*.efi.debug
*.efi.signed
*.esl
-*.gdbinit
+*.gdb*
+*.gcda
+*.gcno
+*.gcov
*.hash
*.key
*.key
*.sw?
*.tar.*
/build*/
+/.cache/
/certdb/
+/compile_commands.json
/cov-int/
+/post-process-pe
/random.bin
/sbat.*.csv
/scan-results/
shim_cert.h
/test-*
!/test-*.c
+!/test-data/
/test-random.h
version.c
[submodule "gnu-efi"]
path = gnu-efi
url = https://github.com/rhboot/gnu-efi.git
- branch = shim-15.3
+ branch = shim-15.5
shim has already verified the kernel when shim loaded the kernel as the
second stage loader. In such a case, and only in this case, you should
use DISABLE_EBS_PROTECTION=y to build.
+- DISABLE_REMOVABLE_LOAD_OPTIONS
+ Do not parse load options when invoked as boot*.efi. This prevents boot
+ failures because of unexpected data in boot entries automatically generated
+ by firmware. It breaks loading non-default second-stage loaders when invoked
+ via that path, and requires using a binary named shim*.efi (or really anything
+ else).
- REQUIRE_TPM
if tpm logging or extends return an error code, treat that as a fatal error.
- ARCH
return FALSE;\r
}\r
\r
- CopyMem (NewMd5Context, Md5Context, sizeof (MD5_CTX));\r
+ CopyMem (NewMd5Context, (void *)Md5Context, sizeof (MD5_CTX));\r
\r
return TRUE;\r
}\r
return FALSE;\r
}\r
\r
- CopyMem (NewSha1Context, Sha1Context, sizeof (SHA_CTX));\r
+ CopyMem (NewSha1Context, (void *)Sha1Context, sizeof (SHA_CTX));\r
\r
return TRUE;\r
}\r
return FALSE;\r
}\r
\r
- CopyMem (NewSha256Context, Sha256Context, sizeof (SHA256_CTX));\r
+ CopyMem (NewSha256Context, (void *)Sha256Context, sizeof (SHA256_CTX));\r
\r
return TRUE;\r
}\r
return FALSE;\r
}\r
\r
- CopyMem (NewSha384Context, Sha384Context, sizeof (SHA512_CTX));\r
+ CopyMem (NewSha384Context, (void *)Sha384Context, sizeof (SHA512_CTX));\r
\r
return TRUE;\r
}\r
return FALSE;\r
}\r
\r
- CopyMem (NewSha512Context, Sha512Context, sizeof (SHA512_CTX));\r
+ CopyMem (NewSha512Context, (void *)Sha512Context, sizeof (SHA512_CTX));\r
\r
return TRUE;\r
}\r
//\r
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions\r
//\r
-#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; })\r
+#define memcpy(dest,source,count) ( {CopyMem(dest,(void *)source,(UINTN)(count)); dest; })\r
#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))\r
#define memchr(buf,ch,count) ScanMem8((CHAR8 *)buf,(UINTN)(count),ch)\r
#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))\r
-#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count))\r
+#define memmove(dest,source,count) CopyMem(dest,(void *)source,(UINTN)(count))\r
#define localtime(timer) NULL\r
#define assert(expression)\r
#define atoi(nptr) AsciiStrDecimalToUintn((const CHAR8 *)nptr)\r
//\r
// Part7: P7Data.\r
//\r
- CopyMem (SignedData + 19, P7Data, P7Length);\r
+ CopyMem (SignedData + 19, (void *)P7Data, P7Length);\r
}\r
\r
*WrapFlag = Wrapped;\r
EFI_CRT_OBJS = $(LOCAL_EFI_PATH)/crt0-efi-$(ARCH_GNUEFI).o
EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
-CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,)
+CLANG_WARNINGS = -Wno-pointer-bool-conversion \
+ -Wno-unknown-attributes
+
+CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) \
+ $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS))
COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
ARCH_SUFFIX ?= x64
ARCH_SUFFIX_UPPER ?= X64
ARCH_LDFLAGS ?=
- TIMESTAMP_LOCATION := 136
endif
ifeq ($(ARCH),ia32)
ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
ARCH_SUFFIX_UPPER ?= IA32
ARCH_LDFLAGS ?=
ARCH_CFLAGS ?= -m32
- TIMESTAMP_LOCATION := 136
endif
ifeq ($(ARCH),aarch64)
ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
ARCH_CFLAGS ?=
- TIMESTAMP_LOCATION := 72
endif
ifeq ($(ARCH),arm)
ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
FORMAT := -O binary
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
- TIMESTAMP_LOCATION := 72
endif
DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
CFLAGS = $(FEATUREFLAGS) \
$(OPTIMIZATIONS) \
$(WARNFLAGS) \
+ $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS)) \
$(ARCH_CFLAGS) \
$(WERRFLAGS) \
$(INCLUDES) \
DEFINES += -DDISABLE_EBS_PROTECTION
endif
+ifneq ($(origin DISABLE_REMOVABLE_LOAD_OPTIONS), undefined)
+ DEFINES += -DDISABLE_REMOVABLE_LOAD_OPTIONS
+endif
+
LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
FORMAT ?= --target efi-app-$(ARCH)
default : all
NAME = shim
-VERSION = 15.4
+VERSION = 15.5
ifneq ($(origin RELEASE),undefined)
DASHRELEASE ?= -$(RELEASE)
else
else
TARGETS += $(MMNAME) $(FBNAME)
endif
-OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o
+OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o
KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
-ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h)
-MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o
+ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h)
+MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o
ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
-FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o
+FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o
ORIG_FALLBACK_SRCS = fallback.c
SBATPATH = $(TOPDIR)/data/sbat.csv
CFLAGS += -DFALLBACK_VERBOSE
endif
+ifneq ($(origin FALLBACK_NONINTERACTIVE), undefined)
+ CFLAGS += -DFALLBACK_NONINTERACTIVE
+endif
+
ifneq ($(origin FALLBACK_VERBOSE_WAIT), undefined)
CFLAGS += -DFALLBACK_VERBOSE_WAIT=$(FALLBACK_VERBOSE_WAIT)
endif
$@
$(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@))
-$(SHIMNAME) : $(SHIMSONAME)
-$(MMNAME) : $(MMSONAME)
-$(FBNAME) : $(FBSONAME)
+$(SHIMNAME) : $(SHIMSONAME) post-process-pe
+$(MMNAME) : $(MMSONAME) post-process-pe
+$(FBNAME) : $(FBSONAME) post-process-pe
+$(SHIMNAME) $(MMNAME) $(FBNAME) : | post-process-pe
LIBS = Cryptlib/libcryptlib.a \
Cryptlib/OpenSSL/libopenssl.a \
gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
mkdir -p gnu-efi/lib gnu-efi/gnuefi
$(MAKE) -C gnu-efi \
- ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \
+ COMPILER="$(COMPILER)" \
+ CC="$(CC)" \
+ ARCH=$(ARCH_GNUEFI) \
+ TOPDIR=$(TOPDIR)/gnu-efi \
-f $(TOPDIR)/gnu-efi/Makefile \
lib gnuefi inc
mkdir -p lib
$(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) -C lib -f $(TOPDIR)/lib/Makefile
+post-process-pe : $(TOPDIR)/post-process-pe.c
+ $(HOSTCC) -std=gnu11 -Og -g3 -Wall -Wextra -Wno-missing-field-initializers -Werror -o $@ $<
+
buildid : $(TOPDIR)/buildid.c
$(HOSTCC) -I/usr/include -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf
endif
$(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
-j .dynamic -j .rodata -j .rel* \
- -j .rela* -j .reloc -j .eh_frame \
+ -j .rela* -j .dyn -j .reloc -j .eh_frame \
-j .vendor_cert -j .sbat \
$(FORMAT) $< $@
- # I am tired of wasting my time fighting binutils timestamp code.
- dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@
+ ./post-process-pe -vv $@
ifneq ($(origin ENABLE_SHIM_HASH),undefined)
%.hash : %.efi
endif
$(OBJCOPY) -D -j .text -j .sdata -j .data \
-j .dynamic -j .rodata -j .rel* \
- -j .rela* -j .reloc -j .eh_frame -j .sbat \
+ -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \
-j .debug_info -j .debug_abbrev -j .debug_aranges \
-j .debug_line -j .debug_str -j .debug_ranges \
-j .note.gnu.build-id \
$(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f
endif
-test :
- @make -f $(TOPDIR)/include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" all
+test test-clean test-coverage test-lto :
+ @make -f $(TOPDIR)/include/test.mk \
+ COMPILER="$(COMPILER)" \
+ CROSS_COMPILE="$(CROSS_COMPILE)" \
+ CLANG_WARNINGS="$(CLANG_WARNINGS)" \
+ ARCH_DEFINES="$(ARCH_DEFINES)" \
+ EFI_INCLUDES="$(EFI_INCLUDES)" \
+ test-clean $@
$(patsubst %.c,%,$(wildcard test-*.c)) :
@make -f $(TOPDIR)/include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" $@
clean-gnu-efi:
@if [ -d gnu-efi ] ; then \
$(MAKE) -C gnu-efi \
- ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \
+ CC="$(CC)" \
+ HOSTCC="$(HOSTCC)" \
+ COMPILER="$(COMPILER)" \
+ ARCH=$(ARCH_GNUEFI) \
+ TOPDIR=$(TOPDIR)/gnu-efi \
-f $(TOPDIR)/gnu-efi/Makefile \
clean ; \
fi
clean-shim-objs:
@rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME)
- @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid
+ @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid post-process-pe
@rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa]
@if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi
CHAR16 Password[SB_PASSWORD_LEN];
} __attribute__ ((packed)) MokDBvar;
+typedef struct {
+ UINT32 MokTMLState;
+ UINT32 PWLen;
+ CHAR16 Password[SB_PASSWORD_LEN];
+} __attribute__ ((packed)) MokTMLvar;
+
typedef struct {
INT32 Timeout;
} __attribute__ ((packed)) MokTimeoutvar;
for (i = 0; i < n; i++) {
CatPrint(&serial_string, L"%02x:", hexbuf[i]);
}
+ BN_free(bnser);
}
if (serial_string.str)
static INTN reset_system()
{
- gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
+ RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
console_notify(L"Failed to reboot\n");
return -1;
}
CopyMem(new_data, old_data, old_size);
CopyMem(new_data + old_size, MokNew, MokNewSize);
- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- new_size, new_data);
+ efi_status = RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ new_size, new_data);
out:
if (old_size > 0) {
FreePool(old_data);
}
if (authenticate) {
- efi_status = gRT->GetVariable(auth_name, &SHIM_LOCK_GUID,
- &attributes, &auth_size, auth);
+ efi_status = RT->GetVariable(auth_name, &SHIM_LOCK_GUID,
+ &attributes, &auth_size, auth);
if (EFI_ERROR(efi_status) ||
(auth_size != SHA256_DIGEST_SIZE &&
auth_size != PASSWORD_CRYPT_SIZE)) {
if (!MokNewSize) {
/* Delete MOK */
- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 0, NULL);
+ efi_status = RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0, NULL);
} else {
/* Write new MOK */
efi_status = write_db(db_name, MokNew, MokNewSize);
EFI_STATUS efi_status;
CHAR16 *prompt[] = { NULL, NULL };
- ST->ConOut->ClearScreen(ST->ConOut);
+ clear_screen();
if (MokX)
prompt[0] = L"Erase all stored keys in MokListX?";
}
if (DataSize == 0) {
dprint(L"DataSize = 0; deleting variable %s\n", db_name);
- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- DataSize, Data);
+ efi_status = RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize, Data);
dprint(L"efi_status:%llu\n", efi_status);
return EFI_SUCCESS;
}
ptr = (uint8_t *) ptr + CertList->SignatureListSize;
}
- efi_status = gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- DataSize, Data);
+ efi_status = RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize, Data);
if (Data)
FreePool(Data);
auth_name = L"MokDelAuth";
}
- efi_status = gRT->GetVariable(auth_name, &SHIM_LOCK_GUID, &attributes,
- &auth_size, auth);
+ efi_status = RT->GetVariable(auth_name, &SHIM_LOCK_GUID, &attributes,
+ &auth_size, auth);
if (EFI_ERROR(efi_status) ||
(auth_size != SHA256_DIGEST_SIZE
&& auth_size != PASSWORD_CRYPT_SIZE)) {
err_strs[1] = L"Erase all keys in MokList!";
}
console_alertbox(err_strs);
- gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
+ RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
efi_status = EFI_ACCESS_DENIED;
goto error;
}
err_strs[1] = L"Reset MokList!";
}
console_alertbox(err_strs);
- gRT->SetVariable(db_name, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
+ RT->SetVariable(db_name, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
efi_status = EFI_ABORTED;
goto error;
}
return EFI_INVALID_PARAMETER;
}
- ST->ConOut->ClearScreen(ST->ConOut);
+ clear_screen();
message[0] = L"Change Secure Boot state";
message[1] = NULL;
}
if (var->MokSBState == 0) {
- efi_status = gRT->SetVariable(L"MokSBState", &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 1, &sbval);
+ efi_status = RT->SetVariable(L"MokSBState", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 1, &sbval);
if (EFI_ERROR(efi_status)) {
console_notify(L"Failed to set Secure Boot state");
return efi_status;
}
} else {
- efi_status = gRT->SetVariable(L"MokSBState", &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 0, NULL);
+ efi_status = RT->SetVariable(L"MokSBState", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0, NULL);
if (EFI_ERROR(efi_status)) {
console_notify(L"Failed to delete Secure Boot state");
return efi_status;
return EFI_INVALID_PARAMETER;
}
- ST->ConOut->ClearScreen(ST->ConOut);
+ clear_screen();
message[0] = L"Change DB state";
message[1] = NULL;
}
if (var->MokDBState == 0) {
- efi_status = gRT->SetVariable(L"MokDBState", &SHIM_LOCK_GUID,
+ efi_status = RT->SetVariable(L"MokDBState", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 1, &dbval);
+ if (EFI_ERROR(efi_status)) {
+ console_notify(L"Failed to set DB state");
+ return efi_status;
+ }
+ } else {
+ efi_status = RT->SetVariable(L"MokDBState", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0, NULL);
+ if (EFI_ERROR(efi_status)) {
+ console_notify(L"Failed to delete DB state");
+ return efi_status;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+static EFI_STATUS mok_tml_prompt(void *MokTML, UINTN MokTMLSize)
+{
+ EFI_STATUS efi_status;
+ SIMPLE_TEXT_OUTPUT_MODE SavedMode;
+ MokTMLvar *var = MokTML;
+ CHAR16 *message[4];
+ CHAR16 pass1, pass2, pass3;
+ CHAR16 *str;
+ UINT8 fail_count = 0;
+ UINT8 dbval = 1;
+ UINT8 pos1, pos2, pos3;
+ int ret;
+ CHAR16 *untrust_tml[] = { L"Do not trust the MOK list", NULL };
+ CHAR16 *trust_tml[] = { L"Trust the MOK list", NULL };
+
+ if (MokTMLSize != sizeof(MokTMLvar)) {
+ console_notify(L"Invalid MokTML variable contents");
+ return EFI_INVALID_PARAMETER;
+ }
+
+ clear_screen();
+
+ message[0] = L"Change Trusted MOK List Keyring state";
+ message[1] = NULL;
+
+ console_save_and_set_mode(&SavedMode);
+ console_print_box_at(message, -1, 0, 0, -1, -1, 1, 1);
+ console_restore_mode(&SavedMode);
+
+ while (fail_count < 3) {
+ RandomBytes(&pos1, sizeof(pos1));
+ pos1 = (pos1 % var->PWLen);
+
+ do {
+ RandomBytes(&pos2, sizeof(pos2));
+ pos2 = (pos2 % var->PWLen);
+ } while (pos2 == pos1);
+
+ do {
+ RandomBytes(&pos3, sizeof(pos3));
+ pos3 = (pos3 % var->PWLen);
+ } while (pos3 == pos2 || pos3 == pos1);
+
+ str = PoolPrint(L"Enter password character %d: ", pos1 + 1);
+ if (!str) {
+ console_errorbox(L"Failed to allocate buffer");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ pass1 = get_password_charater(str);
+ FreePool(str);
+
+ str = PoolPrint(L"Enter password character %d: ", pos2 + 1);
+ if (!str) {
+ console_errorbox(L"Failed to allocate buffer");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ pass2 = get_password_charater(str);
+ FreePool(str);
+
+ str = PoolPrint(L"Enter password character %d: ", pos3 + 1);
+ if (!str) {
+ console_errorbox(L"Failed to allocate buffer");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ pass3 = get_password_charater(str);
+ FreePool(str);
+
+ if (pass1 != var->Password[pos1] ||
+ pass2 != var->Password[pos2] ||
+ pass3 != var->Password[pos3]) {
+ console_print(L"Invalid character\n");
+ fail_count++;
+ } else {
+ break;
+ }
+ }
+
+ if (fail_count >= 3) {
+ console_notify(L"Password limit reached");
+ return EFI_ACCESS_DENIED;
+ }
+
+ if (var->MokTMLState == 0)
+ ret = console_yes_no(trust_tml);
+ else
+ ret = console_yes_no(untrust_tml);
+
+ if (ret == 0) {
+ LibDeleteVariable(L"MokListTrustedNew", &SHIM_LOCK_GUID);
+ return EFI_ABORTED;
+ }
+
+ if (var->MokTMLState == 0) {
+ efi_status = RT->SetVariable(L"MokListTrusted", &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS,
1, &dbval);
if (EFI_ERROR(efi_status)) {
- console_notify(L"Failed to set DB state");
+ console_notify(L"Failed to set MokListTrusted state");
return efi_status;
}
} else {
- efi_status = gRT->SetVariable(L"MokDBState", &SHIM_LOCK_GUID,
+ efi_status = RT->SetVariable(L"MokListTrusted", &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS,
0, NULL);
if (EFI_ERROR(efi_status)) {
- console_notify(L"Failed to delete DB state");
+ console_notify(L"Failed to delete MokListTrusted state");
return efi_status;
}
}
return EFI_INVALID_PARAMETER;
}
- ST->ConOut->ClearScreen(ST->ConOut);
+ clear_screen();
SetMem(hash, PASSWORD_CRYPT_SIZE, 0);
if (console_yes_no(clear_p) == 0)
return EFI_ABORTED;
- gRT->SetVariable(L"MokPWStore", &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
+ RT->SetVariable(L"MokPWStore", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
goto mokpw_done;
}
if (console_yes_no(set_p) == 0)
return EFI_ABORTED;
- efi_status = gRT->SetVariable(L"MokPWStore", &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- MokPWSize, MokPW);
+ efi_status = RT->SetVariable(L"MokPWStore", &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ MokPWSize, MokPW);
if (EFI_ERROR(efi_status)) {
console_notify(L"Failed to set MOK password");
return efi_status;
*protected = FALSE;
- efi_status = gRT->GetVariable(L"MokPWStore", &SHIM_LOCK_GUID, &attributes,
- &size, pwhash);
+ efi_status = RT->GetVariable(L"MokPWStore", &SHIM_LOCK_GUID, &attributes,
+ &size, pwhash);
/*
* If anything can attack the password it could just set it to a
* known value, so there's no safety advantage in failing to validate
if (attributes & EFI_VARIABLE_RUNTIME_ACCESS)
return TRUE;
- ST->ConOut->ClearScreen(ST->ConOut);
+ clear_screen();
/* Draw the background */
console_save_and_set_mode(&SavedMode);
MOK_SET_PW,
MOK_CHANGE_DB,
MOK_KEY_ENROLL,
- MOK_HASH_ENROLL
+ MOK_HASH_ENROLL,
+ MOK_CHANGE_TML
} mok_menu_item;
static void free_menu(mok_menu_item * menu_item, CHAR16 ** menu_strings)
void *MokPW, UINTN MokPWSize,
void *MokDB, UINTN MokDBSize,
void *MokXNew, UINTN MokXNewSize,
- void *MokXDel, UINTN MokXDelSize)
+ void *MokXDel, UINTN MokXDelSize,
+ void *MokTML, UINTN MokTMLSize)
{
CHAR16 **menu_strings = NULL;
mok_menu_item *menu_item = NULL;
UINT32 MokXAuth = 0;
UINT32 MokXDelAuth = 0;
- efi_status = gRT->GetVariable(L"MokAuth", &SHIM_LOCK_GUID,
- &attributes, &auth_size, auth);
+ efi_status = RT->GetVariable(L"MokAuth", &SHIM_LOCK_GUID,
+ &attributes, &auth_size, auth);
if (!EFI_ERROR(efi_status) &&
(auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1;
- efi_status = gRT->GetVariable(L"MokDelAuth", &SHIM_LOCK_GUID,
- &attributes, &auth_size, auth);
+ efi_status = RT->GetVariable(L"MokDelAuth", &SHIM_LOCK_GUID,
+ &attributes, &auth_size, auth);
if (!EFI_ERROR(efi_status) &&
(auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1;
- efi_status = gRT->GetVariable(L"MokXAuth", &SHIM_LOCK_GUID,
- &attributes, &auth_size, auth);
+ efi_status = RT->GetVariable(L"MokXAuth", &SHIM_LOCK_GUID,
+ &attributes, &auth_size, auth);
if (!EFI_ERROR(efi_status) &&
(auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1;
- efi_status = gRT->GetVariable(L"MokXDelAuth", &SHIM_LOCK_GUID,
- &attributes, &auth_size, auth);
+ efi_status = RT->GetVariable(L"MokXDelAuth", &SHIM_LOCK_GUID,
+ &attributes, &auth_size, auth);
if (!EFI_ERROR(efi_status) &&
(auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
if (MokDB)
menucount++;
+ if (MokTML)
+ menucount++;
+
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) *
(menucount + 1));
if (!menu_strings)
i++;
}
+ if (MokTML) {
+ menu_strings[i] = L"Change MOK List Trusted State";
+ menu_item[i] = MOK_CHANGE_TML;
+ i++;
+ }
+
menu_strings[i] = L"Enroll key from disk";
menu_item[i] = MOK_KEY_ENROLL;
i++;
case MOK_HASH_ENROLL:
efi_status = mok_hash_enroll();
break;
+ case MOK_CHANGE_TML:
+ if (!MokTML) {
+ console_print(L"MokManager: internal error: %s",
+ L"MokListTrusted was ! NULL bs is now NULL\n");
+ ret = EFI_ABORTED;
+ goto out;
+ }
+ efi_status = mok_tml_prompt(MokTML, MokTMLSize);
+ if (!EFI_ERROR(efi_status))
+ MokTML = NULL;
+ break;
}
if (!EFI_ERROR(efi_status))
static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
{
UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0;
- UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0;
+ UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0, MokTMLSize = 0;
void *MokNew = NULL;
void *MokDel = NULL;
void *MokSB = NULL;
void *MokDB = NULL;
void *MokXNew = NULL;
void *MokXDel = NULL;
+ void *MokTML = NULL;
EFI_STATUS efi_status;
efi_status = get_variable(L"MokNew", (UINT8 **) & MokNew, &MokNewSize,
console_error(L"Could not retrieve MokDB", efi_status);
}
+ efi_status = get_variable(L"MokListTrustedNew", (UINT8 **) & MokTML,
+ &MokTMLSize, SHIM_LOCK_GUID);
+ if (!EFI_ERROR(efi_status)) {
+ efi_status = LibDeleteVariable(L"MokListTrustedNew",
+ &SHIM_LOCK_GUID);
+ if (EFI_ERROR(efi_status))
+ console_notify(L"Failed to delete MokListTrustedNew");
+ } else if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) {
+ console_error(L"Could not retrieve MokListTrustedNew",
+ efi_status);
+ }
+
efi_status = get_variable(L"MokXNew", (UINT8 **) & MokXNew,
&MokXNewSize, SHIM_LOCK_GUID);
if (!EFI_ERROR(efi_status)) {
enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize,
MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize,
- MokXNew, MokXNewSize, MokXDel, MokXDelSize);
+ MokXNew, MokXNewSize, MokXDel, MokXDelSize, MokTML, MokTMLSize);
if (MokNew)
FreePool(MokNew);
if (MokXDel)
FreePool(MokXDel);
+ if (MokTML)
+ FreePool(MokTML);
+
LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID);
LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID);
UINT64 seed;
BOOLEAN status;
- efi_status = gRT->GetTime(&time, NULL);
+ efi_status = RT->GetTime(&time, NULL);
if (EFI_ERROR(efi_status))
return efi_status;
MokPWStore: A SHA-256 representation of the password set by the user
via MokPW. The user will be prompted to enter this password in order
to interact with MokManager.
