918c9c5db9b739269e690.tar.gz

diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch index fbbf94b..970c992 100644 --- a/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0006-Prevent-from-removing-intermediate-.efi.patch
@@ -1,7 +1,7 @@
1	From 1f03018aa0b7df2eab576d410ec88e8cf66b06e0 Mon Sep 17 00:00:00 2001	1	From 8cfbeee2979f0049bf018f207afc01b55d1a7bcd Mon Sep 17 00:00:00 2001
2	From: Lans Zhang <jia.zhang@windriver.com>	2	From: Lans Zhang <jia.zhang@windriver.com>
3	Date: Wed, 21 Sep 2016 11:25:14 +0800	3	Date: Fri, 30 Jun 2017 16:59:34 +0800
4	Subject: [PATCH 06/11] Prevent from removing intermediate .efi	4	Subject: [PATCH] Prevent from removing intermediate .efi
5		5
6	Upstream-Status: Pending	6	Upstream-Status: Pending
7		7
@@ -16,18 +16,18 @@ Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
16	1 file changed, 2 insertions(+)	16	1 file changed, 2 insertions(+)
17		17
18	diff --git a/Makefile b/Makefile	18	diff --git a/Makefile b/Makefile
19	index efab050..7c71993 100644	19	index 0497e4d..19e1b4f 100644
20	--- a/Makefile	20	--- a/Makefile
21	+++ b/Makefile	21	+++ b/Makefile
22	@@ -100,6 +100,8 @@ MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCryp	22	@@ -108,6 +108,8 @@ ifneq ($(origin ENABLE_HTTPBOOT), undefined)
23	FALLBACK_OBJS = fallback.o	23	SOURCES += httpboot.c httpboot.h
24	FALLBACK_SRCS = fallback.c	24	endif
25		25
26	+.PRECIOUS: $(MMNAME).efi $(FBNAME).efi	26	+.PRECIOUS: $(MMNAME).efi $(FBNAME).efi
27	+	27	+
28	ifneq ($(origin ENABLE_HTTPBOOT), undefined)	28	all: $(TARGET)
29	OBJS += httpboot.o	29
30	SOURCES += httpboot.c httpboot.h	30	shim.crt shim.key:
31	--	31	--
32	2.11.0	32	2.7.5
33		33


diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch b/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch new file mode 100644 index 0000000..539dc36 --- /dev/null +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim/0013-httpboot-fix-OVMF-crash.patch
@@ -0,0 +1,32 @@
		1	From 9c1636249d1bb8e0e7d108309b2747c6ede62cbb Mon Sep 17 00:00:00 2001
		2	From: Lans Zhang <jia.zhang@windriver.com>
		3	Date: Fri, 30 Jun 2017 15:50:24 +0800
		4	Subject: [PATCH] httpboot: fix OVMF crash
		5
		6	This is a typical typo. The free operation should be done if uri
		7	was allocated.
		8
		9	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
		10	---
		11	httpboot.c \| 4 +++-
		12	1 file changed, 3 insertions(+), 1 deletion(-)
		13
		14	diff --git a/httpboot.c b/httpboot.c
		15	index f8fbc73..e4657c1 100644
		16	--- a/httpboot.c
		17	+++ b/httpboot.c
		18	@@ -110,8 +110,10 @@ find_httpboot (EFI_HANDLE device)
		19	URI_DEVICE_PATH *UriNode;
		20	UINTN uri_size;
		21
		22	- if (!uri)
		23	+ if (uri) {
		24	FreePool(uri);
		25	+ uri = NULL;
		26	+ }
		27
		28	devpath = DevicePathFromHandle(device);
		29	if (!devpath) {
		30	--
		31	2.7.5
		32


diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb index 5ceac6f..f5e274b 100644 --- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -28,6 +28,7 @@ SRC_URI = "\
28	file://0010-Makefile-do-not-sign-the-efi-file.patch \	28	file://0010-Makefile-do-not-sign-the-efi-file.patch \
29	file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \	29	file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
30	file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \	30	file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
		31	file://0013-httpboot-fix-OVMF-crash.patch \
31	"	32	"
32	SRC_URI_append_x86-64 = "\	33	SRC_URI_append_x86-64 = "\
33	${@bb.utils.contains('DISTRO_FEATURES', 'msft', \	34	${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
@@ -35,7 +36,7 @@ SRC_URI_append_x86-64 = "\
35	if uks_signing_model(d) == 'sample' else '', '', d)} \	36	if uks_signing_model(d) == 'sample' else '', '', d)} \
36	"	37	"
37		38
38	SRCREV = "55c65546e46a78edbe41e88cb4ccbd2522e09625"	39	SRCREV = "919c17a45fe722dcc2b9bdaba538c738f97f88cd"
39		40
40	S = "${WORKDIR}/git"	41	S = "${WORKDIR}/git"
41		42
@@ -57,7 +58,6 @@ EXTRA_OEMAKE = "\
57	AR=${AR} \	58	AR=${AR} \
58	${@'VENDOR_CERT_FILE=${WORKDIR}/vendor_cert.cer' if d.getVar('MOK_SB', True) == '1' else ''} \	59	${@'VENDOR_CERT_FILE=${WORKDIR}/vendor_cert.cer' if d.getVar('MOK_SB', True) == '1' else ''} \
59	${@'VENDOR_DBX_FILE=${WORKDIR}/vendor_dbx.esl' if uks_signing_model(d) == 'user' else ''} \	60	${@'VENDOR_DBX_FILE=${WORKDIR}/vendor_dbx.esl' if uks_signing_model(d) == 'user' else ''} \
60	ENABLE_HTTPBOOT=1 \
61	"	61	"
62		62
63	PARALLEL_MAKE = ""	63	PARALLEL_MAKE = ""