+
+MokListTrusted: An 8-bit unsigned integer. If 1, it signifies to Linux
+to trust CA keys in the MokList. BS,NV
+
+MokListTrustedRT: A copy of MokListTrusted made available to the kernel
+at runtime. RT
`SBAT` EFI variable
-----------------
-The SBAT EFI variable (`SBAT-605dab50-e046-4300-abb6-3dd810dd8b23`) is structured as a series ASCII CSV records:
+The SBAT EFI variable (`SbatLevel-605dab50-e046-4300-abb6-3dd810dd8b23`) is structured as a series ASCII CSV records:
```
sbat,1
produce a new build which fixes it and has the following in `.sbat`:
```
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
-grub,1,Free Software Foundation,grub,2.04,https://www.gnu.org/software/grub/
+grub,2,Free Software Foundation,grub,2.04,https://www.gnu.org/software/grub/
grub.debian,2,Debian,grub2,2.04-13,https://packages.debian.org/source/sid/grub2
```
is typically configured to trust 2 authorities for signing UEFI boot code, the
Microsoft UEFI Certificate Authority (CA) and Windows CA. When malicious or
security compromised code is detected, 2 revocation mechanisms are provided by
-compatible UEFI implementations, signing certificate or image hash. The UEFI
+compatible UEFI implementations: signing certificate or image hash. The UEFI
Specification does not provides any well tested additional revocation
mechanisms.
#### Generation-Based Revocation Scenarios
-Products (**not** vendors, a vendor can have multiple products or even pass a
+**Products** (**not** vendors, a vendor can have multiple products or even pass a
product from one vendor to another over time) are assigned a name. Product
names can specify a specific version or refer to the entire product family. For
example mydistro and mydistro,12.
-Components that are used as a link in the UEFI Secure Boot chain of trust are
+**Components** that are used as a link in the UEFI Secure Boot chain of trust are
assigned names. Examples of components are shim, GRUB, kernel, hypervisors, etc.
+Below is an example of a product and component, both in the same `sbat.csv` file. `sbat`
+defines the version of the format of the revocation metadata itself.
+`grub.acme` is an example of a product name.
+```
+sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
+grub.acme,1,Acme Corporation,grub,1.96-8191,https://acme.arpa/packages/grub
+```
+
We could conceivably support sub-components, but it's hard to conceive of a
scenario that would trigger a UEFI variable update that wouldn't justify a
hypervisor or kernel re-release to enforce that sub-component level from there.
Something like a "level 1.5 hypervisor" that can exist between different kernel
generations can be considered its own component.
-Each component is assigned a minimum global generation number. Vendors signing
+Each component is assigned a **minimum global generation number**. Vendors signing
component binary artifacts with a specific global generation number are
required to include fixes for any public or pre-disclosed issue required for
that generation. Additionally, in the event that a bypass only manifests in a
number to be published for one of their product's components. This avoids
triggering an industry wide re-publishing of otherwise safe components.
-A product-specific minimum generation number only applies to the instance of
+In the example above, 1 is sbat's minimum global generation number.
+
+A **product-specific minimum generation number** only applies to the instance of
that component that is signed with that product name. Another product's
instance of the same component may be installed on the same system and would
not be subject to the other product's product-specific minimum generation
minimum generation number would be incremented and that product's component
re-released along with a UEFI variable update specifying that requirement.
+In the example above, 1 is grub.acme's product-specific minimum generation number.
+
The global and product-specific generation number name spaces are not tied to
each other. The global number is managed externally, and the vast majority of
products will never publish a minimum product-specific generation number for
variable.
If this same Vendor C has a similar event after the global number is
-incremented, they would again set their product-specific or version-specific
-number to 1. If they have a second event on with the same component, they would
+incremented, they would again set their product-specific or **version-specific
+number** to 1. If they have a second event on the same component, they would
set their product-specific or version-specific number to 2.
In such an event, a vendor would set the product-specific or version-specific
customer impact with as few re-releases as possible, while not creating an
unnecessarily large UEFI revocation variable payload.
-| | prior to<br>disclosure | after<br>disclosure | after Vendor C's<br>first update | after Vendor C's<br>second update | after next global<br>disclosure |
+| | prior to<br>disclosure\* | after<br>disclosure | after Vendor C's<br>first update | after Vendor C's<br>second update | after next global<br>disclosure |
|--------------------------------------------------------------------------------------|------------------------|---------------------|----------------------------------|----------------------------------|---------------------------------|
| GRUB global<br>generation number in<br>artifacts .sbat section | 3 | 4 | 4 | 4 | 5 |
-| Vendor C's product-specific<br>generation number in artifact's<br>.sbat section | 1 | 1 | 5 | 6 | 1 |
+| Vendor C's product-specific<br>generation number in artifact's<br>.sbat section | 1 | 1 | 2 | 3 | 1 |
| GRUB global<br>generation number in<br>UEFI SBAT revocation variable | 3 | 4 | 4 | 4 | 5 |
-| Vendor C's product-specific<br>generation number in<br>UEFI SBAT revocation variable | not set | not set | 5 | 6 | not set |
+| Vendor C's product-specific<br>generation number in<br>UEFI SBAT revocation variable | not set | not set | 2 | 3 | not set |
+
+\* A disclosure is the event/date where a CVE and fixes for it are made public.
The product-specific generation number does not reset and continues to
-monotonically increase over the course of these events. Continuity of more
+monotonically increase over the course of these non-global events. Continuity of more
specific generation numbers must be maintained in this way in order to satisfy
checks against older revocation data.
identify the global generation associated with a product or version-specific
one. The payload is also built into shim to additionally limit exposure.
+At this time of writing, all version-numbers are set to 1. Presumably at some point,
+updated numbers will be published on the respective websites of the associated vendors
+and components.
+
#### Retiring Signed Releases
Products that have reached the end of their support life by definition no
those products from booting on a UEFI Secure Boot enabled system. However a
product made up of GRUB and a closed source kernel is just as conceivable. In
that case the kernel version may never move forward once the product reaches
-its end of support. Therefor it is recommended that the product-specific
+its end of support. Therefore it is recommended that the product-specific
generation number be incremented past the latest one shown in any binary for
that product, effectively disabling that product on UEFI Secure Boot enabled
systems.
The initial SBAT implementation will add SBAT metadata to Shim and GRUB and
enforce SBAT on all components labeled with it. Until a component (e.g. the
-Linux kernel gains SBAT metadata) it can not be revoked via SBAT, but only by
-revoking the keys signing that component. These keys will should live in
+Linux kernel) gains SBAT metadata it can not be revoked via SBAT, but only by
+revoking the keys signing that component. These keys will live in
separate, product-specific signed PE files that contain **only** the
certificate and SBAT metadata for the key files. These key files can then be
revoked via SBAT in order to invalidate and replace a specific key. While
| vendor_url | url to look stuff up, contact, whatever.
The format of this .sbat section is comma separated values, or more
-specifically UTF-8 encoded strings.
+specifically ASCII encoded strings.
## Example sbat sections
-20e4d9486fcae54ee44d2323ae342ffe68c920e6
\ No newline at end of file
+f2c598bb2218da966872ba3e0c6e7e830dca6ef0
\ No newline at end of file
char *token = NULL;
bool valid = true;
+
for (n = 0; n < *n_columns; n++) {
if (valid) {
}
max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0);
+ if (is_utf8_bom(line, max))
- if (line && is_utf8_bom(line, max))
line += UTF8_BOM_SIZE;
- while (line && line <= data_end) {
+ while (line <= data_end && *line) {
size_t entrysz = sizeof(char *) * n_columns + sizeof(struct csv_row);
struct csv_row *entry;
size_t m_columns = n_columns;
char *delim;
bool found = true;
+ bool eof = false;
end = data_end;
max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0);
+ /* Skip the delimiter(s) of the previous line */
while (max && found) {
found = false;
for (delim = &delims[0]; max && *delim; delim++) {
}
}
}
+ /* Find the first delimiter of the current line */
for (delim = &delims[0]; *delim; delim++) {
char *tmp = strnchrnul(line, max, *delim);
if (tmp < end)
end = tmp;
}
max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0);
+
+ if (!*end)
+ eof = true;
*end = '\0';
if (line == data_end || max == 0) {
parse_csv_line(line, max, &m_columns, (const char **)entry->columns);
entry->n_columns = m_columns;
+ if (eof)
+ break;
+
line = end + 1;
}
.rodata :
{
_rodata = .;
- *(.rela.dyn)
- *(.rela.plt)
- *(.rela.got)
- *(.rela.data)
- *(.rela.data*)
-
*(.rodata*)
*(.srodata)
- *(.dynsym)
- *(.dynstr)
. = ALIGN(16);
*(.note.gnu.build-id)
. = ALIGN(4096);
*(.vendor_cert)
*(.data.ident)
+ . = ALIGN(4096);
+ }
+ . = ALIGN(4096);
+ .rela :
+ {
+ *(.rela.dyn)
+ *(.rela.plt)
+ *(.rela.got)
+ *(.rela.data)
+ *(.rela.data*)
+ }
+ . = ALIGN(4096);
+ .dyn :
+ {
+ *(.dynsym)
+ *(.dynstr)
_evrodata = .;
. = ALIGN(4096);
}
.rodata :
{
_rodata = .;
- *(.rel.dyn)
- *(.rel.plt)
- *(.rel.got)
- *(.rel.data)
- *(.rel.data*)
-
*(.rodata*)
*(.srodata)
- *(.dynsym)
- *(.dynstr)
. = ALIGN(16);
*(.note.gnu.build-id)
. = ALIGN(4096);
*(.vendor_cert)
*(.data.ident)
+ . = ALIGN(4096);
+ }
+ . = ALIGN(4096);
+ .rela :
+ {
+ *(.rela.dyn)
+ *(.rela.plt)
+ *(.rela.got)
+ *(.rela.data)
+ *(.rela.data*)
+ }
+ . = ALIGN(4096);
+ .dyn :
+ {
+ *(.dynsym)
+ *(.dynstr)
_evrodata = .;
. = ALIGN(4096);
}
*(.gnu.linkonce.t.*)
_etext = .;
}
+ . = ALIGN(4096);
.reloc :
{
*(.reloc)
}
b = AllocateZeroPool(len + 2);
- if (!buffer) {
+ if (!b) {
console_print(L"Could not allocate memory\n");
fh2->Close(fh2);
return EFI_OUT_OF_RESOURCES;
efi_status = fh->Read(fh, &len, b);
if (EFI_ERROR(efi_status)) {
- FreePool(buffer);
+ FreePool(b);
fh2->Close(fh2);
console_print(L"Could not read file: %r\n", efi_status);
return efi_status;
StrLen(label)*2 + 2 + DevicePathSize(hddp) +
StrLen(arguments) * 2;
- CHAR8 *data = AllocateZeroPool(size + 2);
- CHAR8 *cursor = data;
+ CHAR8 *data, *cursor;
+ cursor = data = AllocateZeroPool(size + 2);
+ if (!data)
+ return EFI_OUT_OF_RESOURCES;
+
*(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
cursor += sizeof (UINT32);
*(UINT16 *)cursor = DevicePathSize(hddp);
if (!first_new_option) {
first_new_option = DuplicateDevicePath(fulldp);
- first_new_option_args = arguments;
+ first_new_option_args = StrDuplicate(arguments);
first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
}
- efi_status = gRT->SetVariable(varname, &GV_GUID,
+ efi_status = RT->SetVariable(varname, &GV_GUID,
EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS,
cursor += DevicePathSize(dp);
StrCpy((CHAR16 *)cursor, arguments);
- CHAR16 varname[256];
EFI_STATUS efi_status;
EFI_GUID vendor_guid = NullGuid;
+ UINTN buffer_size = 256 * sizeof(CHAR16);
+ CHAR16 *varname = AllocateZeroPool(buffer_size);
+ if (!varname)
+ return EFI_OUT_OF_RESOURCES;
UINTN max_candidate_size = calc_masked_boot_option_size(size);
CHAR8 *candidate = AllocateZeroPool(max_candidate_size);
return EFI_OUT_OF_RESOURCES;
}
- varname[0] = 0;
while (1) {
- UINTN varname_size = sizeof(varname);
- efi_status = gRT->GetNextVariableName(&varname_size, varname,
- &vendor_guid);
- if (EFI_ERROR(efi_status))
+ UINTN varname_size = buffer_size;
+ efi_status = RT->GetNextVariableName(&varname_size, varname,
+ &vendor_guid);
+ if (EFI_ERROR(efi_status)) {
+ if (efi_status == EFI_BUFFER_TOO_SMALL) {
+ VerbosePrint(L"Buffer too small for next variable name, re-allocating it to be %d bytes and retrying\n",
+ varname_size);
+ varname = ReallocatePool(varname,
+ buffer_size,
+ varname_size);
+ if (!varname)
+ return EFI_OUT_OF_RESOURCES;
+ buffer_size = varname_size;
+ continue;
+ }
+
+ if (efi_status == EFI_DEVICE_ERROR)
+ VerbosePrint(L"The next variable name could not be retrieved due to a hardware error\n");
+
+ if (efi_status == EFI_INVALID_PARAMETER)
+ VerbosePrint(L"Invalid parameter to GetNextVariableName: varname_size=%d, varname=%s\n",
+ varname_size, varname);
+
+ /* EFI_NOT_FOUND means we listed all variables */
+ VerbosePrint(L"Checked all boot entries\n");
break;
+ }
if (StrLen(varname) != 8 || StrnCmp(varname, L"Boot", 4) ||
!isxdigit(varname[4]) || !isxdigit(varname[5]) ||
continue;
UINTN candidate_size = max_candidate_size;
- efi_status = gRT->GetVariable(varname, &GV_GUID, NULL,
- &candidate_size, candidate);
+ efi_status = RT->GetVariable(varname, &GV_GUID, NULL,
+ &candidate_size, candidate);
if (EFI_ERROR(efi_status))
continue;
/* at this point, we have duplicate data. */
if (!first_new_option) {
first_new_option = DuplicateDevicePath(fulldp);
- first_new_option_args = arguments;
+ first_new_option_args = StrDuplicate(arguments);
first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
}
}
FreePool(candidate);
FreePool(data);
- return EFI_NOT_FOUND;
+ FreePool(varname);
+ return efi_status;
}
EFI_STATUS
for (j = 0 ; j < size / sizeof (CHAR16); j++)
VerbosePrintUnprefixed(L"%04x ", newbootorder[j]);
VerbosePrintUnprefixed(L"\n");
- efi_status = gRT->GetVariable(L"BootOrder", &GV_GUID, NULL, &len, NULL);
+ efi_status = RT->GetVariable(L"BootOrder", &GV_GUID, NULL, &len, NULL);
if (efi_status == EFI_BUFFER_TOO_SMALL)
LibDeleteVariable(L"BootOrder", &GV_GUID);
- efi_status = gRT->SetVariable(L"BootOrder", &GV_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_RUNTIME_ACCESS,
- size, newbootorder);
+ efi_status = RT->SetVariable(L"BootOrder", &GV_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ size, newbootorder);
FreePool(newbootorder);
return efi_status;
}
full_device_path = FileDevicePath(this_image->DeviceHandle, fullpath);
if (!full_device_path) {
efi_status = EFI_OUT_OF_RESOURCES;
- goto err;
+ goto done;
}
dps = DevicePathToStr(full_device_path);
VerbosePrint(L"file DP: %s\n", dps);
dp = full_device_path;
} else {
efi_status = EFI_OUT_OF_RESOURCES;
- goto err;
+ goto done;
}
}
if (EFI_ERROR(efi_status)) {
add_boot_option(dp, full_device_path, fullpath, label,
arguments);
- } else if (option != 0) {
- CHAR16 *newbootorder;
- newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder);
- if (!newbootorder)
- return EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
- newbootorder[0] = bootorder[option];
- CopyMem(newbootorder + 1, bootorder, sizeof (CHAR16) * option);
- CopyMem(newbootorder + option + 1, bootorder + option + 1,
- sizeof (CHAR16) * (nbootorder - option - 1));
+ UINT16 bootnum;
+ CHAR16 *newbootorder;
+ /* Search for the option in the current bootorder */
+ for (bootnum = 0; bootnum < nbootorder; bootnum++)
+ if (bootorder[bootnum] == option)
+ break;
+ if (bootnum == nbootorder) {
+ /* Option not found, prepend option and copy the rest */
+ newbootorder = AllocateZeroPool(sizeof(CHAR16)
+ * (nbootorder + 1));
+ if (!newbootorder) {
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+ newbootorder[0] = option;
+ CopyMem(newbootorder + 1, bootorder,
+ sizeof(CHAR16) * nbootorder);
+ FreePool(bootorder);
+ bootorder = newbootorder;
+ nbootorder += 1;
+ } else {
+ /* Option found, put first and slice the rest */
+ newbootorder = AllocateZeroPool(
+ sizeof(CHAR16) * nbootorder);
+ if (!newbootorder) {
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto done;
+ }
+ newbootorder[0] = option;
+ CopyMem(newbootorder + 1, bootorder,
+ sizeof(CHAR16) * bootnum);
+ CopyMem(newbootorder + 1 + bootnum,
+ bootorder + bootnum + 1,
+ sizeof(CHAR16) * (nbootorder - bootnum - 1));
FreePool(bootorder);
bootorder = newbootorder;
}
+ VerbosePrint(L"New nbootorder: %d\nBootOrder: ",
+ nbootorder);
+ for (int i = 0 ; i < nbootorder ; i++)
+ VerbosePrintUnprefixed(L"%04x ", bootorder[i]);
+ VerbosePrintUnprefixed(L"\n");
-err:
+done:
if (full_device_path)
FreePool(full_device_path);
if (dp && dp != full_device_path)
EFI_STATUS efi_status;
EFI_FILE_IO_INTERFACE *fio = NULL;
- efi_status = gBS->HandleProtocol(device, &FileSystemProtocol,
- (void **) &fio);
+ efi_status = BS->HandleProtocol(device, &FileSystemProtocol,
+ (void **) &fio);
if (EFI_ERROR(efi_status)) {
console_print(L"Couldn't find file system: %r\n", efi_status);
return efi_status;
return EFI_SUCCESS;
}
- efi_status = gBS->LoadImage(0, parent_image_handle, first_new_option,
- NULL, 0, &image_handle);
+ efi_status = BS->LoadImage(0, parent_image_handle, first_new_option,
+ NULL, 0, &image_handle);
if (EFI_ERROR(efi_status)) {
CHAR16 *dps = DevicePathToStr(first_new_option);
UINTN s = DevicePathSize(first_new_option);
}
EFI_LOADED_IMAGE *image;
- efi_status = gBS->HandleProtocol(image_handle, &LoadedImageProtocol,
- (void *) &image);
+ efi_status = BS->HandleProtocol(image_handle, &LoadedImageProtocol,
+ (void *) &image);
if (!EFI_ERROR(efi_status)) {
image->LoadOptions = first_new_option_args;
image->LoadOptionsSize = first_new_option_size;
}
- efi_status = gBS->StartImage(image_handle, NULL, NULL);
+ efi_status = BS->StartImage(image_handle, NULL, NULL);
if (EFI_ERROR(efi_status)) {
console_print(L"StartImage failed: %r\n", efi_status);
msleep(500000000);
UINT32 no_reboot;
UINTN size = sizeof(UINT32);
- efi_status = gRT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
- NULL, &size, &no_reboot);
+ efi_status = RT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
+ NULL, &size, &no_reboot);
if (!EFI_ERROR(efi_status)) {
return no_reboot;
}
return 0;
}
+#ifndef FALLBACK_NONINTERACTIVE
static EFI_STATUS
set_fallback_no_reboot(void)
{
EFI_STATUS efi_status;
UINT32 no_reboot = 1;
- efi_status = gRT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
- EFI_VARIABLE_NON_VOLATILE
- | EFI_VARIABLE_BOOTSERVICE_ACCESS
- | EFI_VARIABLE_RUNTIME_ACCESS,
- sizeof(UINT32), &no_reboot);
+ efi_status = RT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ sizeof(UINT32), &no_reboot);
return efi_status;
}
return choice;
}
+#endif
extern EFI_STATUS
efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab);
*/
debug_hook();
- efi_status = gBS->HandleProtocol(image, &LoadedImageProtocol,
- (void *) &this_image);
+ efi_status = BS->HandleProtocol(image, &LoadedImageProtocol,
+ (void *) &this_image);
if (EFI_ERROR(efi_status)) {
console_print(L"Error: could not find loaded image: %r\n",
efi_status);
try_start_first_option(image);
}
+#ifndef FALLBACK_NONINTERACTIVE
int timeout = draw_countdown();
if (timeout == 0)
goto reset;
VerbosePrint(L"tpm present, starting the first image\n");
try_start_first_option(image);
reset:
+#endif
VerbosePrint(L"tpm present, resetting system\n");
}
msleep(fallback_verbose_wait);
}
- gRT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+ RT->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
return EFI_SUCCESS;
}
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * globals.c - global shim state
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#include "shim.h"
+
+UINT32 vendor_authorized_size = 0;
+UINT8 *vendor_authorized = NULL;
+
+UINT32 vendor_deauthorized_size = 0;
+UINT8 *vendor_deauthorized = NULL;
+
+#if defined(ENABLE_SHIM_CERT)
+UINT32 build_cert_size;
+UINT8 *build_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
+
+/*
+ * indicator of how an image has been verified
+ */
+verification_method_t verification_method;
+int loader_is_participating;
+
+UINT8 user_insecure_mode;
+UINT8 ignore_db;
+UINT8 trust_mok_list;
+
+UINT32 verbose = 0;
+
+// vim:fenc=utf-8:tw=75:noet
|| ( [ $(GCCVERSION) -eq "4" ] \
&& [ $(GCCMINOR) -ge "7" ] ) ) \
&& echo 1)
- ifeq ($(GCCNEWENOUGH),1)
- CPPFLAGS += -DGNU_EFI_USE_MS_ABI -DGNU_EFI_USE_EXTERNAL_STDARG -maccumulate-outgoing-args --std=c11
- else ifeq ($(USING_CLANG),clang)
+ ifeq ($(USING_CLANG),clang)
CPPFLAGS += -DGNU_EFI_USE_MS_ABI -DGNU_EFI_USE_EXTERNAL_STDARG --std=c11
+ else ifeq ($(GCCNEWENOUGH),1)
+ CPPFLAGS += -DGNU_EFI_USE_MS_ABI -DGNU_EFI_USE_EXTERNAL_STDARG -maccumulate-outgoing-args --std=c11
endif
CFLAGS += -mno-red-zone
-fshort-wchar -fno-strict-aliasing \
-ffreestanding -fno-stack-protector \
-fno-stack-check -nostdinc \
+ $(CFLAGS_LTO) $(CFLAGS_GCOV) \
-isystem $(TOPDIR)/../include/system \
-isystem $(shell $(CC) $(ARCH3264) -print-file-name=include) \
$(if $(findstring gcc,$(CC)),-fno-merge-all-constants,)
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020
#define EFI_VARIABLE_APPEND_WRITE 0x00000040
+#define EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS 0x00000080
// Variable size limitation
#define EFI_MAXIMUM_VARIABLE_SIZE 1024
//
#define EFI_RUNTIME_SERVICES_SIGNATURE 0x56524553544e5552
+#define EFI_1_10_RUNTIME_SERVICES_REVISION ((1<<16) | (10))
+#define EFI_2_00_RUNTIME_SERVICES_REVISION ((2<<16) | (0))
#define EFI_RUNTIME_SERVICES_REVISION (EFI_SPECIFICATION_MAJOR_REVISION<<16) | (EFI_SPECIFICATION_MINOR_REVISION)
typedef struct {
//
#define EFI_BOOT_SERVICES_SIGNATURE 0x56524553544f4f42
+#define EFI_1_10_BOOT_SERVICES_REVISION ((1<<16) | (10))
+#define EFI_2_00_BOOT_SERVICES_REVISION ((2<<16) | (0))
#define EFI_BOOT_SERVICES_REVISION (EFI_SPECIFICATION_MAJOR_REVISION<<16) | (EFI_SPECIFICATION_MINOR_REVISION)
typedef struct _EFI_BOOT_SERVICES {
#define EFI_SYSTEM_TABLE_SIGNATURE 0x5453595320494249
+#define EFI_1_02_SYSTEM_TABLE_REVISION ((1<<16) | (02))
+#define EFI_1_10_SYSTEM_TABLE_REVISION ((1<<16) | (10))
+#define EFI_2_00_SYSTEM_TABLE_REVISION ((2<<16) | (0))
#define EFI_SYSTEM_TABLE_REVISION (EFI_SPECIFICATION_MAJOR_REVISION<<16) | (EFI_SPECIFICATION_MINOR_REVISION)
typedef struct _EFI_SYSTEM_TABLE {
IN UINTN Size
);
-VOID
+VOID EFIAPI
SetMem (
IN VOID *Buffer,
IN UINTN Size,
IN UINT8 Value
);
-VOID
+VOID EFIAPI
CopyMem (
IN VOID *Dest,
- IN CONST VOID *Src,
+ IN VOID *Src,
IN UINTN len
);
RtZeroMem (Buffer, Size);
}
-VOID
+VOID EFIAPI
SetMem (
IN VOID *Buffer,
IN UINTN Size,
RtSetMem (Buffer, Size, Value);
}
-VOID
+VOID EFIAPI
CopyMem (
IN VOID *Dest,
- IN CONST VOID *Src,
+ IN VOID *Src,
IN UINTN len
)
{
Size = StrSize(Src);
Dest = AllocatePool (Size);
if (Dest) {
- CopyMem (Dest, Src, Size);
+ CopyMem (Dest, (void *)Src, Size);
}
return Dest;
}
if (!*uri)
return EFI_OUT_OF_RESOURCES;
- CopyMem(*uri, current_uri, path_len);
- CopyMem(*uri + path_len, next_loader, next_len);
+ CopyMem(*uri, (void *)current_uri, path_len);
+ CopyMem(*uri + path_len, (void *)next_loader, next_len);
(*uri)[path_len + next_len] = '\0';
return EFI_SUCCESS;
if (!*hostname)
return EFI_OUT_OF_RESOURCES;
- CopyMem(*hostname, start, host_len);
+ CopyMem(*hostname, (void *)start, host_len);
(*hostname)[host_len] = '\0';
return EFI_SUCCESS;
/* Get the list of handles that support the HTTP service binding
protocol */
- efi_status = gBS->LocateHandleBuffer(ByProtocol,
- &EFI_HTTP_BINDING_GUID,
- NULL, &NoHandles, &buffer);
+ efi_status = BS->LocateHandleBuffer(ByProtocol,
+ &EFI_HTTP_BINDING_GUID,
+ NULL, &NoHandles, &buffer);
if (EFI_ERROR(efi_status))
return NULL;
EFI_IPv6_ADDRESS gateway;
EFI_STATUS efi_status;
- efi_status = gBS->HandleProtocol(nic, &EFI_IP6_CONFIG_GUID,
- (VOID **)&ip6cfg);
+ efi_status = BS->HandleProtocol(nic, &EFI_IP6_CONFIG_GUID,
+ (VOID **)&ip6cfg);
if (EFI_ERROR(efi_status))
return efi_status;
EFI_IPv4_ADDRESS gateway;
EFI_STATUS efi_status;
- efi_status = gBS->HandleProtocol(nic, &EFI_IP4_CONFIG2_GUID,
- (VOID **)&ip4cfg2);
+ efi_status = BS->HandleProtocol(nic, &EFI_IP4_CONFIG2_GUID,
+ (VOID **)&ip4cfg2);
if (EFI_ERROR(efi_status))
return efi_status;
tx_token.Message = &tx_message;
tx_token.Event = NULL;
request_done = FALSE;
- efi_status = gBS->CreateEvent(EVT_NOTIFY_SIGNAL, TPL_NOTIFY,
- httpnotify, &request_done,
- &tx_token.Event);
+ efi_status = BS->CreateEvent(EVT_NOTIFY_SIGNAL, TPL_NOTIFY,
+ httpnotify, &request_done,
+ &tx_token.Event);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to Create Event for HTTP request: %r\n",
efi_status);
}
error:
- event_status = gBS->CloseEvent(tx_token.Event);
+ event_status = BS->CloseEvent(tx_token.Event);
if (EFI_ERROR(event_status)) {
perror(L"Failed to close Event for HTTP request: %r\n",
event_status);
rx_token.Message = &rx_message;
rx_token.Event = NULL;
response_done = FALSE;
- efi_status = gBS->CreateEvent(EVT_NOTIFY_SIGNAL, TPL_NOTIFY,
- httpnotify, &response_done,
- &rx_token.Event);
+ efi_status = BS->CreateEvent(EVT_NOTIFY_SIGNAL, TPL_NOTIFY,
+ httpnotify, &response_done,
+ &rx_token.Event);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to Create Event for HTTP response: %r\n",
efi_status);
/* Check the length of the file */
for (i = 0; i < rx_message.HeaderCount; i++) {
- if (!strcmp(rx_message.Headers[i].FieldName, (CHAR8 *)"Content-Length")) {
+ if (!strcasecmp(rx_message.Headers[i].FieldName,
+ (CHAR8 *)"Content-Length")) {
*buf_size = ascii_to_int(rx_message.Headers[i].FieldValue);
}
}
}
error:
- event_status = gBS->CloseEvent(rx_token.Event);
+ event_status = BS->CloseEvent(rx_token.Event);
if (EFI_ERROR(event_status)) {
perror(L"Failed to close Event for HTTP response: %r\n",
event_status);
*buf_size = 0;
/* Open HTTP Service Binding Protocol */
- efi_status = gBS->OpenProtocol(device, &EFI_HTTP_BINDING_GUID,
- (VOID **) &service, image, NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ efi_status = BS->OpenProtocol(device, &EFI_HTTP_BINDING_GUID,
+ (VOID **) &service, image, NULL,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
if (EFI_ERROR(efi_status))
return efi_status;
}
/* Get the http protocol */
- efi_status = gBS->HandleProtocol(http_handle, &EFI_HTTP_PROTOCOL_GUID,
- (VOID **) &http);
+ efi_status = BS->HandleProtocol(http_handle, &EFI_HTTP_PROTOCOL_GUID,
+ (VOID **) &http);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to get http\n");
goto error;
}
#if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
__asm__ __volatile__("pause");
}
#elif defined(__aarch64__)
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
__asm__ __volatile__("wfi");
}
#else
-static inline void pause(void)
+static inline void wait_for_debug(void)
{
uint64_t a, b;
int x;
console_reset(void);
void
console_mode_handle(void);
+void
+clear_screen(void);
+
#define NOSEL 0x7fffffff
typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL EFI_CONSOLE_CONTROL_PROTOCOL;
extern EFI_STATUS EFIAPI vdprint_(const CHAR16 *fmt, const char *file, int line,
const char *func, ms_va_list args);
+#if defined(SHIM_UNIT_TEST)
+#define vdprint(fmt, ...)
+#else
#define vdprint(fmt, ...) \
vdprint_(fmt, __FILE__, __LINE__ - 1, __func__, ##__VA_ARGS__)
+#endif
extern EFI_STATUS print_crypto_errors(EFI_STATUS rc, char *file, const char *func, int line);
#define crypterr(rc) print_crypto_errors((rc), __FILE__, __func__, __LINE__)
/*
* Attributes of Authenticated Variable
*/
+#ifndef EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010
+#endif
+#ifndef EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020
+#endif
+#ifndef EFI_VARIABLE_APPEND_WRITE
#define EFI_VARIABLE_APPEND_WRITE 0x00000040
+#endif
/*
* AuthInfo is a WIN_CERTIFICATE using the wCertificateType
else
buf[offset++] = '.';
}
- buf[offset++] = size > 0 ? '|' : 'X';
+ buf[offset++] = '|';
buf[offset] = '\0';
}
if (verbose == 0)
return;
+ if (!data || !size) {
+ dprint(L"hexdump of a NULL pointer!\n");
+ return;
+ }
+
while (offset < size) {
char hexbuf[49];
char txtbuf[19];
hexdumpf(file, line, func, L"", data, size, at);
}
+#if defined(SHIM_UNIT_TEST)
+#define LogHexDump(data, ...)
+#define dhexdump(data, ...)
+#define dhexdumpat(data, ...)
+#define dhexdumpf(fmt, ...)
+#else
#define LogHexdump(data, sz) LogHexdump_(__FILE__, __LINE__, __func__, data, sz)
#define dhexdump(data, sz) hexdump(__FILE__, __LINE__, __func__, data, sz)
#define dhexdumpat(data, sz, at) \
hexdumpat(__FILE__, __LINE__ - 1, __func__, data, sz, at)
#define dhexdumpf(fmt, data, sz, at, ...) \
hexdumpf(__FILE__, __LINE__ - 1, __func__, fmt, data, sz, at, ##__VA_ARGS__)
+#endif
#endif /* STATIC_HEXDUMP_H */
// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * load-options.h - all the stuff we need to parse the load options
+ */
+
+#ifndef SHIM_ARGV_H_
+#define SHIM_ARGV_H_
+
+EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
+ CHAR16 *ImagePath,
+ CHAR16 **PathName);
+
+EFI_STATUS parse_load_options(EFI_LOADED_IMAGE *li);
+
+extern CHAR16 *second_stage;
+extern void *load_options;
+extern UINT32 load_options_size;
+
+#endif /* !SHIM_ARGV_H_ */
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * mock-variables.h - a mock GetVariable/SetVariable/GNVN/etc
+ * implementation for testing.
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef SHIM_MOCK_VARIABLES_H_
+#define SHIM_MOCK_VARIABLES_H_
+
+#include "test.h"
+
+EFI_STATUS EFIAPI mock_get_variable(CHAR16 *name, EFI_GUID *guid, UINT32 *attrs,
+ UINTN *size, VOID *data);
+EFI_STATUS EFIAPI mock_get_next_variable_name(UINTN *size, CHAR16 *name,
+ EFI_GUID *guid);
+EFI_STATUS EFIAPI mock_set_variable(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
+ UINTN size, VOID *data);
+EFI_STATUS EFIAPI mock_query_variable_info(UINT32 attrs,
+ UINT64 *max_var_storage,
+ UINT64 *remaining_var_storage,
+ UINT64 *max_var_size);
+
+EFI_STATUS EFIAPI mock_install_configuration_table(EFI_GUID *guid, VOID *table);
+
+struct mock_variable_limits {
+ UINT32 attrs;
+ UINT64 *max_var_storage;
+ UINT64 *remaining_var_storage;
+ UINT64 *max_var_size;
+ EFI_STATUS status;
+
+ list_t list;
+};
+
+typedef enum {
+ MOCK_SORT_DESCENDING,
+ MOCK_SORT_PREPEND,
+ MOCK_SORT_APPEND,
+ MOCK_SORT_ASCENDING,
+ MOCK_SORT_MAX_SENTINEL
+} mock_sort_policy_t;
+
+extern mock_sort_policy_t mock_variable_sort_policy;
+extern mock_sort_policy_t mock_config_table_sort_policy;
+
+#define MOCK_VAR_DELETE_ATTR_ALLOW_ZERO 0x01
+#define MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH 0x02
+
+extern UINT32 mock_variable_delete_attr_policy;
+
+extern list_t mock_default_variable_limits;
+extern list_t *mock_qvi_limits;
+extern list_t *mock_sv_limits;
+
+struct mock_variable {
+ CHAR16 *name;
+ EFI_GUID guid;
+ void *data;
+ size_t size;
+ uint32_t attrs;
+
+ list_t list;
+};
+
+extern list_t mock_variables;
+
+static inline void
+dump_mock_variables(const char * const file,
+ const int line,
+ const char * const func)
+{
+ list_t *pos = NULL;
+ printf("%s:%d:%s(): dumping variables\n", file, line, func);
+ list_for_each(pos, &mock_variables) {
+ struct mock_variable *var;
+
+ var = list_entry(pos, struct mock_variable, list);
+ printf("%s:%d:%s(): "GUID_FMT"-%s\n", file, line, func,
+ GUID_ARGS(var->guid), Str2str(var->name));
+ }
+}
+
+static inline void
+dump_mock_variables_if_wrong(const char * const file,
+ const int line,
+ const char * const func,
+ EFI_GUID *guid, CHAR16 *first)
+{
+ UINTN size = 0;
+ CHAR16 buf[8192] = { 0, };
+ EFI_STATUS status;
+
+ size = sizeof(buf);
+ buf[0] = L'\0';
+ status = RT->GetNextVariableName(&size, buf, guid);
+ if (EFI_ERROR(status)) {
+ printf("%s:%d:%s() Can't dump variables: %lx\n",
+ __FILE__, __LINE__, __func__,
+ (unsigned long)status);
+ return;
+ }
+ buf[size] = L'\0';
+ if (StrCmp(buf, first) == 0)
+ return;
+ printf("%s:%d:%s():expected \"%s\" but got \"%s\". Variables:\n",
+ file, line, func, Str2str(first), Str2str(buf));
+ dump_mock_variables(file, line, func);
+}
+
+void mock_load_variables(const char *const dirname, const char *filters[],
+ bool filter_out);
+void mock_install_query_variable_info(void);
+void mock_uninstall_query_variable_info(void);
+void mock_reset_variables(void);
+void mock_reset_config_table(void);
+void mock_finalize_vars_and_configs(void);
+
+typedef enum {
+ NONE = 0,
+ CREATE,
+ DELETE,
+ APPEND,
+ REPLACE,
+ GET,
+} mock_variable_op_t;
+
+static inline const char *
+format_var_op(mock_variable_op_t op)
+{
+ static const char *var_op_names[] = {
+ "NONE",
+ "CREATE",
+ "DELETE",
+ "APPEND",
+ "REPLACE",
+ "GET",
+ NULL
+ };
+
+ return var_op_names[op];
+}
+
+typedef EFI_STATUS (mock_set_variable_pre_hook_t)(CHAR16 *name, EFI_GUID *guid,
+ UINT32 attrs, UINTN size,
+ VOID *data);
+extern mock_set_variable_pre_hook_t *mock_set_variable_pre_hook;
+
+typedef void (mock_set_variable_post_hook_t)(CHAR16 *name, EFI_GUID *guid,
+ UINT32 attrs, UINTN size,
+ VOID *data, EFI_STATUS *status,
+ mock_variable_op_t op,
+ const char * const file,
+ const int line,
+ const char * const func);
+extern mock_set_variable_post_hook_t *mock_set_variable_post_hook;
+
+typedef EFI_STATUS (mock_get_variable_pre_hook_t)(CHAR16 *name, EFI_GUID *guid,
+ UINT32 *attrs, UINTN *size,
+ VOID *data);
+extern mock_get_variable_pre_hook_t *mock_get_variable_pre_hook;
+
+typedef void (mock_get_variable_post_hook_t)(CHAR16 *name, EFI_GUID *guid,
+ UINT32 *attrs, UINTN *size,
+ VOID *data, EFI_STATUS *status,
+ const char * const file,
+ const int line,
+ const char * const func);
+extern mock_get_variable_post_hook_t *mock_get_variable_post_hook;
+
+typedef EFI_STATUS (mock_get_next_variable_name_pre_hook_t)(UINTN *size,
+ CHAR16 *name,
+ EFI_GUID *guid);
+extern mock_get_next_variable_name_pre_hook_t
+ *mock_get_next_variable_name_pre_hook;
+
+typedef void (mock_get_next_variable_name_post_hook_t)(
+ UINTN *size, CHAR16 *name, EFI_GUID *guid,
+ EFI_STATUS *status, const char * const file,
+ const int line, const char * const func);
+extern mock_get_next_variable_name_post_hook_t
+ *mock_get_next_variable_name_post_hook;
+
+typedef EFI_STATUS (mock_query_variable_info_pre_hook_t)(
+ UINT32 attrs, UINT64 *max_var_storage,
+ UINT64 *remaining_var_storage, UINT64 *max_var_size);
+extern mock_query_variable_info_pre_hook_t *mock_query_variable_info_pre_hook;
+
+typedef void (mock_query_variable_info_post_hook_t)(
+ UINT32 attrs, UINT64 *max_var_storage, UINT64 *remaining_var_storage,
+ UINT64 *max_var_size, EFI_STATUS *status, const char * const file,
+ const int line, const char * const func);
+extern mock_query_variable_info_post_hook_t *mock_query_variable_info_post_hook;
+
+#define MOCK_CONFIG_TABLE_ENTRIES 1024
+extern EFI_CONFIGURATION_TABLE mock_config_table[MOCK_CONFIG_TABLE_ENTRIES];
+
+#endif /* !SHIM_MOCK_VARIABLES_H_ */
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * mok.h - structs for MoK data
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef SHIM_MOK_H_
+#define SHIM_MOK_H_
+
+#include "shim.h"
+
+typedef enum {
+ VENDOR_ADDEND_DB,
+ VENDOR_ADDEND_X509,
+ VENDOR_ADDEND_NONE,
+} vendor_addend_category_t;
+
+struct mok_state_variable;
+typedef vendor_addend_category_t (vendor_addend_categorizer_t)(struct mok_state_variable *);
+
+/*
+ * MoK variables that need to have their storage validated.
+ *
+ * The order here is important, since this is where we measure for the
+ * tpm as well.
+ */
+struct mok_state_variable {
+ CHAR16 *name; /* UCS-2 BS|NV variable name */
+ char *name8; /* UTF-8 BS|NV variable name */
+ CHAR16 *rtname; /* UCS-2 RT variable name */
+ char *rtname8; /* UTF-8 RT variable name */
+ EFI_GUID *guid; /* variable GUID */
+
+ /*
+ * these are used during processing, they shouldn't be filled out
+ * in the static table below.
+ */
+ UINT8 *data;
+ UINTN data_size;
+
+ /*
+ * addend are added to the input variable, as part of the runtime
+ * variable, so that they're visible to the kernel. These are
+ * where we put vendor_cert / vendor_db / vendor_dbx
+ *
+ * These are indirect pointers just to make initialization saner...
+ */
+ vendor_addend_categorizer_t *categorize_addend; /* determines format */
+ /*
+ * we call categorize_addend() and it determines what kind of thing
+ * this is. That is, if this shim was built with VENDOR_CERT, for
+ * the DB entry it'll return VENDOR_ADDEND_X509; if you used
+ * VENDOR_DB instead, it'll return VENDOR_ADDEND_DB. If you used
+ * neither, it'll do VENDOR_ADDEND_NONE.
+ *
+ * The existing categorizers are for db and dbx; they differ
+ * because we don't currently support a CERT for dbx.
+ */
+ UINT8 **addend;
+ UINT32 *addend_size;
+
+ /*
+ * build_cert is our build-time cert. Like addend, this is added
+ * to the input variable, as part of the runtime variable, so that
+ * they're visible to the kernel. This is the ephemeral cert used
+ * for signing MokManager.efi and fallback.efi.
+ *
+ * These are indirect pointers just to make initialization saner...
+ */
+ UINT8 **build_cert;
+ UINT32 *build_cert_size;
+
+ UINT32 yes_attr; /* var attrs that must be set */
+ UINT32 no_attr; /* var attrs that must not be set */
+ UINT32 flags; /* flags on what and how to mirror */
+ /*
+ * MOK_MIRROR_KEYDB mirror this as a key database
+ * MOK_MIRROR_DELETE_FIRST delete any existing variable first
+ * MOK_VARIABLE_MEASURE extend PCR 7 and log the hash change
+ * MOK_VARIABLE_LOG measure into whatever .pcr says and log
+ */
+ UINTN pcr; /* PCR to measure and hash to */
+
+ /*
+ * if this is a state value, a pointer to our internal state to be
+ * mirrored.
+ */
+ UINT8 *state;
+};
+
+extern size_t n_mok_state_variables;
+extern struct mok_state_variable *mok_state_variables;
+
+struct mok_variable_config_entry {
+ CHAR8 name[256];
+ UINT64 data_size;
+ UINT8 data[];
+};
+
+#endif /* !SHIM_MOK_H_ */
+// vim:fenc=utf-8:tw=75:noet
UINTN *alloc_pages);
EFI_STATUS
-generate_hash (char *data, unsigned int datasize_in,
+generate_hash (char *data, unsigned int datasize,
PE_COFF_LOADER_IMAGE_CONTEXT *context,
UINT8 *sha256hash, UINT8 *sha1hash);
return 0;
tokend = &str[max-1];
- if (!str || max == 0 || !delims || !token)
- return 0;
/*
* the very special case of "" with max=1, where we have no prior
#endif
#if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \
- defined(__i486__) || defined(__i686__)
+ defined(__i486__) || defined(__i686__) || defined(__COVERITY__)
typedef __builtin_va_list ms_va_list;
typedef __builtin_va_list __builtin_ms_va_list;
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-data-efivars-0.h - test data
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef TEST_DATA_EFIVARS_0_H_
+#define TEST_DATA_EFIVARS_0_H_
+
+static const unsigned char test_data_efivars_0_Boot0000[] = {
+ 0x01, 0x00, 0x00, 0x00, 0x62, 0x00, 0x46, 0x00, 0x65, 0x00, 0x64, 0x00,
+ 0x6f, 0x00, 0x72, 0x00, 0x61, 0x00, 0x00, 0x00, 0x04, 0x01, 0x2a, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0xf8, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x41, 0x58, 0x7f, 0x92,
+ 0x54, 0xdc, 0xf4, 0x4f, 0x82, 0x1c, 0xd2, 0x9b, 0x59, 0xc4, 0x8a, 0xb1,
+ 0x02, 0x02, 0x04, 0x04, 0x34, 0x00, 0x5c, 0x00, 0x45, 0x00, 0x46, 0x00,
+ 0x49, 0x00, 0x5c, 0x00, 0x46, 0x00, 0x45, 0x00, 0x44, 0x00, 0x4f, 0x00,
+ 0x52, 0x00, 0x41, 0x00, 0x5c, 0x00, 0x53, 0x00, 0x48, 0x00, 0x49, 0x00,
+ 0x4d, 0x00, 0x58, 0x00, 0x36, 0x00, 0x34, 0x00, 0x2e, 0x00, 0x45, 0x00,
+ 0x46, 0x00, 0x49, 0x00, 0x00, 0x00, 0x7f, 0xff, 0x04, 0x00
+};
+
+static const unsigned char test_data_efivars_0_dbDefault[] = {
+ 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15,
+ 0x5c, 0x2b, 0xf0, 0x72, 0x82, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x66, 0x03, 0x00, 0x00, 0x91, 0x30, 0x05, 0x3b, 0x9f, 0x6c, 0xcc, 0x04,
+ 0xb1, 0xac, 0xe2, 0xa5, 0x1e, 0x3b, 0xe5, 0xf5, 0x30, 0x82, 0x03, 0x52,
+ 0x30, 0x82, 0x02, 0x3a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xda,
+ 0x83, 0xb9, 0x90, 0x42, 0x2e, 0xbc, 0x8c, 0x44, 0x1f, 0x8d, 0x8b, 0x03,
+ 0x9a, 0x65, 0xa2, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, 0x41, 0x53, 0x55, 0x53, 0x54,
+ 0x65, 0x4b, 0x20, 0x4d, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x42, 0x6f, 0x61,
+ 0x72, 0x64, 0x20, 0x53, 0x57, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x65,
+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1e, 0x17,
+ 0x0d, 0x31, 0x31, 0x31, 0x32, 0x32, 0x36, 0x32, 0x33, 0x33, 0x35, 0x30,
+ 0x35, 0x5a, 0x17, 0x0d, 0x33, 0x31, 0x31, 0x32, 0x32, 0x36, 0x32, 0x33,
+ 0x33, 0x35, 0x30, 0x34, 0x5a, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, 0x41, 0x53, 0x55, 0x53, 0x54, 0x65,
+ 0x4b, 0x20, 0x4d, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x42, 0x6f, 0x61, 0x72,
+ 0x64, 0x20, 0x53, 0x57, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x65, 0x72,
+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x82, 0x01, 0x22,
+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+ 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0x8c, 0xf6, 0xa6, 0xeb, 0x77, 0xfc, 0x83,
+ 0x8a, 0xa4, 0x9f, 0xd5, 0xf8, 0xcf, 0x3f, 0x37, 0xf2, 0x6e, 0x2d, 0x0a,
+ 0x62, 0xc5, 0xd8, 0x9b, 0x1d, 0x16, 0x0b, 0x22, 0x7f, 0x29, 0x5f, 0x3a,
+ 0x26, 0xdf, 0x53, 0x97, 0x8c, 0x78, 0x94, 0x19, 0x90, 0x42, 0x73, 0x0f,
+ 0x85, 0xc2, 0xff, 0xa4, 0x85, 0x7c, 0x81, 0x2e, 0x0b, 0x51, 0xba, 0x56,
+ 0x23, 0x27, 0x92, 0x3d, 0xa3, 0xf2, 0xdc, 0xe2, 0x77, 0x84, 0x9e, 0x50,
+ 0xbe, 0x8a, 0xeb, 0x51, 0x34, 0xa4, 0xf8, 0xef, 0x5d, 0xd7, 0x51, 0xfe,
+ 0x70, 0x42, 0x4c, 0x42, 0x06, 0xef, 0x69, 0x2c, 0xa2, 0xd3, 0x25, 0xe1,
+ 0x26, 0x57, 0x23, 0x85, 0x6d, 0xd0, 0xa7, 0x7b, 0xc0, 0x45, 0x28, 0x7e,
+ 0x89, 0xd5, 0xb4, 0x0a, 0xeb, 0xaf, 0x41, 0x79, 0x21, 0xd2, 0xd7, 0x00,
+ 0xec, 0x48, 0xf9, 0x44, 0xf6, 0x5b, 0xbe, 0xb6, 0x25, 0x24, 0xf0, 0x8e,
+ 0x2e, 0xb4, 0x52, 0x3e, 0xe1, 0x0e, 0xc1, 0xa4, 0x67, 0xea, 0xfe, 0xe5,
+ 0x93, 0xcc, 0xb9, 0xc4, 0x36, 0x21, 0xcb, 0x54, 0xfa, 0xaf, 0x9d, 0x9c,
+ 0x85, 0x78, 0xcc, 0xe5, 0x88, 0xf3, 0x84, 0x0c, 0x67, 0xdb, 0x26, 0x69,
+ 0x58, 0xca, 0xde, 0x47, 0x34, 0xec, 0xcf, 0x2f, 0xb6, 0x49, 0x59, 0xb5,
+ 0x56, 0xdb, 0x58, 0x45, 0x7b, 0x21, 0x9d, 0x99, 0x0b, 0x5f, 0xde, 0x57,
+ 0x16, 0xa6, 0xab, 0xc8, 0x79, 0x3f, 0x9d, 0x76, 0x89, 0xe2, 0x09, 0xf9,
+ 0x8d, 0xe2, 0x63, 0x37, 0xfc, 0x74, 0xea, 0x73, 0x7e, 0x70, 0xac, 0x15,
+ 0x16, 0xa5, 0xed, 0x88, 0x60, 0x5f, 0x33, 0xed, 0x94, 0x9e, 0x0a, 0x05,
+ 0xde, 0xc7, 0x85, 0xc3, 0xc1, 0x7a, 0x54, 0xfb, 0x4e, 0xcb, 0xcb, 0xe8,
+ 0x5e, 0x44, 0x7c, 0x39, 0xdb, 0x2d, 0xb2, 0xb7, 0x6c, 0xce, 0xca, 0x2f,
+ 0x63, 0x9d, 0x16, 0x4e, 0xa6, 0xe5, 0xef, 0xd6, 0xcf, 0x02, 0x03, 0x01,
+ 0x00, 0x01, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x62, 0x06, 0x03, 0x55, 0x1d,
+ 0x01, 0x04, 0x5b, 0x30, 0x59, 0x80, 0x10, 0x56, 0xb0, 0x8b, 0x2a, 0xa7,
+ 0xfe, 0xcc, 0xf1, 0x0c, 0xed, 0x87, 0x62, 0xdc, 0xd5, 0x1d, 0xc3, 0xa1,
+ 0x33, 0x30, 0x31, 0x31, 0x2f, 0x30, 0x2d, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x13, 0x26, 0x41, 0x53, 0x55, 0x53, 0x54, 0x65, 0x4b, 0x20, 0x4d, 0x6f,
+ 0x74, 0x68, 0x65, 0x72, 0x42, 0x6f, 0x61, 0x72, 0x64, 0x20, 0x53, 0x57,
+ 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+ 0x63, 0x61, 0x74, 0x65, 0x82, 0x10, 0xda, 0x83, 0xb9, 0x90, 0x42, 0x2e,
+ 0xbc, 0x8c, 0x44, 0x1f, 0x8d, 0x8b, 0x03, 0x9a, 0x65, 0xa2, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
+ 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x02, 0xcf, 0x52, 0x6f, 0x0b, 0x91,
+ 0xeb, 0xe4, 0x3b, 0xb2, 0x70, 0x0c, 0x07, 0x2d, 0x79, 0x80, 0x01, 0x9e,
+ 0x4b, 0x4d, 0x92, 0xbb, 0xdc, 0x9e, 0xe5, 0xe5, 0x31, 0x85, 0xe3, 0x9a,
+ 0x75, 0xed, 0xca, 0xde, 0x8c, 0xee, 0x28, 0x34, 0x01, 0x83, 0x14, 0x47,
+ 0x9e, 0x3a, 0xd4, 0x43, 0x5b, 0x2c, 0xc4, 0x41, 0xc8, 0x40, 0x7d, 0xb5,
+ 0x08, 0x76, 0x86, 0x80, 0x2b, 0xa8, 0x00, 0x9f, 0xb7, 0xd3, 0xb1, 0xe6,
+ 0x60, 0x5c, 0x32, 0xb0, 0xa0, 0x01, 0x0f, 0xba, 0x36, 0x8b, 0xb7, 0xb5,
+ 0x4e, 0x87, 0xd5, 0xb7, 0x0a, 0x2c, 0xbd, 0xbc, 0x6a, 0x43, 0x3c, 0xee,
+ 0x76, 0x7c, 0x76, 0x20, 0xed, 0x39, 0x91, 0xa8, 0xbf, 0x70, 0x1e, 0xd6,
+ 0xa8, 0x1a, 0x3e, 0x81, 0x36, 0x6b, 0x7d, 0x1d, 0x8d, 0xf6, 0xf8, 0xaf,
+ 0x5b, 0x38, 0x53, 0x6a, 0x04, 0x0d, 0x7e, 0xae, 0x4d, 0xee, 0xab, 0x02,
+ 0xd4, 0xa4, 0xa2, 0xa9, 0xcf, 0xb6, 0xe3, 0x66, 0xa3, 0xca, 0x4d, 0x5d,
+ 0xd4, 0x18, 0x61, 0x4d, 0xda, 0x83, 0x28, 0x4e, 0xaa, 0x2a, 0xaf, 0xda,
+ 0xeb, 0xdf, 0x2a, 0x20, 0xbd, 0x78, 0x80, 0xef, 0xd1, 0xb0, 0xdd, 0x9b,
+ 0x77, 0xdb, 0xc9, 0x25, 0x39, 0x4b, 0xcf, 0xa2, 0x86, 0x1a, 0xac, 0xcc,
+ 0x32, 0xe7, 0x87, 0xd4, 0x59, 0xb2, 0x03, 0xc4, 0x69, 0x02, 0x8f, 0x17,
+ 0xc9, 0xde, 0x52, 0xcb, 0xe7, 0xab, 0xb8, 0x35, 0xc5, 0xf8, 0x33, 0x06,
+ 0x03, 0x93, 0x52, 0xcf, 0xb3, 0x68, 0xd2, 0xb3, 0x5c, 0x1c, 0xe8, 0x19,
+ 0xfe, 0x75, 0x26, 0xed, 0xd1, 0x65, 0x72, 0x13, 0x4d, 0x69, 0x34, 0x5a,
+ 0x9b, 0x0c, 0xb4, 0xe3, 0x56, 0x53, 0x3c, 0xb4, 0x67, 0x27, 0xf8, 0xfa,
+ 0xd3, 0x20, 0xda, 0x37, 0x58, 0xf6, 0xad, 0xe2, 0x82, 0x59, 0xa2, 0xb8,
+ 0x22, 0x2f, 0x9e, 0x56, 0xfe, 0xbc, 0x17, 0x49, 0x1d, 0xaf, 0xa1, 0x59,
+ 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b,
+ 0xf0, 0x72, 0x79, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5d, 0x03,
+ 0x00, 0x00, 0x91, 0x30, 0x05, 0x3b, 0x9f, 0x6c, 0xcc, 0x04, 0xb1, 0xac,
+ 0xe2, 0xa5, 0x1e, 0x3b, 0xe5, 0xf5, 0x30, 0x82, 0x03, 0x49, 0x30, 0x82,
+ 0x02, 0x31, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xb8, 0xe5, 0x81,
+ 0xe4, 0xdf, 0x77, 0xa5, 0xbb, 0x42, 0x82, 0xd5, 0xcc, 0xfc, 0x00, 0xc0,
+ 0x71, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+ 0x01, 0x0b, 0x05, 0x00, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x13, 0x23, 0x41, 0x53, 0x55, 0x53, 0x54, 0x65, 0x4b,
+ 0x20, 0x4e, 0x6f, 0x74, 0x65, 0x62, 0x6f, 0x6f, 0x6b, 0x20, 0x53, 0x57,
+ 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+ 0x63, 0x61, 0x74, 0x65, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x31, 0x32,
+ 0x32, 0x37, 0x30, 0x30, 0x31, 0x38, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33,
+ 0x31, 0x31, 0x32, 0x32, 0x37, 0x30, 0x30, 0x31, 0x38, 0x35, 0x32, 0x5a,
+ 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x23, 0x41, 0x53, 0x55, 0x53, 0x54, 0x65, 0x4b, 0x20, 0x4e, 0x6f, 0x74,
+ 0x65, 0x62, 0x6f, 0x6f, 0x6b, 0x20, 0x53, 0x57, 0x20, 0x4b, 0x65, 0x79,
+ 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
+ 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x9e, 0x61, 0xfa,
+ 0x74, 0x2c, 0x2a, 0x88, 0x17, 0xc4, 0xbd, 0x77, 0x19, 0x0d, 0xb3, 0x33,
+ 0x27, 0x0c, 0x0e, 0x94, 0xec, 0xb0, 0x8b, 0x71, 0xb3, 0x08, 0x77, 0xb7,
+ 0xd2, 0x08, 0x9d, 0x32, 0x4f, 0x5c, 0xf7, 0x0c, 0xcf, 0xe0, 0x29, 0x53,
+ 0x56, 0xed, 0x24, 0x91, 0xd8, 0xbd, 0x53, 0x2a, 0x89, 0x89, 0x8c, 0x74,
+ 0x28, 0xab, 0x16, 0x2d, 0x4f, 0x9b, 0x65, 0xfc, 0x63, 0x7d, 0xed, 0x23,
+ 0xb6, 0x97, 0x5c, 0x6d, 0x04, 0xe4, 0x15, 0x7f, 0xdc, 0xf8, 0xba, 0x6b,
+ 0x08, 0xcc, 0xc9, 0x21, 0xe9, 0xb5, 0xde, 0x8e, 0x03, 0x28, 0x12, 0x63,
+ 0xf0, 0x6a, 0xb6, 0xe5, 0xdf, 0x1d, 0x72, 0x28, 0xcc, 0x64, 0xd6, 0x63,
+ 0x66, 0x2f, 0x04, 0x52, 0x6a, 0x1d, 0x25, 0x7d, 0xc7, 0xbd, 0xe0, 0x78,
+ 0xfb, 0x0c, 0xb7, 0x37, 0xe5, 0xae, 0xf7, 0x0d, 0xd6, 0xb5, 0xb4, 0xbf,
+ 0xf5, 0xf1, 0xc6, 0x82, 0x56, 0x78, 0x5c, 0xa8, 0xf3, 0x53, 0x2e, 0xf5,
+ 0xec, 0x15, 0x3f, 0x12, 0x62, 0x2f, 0xeb, 0xb6, 0x79, 0x79, 0x86, 0xac,
+ 0x76, 0xff, 0xb6, 0x66, 0x45, 0xf5, 0x33, 0xda, 0xdd, 0x25, 0xd6, 0xa7,
+ 0xbf, 0xf8, 0xd9, 0xdb, 0xd3, 0xf1, 0xfa, 0xce, 0x0e, 0x22, 0x30, 0xd7,
+ 0xd4, 0x80, 0x02, 0xbd, 0xd3, 0x2c, 0x1e, 0xec, 0x46, 0x2e, 0x2f, 0xca,
+ 0x0f, 0x7a, 0xfa, 0xb9, 0x5c, 0xff, 0x2b, 0x16, 0xc6, 0x6a, 0x6b, 0x8d,
+ 0x94, 0x64, 0x92, 0x7e, 0xf9, 0x55, 0xee, 0x96, 0x00, 0x4d, 0x04, 0x2e,
+ 0x4b, 0x15, 0xed, 0xf1, 0x08, 0x49, 0x6a, 0x07, 0x86, 0x69, 0xc8, 0xc5,
+ 0x64, 0xfa, 0xad, 0x2c, 0x4f, 0x02, 0x50, 0xe4, 0x1f, 0x83, 0xc7, 0x2f,
+ 0x19, 0x9f, 0xe8, 0xa5, 0x62, 0xd9, 0x51, 0x32, 0x18, 0xb6, 0x83, 0xca,
+ 0x08, 0x0a, 0xa1, 0xab, 0xa7, 0x65, 0x70, 0x9c, 0x1e, 0x48, 0xc3, 0x0f,
+ 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x5f,
+ 0x06, 0x03, 0x55, 0x1d, 0x01, 0x04, 0x58, 0x30, 0x56, 0x80, 0x10, 0x00,
+ 0x65, 0x11, 0xe3, 0xca, 0x0f, 0x96, 0xe8, 0x8d, 0x5b, 0x04, 0xa4, 0xe7,
+ 0xfe, 0xce, 0xaa, 0xa1, 0x30, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x23, 0x41, 0x53, 0x55, 0x53, 0x54, 0x65,
+ 0x4b, 0x20, 0x4e, 0x6f, 0x74, 0x65, 0x62, 0x6f, 0x6f, 0x6b, 0x20, 0x53,
+ 0x57, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+ 0x69, 0x63, 0x61, 0x74, 0x65, 0x82, 0x10, 0xb8, 0xe5, 0x81, 0xe4, 0xdf,
+ 0x77, 0xa5, 0xbb, 0x42, 0x82, 0xd5, 0xcc, 0xfc, 0x00, 0xc0, 0x71, 0x30,
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x31, 0x18, 0xf4, 0xee, 0xe3,
+ 0x72, 0xba, 0xbe, 0x33, 0x44, 0x61, 0x74, 0x19, 0x1f, 0x66, 0xac, 0x5c,
+ 0xfd, 0x1d, 0x9a, 0x26, 0x75, 0xd0, 0x14, 0xcd, 0x68, 0x38, 0xb3, 0xa8,
+ 0x3f, 0x4f, 0xb4, 0x4a, 0xe9, 0x1e, 0x21, 0xf2, 0xc9, 0xee, 0x37, 0x96,
+ 0x26, 0xbe, 0x1d, 0x58, 0x9b, 0xad, 0x21, 0xce, 0x58, 0x79, 0x53, 0xd3,
+ 0xff, 0x38, 0xef, 0x8f, 0x22, 0xcd, 0x90, 0x0e, 0xc6, 0x32, 0x21, 0x75,
+ 0x9b, 0x5a, 0xab, 0xaf, 0x08, 0xff, 0x05, 0xcd, 0x2b, 0xf8, 0x8c, 0xe7,
+ 0x97, 0x47, 0xbb, 0x78, 0xe4, 0x5f, 0x56, 0x47, 0xd2, 0xbc, 0xc8, 0xa5,
+ 0x95, 0xcb, 0x76, 0x89, 0x5c, 0x65, 0x24, 0x02, 0x18, 0x06, 0x9c, 0x12,
+ 0x5f, 0xef, 0xe0, 0x5c, 0x19, 0x45, 0x38, 0x96, 0xdf, 0x7a, 0x60, 0x5d,
+ 0x61, 0xba, 0x4d, 0xc8, 0x7b, 0x6e, 0x8d, 0x8c, 0x6e, 0x1d, 0xa9, 0xe5,
+ 0x92, 0x35, 0xa2, 0x4f, 0x36, 0xd3, 0x40, 0xad, 0xd7, 0x40, 0x12, 0xab,
+ 0x6c, 0x48, 0x8d, 0x18, 0x92, 0xe4, 0x00, 0x52, 0x03, 0xdf, 0x14, 0xac,
+ 0x66, 0x3f, 0x6a, 0xae, 0x42, 0x3a, 0x06, 0x50, 0xaa, 0xa5, 0x0d, 0x40,
+ 0xa7, 0x7b, 0xeb, 0xfd, 0x41, 0x49, 0xff, 0xeb, 0xa3, 0xb4, 0x50, 0x4f,
+ 0xf7, 0x54, 0x13, 0x3b, 0x1f, 0x8e, 0xb4, 0x45, 0x04, 0x20, 0x42, 0x74,
+ 0xfe, 0x78, 0x3d, 0xbe, 0x7c, 0xdb, 0xa7, 0x2a, 0x2a, 0x9d, 0x06, 0x48,
+ 0xc0, 0x9a, 0x02, 0x23, 0xaf, 0xf2, 0x98, 0x07, 0x95, 0xde, 0x3b, 0x30,
+ 0x73, 0xec, 0x3e, 0x73, 0x58, 0x8f, 0x07, 0x53, 0x40, 0x96, 0xd8, 0x24,
+ 0xd9, 0x66, 0x80, 0x7a, 0x75, 0x8d, 0xb7, 0x39, 0x27, 0x10, 0x89, 0x7a,
+ 0xb4, 0x53, 0xbf, 0x3b, 0xc2, 0xe2, 0x97, 0x93, 0x37, 0x8a, 0x9d, 0x4d,
+ 0x23, 0x6e, 0xac, 0xeb, 0x0d, 0x53, 0x21, 0x4d, 0x0b, 0x34, 0x13, 0xa1,
+ 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c,
+ 0x2b, 0xf0, 0x72, 0x40, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24,
+ 0x06, 0x00, 0x00, 0xbd, 0x9a, 0xfa, 0x77, 0x59, 0x03, 0x32, 0x4d, 0xbd,
+ 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b, 0x30, 0x82, 0x06, 0x10, 0x30,
+ 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0a, 0x61, 0x08,
+ 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
+ 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
+ 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03,
+ 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69,
+ 0x6f, 0x6e, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x54,
+ 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, 0x74, 0x79, 0x20, 0x4d,
+ 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x20, 0x52,
+ 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, 0x36, 0x32,
+ 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x36,
+ 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
+ 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03,
+ 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69,
+ 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x55,
+ 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30,
+ 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c,
+ 0xc7, 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75,
+ 0x0c, 0x43, 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d,
+ 0x0b, 0xb2, 0x73, 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5,
+ 0x16, 0x2d, 0x96, 0xd3, 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41,
+ 0x80, 0x90, 0x3c, 0xb9, 0x54, 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4,
+ 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c,
+ 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, 0x9a, 0x8a, 0x7c, 0xff, 0x44,
+ 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, 0x75, 0xb5, 0xee, 0xc9,
+ 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, 0x78, 0x77, 0x4d,
+ 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, 0x2b, 0xa5,
+ 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, 0xec,
+ 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c,
+ 0xe6, 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda,
+ 0xb2, 0x62, 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9,
+ 0x33, 0xa4, 0x08, 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1,
+ 0x04, 0x53, 0x08, 0xe7, 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f,
+ 0x63, 0x15, 0x59, 0xea, 0xb2, 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a,
+ 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58,
+ 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, 0xef, 0x54, 0x71, 0x00, 0xce,
+ 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, 0xb1, 0xa2, 0x01, 0xd5,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, 0x30, 0x82, 0x01,
+ 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37,
+ 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, 0x06,
+ 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25,
+ 0x37, 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf,
+ 0x43, 0x09, 0xbd, 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5,
+ 0x22, 0x98, 0x8a, 0x1b, 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01,
+ 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53,
+ 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01,
+ 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
+ 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, 0xbf,
+ 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
+ 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63,
+ 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f,
+ 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72,
+ 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06,
+ 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x54, 0x30,
+ 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+ 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77,
+ 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31,
+ 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30,
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
+ 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30,
+ 0xcc, 0xce, 0xf7, 0x76, 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46,
+ 0x32, 0x76, 0x27, 0x7c, 0xef, 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa,
+ 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6,
+ 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, 0xda, 0x80, 0x83, 0x41, 0x06,
+ 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, 0x5d, 0x1b, 0xf1, 0x50,
+ 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, 0xbd, 0xb2, 0xae,
+ 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, 0xdb, 0x0f,
+ 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, 0xb9,
+ 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d,
+ 0xaf, 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b,
+ 0x3d, 0x49, 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8,
+ 0x7e, 0x42, 0x34, 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0,
+ 0xb3, 0x9a, 0x25, 0x75, 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1,
+ 0xe7, 0x36, 0x54, 0x7a, 0xb9, 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf,
+ 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f,
+ 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, 0xb0, 0x23, 0xe5, 0xc7, 0x84,
+ 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, 0x4b, 0x18, 0x2d, 0xf1,
+ 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, 0xbb, 0xdd, 0x86,
+ 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, 0xf0, 0x68,
+ 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, 0xa3,
+ 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c,
+ 0x3d, 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa,
+ 0xb6, 0x53, 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8,
+ 0xba, 0xe8, 0x1b, 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f,
+ 0xb3, 0x9f, 0x16, 0x98, 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5,
+ 0x2f, 0x5e, 0x8f, 0x50, 0x85, 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1,
+ 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5,
+ 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, 0x4d, 0xd1, 0xda, 0xad, 0x2c,
+ 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, 0x52, 0x72, 0x95, 0x86,
+ 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, 0x81, 0x50, 0x56,
+ 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, 0x18, 0x55,
+ 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, 0x47,
+ 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72,
+ 0x55, 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3,
+ 0xf7, 0x1e, 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e,
+ 0x35, 0x27, 0x62, 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0,
+ 0x59, 0x37, 0x60, 0xf8, 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba,
+ 0x4c, 0x86, 0x87, 0x94, 0xf6, 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2,
+ 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc,
+ 0x59, 0x83, 0x58, 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87,
+ 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72, 0x07, 0x06, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0xeb, 0x05, 0x00, 0x00, 0xbd, 0x9a, 0xfa, 0x77, 0x59,
+ 0x03, 0x32, 0x4d, 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b, 0x30,
+ 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+ 0x0b, 0x05, 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e,
+ 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
+ 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e,
+ 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63,
+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f,
+ 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
+ 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e,
+ 0x17, 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31,
+ 0x34, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31,
+ 0x38, 0x35, 0x31, 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+ 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73,
+ 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06,
+ 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e,
+ 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f,
+ 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2e, 0x30,
+ 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, 0x72,
+ 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e,
+ 0x20, 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01,
+ 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+ 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01,
+ 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e,
+ 0x09, 0xe3, 0xe7, 0xc5, 0xf7, 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69,
+ 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb,
+ 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, 0xf3, 0x38, 0xb0, 0xab, 0xa4,
+ 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, 0x4a, 0x3f, 0x04, 0x35,
+ 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, 0x36, 0x75, 0xe9,
+ 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, 0x46, 0x96,
+ 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, 0xf7,
+ 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9,
+ 0x23, 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3,
+ 0xcb, 0xa3, 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28,
+ 0x5c, 0x36, 0xff, 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf,
+ 0xdf, 0xc2, 0x12, 0xe2, 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b,
+ 0x5b, 0x2a, 0x09, 0x6b, 0x22, 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68,
+ 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09,
+ 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, 0xdd, 0x79, 0xf7, 0x15, 0xcf,
+ 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, 0x9c, 0x23, 0x8b, 0x6f,
+ 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, 0x27, 0xae, 0xb9,
+ 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, 0xaa, 0x54,
+ 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, 0xb2,
+ 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30,
+ 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01,
+ 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
+ 0x04, 0x16, 0x04, 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97,
+ 0x78, 0xcd, 0x90, 0xf9, 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53,
+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00,
+ 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04,
+ 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
+ 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06,
+ 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd5, 0xf6,
+ 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, 0x90,
+ 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86,
+ 0x45, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e,
+ 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f,
+ 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72,
+ 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f,
+ 0x6f, 0x43, 0x65, 0x72, 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30,
+ 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a,
+ 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x4e,
+ 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
+ 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d,
+ 0x32, 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02,
+ 0x01, 0x00, 0x14, 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2,
+ 0xef, 0x39, 0x3e, 0xbc, 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13,
+ 0x73, 0xfe, 0xa8, 0x68, 0xd0, 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05,
+ 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45,
+ 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, 0x1d, 0x8f, 0x8a, 0xdb, 0x09,
+ 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, 0x8c, 0xec, 0x1b, 0xd7,
+ 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, 0x40, 0x32, 0x36,
+ 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, 0x16, 0xd3,
+ 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, 0x58,
+ 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56,
+ 0xc8, 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e,
+ 0x8e, 0xae, 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72,
+ 0x7f, 0x53, 0xb8, 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0,
+ 0x81, 0xe5, 0xf2, 0xac, 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b,
+ 0xc2, 0x42, 0xd0, 0x90, 0x84, 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba,
+ 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f,
+ 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, 0x8a, 0x21, 0x28, 0xf0, 0xce,
+ 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, 0xec, 0xdf, 0x03, 0x10,
+ 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, 0x7f, 0x51, 0x88,
+ 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, 0x68, 0x05,
+ 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, 0x7a,
+ 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8,
+ 0x0f, 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3,
+ 0xd9, 0x6e, 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19,
+ 0x05, 0x67, 0xd3, 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d,
+ 0xe1, 0xcd, 0xe4, 0x45, 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16,
+ 0x19, 0x82, 0x46, 0x58, 0xd0, 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c,
+ 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06,
+ 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, 0xd1, 0x05, 0x1b, 0xeb, 0xd0,
+ 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, 0xba, 0x7e, 0x2c, 0x63,
+ 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, 0xe2, 0x58, 0x17,
+ 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, 0x2d, 0xba,
+ 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, 0x6b,
+ 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70,
+ 0x5a, 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81,
+ 0xf0, 0x21, 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88,
+ 0x45, 0x93, 0x86, 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95,
+ 0xa4, 0x5d, 0x62, 0xd6, 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77,
+ 0x7d, 0x3d, 0xf3, 0x45, 0xb9, 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f,
+ 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, 0x62, 0x1c, 0x59, 0x7e, 0xa1, 0x59,
+ 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b,
+ 0xf0, 0x72, 0x64, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x04,
+ 0x00, 0x00, 0xe4, 0x0a, 0xc4, 0x6d, 0xe8, 0x2e, 0x4c, 0x9c, 0xa3, 0x14,
+ 0x0f, 0xc7, 0xb2, 0x00, 0x87, 0x10, 0x30, 0x82, 0x04, 0x34, 0x30, 0x82,
+ 0x03, 0x1c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xb9, 0x41,
+ 0x24, 0xa0, 0x18, 0x2c, 0x92, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x84,
+ 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47,
+ 0x42, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0b,
+ 0x49, 0x73, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x4d, 0x61, 0x6e, 0x31,
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x44, 0x6f,
+ 0x75, 0x67, 0x6c, 0x61, 0x73, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
+ 0x04, 0x0a, 0x0c, 0x0e, 0x43, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61,
+ 0x6c, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0c, 0x2b, 0x43, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63,
+ 0x61, 0x6c, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x20, 0x4d, 0x61, 0x73, 0x74,
+ 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+ 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
+ 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x30, 0x34, 0x31, 0x32, 0x31, 0x31,
+ 0x31, 0x32, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x34, 0x32, 0x30, 0x34, 0x31,
+ 0x31, 0x31, 0x31, 0x31, 0x32, 0x35, 0x31, 0x5a, 0x30, 0x81, 0x84, 0x31,
+ 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42,
+ 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0b, 0x49,
+ 0x73, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x4d, 0x61, 0x6e, 0x31, 0x10,
+ 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x44, 0x6f, 0x75,
+ 0x67, 0x6c, 0x61, 0x73, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
+ 0x0a, 0x0c, 0x0e, 0x43, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c,
+ 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55,
+ 0x04, 0x03, 0x0c, 0x2b, 0x43, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61,
+ 0x6c, 0x20, 0x4c, 0x74, 0x64, 0x2e, 0x20, 0x4d, 0x61, 0x73, 0x74, 0x65,
+ 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+ 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30,
+ 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x5b, 0x3a, 0x16,
+ 0x74, 0xee, 0x21, 0x5d, 0xae, 0x61, 0xed, 0x9d, 0x56, 0xac, 0xbd, 0xde,
+ 0xde, 0x72, 0xf3, 0xdd, 0x7e, 0x2d, 0x4c, 0x62, 0x0f, 0xac, 0xc0, 0x6d,
+ 0x48, 0x08, 0x11, 0xcf, 0x8d, 0x8b, 0xfb, 0x61, 0x1f, 0x27, 0xcc, 0x11,
+ 0x6e, 0xd9, 0x55, 0x3d, 0x39, 0x54, 0xeb, 0x40, 0x3b, 0xb1, 0xbb, 0xe2,
+ 0x85, 0x34, 0x79, 0xca, 0xf7, 0x7b, 0xbf, 0xba, 0x7a, 0xc8, 0x10, 0x2d,
+ 0x19, 0x7d, 0xad, 0x59, 0xcf, 0xa6, 0xd4, 0xe9, 0x4e, 0x0f, 0xda, 0xae,
+ 0x52, 0xea, 0x4c, 0x9e, 0x90, 0xce, 0xc6, 0x99, 0x0d, 0x4e, 0x67, 0x65,
+ 0x78, 0x5d, 0xf9, 0xd1, 0xd5, 0x38, 0x4a, 0x4a, 0x7a, 0x8f, 0x93, 0x9c,
+ 0x7f, 0x1a, 0xa3, 0x85, 0xdb, 0xce, 0xfa, 0x8b, 0xf7, 0xc2, 0xa2, 0x21,
+ 0x2d, 0x9b, 0x54, 0x41, 0x35, 0x10, 0x57, 0x13, 0x8d, 0x6c, 0xbc, 0x29,
+ 0x06, 0x50, 0x4a, 0x7e, 0xea, 0x99, 0xa9, 0x68, 0xa7, 0x3b, 0xc7, 0x07,
+ 0x1b, 0x32, 0x9e, 0xa0, 0x19, 0x87, 0x0e, 0x79, 0xbb, 0x68, 0x99, 0x2d,
+ 0x7e, 0x93, 0x52, 0xe5, 0xf6, 0xeb, 0xc9, 0x9b, 0xf9, 0x2b, 0xed, 0xb8,
+ 0x68, 0x49, 0xbc, 0xd9, 0x95, 0x50, 0x40, 0x5b, 0xc5, 0xb2, 0x71, 0xaa,
+ 0xeb, 0x5c, 0x57, 0xde, 0x71, 0xf9, 0x40, 0x0a, 0xdd, 0x5b, 0xac, 0x1e,
+ 0x84, 0x2d, 0x50, 0x1a, 0x52, 0xd6, 0xe1, 0xf3, 0x6b, 0x6e, 0x90, 0x64,
+ 0x4f, 0x5b, 0xb4, 0xeb, 0x20, 0xe4, 0x61, 0x10, 0xda, 0x5a, 0xf0, 0xea,
+ 0xe4, 0x42, 0xd7, 0x01, 0xc4, 0xfe, 0x21, 0x1f, 0xd9, 0xb9, 0xc0, 0x54,
+ 0x95, 0x42, 0x81, 0x52, 0x72, 0x1f, 0x49, 0x64, 0x7a, 0xc8, 0x6c, 0x24,
+ 0xf1, 0x08, 0x70, 0x0b, 0x4d, 0xa5, 0xa0, 0x32, 0xd1, 0xa0, 0x1c, 0x57,
+ 0xa8, 0x4d, 0xe3, 0xaf, 0xa5, 0x8e, 0x05, 0x05, 0x3e, 0x10, 0x43, 0xa1,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa6, 0x30, 0x81, 0xa3, 0x30,
+ 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x91,
+ 0x99, 0x0b, 0xc2, 0x2a, 0xb1, 0xf5, 0x17, 0x04, 0x8c, 0x23, 0xb6, 0x65,
+ 0x5a, 0x26, 0x8e, 0x34, 0x5a, 0x63, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0x91, 0x99, 0x0b, 0xc2,
+ 0x2a, 0xb1, 0xf5, 0x17, 0x04, 0x8c, 0x23, 0xb6, 0x65, 0x5a, 0x26, 0x8e,
+ 0x34, 0x5a, 0x63, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
+ 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0b, 0x06, 0x03,
+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x43, 0x06,
+ 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x3c, 0x30, 0x3a, 0x30, 0x38, 0xa0, 0x36,
+ 0xa0, 0x34, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
+ 0x77, 0x77, 0x2e, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c,
+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2d,
+ 0x62, 0x6f, 0x6f, 0x74, 0x2d, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x2d,
+ 0x63, 0x61, 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01,
+ 0x01, 0x00, 0x3f, 0x7d, 0xf6, 0x76, 0xa5, 0xb3, 0x83, 0xb4, 0x2b, 0x7a,
+ 0xd0, 0x6d, 0x52, 0x1a, 0x03, 0x83, 0xc4, 0x12, 0xa7, 0x50, 0x9c, 0x47,
+ 0x92, 0xcc, 0xc0, 0x94, 0x77, 0x82, 0xd2, 0xae, 0x57, 0xb3, 0x99, 0x04,
+ 0xf5, 0x32, 0x3a, 0xc6, 0x55, 0x1d, 0x07, 0xdb, 0x12, 0xa9, 0x56, 0xfa,
+ 0xd8, 0xd4, 0x76, 0x20, 0xeb, 0xe4, 0xc3, 0x51, 0xdb, 0x9a, 0x5c, 0x9c,
+ 0x92, 0x3f, 0x18, 0x73, 0xda, 0x94, 0x6a, 0xa1, 0x99, 0x38, 0x8c, 0xa4,
+ 0x88, 0x6d, 0xc1, 0xfc, 0x39, 0x71, 0xd0, 0x74, 0x76, 0x16, 0x03, 0x3e,
+ 0x56, 0x23, 0x35, 0xd5, 0x55, 0x47, 0x5b, 0x1a, 0x1d, 0x41, 0xc2, 0xd3,
+ 0x12, 0x4c, 0xdc, 0xff, 0xae, 0x0a, 0x92, 0x9c, 0x62, 0x0a, 0x17, 0x01,
+ 0x9c, 0x73, 0xe0, 0x5e, 0xb1, 0xfd, 0xbc, 0xd6, 0xb5, 0x19, 0x11, 0x7a,
+ 0x7e, 0xcd, 0x3e, 0x03, 0x7e, 0x66, 0xdb, 0x5b, 0xa8, 0xc9, 0x39, 0x48,
+ 0x51, 0xff, 0x53, 0xe1, 0x9c, 0x31, 0x53, 0x91, 0x1b, 0x3b, 0x10, 0x75,
+ 0x03, 0x17, 0xba, 0xe6, 0x81, 0x02, 0x80, 0x94, 0x70, 0x4c, 0x46, 0xb7,
+ 0x94, 0xb0, 0x3d, 0x15, 0xcd, 0x1f, 0x8e, 0x02, 0xe0, 0x68, 0x02, 0x8f,
+ 0xfb, 0xf9, 0x47, 0x1d, 0x7d, 0xa2, 0x01, 0xc6, 0x07, 0x51, 0xc4, 0x9a,
+ 0xcc, 0xed, 0xdd, 0xcf, 0xa3, 0x5d, 0xed, 0x92, 0xbb, 0xbe, 0xd1, 0xfd,
+ 0xe6, 0xec, 0x1f, 0x33, 0x51, 0x73, 0x04, 0xbe, 0x3c, 0x72, 0xb0, 0x7d,
+ 0x08, 0xf8, 0x01, 0xff, 0x98, 0x7d, 0xcb, 0x9c, 0xe0, 0x69, 0x39, 0x77,
+ 0x25, 0x47, 0x71, 0x88, 0xb1, 0x8d, 0x27, 0xa5, 0x2e, 0xa8, 0xf7, 0x3f,
+ 0x5f, 0x80, 0x69, 0x97, 0x3e, 0xa9, 0xf4, 0x99, 0x14, 0xdb, 0xce, 0x03,
+ 0x0e, 0x0b, 0x66, 0xc4, 0x1c, 0x6d, 0xbd, 0xb8, 0x27, 0x77, 0xc1, 0x42,
+ 0x94, 0xbd, 0xfc, 0x6a, 0x0a, 0xbc, 0x26, 0x16, 0xc4, 0xc1, 0x4c, 0x50,
+ 0x92, 0x40, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28, 0x0c, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xf5, 0x8f, 0xbd, 0xf7, 0x1b, 0xe8, 0xc3, 0x7c, 0xbb, 0xd6,
+ 0x94, 0x4e, 0x47, 0x2c, 0x45, 0x0b, 0x10, 0x43, 0x81, 0x7b, 0x97, 0x29,
+ 0x14, 0x48, 0x7c, 0x22, 0x10, 0x33, 0xf3, 0x07, 0x9e, 0x43, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x04, 0x97, 0x01, 0x57, 0xde, 0x52, 0xcd, 0xae, 0x14, 0xcf,
+ 0x17, 0xee, 0x36, 0x98, 0x81, 0xd6, 0x24, 0x5b, 0x3a, 0x6a, 0xb6, 0x35,
+ 0x2e, 0xab, 0xae, 0xe5, 0x88, 0xa0, 0x58, 0x4b, 0x03, 0x03, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xf1, 0x6b, 0x5f, 0xc3, 0x61, 0x18, 0x3f, 0x58, 0x71, 0x20,
+ 0xe6, 0x02, 0xc0, 0xd6, 0x57, 0x73, 0xaf, 0xdf, 0xe7, 0x86, 0x12, 0x41,
+ 0x84, 0xfa, 0x70, 0x80, 0x52, 0x58, 0xd7, 0x6d, 0x59, 0x4c, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x7e, 0x02, 0x1f, 0x15, 0xe3, 0xa6, 0x7b, 0x75, 0xac, 0xe8,
+ 0x84, 0x99, 0x9b, 0xed, 0xff, 0xe3, 0x42, 0x13, 0x79, 0x2a, 0x61, 0x1e,
+ 0x40, 0xe5, 0x62, 0xe8, 0x7e, 0x6b, 0x9a, 0x0c, 0xb2, 0x82, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xa5, 0xd1, 0x09, 0xb2, 0xaf, 0xa3, 0xfa, 0x90, 0x87, 0x8f,
+ 0x70, 0x38, 0x2b, 0x23, 0x88, 0xfc, 0xd2, 0xfe, 0xae, 0xae, 0x8a, 0x51,
+ 0xb8, 0x0a, 0xdd, 0x04, 0x8e, 0x9f, 0x87, 0x6b, 0x2a, 0x4e
+};
+
+#endif /* !TEST_DATA_EFIVARS_0_H_ */
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-data-efivars-1.h - test data
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef TEST_DATA_EFIVARS_1_H_
+#define TEST_DATA_EFIVARS_1_H_
+
+static const unsigned char test_data_efivars_1_MokListRT[] = {
+ 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15,
+ 0x5c, 0x2b, 0xf0, 0x72, 0x98, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x7c, 0x03, 0x00, 0x00, 0x50, 0xab, 0x5d, 0x60, 0x46, 0xe0, 0x00, 0x43,
+ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23, 0x30, 0x82, 0x03, 0x68,
+ 0x30, 0x82, 0x02, 0x50, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x05, 0x00,
+ 0x99, 0x76, 0xf2, 0xf4, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x20, 0x31, 0x1e, 0x30,
+ 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x46, 0x65, 0x64, 0x6f,
+ 0x72, 0x61, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f,
+ 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x32, 0x31,
+ 0x32, 0x30, 0x37, 0x31, 0x36, 0x32, 0x35, 0x35, 0x34, 0x5a, 0x17, 0x0d,
+ 0x32, 0x32, 0x31, 0x32, 0x30, 0x35, 0x31, 0x36, 0x32, 0x35, 0x35, 0x34,
+ 0x5a, 0x30, 0x20, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x13, 0x15, 0x46, 0x65, 0x64, 0x6f, 0x72, 0x61, 0x20, 0x53, 0x65, 0x63,
+ 0x75, 0x72, 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
+ 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xae, 0xf5, 0xf7, 0x52,
+ 0x81, 0xa9, 0x5c, 0x3e, 0x2b, 0xf7, 0x1d, 0x55, 0xf4, 0x5a, 0x68, 0x84,
+ 0x2d, 0xbc, 0x8b, 0x76, 0x96, 0x85, 0x0d, 0x27, 0xb8, 0x18, 0xa5, 0xcd,
+ 0xc1, 0x83, 0xb2, 0x8c, 0x27, 0x5d, 0x23, 0x0a, 0xd1, 0x12, 0x0a, 0x75,
+ 0x98, 0xa2, 0xe6, 0x5d, 0x01, 0x8a, 0xf4, 0xd9, 0x9f, 0xfc, 0x70, 0xbc,
+ 0xc3, 0xc4, 0x17, 0x7b, 0x02, 0xb5, 0x13, 0xc4, 0x51, 0x92, 0xe0, 0xc0,
+ 0x05, 0x74, 0xb9, 0x2e, 0x3d, 0x24, 0x78, 0xa0, 0x79, 0x73, 0x94, 0xc0,
+ 0xc2, 0x2b, 0xb2, 0x82, 0xa7, 0xf4, 0xab, 0x67, 0x4a, 0x22, 0xf3, 0x64,
+ 0xcd, 0xc3, 0xf9, 0x0c, 0x26, 0x01, 0xbf, 0x1b, 0xd5, 0x3d, 0x39, 0xbf,
+ 0xc9, 0xfa, 0xfb, 0x5e, 0x52, 0xb9, 0xa4, 0x48, 0xfb, 0x13, 0xbf, 0x87,
+ 0x29, 0x0a, 0x64, 0xef, 0x21, 0x7b, 0xbc, 0x1e, 0x16, 0x7b, 0x88, 0x4f,
+ 0xf1, 0x40, 0x2b, 0xd9, 0x22, 0x15, 0x47, 0x4e, 0x84, 0xf6, 0x24, 0x1c,
+ 0x4d, 0x53, 0x16, 0x5a, 0xb1, 0x29, 0xbb, 0x5e, 0x7d, 0x7f, 0xc0, 0xd4,
+ 0xe2, 0xd5, 0x79, 0xaf, 0x59, 0x73, 0x02, 0xdc, 0xb7, 0x48, 0xbf, 0xae,
+ 0x2b, 0x70, 0xc1, 0xfa, 0x74, 0x7f, 0x79, 0xf5, 0xee, 0x23, 0xd0, 0x03,
+ 0x05, 0xb1, 0x79, 0x18, 0x4f, 0xfd, 0x4f, 0x2f, 0xe2, 0x63, 0x19, 0x4d,
+ 0x77, 0xba, 0xc1, 0x2c, 0x8b, 0xb3, 0xd9, 0x05, 0x2e, 0xd9, 0xd8, 0xb6,
+ 0x51, 0x13, 0xbf, 0xce, 0x36, 0x67, 0x97, 0xe4, 0xad, 0x58, 0x56, 0x07,
+ 0xab, 0xd0, 0x8c, 0x66, 0x12, 0x49, 0xdc, 0x91, 0x68, 0xb4, 0xc8, 0xea,
+ 0xdd, 0x9c, 0xc0, 0x81, 0xc6, 0x91, 0x5b, 0xdb, 0x12, 0x78, 0xdb, 0xff,
+ 0xc1, 0xaf, 0x08, 0x16, 0xfc, 0x70, 0x13, 0x97, 0x5b, 0x57, 0xad, 0x6b,
+ 0x44, 0x98, 0x7e, 0x1f, 0xec, 0xed, 0x46, 0x66, 0x95, 0x0f, 0x05, 0x55,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa8, 0x30, 0x81, 0xa5, 0x30,
+ 0x4e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04,
+ 0x42, 0x30, 0x40, 0x30, 0x3e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
+ 0x07, 0x30, 0x02, 0x86, 0x32, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
+ 0x2f, 0x66, 0x65, 0x64, 0x6f, 0x72, 0x61, 0x70, 0x72, 0x6f, 0x6a, 0x65,
+ 0x63, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x77, 0x69, 0x6b, 0x69, 0x2f,
+ 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x2f, 0x53, 0x65, 0x63,
+ 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x30, 0x1f, 0x06, 0x03, 0x55,
+ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xe3, 0x25, 0x99,
+ 0xc2, 0xd6, 0x1d, 0xb1, 0xbf, 0x58, 0x07, 0x33, 0x5d, 0x7b, 0x20, 0xe4,
+ 0xcd, 0x96, 0x3b, 0x42, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
+ 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
+ 0x03, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+ 0xfd, 0xe3, 0x25, 0x99, 0xc2, 0xd6, 0x1d, 0xb1, 0xbf, 0x58, 0x07, 0x33,
+ 0x5d, 0x7b, 0x20, 0xe4, 0xcd, 0x96, 0x3b, 0x42, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x01, 0x00, 0x37, 0x77, 0xf0, 0x3a, 0x41, 0xa2, 0x1c, 0x9f,
+ 0x71, 0x3b, 0xd6, 0x9b, 0x95, 0xb5, 0x15, 0xdf, 0x4a, 0xb6, 0xf4, 0xd1,
+ 0x51, 0xba, 0x0d, 0x04, 0xda, 0x9c, 0xb2, 0x23, 0xf0, 0xf3, 0x34, 0x59,
+ 0x8d, 0xb8, 0xd4, 0x9a, 0x75, 0x74, 0x65, 0x80, 0x17, 0x61, 0x3a, 0xc1,
+ 0x96, 0x7f, 0xa7, 0xc1, 0x2b, 0xd3, 0x1a, 0xd6, 0x60, 0x3c, 0x71, 0x3a,
+ 0xa4, 0xc4, 0xe3, 0x39, 0x03, 0x02, 0x15, 0x12, 0x08, 0x1f, 0x4e, 0xcd,
+ 0x97, 0x50, 0xf8, 0xff, 0x50, 0xcc, 0xb6, 0x3e, 0x03, 0x7d, 0x7a, 0xe7,
+ 0x82, 0x7a, 0xc2, 0x67, 0xbe, 0xc9, 0x0e, 0x11, 0x0f, 0x16, 0x2e, 0x1e,
+ 0xa9, 0xf2, 0x6e, 0xfe, 0x04, 0xbd, 0xea, 0x9e, 0xf4, 0xa9, 0xb3, 0xd9,
+ 0xd4, 0x61, 0x57, 0x08, 0x87, 0xc4, 0x98, 0xd8, 0xa2, 0x99, 0x64, 0xde,
+ 0x15, 0x54, 0x8d, 0x57, 0x79, 0x14, 0x1f, 0xfa, 0x0d, 0x4d, 0x6b, 0xcd,
+ 0x98, 0x35, 0xf5, 0x0c, 0x06, 0xbd, 0xf3, 0x31, 0xd6, 0xfe, 0x05, 0x1f,
+ 0x60, 0x90, 0xb6, 0x1e, 0x10, 0xf7, 0x24, 0xe0, 0x3c, 0xf6, 0x33, 0x50,
+ 0xcd, 0x44, 0xc2, 0x71, 0x18, 0x51, 0xbd, 0x18, 0x31, 0x81, 0x1e, 0x32,
+ 0xe1, 0xe6, 0x9f, 0xf9, 0x9c, 0x02, 0x53, 0xb4, 0xe5, 0x6a, 0x41, 0xd6,
+ 0x65, 0xb4, 0x2e, 0xf1, 0xcf, 0xb3, 0xb8, 0x82, 0xb0, 0xa3, 0x96, 0xe2,
+ 0x24, 0xd8, 0x83, 0xae, 0x06, 0x5b, 0xb3, 0x24, 0x74, 0x4d, 0xd1, 0xa4,
+ 0x0a, 0x1d, 0x0a, 0x32, 0x1b, 0x75, 0xa2, 0x96, 0xd1, 0x0e, 0x3e, 0xe1,
+ 0x30, 0xc3, 0x18, 0xe8, 0xcb, 0x53, 0xc4, 0x0b, 0x00, 0xad, 0x7e, 0xad,
+ 0xc8, 0x49, 0x41, 0xef, 0x97, 0x69, 0xbd, 0x13, 0x5f, 0xef, 0xef, 0x3c,
+ 0xda, 0x60, 0x05, 0xd8, 0x92, 0xfc, 0xda, 0x6a, 0xea, 0x48, 0x3f, 0x0e,
+ 0x3e, 0x73, 0x77, 0xfd, 0xa6, 0x89, 0xe9, 0x3f
+};
+
+static const unsigned char test_data_efivars_1_MokListXRT[] = {
+ 0x26, 0x16, 0xc4, 0xc1, 0x4c, 0x50, 0x92, 0x40, 0xac, 0xa9, 0x41,
+ 0xf9, 0x36, 0x93, 0x43, 0x28, 0x4c, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x50, 0xab, 0x5d, 0x60, 0x46,
+ 0xe0, 0x00, 0x43, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+static const unsigned char test_data_efivars_1_SbatLevelRT[] = {
+ 0x73, 0x62, 0x61, 0x74, 0x2c, 0x31, 0x2c, 0x32, 0x30,
+ 0x32, 0x31, 0x30, 0x33, 0x30, 0x32, 0x31, 0x38, 0x0a
+};
+
+#endif /* !TEST_DATA_EFIVARS_1_H_ */
+// vim:fenc=utf-8:tw=75:noet
#ifndef TEST_H_
#define TEST_H_
+#define _GNU_SOURCE
+
#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
#if defined(__aarch64__)
#include <aarch64/efibind.h>
#include <stdlib.h>
-#define ZeroMem(buf, sz) memset(buf, 0, sz)
-#define SetMem(buf, sz, value) memset(buf, value, sz)
-#define CopyMem(dest, src, len) memcpy(dest, src, len)
-#define CompareMem(dest, src, len) memcmp(dest, src, len)
+#include <assert.h>
+
+#include <efiui.h>
+#include <efilib.h>
+
+#include <efivar/efivar.h>
#include <assert.h>
-#define AllocateZeroPool(x) calloc(1, (x))
-#define AllocatePool(x) malloc(x)
-#define FreePool(x) free(x)
-#define ReallocatePool(old, oldsz, newsz) realloc(old, newsz)
+#include "list.h"
+
+INTN StrCmp(IN CONST CHAR16 *s1,
+ IN CONST CHAR16 *s2);
+INTN StrnCmp(IN CONST CHAR16 *s1,
+ IN CONST CHAR16 *s2,
+ IN UINTN len);
+VOID StrCpy(IN CHAR16 *Dest,
+ IN CONST CHAR16 *Src);
+VOID StrnCpy(IN CHAR16 *Dest,
+ IN CONST CHAR16 *Src,
+ IN UINTN Len);
+CHAR16 *StrDuplicate(IN CONST CHAR16 *Src);
+UINTN StrLen(IN CONST CHAR16 *s1);
+UINTN StrSize(IN CONST CHAR16 *s1);
+VOID StrCat(IN CHAR16 *Dest, IN CONST CHAR16 *Src);
+CHAR16 *DevicePathToStr(EFI_DEVICE_PATH *DevPath);
+
+extern EFI_SYSTEM_TABLE *ST;
+extern EFI_BOOT_SERVICES *BS;
+extern EFI_RUNTIME_SERVICES *RT;
+
+#define GUID_FMT "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx"
+#define GUID_ARGS(guid) \
+ ((EFI_GUID)guid).Data1, ((EFI_GUID)guid).Data2, ((EFI_GUID)guid).Data3, \
+ ((EFI_GUID)guid).Data4[1], ((EFI_GUID)guid).Data4[0], \
+ ((EFI_GUID)guid).Data4[2], ((EFI_GUID)guid).Data4[3], \
+ ((EFI_GUID)guid).Data4[4], ((EFI_GUID)guid).Data4[5], \
+ ((EFI_GUID)guid).Data4[6], ((EFI_GUID)guid).Data4[7]
+
+static inline INT64
+guidcmp_helper(const EFI_GUID * const guid0, const EFI_GUID * const guid1)
+{
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): Comparing "GUID_FMT" to "GUID_FMT"\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(*guid0), GUID_ARGS(*guid1));
+#endif
+
+ if (guid0->Data1 != guid1->Data1) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data1, (INT64)guid1->Data1,
+ (INT64)guid0->Data1 - (INT64)guid1->Data1);
+#endif
+ return (INT64)guid0->Data1 - (INT64)guid1->Data1;
+ }
+
+ if (guid0->Data2 != guid1->Data2) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data2, (INT64)guid1->Data2,
+ (INT64)guid0->Data2 - (INT64)guid1->Data2);
+#endif
+ return (INT64)guid0->Data2 - (INT64)guid1->Data2;
+ }
+
+ if (guid0->Data3 != guid1->Data3) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data3, (INT64)guid1->Data3,
+ (INT64)guid0->Data3 - (INT64)guid1->Data3);
+#endif
+ return (INT64)guid0->Data3 - (INT64)guid1->Data3;
+ }
+
+ /*
+ * This is out of order because that's also true in the string
+ * representation of it.
+ */
+ if (guid0->Data4[1] != guid1->Data4[1]) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data4[1], (INT64)guid1->Data4[1],
+ (INT64)guid0->Data4[1] - (INT64)guid1->Data4[1]);
+#endif
+ return (INT64)guid0->Data4[1] - (INT64)guid1->Data4[1];
+ }
+
+ if (guid0->Data4[0] != guid1->Data4[0]) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data4[0], (INT64)guid1->Data4[0],
+ (INT64)guid0->Data4[0] - (INT64)guid1->Data4[0]);
+#endif
+ return (INT64)guid0->Data4[0] - (INT64)guid1->Data4[0];
+ }
+
+ for (UINTN i = 2; i < 8; i++) {
+ if (guid0->Data4[i] != guid1->Data4[i]) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x%"PRIx64"-0x%"PRIx64"->0x%"PRIx64"\n",
+ __FILE__, __LINE__-1, __func__,
+ (INT64)guid0->Data4[i], (INT64)guid1->Data4[i],
+ (INT64)guid0->Data4[i] - (INT64)guid1->Data4[i]);
+#endif
+ return (INT64)guid0->Data4[i] - (INT64)guid1->Data4[i];
+ }
+ }
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning 0x0\n",
+ __FILE__, __LINE__-1, __func__);
+#endif
+ return 0;
+}
+
+static inline int
+guidcmp(const EFI_GUID * const guid0, const EFI_GUID * const guid1)
+{
+ INT64 cmp;
+ int ret;
+ EFI_GUID empty;
+ const EFI_GUID * const guida = guid0 ? guid0 : ∅
+ const EFI_GUID * const guidb = guid1 ? guid1 : ∅
+
+ SetMem(&empty, sizeof(EFI_GUID), 0);
+
+ cmp = guidcmp_helper(guida, guidb);
+ ret = cmp < 0 ? -1 : (cmp > 0 ? 1 : 0);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():CompareGuid("GUID_FMT","GUID_FMT")->%lld (%d)\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(*guida), GUID_ARGS(*guidb), cmp, ret);
+#endif
+ return ret;
+}
+
+#define CompareGuid(a, b) guidcmp(a, b)
+
+static inline char *
+efi_strerror(EFI_STATUS status)
+{
+ static char buf0[1024];
+ static char buf1[1024];
+ char *out;
+ static int n;
+
+ out = n++ % 2 ? buf0 : buf1;
+ if (n > 1)
+ n -= 2;
+ SetMem(out, 1024, 0);
+
+ switch (status) {
+ case EFI_SUCCESS:
+ strcpy(out, "EFI_SUCCESS");
+ break;
+ case EFI_LOAD_ERROR:
+ strcpy(out, "EFI_LOAD_ERROR");
+ break;
+ case EFI_INVALID_PARAMETER:
+ strcpy(out, "EFI_INVALID_PARAMETER");
+ break;
+ case EFI_UNSUPPORTED:
+ strcpy(out, "EFI_UNSUPPORTED");
+ break;
+ case EFI_BAD_BUFFER_SIZE:
+ strcpy(out, "EFI_BAD_BUFFER_SIZE");
+ break;
+ case EFI_BUFFER_TOO_SMALL:
+ strcpy(out, "EFI_BUFFER_TOO_SMALL");
+ break;
+ case EFI_NOT_READY:
+ strcpy(out, "EFI_NOT_READY");
+ break;
+ case EFI_DEVICE_ERROR:
+ strcpy(out, "EFI_DEVICE_ERROR");
+ break;
+ case EFI_WRITE_PROTECTED:
+ strcpy(out, "EFI_WRITE_PROTECTED");
+ break;
+ case EFI_OUT_OF_RESOURCES:
+ strcpy(out, "EFI_OUT_OF_RESOURCES");
+ break;
+ case EFI_VOLUME_CORRUPTED:
+ strcpy(out, "EFI_VOLUME_CORRUPTED");
+ break;
+ case EFI_VOLUME_FULL:
+ strcpy(out, "EFI_VOLUME_FULL");
+ break;
+ case EFI_NO_MEDIA:
+ strcpy(out, "EFI_NO_MEDIA");
+ break;
+ case EFI_MEDIA_CHANGED:
+ strcpy(out, "EFI_MEDIA_CHANGED");
+ break;
+ case EFI_NOT_FOUND:
+ strcpy(out, "EFI_NOT_FOUND");
+ break;
+ case EFI_ACCESS_DENIED:
+ strcpy(out, "EFI_ACCESS_DENIED");
+ break;
+ case EFI_NO_RESPONSE:
+ strcpy(out, "EFI_NO_RESPONSE");
+ break;
+ case EFI_NO_MAPPING:
+ strcpy(out, "EFI_NO_MAPPING");
+ break;
+ case EFI_TIMEOUT:
+ strcpy(out, "EFI_TIMEOUT");
+ break;
+ case EFI_NOT_STARTED:
+ strcpy(out, "EFI_NOT_STARTED");
+ break;
+ case EFI_ALREADY_STARTED:
+ strcpy(out, "EFI_ALREADY_STARTED");
+ break;
+ case EFI_ABORTED:
+ strcpy(out, "EFI_ABORTED");
+ break;
+ case EFI_ICMP_ERROR:
+ strcpy(out, "EFI_ICMP_ERROR");
+ break;
+ case EFI_TFTP_ERROR:
+ strcpy(out, "EFI_TFTP_ERROR");
+ break;
+ case EFI_PROTOCOL_ERROR:
+ strcpy(out, "EFI_PROTOCOL_ERROR");
+ break;
+ case EFI_INCOMPATIBLE_VERSION:
+ strcpy(out, "EFI_INCOMPATIBLE_VERSION");
+ break;
+ case EFI_SECURITY_VIOLATION:
+ strcpy(out, "EFI_SECURITY_VIOLATION");
+ break;
+ case EFI_CRC_ERROR:
+ strcpy(out, "EFI_CRC_ERROR");
+ break;
+ case EFI_END_OF_MEDIA:
+ strcpy(out, "EFI_END_OF_MEDIA");
+ break;
+ case EFI_END_OF_FILE:
+ strcpy(out, "EFI_END_OF_FILE");
+ break;
+ case EFI_INVALID_LANGUAGE:
+ strcpy(out, "EFI_INVALID_LANGUAGE");
+ break;
+ case EFI_COMPROMISED_DATA:
+ strcpy(out, "EFI_COMPROMISED_DATA");
+ break;
+ default:
+ sprintf(out, "0x%lx", status);
+ break;
+ }
+ return out;
+}
+
+static inline char *
+Str2str(CHAR16 *in)
+{
+ static char buf0[1024];
+ static char buf1[1024];
+ char *out;
+ static int n;
+
+ out = n++ % 2 ? buf0 : buf1;
+ if (n > 1)
+ n -= 2;
+ SetMem(out, 1024, 0);
+ for (UINTN i = 0; i < 1023 && in[i]; i++)
+ out[i] = in[i];
+ return out;
+}
+
+static inline char *
+format_var_attrs(UINT32 attr)
+{
+ static char buf0[1024];
+ static char buf1[1024];
+ static int n;
+ int pos = 0;
+ bool found = false;
+ char *buf, *bufp;
+
+ buf = n++ % 2 ? buf0 : buf1;
+ if (n > 1)
+ n -= 2;
+ SetMem(buf, sizeof(buf0), 0);
+ bufp = &buf[0];
+ for (UINT32 i = 0; i < 8; i++) {
+ switch((1ul << i) & attr) {
+ case EFI_VARIABLE_NON_VOLATILE:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "NV");
+ attr &= ~EFI_VARIABLE_NON_VOLATILE;
+ found = true;
+ break;
+ case EFI_VARIABLE_BOOTSERVICE_ACCESS:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "BS");
+ attr &= ~EFI_VARIABLE_BOOTSERVICE_ACCESS;
+ found = true;
+ break;
+ case EFI_VARIABLE_RUNTIME_ACCESS:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "RT");
+ attr &= ~EFI_VARIABLE_RUNTIME_ACCESS;
+ found = true;
+ break;
+ case EFI_VARIABLE_HARDWARE_ERROR_RECORD:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "HER");
+ attr &= ~EFI_VARIABLE_HARDWARE_ERROR_RECORD;
+ found = true;
+ break;
+ case EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "AUTH");
+ attr &= ~EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
+ found = true;
+ break;
+ case EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "TIMEAUTH");
+ attr &= ~EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ found = true;
+ break;
+ case EFI_VARIABLE_APPEND_WRITE:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "APPEND");
+ attr &= ~EFI_VARIABLE_APPEND_WRITE;
+ found = true;
+ break;
+ case EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS:
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ bufp = stpcpy(bufp, "ENHANCED_AUTH");
+ attr &= ~EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS;
+ found = true;
+ break;
+ default:
+ break;
+ }
+ }
+ if (attr) {
+ if (found)
+ bufp = stpcpy(bufp, "|");
+ snprintf(bufp, bufp - buf - 1, "0x%x", attr);
+ }
+ return &buf[0];
+}
extern int debug;
#ifdef dprint
#define dprint(fmt, ...) {( if (debug) printf("%s:%d:" fmt, __func__, __LINE__, ##__VA_ARGS__); })
#endif
+void EFIAPI mock_efi_void();
+EFI_STATUS EFIAPI mock_efi_success();
+EFI_STATUS EFIAPI mock_efi_unsupported();
+EFI_STATUS EFIAPI mock_efi_not_found();
+void init_efi_system_table(void);
+void reset_efi_system_table(void);
+void print_traceback(int skip);
+
#define eassert(cond, fmt, ...) \
({ \
if (!(cond)) { \
assert(cond); \
})
-#define assert_true_as_expr(a, status, fmt, ...) \
- ({ \
- int rc_ = 0; \
- if (!(a)) { \
- printf("%s:%d:got %lld, expected nonzero " fmt, \
- __func__, __LINE__, (long long)(a), \
- ##__VA_ARGS__); \
- printf("%s:%d:Assertion `%s' failed.\n", __func__, \
- __LINE__, __stringify(!(a))); \
- rc_ = status; \
- } \
- rc_; \
+#define assert_true_as_expr(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = 0; \
+ if (!(a)) { \
+ printf("%s:%d:got %lld, expected nonzero " fmt, \
+ __func__, __LINE__, (long long)(uintptr_t)(a), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(!(a))); \
+ rc_ = status; \
+ } \
+ rc_; \
})
#define assert_nonzero_as_expr(a, ...) assert_true_as_expr(a, ##__VA_ARGS__)
#define assert_false_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (a) { \
printf("%s:%d:got %lld, expected zero " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
#define assert_positive_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if ((a) <= 0) { \
printf("%s:%d:got %lld, expected > 0 " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
#define assert_negative_as_expr(a, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if ((a) >= 0) { \
printf("%s:%d:got %lld, expected < 0 " fmt, __func__, \
__LINE__, (long long)(a), ##__VA_ARGS__); \
#define assert_equal_as_expr(a, b, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (!((a) == (b))) { \
printf("%s:%d:" fmt, __func__, __LINE__, (a), (b), \
##__VA_ARGS__); \
rc_; \
})
+#define assert_not_equal_as_expr(a, b, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
+ if (!((a) != (b))) { \
+ printf("%s:%d:" fmt, __func__, __LINE__, (a), (b), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(a != b)); \
+ rc_ = status; \
+ } \
+ rc_; \
+ })
+
#define assert_as_expr(cond, status, fmt, ...) \
({ \
- int rc_ = 0; \
+ __typeof__(status) rc_ = (__typeof__(status))0; \
if (!(cond)) { \
printf("%s:%d:" fmt, __func__, __LINE__, \
##__VA_ARGS__); \
rc_; \
})
-#define assert_true_return(a, status, fmt, ...) \
- ({ \
- int rc_ = assert_true_as_expr(a, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_true_return(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_true_as_expr(a, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_nonzero_return(a, ...) assert_true_return(a, ##__VA_ARGS__)
-#define assert_false_return(a, status, fmt, ...) \
- ({ \
- int rc_ = assert_false_as_expr(a, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_false_return(a, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_false_as_expr(a, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_zero_return(a, ...) assert_false_return(a, ##__VA_ARGS__)
#define assert_positive_return(a, status, fmt, ...) \
({ \
- int rc_ = assert_positive_as_expr(a, status, fmt, \
- ##__VA_ARGS__); \
+ __typeof__(status) rc_ = assert_positive_as_expr( \
+ a, status, fmt, ##__VA_ARGS__); \
if (rc_ != 0) \
return rc_; \
})
#define assert_negative_return(a, status, fmt, ...) \
({ \
- int rc_ = assert_negative_as_expr(a, status, fmt, \
- ##__VA_ARGS__); \
+ __typeof__(status) rc_ = assert_negative_as_expr( \
+ a, status, fmt, ##__VA_ARGS__); \
if (rc_ != 0) \
return rc_; \
})
-#define assert_equal_return(a, b, status, fmt, ...) \
- ({ \
- int rc_ = assert_equal_as_expr(a, b, status, fmt, \
- ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_equal_return(a, b, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = assert_equal_as_expr( \
+ a, b, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
-#define assert_return(cond, status, fmt, ...) \
- ({ \
- int rc_ = assert_as_expr(cond, status, fmt, ##__VA_ARGS__); \
- if (rc_ != 0) \
- return rc_; \
+#define assert_not_equal_return(a, b, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = assert_not_equal_as_expr( \
+ a, b, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
+ })
+
+#define assert_return(cond, status, fmt, ...) \
+ ({ \
+ __typeof__(status) rc_ = \
+ assert_as_expr(cond, status, fmt, ##__VA_ARGS__); \
+ if (rc_ != 0) \
+ return rc_; \
})
#define assert_goto(cond, label, fmt, ...) \
} \
})
+#define assert_not_equal_goto(a, b, label, fmt, ...) \
+ ({ \
+ if (!((a) != (b))) { \
+ printf("%s:%d:" fmt, __func__, __LINE__, (a), (b), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(a != b)); \
+ goto label; \
+ } \
+ })
+
+#define assert_true_goto(a, label, fmt, ...) \
+ ({ \
+ if (!(a)) { \
+ printf("%s:%d:" fmt, __func__, __LINE__, (a), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(!(a))); \
+ goto label; \
+ } \
+ })
+#define assert_nonzero_goto(a, ...) assert_true_goto(a, ##__VA_ARGS__)
+
+#define assert_false_goto(a, label, fmt, ...) \
+ ({ \
+ if (a) { \
+ printf("%s:%d:" fmt, __func__, __LINE__, (a), \
+ ##__VA_ARGS__); \
+ printf("%s:%d:Assertion `%s' failed.\n", __func__, \
+ __LINE__, __stringify(a)); \
+ goto label; \
+ } \
+ })
+#define assert_zero_goto(a, ...) assert_false_goto(a, ##__VA_ARGS__)
+
#define assert_negative_goto(a, label, fmt, ...) \
({ \
int rc_ = assert_negative_as_expr(a, -1, fmt, ##__VA_ARGS__); \
.SUFFIXES:
+include Make.defaults
+
CC = gcc
VALGRIND ?=
DEBUG_PRINTS ?= 0
-CFLAGS = -O2 -ggdb -std=gnu11 \
+OPTIMIZATIONS=-O2 -ggdb
+CFLAGS_LTO =
+CFLAGS_GCOV =
+CFLAGS = $(OPTIMIZATIONS) -std=gnu11 \
-isystem $(TOPDIR)/include/system \
$(EFI_INCLUDES) \
-Iinclude -iquote . \
- -fshort-wchar -flto -fno-builtin \
- -Wall \
- -Wextra \
+ -isystem /usr/include \
+ -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \
+ $(ARCH_CFLAGS) \
+ $(CFLAGS_LTO) \
+ $(CFLAGS_GCOV) \
+ -fshort-wchar \
+ -fno-builtin \
+ -rdynamic \
+ -fno-inline \
+ -fno-eliminate-unused-debug-types \
+ -fno-eliminate-unused-debug-symbols \
+ -gpubnames \
+ -grecord-gcc-switches \
+ $(if $(findstring clang,$(CC)),-Wno-unknown-warning-option) \
+ $(DEFAULT_WARNFLAGS) \
-Wsign-compare \
-Wno-deprecated-declarations \
+ $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \
+ -Wno-unused-variable \
-Wno-pointer-sign \
- -Wno-unused \
- -Werror \
+ $(DEFAULT_WERRFLAGS) \
-Werror=nonnull \
$(shell $(CC) -Werror=nonnull-compare -E -x c /dev/null >/dev/null 2>&1 && echo -Werror=nonnull-compare) \
$(ARCH_DEFINES) \
-DSHIM_UNIT_TEST \
"-DDEFAULT_DEBUG_PRINT_STATE=$(DEBUG_PRINTS)"
-$(wildcard test-*.c) :: %.c : test-random.h
-$(patsubst %.c,%,$(wildcard test-*.c)) :: | test-random.h
-$(patsubst %.c,%.o,$(wildcard test-*.c)) : | test-random.h
+# On some systems (e.g. Arch Linux), limits.h is in the "include-fixed" instead
+# of the "include" directory
+CFLAGS += -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include-fixed)
+
+export CFLAGS_LTO CFLAGS_GCOV
+
+libefi-test.a :
+ $(MAKE) -C gnu-efi \
+ COMPILER="$(COMPILER)" \
+ CC="$(CC)" \
+ ARCH=$(ARCH_GNUEFI) \
+ TOPDIR=$(TOPDIR)/gnu-efi \
+ CFLAGS_LTO="$(CFLAGS_LTO)" \
+ CFLAGS_GCOV="$(CFLAGS_GCOV)" \
+ -f $(TOPDIR)/gnu-efi/Makefile \
+ clean lib
+ mv gnu-efi/$(ARCH)/lib/libefi.a $@
+ $(MAKE) -C gnu-efi \
+ COMPILER="$(COMPILER)" \
+ ARCH=$(ARCH_GNUEFI) \
+ TOPDIR=$(TOPDIR)/gnu-efi \
+ CFLAGS_LTO="$(CFLAGS_LTO)" \
+ CFLAGS_GCOV="$(CFLAGS_GCOV)" \
+ -f $(TOPDIR)/gnu-efi/Makefile \
+ clean
test-random.h:
dd if=/dev/urandom bs=512 count=17 of=random.bin
xxd -i random.bin test-random.h
-test-sbat_FILES = csv.c
+$(wildcard test-*.c) :: %.c : test-random.h
+$(patsubst %.c,%,$(wildcard test-*.c)) :: | test-random.h
+$(patsubst %.c,%.o,$(wildcard test-*.c)) : | test-random.h
+
+test-load-options_FILES = lib/guid.c
+test-load-options : CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+
+test-mock-variables_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
+test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
+
+test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
+test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
+
+test-sbat_FILES = csv.c lib/variables.c lib/guid.c
+test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
+
test-str_FILES = lib/string.c
tests := $(patsubst %.c,%,$(wildcard test-*.c))
+$(tests) :: test-% : | libefi-test.a
+
$(tests) :: test-% : test.c test-%.c $(test-%_FILES)
- $(CC) $(CFLAGS) -o $@ $^ $(wildcard $*.c) $(test-$*_FILES)
+ $(CC) $(CFLAGS) -o $@ $(sort $^ $(wildcard $*.c) $(test-$*_FILES)) libefi-test.a -lefivar
$(VALGRIND) ./$@
test : $(tests)
+ $(MAKE) -f include/test.mk test-clean
+
+test-lto : CFLAGS_LTO+=-flto
+test-lto : $(tests)
+ $(MAKE) -f include/test.mk test-clean
+
+test-coverage : CFLAGS_GCOV+=--coverage
+test-coverage : $(tests)
+
+test-clean :
+ @rm -vf test-random.h random.bin libefi-test.a
+ @rm -vf *.gcda *.gcno *.gcov vgcore.*
-clean :
- @rm -vf test-random.h random.bin
+clean : test-clean
-all : clean test
+all : test-clean test
.PHONY: $(tests) all test clean
.SECONDARY: random.bin
return true;
}
-static inline UINTN
-__attribute__((__unused__))
-count_ucs2_strings(UINT8 *data, UINTN data_size)
-{
- UINTN pos = 0;
- UINTN last_nul_pos = 0;
- UINTN num_nuls = 0;
- UINTN i;
-
- if (data_size % 2 != 0)
- return 0;
-
- for (i = pos; i < data_size; i++) {
- if (i % 2 != 0) {
- if (data[i] != 0)
- return 0;
- } else if (data[i] == 0) {
- last_nul_pos = i;
- num_nuls++;
- }
- pos = i;
- }
- if (num_nuls > 0 && last_nul_pos != pos - 1)
- return 0;
- return num_nuls;
-}
-
#endif /* SHIM_UCS2_H */
UINTN EventIndex;
EFI_STATUS efi_status;
+ if (!ci)
+ return EFI_UNSUPPORTED;
+
do {
- gBS->WaitForEvent(1, &ci->WaitForKey, &EventIndex);
+ BS->WaitForEvent(1, &ci->WaitForKey, &EventIndex);
efi_status = ci->ReadKeyStroke(ci, key);
} while (efi_status == EFI_NOT_READY);
if (!console_text_mode)
setup_console(1);
- co->SetCursorPosition(co, col, row);
+ if (co)
+ co->SetCursorPosition(co, col, row);
ms_va_start(args, fmt);
ret = VPrint(fmt, args);
if (!console_text_mode)
setup_console(1);
+ if (!co)
+ return;
+
co->QueryMode(co, co->Mode->Mode, &cols, &rows);
/* last row on screen is unusable without scrolling, so ignore it */
if (!console_text_mode)
setup_console(1);
+ if (!co)
+ return;
+
CopyMem(&SavedConsoleMode, co->Mode, sizeof(SavedConsoleMode));
co->EnableCursor(co, FALSE);
co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
if (!console_text_mode)
setup_console(1);
+ if (!co)
+ return -1;
+
co->QueryMode(co, co->Mode->Mode, &cols, &rows);
for (i = 0; i < selector_lines; i++) {
return;
}
+ if (!co)
+ return;
+
CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE));
co->EnableCursor(co, FALSE);
co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE);
{
SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+ if (!co)
+ return;
+
co->EnableCursor(co, SavedMode->CursorVisible);
co->SetCursorPosition(co, SavedMode->CursorColumn,
SavedMode->CursorRow);
CHAR16 *titles[2];
int wait = 10000000;
+ if (!co || !ci)
+ return -1;
+
console_save_and_set_mode(&SavedMode);
titles[0] = title;
UINTN rows = 0, columns = 0;
EFI_STATUS efi_status = EFI_SUCCESS;
- efi_status = gBS->LocateProtocol(&gop_guid, NULL, (void **)&gop);
+ if (!co)
+ return;
+
+ efi_status = BS->LocateProtocol(&gop_guid, NULL, (void **)&gop);
if (EFI_ERROR(efi_status)) {
console_error(L"Locate graphic output protocol fail", efi_status);
return;
efi_status = co->SetMode(co, mode_set);
}
- co->ClearScreen(co);
+ clear_screen();
if (EFI_ERROR(efi_status)) {
console_error(L"Console set mode fail", efi_status);
if (!console_text_mode)
setup_console(1);
+ if (!co)
+ return;
+
co->Reset(co, TRUE);
/* set mode 0 - required to be 80x25 */
co->SetMode(co, 0);
co->ClearScreen(co);
}
-UINT32 verbose = 0;
+void
+clear_screen(void)
+{
+ SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut;
+
+ if (!co)
+ return;
+
+ co->ClearScreen(co);
+}
VOID
setup_verbosity(VOID)
VOID
msleep(unsigned long msecs)
{
- gBS->Stall(msecs);
+ BS->Stall(msecs);
}
/* This is used in various things to determine if we should print to the
EFI_DEVICE_PATH *devpath;
CHAR16 *PathName;
- efi_status = gBS->HandleProtocol(image, &IMAGE_PROTOCOL,
- (void **) &li);
+ efi_status = BS->HandleProtocol(image, &IMAGE_PROTOCOL,
+ (void **) &li);
if (EFI_ERROR(efi_status))
return efi_status;
if (EFI_ERROR(efi_status))
return efi_status;
- efi_status = gBS->LoadImage(FALSE, image, devpath, NULL, 0, &h);
+ efi_status = BS->LoadImage(FALSE, image, devpath, NULL, 0, &h);
if (EFI_ERROR(efi_status))
goto out;
- efi_status = gBS->StartImage(h, NULL, NULL);
- gBS->UnloadImage(h);
+ efi_status = BS->StartImage(h, NULL, NULL);
+ BS->UnloadImage(h);
out:
FreePool(PathName);
* EFI_SECURITY_VIOLATION */
fail_status = efi_status;
- efi_status = gBS->LocateDevicePath(&SIMPLE_FS_PROTOCOL, &DevPath, &h);
+ efi_status = BS->LocateDevicePath(&SIMPLE_FS_PROTOCOL, &DevPath, &h);
if (EFI_ERROR(efi_status))
goto out;
*argc = 0;
- efi_status = gBS->HandleProtocol(image, &LoadedImageProtocol,
+ efi_status = BS->HandleProtocol(image, &LoadedImageProtocol,
(VOID **) &info);
if (EFI_ERROR(efi_status)) {
console_print(L"Failed to get arguments\n");
EFI_FILE_IO_INTERFACE *drive;
EFI_FILE *root;
- efi_status = gBS->HandleProtocol(device, &EFI_SIMPLE_FILE_SYSTEM_GUID,
- (void **)&drive);
+ efi_status = BS->HandleProtocol(device, &EFI_SIMPLE_FILE_SYSTEM_GUID,
+ (void **)&drive);
if (EFI_ERROR(efi_status)) {
console_print(L"Unable to find simple file protocol (%d)\n",
efi_status);
EFI_DEVICE_PATH *loadpath = NULL;
CHAR16 *PathName = NULL;
- efi_status = gBS->HandleProtocol(image, &IMAGE_PROTOCOL,
- (void **) &li);
+ efi_status = BS->HandleProtocol(image, &IMAGE_PROTOCOL,
+ (void **) &li);
if (EFI_ERROR(efi_status))
return simple_file_open_by_handle(image, name, file, mode);
CHAR16 **entries;
int val;
- efi_status = gBS->LocateHandleBuffer(ByProtocol,
- &EFI_SIMPLE_FILE_SYSTEM_GUID,
- NULL, &count, &vol_handles);
+ efi_status = BS->LocateHandleBuffer(ByProtocol,
+ &EFI_SIMPLE_FILE_SYSTEM_GUID,
+ NULL, &count, &vol_handles);
if (EFI_ERROR(efi_status))
return efi_status;
if (!count || !vol_handles)
CHAR16 *name;
EFI_FILE_IO_INTERFACE *drive;
- efi_status = gBS->HandleProtocol(vol_handles[i],
- &EFI_SIMPLE_FILE_SYSTEM_GUID,
- (void **) &drive);
+ efi_status = BS->HandleProtocol(vol_handles[i],
+ &EFI_SIMPLE_FILE_SYSTEM_GUID,
+ (void **) &drive);
if (EFI_ERROR(efi_status) || !drive)
continue;
*/
#include "shim.h"
+extern EFI_SYSTEM_TABLE *ST;
+extern EFI_BOOT_SERVICES *BS;
+extern EFI_RUNTIME_SERVICES *RT;
+
EFI_STATUS
fill_esl(const EFI_SIGNATURE_DATA *first_sig, const size_t howmany,
const EFI_GUID *type, const UINT32 sig_size,
sl->SignatureListSize = needed;
sd = (EFI_SIGNATURE_DATA *)(out + sizeof(EFI_SIGNATURE_LIST));
- CopyMem(sd, first_sig, data_len);
+ CopyMem(sd, (void *)first_sig, data_len);
return EFI_SUCCESS;
}
if (out) {
sd = AllocateZeroPool(sig_size);
+ if (!sd)
+ return EFI_OUT_OF_RESOURCES;
if (owner)
- CopyMem(sd, owner, sizeof(EFI_GUID));
- CopyMem(sd->SignatureData, data, data_len);
+ CopyMem(sd, (void *)owner, sizeof(EFI_GUID));
+ CopyMem(sd->SignatureData, (void *)data, data_len);
}
efi_status = fill_esl(sd, 1, type, sig_size, out, outlen);
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
ZeroMem(&Time, sizeof(EFI_TIME));
- efi_status = gRT->GetTime(&Time, NULL);
+ efi_status = RT->GetTime(&Time, NULL);
if (EFI_ERROR(efi_status)) {
FreePool(NewData);
return efi_status;
return efi_status;
}
- efi_status = gRT->SetVariable((CHAR16 *)var, &owner,
+ efi_status = RT->SetVariable((CHAR16 *)var, &owner,
EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_RUNTIME_ACCESS |
EFI_VARIABLE_BOOTSERVICE_ACCESS |
UINTN DataSize = sizeof(indications);
EFI_STATUS efi_status;
- efi_status = gRT->GetVariable(L"OsIndicationsSupported", &GV_GUID,
- NULL, &DataSize, &indications);
+ efi_status = RT->GetVariable(L"OsIndicationsSupported", &GV_GUID,
+ NULL, &DataSize, &indications);
if (EFI_ERROR(efi_status))
return 0;
UINTN DataSize = sizeof(indications);
EFI_STATUS efi_status;
- efi_status = gRT->SetVariable(L"OsIndications", &GV_GUID,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_RUNTIME_ACCESS |
- EFI_VARIABLE_BOOTSERVICE_ACCESS,
- DataSize, &indications);
+ efi_status = RT->SetVariable(L"OsIndications", &GV_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ DataSize, &indications);
if (EFI_ERROR(efi_status))
return efi_status;
- gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
+ RT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL);
/* does not return */
return EFI_SUCCESS;
*len = 0;
- efi_status = gRT->GetVariable((CHAR16 *)var, &owner, NULL, len, NULL);
+ efi_status = RT->GetVariable((CHAR16 *)var, &owner, NULL, len, NULL);
if (efi_status != EFI_BUFFER_TOO_SMALL) {
if (!EFI_ERROR(efi_status)) /* this should never happen */
return EFI_PROTOCOL_ERROR;
if (!*data)
return EFI_OUT_OF_RESOURCES;
- efi_status = gRT->GetVariable((CHAR16 *)var, &owner, attributes, len, *data);
+ efi_status = RT->GetVariable((CHAR16 *)var, &owner, attributes, len, *data);
if (EFI_ERROR(efi_status)) {
FreePool(*data);
*data = NULL;
set_variable(CHAR16 *var, EFI_GUID owner, UINT32 attributes,
UINTN datasize, void *data)
{
- return gRT->SetVariable(var, &owner, attributes, datasize, data);
+ return RT->SetVariable(var, &owner, attributes, datasize, data);
}
EFI_STATUS
UINTN DataSize = sizeof(SetupMode);
EFI_STATUS efi_status;
- efi_status = gRT->GetVariable(L"SetupMode", &GV_GUID, NULL,
- &DataSize, &SetupMode);
+ efi_status = RT->GetVariable(L"SetupMode", &GV_GUID, NULL,
+ &DataSize, &SetupMode);
if (EFI_ERROR(efi_status))
return default_return;
EFI_STATUS efi_status;
DataSize = sizeof(SecureBoot);
- efi_status = gRT->GetVariable(L"SecureBoot", &GV_GUID, NULL,
- &DataSize, &SecureBoot);
+ efi_status = RT->GetVariable(L"SecureBoot", &GV_GUID, NULL,
+ &DataSize, &SecureBoot);
if (EFI_ERROR(efi_status))
return 0;
efi_status = SetSecureVariable(var, sig, sizeof(sig), owner,
EFI_VARIABLE_APPEND_WRITE, 0);
else
- efi_status = gRT->SetVariable((CHAR16 *)var, &owner,
- EFI_VARIABLE_NON_VOLATILE |
- EFI_VARIABLE_BOOTSERVICE_ACCESS |
- EFI_VARIABLE_APPEND_WRITE,
- sizeof(sig), sig);
+ efi_status = RT->SetVariable((CHAR16 *)var, &owner,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_APPEND_WRITE,
+ sizeof(sig), sig);
return efi_status;
}
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * load-options.c - all the stuff we need to parse the load options
+ */
+
+#include "shim.h"
+
+CHAR16 *second_stage;
+void *load_options;
+UINT32 load_options_size;
+
+/*
+ * Generate the path of an executable given shim's path and the name
+ * of the executable
+ */
+EFI_STATUS
+generate_path_from_image_path(EFI_LOADED_IMAGE *li,
+ CHAR16 *ImagePath,
+ CHAR16 **PathName)
+{
+ EFI_DEVICE_PATH *devpath;
+ unsigned int i;
+ int j, last = -1;
+ unsigned int pathlen = 0;
+ EFI_STATUS efi_status = EFI_SUCCESS;
+ CHAR16 *bootpath;
+
+ /*
+ * Suuuuper lazy technique here, but check and see if this is a full
+ * path to something on the ESP. Backwards compatibility demands
+ * that we don't just use \\, because we (not particularly brightly)
+ * used to require that the relative file path started with that.
+ *
+ * If it is a full path, don't try to merge it with the directory
+ * from our Loaded Image handle.
+ */
+ if (StrSize(ImagePath) > 5 && StrnCmp(ImagePath, L"\\EFI\\", 5) == 0) {
+ *PathName = StrDuplicate(ImagePath);
+ if (!*PathName) {
+ perror(L"Failed to allocate path buffer\n");
+ return EFI_OUT_OF_RESOURCES;
+ }
+ return EFI_SUCCESS;
+ }
+
+ devpath = li->FilePath;
+
+ bootpath = DevicePathToStr(devpath);
+
+ pathlen = StrLen(bootpath);
+
+ /*
+ * DevicePathToStr() concatenates two nodes with '/'.
+ * Convert '/' to '\\'.
+ */
+ for (i = 0; i < pathlen; i++) {
+ if (bootpath[i] == '/')
+ bootpath[i] = '\\';
+ }
+
+ for (i=pathlen; i>0; i--) {
+ if (bootpath[i] == '\\' && bootpath[i-1] == '\\')
+ bootpath[i] = '/';
+ else if (last == -1 && bootpath[i] == '\\')
+ last = i;
+ }
+
+ if (last == -1 && bootpath[0] == '\\')
+ last = 0;
+ bootpath[last+1] = '\0';
+
+ if (last > 0) {
+ for (i = 0, j = 0; bootpath[i] != '\0'; i++) {
+ if (bootpath[i] != '/') {
+ bootpath[j] = bootpath[i];
+ j++;
+ }
+ }
+ bootpath[j] = '\0';
+ }
+
+ for (i = 0, last = 0; i < StrLen(ImagePath); i++)
+ if (ImagePath[i] == '\\')
+ last = i + 1;
+
+ ImagePath = ImagePath + last;
+ *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
+
+ if (!*PathName) {
+ perror(L"Failed to allocate path buffer\n");
+ efi_status = EFI_OUT_OF_RESOURCES;
+ goto error;
+ }
+
+ *PathName[0] = '\0';
+ if (StrnCaseCmp(bootpath, ImagePath, StrLen(bootpath)))
+ StrCat(*PathName, bootpath);
+ StrCat(*PathName, ImagePath);
+
+error:
+ FreePool(bootpath);
+
+ return efi_status;
+}
+
+/*
+ * Extract the OptionalData and OptionalData fields from an
+ * EFI_LOAD_OPTION.
+ */
+static inline EFI_STATUS
+get_load_option_optional_data(VOID *data, UINT32 data_size,
+ VOID **od, UINT32 *ods)
+{
+ /*
+ * If it's not at least Attributes + FilePathListLength +
+ * Description=L"" + 0x7fff0400 (EndEntrireDevicePath), it can't
+ * be valid.
+ */
+ if (data_size < (sizeof(UINT32) + sizeof(UINT16) + 2 + 4))
+ return EFI_INVALID_PARAMETER;
+
+ UINT8 *start = (UINT8 *)data;
+ UINT8 *cur = start + sizeof(UINT32);
+ UINT16 fplistlen = *(UINT16 *)cur;
+ /*
+ * If there's not enough space for the file path list and the
+ * smallest possible description (L""), it's not valid.
+ */
+ if (fplistlen > data_size - (sizeof(UINT32) + 2 + 4))
+ return EFI_INVALID_PARAMETER;
+
+ cur += sizeof(UINT16);
+ UINT32 limit = data_size - (cur - start) - fplistlen;
+ UINT32 i;
+ for (i = 0; i < limit ; i++) {
+ /* If the description isn't valid UCS2-LE, it's not valid. */
+ if (i % 2 != 0) {
+ if (cur[i] != 0)
+ return EFI_INVALID_PARAMETER;
+ } else if (cur[i] == 0) {
+ /* we've found the end */
+ i++;
+ if (i >= limit || cur[i] != 0)
+ return EFI_INVALID_PARAMETER;
+ break;
+ }
+ }
+ i++;
+ if (i > limit)
+ return EFI_INVALID_PARAMETER;
+
+ /*
+ * If i is limit, we know the rest of this is the FilePathList and
+ * there's no optional data. So just bail now.
+ */
+ if (i == limit) {
+ *od = NULL;
+ *ods = 0;
+ return EFI_SUCCESS;
+ }
+
+ cur += i;
+ limit -= i;
+ limit += fplistlen;
+ i = 0;
+ while (limit - i >= 4) {
+ struct {
+ UINT8 type;
+ UINT8 subtype;
+ UINT16 len;
+ } dp = {
+ .type = cur[i],
+ .subtype = cur[i+1],
+ /*
+ * it's a little endian UINT16, but we're not
+ * guaranteed alignment is sane, so we can't just
+ * typecast it directly.
+ */
+ .len = (cur[i+3] << 8) | cur[i+2],
+ };
+
+ /*
+ * We haven't found an EndEntire, so this has to be a valid
+ * EFI_DEVICE_PATH in order for the data to be valid. That
+ * means it has to fit, and it can't be smaller than 4 bytes.
+ */
+ if (dp.len < 4 || dp.len > limit)
+ return EFI_INVALID_PARAMETER;
+
+ /*
+ * see if this is an EndEntire node...
+ */
+ if (dp.type == 0x7f && dp.subtype == 0xff) {
+ /*
+ * if we've found the EndEntire node, it must be 4
+ * bytes
+ */
+ if (dp.len != 4)
+ return EFI_INVALID_PARAMETER;
+
+ i += dp.len;
+ break;
+ }
+
+ /*
+ * It's just some random DP node; skip it.
+ */
+ i += dp.len;
+ }
+ if (i != fplistlen)
+ return EFI_INVALID_PARAMETER;
+
+ /*
+ * if there's any space left, it's "optional data"
+ */
+ *od = cur + i;
+ *ods = limit - i;
+ return EFI_SUCCESS;
+}
+
+static int
+is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
+{
+ CHAR16 *dppath = NULL;
+ CHAR16 *PathName = NULL;
+ EFI_STATUS efi_status;
+ int ret = 1;
+
+ dppath = DevicePathToStr(li->FilePath);
+ if (!dppath)
+ return 0;
+
+ efi_status = generate_path_from_image_path(li, path, &PathName);
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Unable to generate path %s: %r\n", path,
+ efi_status);
+ goto done;
+ }
+
+ dprint(L"dppath: %s\n", dppath);
+ dprint(L"path: %s\n", path);
+ if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
+ ret = 0;
+
+done:
+ FreePool(dppath);
+ FreePool(PathName);
+ return ret;
+}
+
+/*
+ * Split the supplied load options in to a NULL terminated
+ * string representing the path of the second stage loader,
+ * and return a pointer to the remaining load options data
+ * and its remaining size.
+ *
+ * This expects the supplied load options to begin with a
+ * string that is either NULL terminated or terminated with
+ * a space and some optional data. It will return NULL if
+ * the supplied load options contains no spaces or NULL
+ * terminators.
+ */
+static CHAR16 *
+split_load_options(VOID *in, UINT32 in_size,
+ VOID **remaining,
+ UINT32 *remaining_size) {
+ UINTN i;
+ CHAR16 *arg0 = NULL;
+ CHAR16 *start = (CHAR16 *)in;
+
+ /* Skip spaces */
+ for (i = 0; i < in_size / sizeof(CHAR16); i++) {
+ if (*start != L' ')
+ break;
+
+ start++;
+ }
+
+ in_size -= ((VOID *)start - in);
+
+ /*
+ * Ensure that the first argument is NULL terminated by
+ * replacing L' ' with L'\0'.
+ */
+ for (i = 0; i < in_size / sizeof(CHAR16); i++) {
+ if (start[i] == L' ' || start[i] == L'\0') {
+ start[i] = L'\0';
+ arg0 = (CHAR16 *)start;
+ break;
+ }
+ }
+
+ if (arg0) {
+ UINTN skip = i + 1;
+ *remaining_size = in_size - (skip * sizeof(CHAR16));
+ *remaining = *remaining_size > 0 ? start + skip : NULL;
+ }
+
+ return arg0;
+}
+
+/*
+ * Check the load options to specify the second stage loader
+ */
+EFI_STATUS
+parse_load_options(EFI_LOADED_IMAGE *li)
+{
+ EFI_STATUS efi_status;
+ VOID *remaining = NULL;
+ UINT32 remaining_size;
+ CHAR16 *loader_str = NULL;
+
+ dprint(L"full load options:\n");
+ dhexdumpat(li->LoadOptions, li->LoadOptionsSize, 0);
+
+ /*
+ * Sanity check since we make several assumptions about the length
+ * Some firmware feeds the following load option when booting from
+ * an USB device:
+ *
+ * 0x46 0x4a 0x00 |FJ.|
+ *
+ * The string is meaningless for shim and so just ignore it.
+ */
+ if (li->LoadOptionsSize % 2 != 0)
+ return EFI_SUCCESS;
+
+ /* So, load options are a giant pain in the ass. If we're invoked
+ * from the EFI shell, we get something like this:
+
+00000000 5c 00 45 00 36 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
+00000010 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 6d 00 |o.r.a.\.s.h.i.m.|
+00000020 78 00 36 00 34 00 2e 00 64 00 66 00 69 00 20 00 |x.6.4...e.f.i. .|
+00000030 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
+00000040 6f 00 72 00 61 00 5c 00 66 00 77 00 75 00 70 00 |o.r.a.\.f.w.u.p.|
+00000050 64 00 61 00 74 00 65 00 2e 00 65 00 66 00 20 00 |d.a.t.e.e.f.i. .|
+00000060 00 00 66 00 73 00 30 00 3a 00 5c 00 00 00 |..f.s.0.:.\...|
+
+ *
+ * which is just some paths rammed together separated by a UCS-2 NUL.
+ * But if we're invoked from BDS, we get something more like:
+ *
+
+00000000 01 00 00 00 62 00 4c 00 69 00 6e 00 75 00 78 00 |....b.L.i.n.u.x.|
+00000010 20 00 46 00 69 00 72 00 6d 00 77 00 61 00 72 00 | .F.i.r.m.w.a.r.|
+00000020 65 00 20 00 55 00 70 00 64 00 61 00 74 00 65 00 |e. .U.p.d.a.t.e.|
+00000030 72 00 00 00 40 01 2a 00 01 00 00 00 00 08 00 00 |r.....*.........|
+00000040 00 00 00 00 00 40 06 00 00 00 00 00 1a 9e 55 bf |.....@........U.|
+00000050 04 57 f2 4f b4 4a ed 26 4a 40 6a 94 02 02 04 04 |.W.O.:.&J@j.....|
+00000060 34 00 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 |4.\.E.F.I.f.e.d.|
+00000070 64 00 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 |o.r.a.\.s.h.i.m.|
+00000080 6d 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |x.6.4...e.f.i...|
+00000090 00 00 7f ff 40 00 20 00 5c 00 66 00 77 00 75 00 |...... .\.f.w.u.|
+000000a0 70 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |p.x.6.4...e.f.i.|
+000000b0 00 00 |..|
+
+ *
+ * which is clearly an EFI_LOAD_OPTION filled in halfway reasonably.
+ * In short, the UEFI shell is still a useless piece of junk.
+ *
+ * But then on some versions of BDS, we get:
+
+00000000 5c 00 66 00 77 00 75 00 70 00 78 00 36 00 34 00 |\.f.w.u.p.x.6.4.|
+00000010 2e 00 65 00 66 00 69 00 00 00 |..e.f.i...|
+0000001a
+
+ * which as you can see is one perfectly normal UCS2-EL string
+ * containing the load option from the Boot#### variable.
+ *
+ * We also sometimes find a guid or partial guid at the end, because
+ * BDS will add that, but we ignore that here.
+ */
+
+ /*
+ * Maybe there just aren't any options...
+ */
+ if (li->LoadOptionsSize == 0)
+ return EFI_SUCCESS;
+
+ /*
+ * In either case, we've got to have at least a UCS2 NUL...
+ */
+ if (li->LoadOptionsSize < 2)
+ return EFI_BAD_BUFFER_SIZE;
+
+ /*
+ * Some awesome versions of BDS will add entries for Linux. On top
+ * of that, some versions of BDS will "tag" any Boot#### entries they
+ * create by putting a GUID at the very end of the optional data in
+ * the EFI_LOAD_OPTIONS, thus screwing things up for everybody who
+ * tries to actually *use* the optional data for anything. Why they
+ * did this instead of adding a flag to the spec to /say/ it's
+ * created by BDS, I do not know. For shame.
+ *
+ * Anyway, just nerf that out from the start. It's always just
+ * garbage at the end.
+ */
+ if (li->LoadOptionsSize > 16) {
+ if (CompareGuid((EFI_GUID *)(li->LoadOptions
+ + (li->LoadOptionsSize - 16)),
+ &BDS_GUID) == 0)
+ li->LoadOptionsSize -= 16;
+ }
+
+ /*
+ * Apparently sometimes we get L"\0\0"? Which isn't useful at all.
+ */
+ if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize))
+ return EFI_SUCCESS;
+
+ /*
+ * See if this is an EFI_LOAD_OPTION and extract the optional
+ * data if it is. This will return an error if it is not a valid
+ * EFI_LOAD_OPTION.
+ */
+ efi_status = get_load_option_optional_data(li->LoadOptions,
+ li->LoadOptionsSize,
+ &li->LoadOptions,
+ &li->LoadOptionsSize);
+ if (EFI_ERROR(efi_status)) {
+ /*
+ * it's not an EFI_LOAD_OPTION, so it's probably just a string
+ * or list of strings.
+ *
+ * UEFI shell copies the whole line of the command into
+ * LoadOptions. We ignore the first string, i.e. the name of this
+ * program in this case.
+ */
+ loader_str = split_load_options(li->LoadOptions,
+ li->LoadOptionsSize,
+ &remaining,
+ &remaining_size);
+
+ if (loader_str && is_our_path(li, loader_str)) {
+ li->LoadOptions = remaining;
+ li->LoadOptionsSize = remaining_size;
+ }
+ }
+
+ loader_str = split_load_options(li->LoadOptions, li->LoadOptionsSize,
+ &remaining, &remaining_size);
+
+ /*
+ * Set up the name of the alternative loader and the LoadOptions for
+ * the loader
+ */
+ if (loader_str) {
+ second_stage = loader_str;
+ load_options = remaining;
+ load_options_size = remaining_size;
+ }
+
+ return EFI_SUCCESS;
+}
+
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * mock-variables.c - a mock GetVariable/SetVariable/GNVN/etc
+ * implementation for testing.
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+#include "shim.h"
+#include "mock-variables.h"
+
+#include <dirent.h>
+#include <efivar/efivar.h>
+#include <err.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#pragma GCC diagnostic ignored "-Wunused-function"
+
+list_t mock_default_variable_limits;
+list_t *mock_qvi_limits = &mock_default_variable_limits;
+list_t *mock_sv_limits = &mock_default_variable_limits;
+
+list_t mock_variables = LIST_HEAD_INIT(mock_variables);
+
+mock_sort_policy_t mock_variable_sort_policy = MOCK_SORT_APPEND;
+mock_sort_policy_t mock_config_table_sort_policy = MOCK_SORT_APPEND;
+
+UINT32 mock_variable_delete_attr_policy;
+
+mock_set_variable_pre_hook_t *mock_set_variable_pre_hook = NULL;
+mock_set_variable_post_hook_t *mock_set_variable_post_hook = NULL;
+mock_get_variable_pre_hook_t *mock_get_variable_pre_hook = NULL;
+mock_get_variable_post_hook_t *mock_get_variable_post_hook = NULL;
+mock_get_next_variable_name_pre_hook_t *mock_get_next_variable_name_pre_hook = NULL;
+mock_get_next_variable_name_post_hook_t *mock_get_next_variable_name_post_hook = NULL;
+mock_query_variable_info_pre_hook_t *mock_query_variable_info_pre_hook = NULL;
+mock_query_variable_info_post_hook_t *mock_query_variable_info_post_hook = NULL;
+
+static EFI_STATUS
+mock_sv_pre_hook(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, UINTN size,
+ VOID *data)
+{
+ EFI_STATUS status = EFI_SUCCESS;
+ if (mock_set_variable_pre_hook)
+ status = mock_set_variable_pre_hook(name, guid,
+ attrs, size, data);
+ return status;
+}
+
+static void
+mock_sv_post_hook_(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, UINTN size,
+ VOID *data, EFI_STATUS *status, mock_variable_op_t op,
+ const char * const file, const int line,
+ const char * const func)
+{
+ if (mock_set_variable_post_hook)
+ mock_set_variable_post_hook(name, guid, attrs, size,
+ data, status, op, file, line, func);
+}
+#define mock_sv_post_hook(name, guid, attrs, size, data, status, op) \
+ mock_sv_post_hook_(name, guid, attrs, size, data, status, op,\
+ __FILE__, __LINE__, __func__)
+
+static EFI_STATUS
+mock_gv_pre_hook(CHAR16 *name, EFI_GUID *guid, UINT32 *attrs, UINTN *size,
+ VOID *data)
+{
+ EFI_STATUS status = EFI_SUCCESS;
+ if (mock_get_variable_pre_hook)
+ status = mock_get_variable_pre_hook(name, guid,
+ attrs, size, data);
+ return status;
+}
+
+static void
+mock_gv_post_hook_(CHAR16 *name, EFI_GUID *guid, UINT32 *attrs, UINTN *size,
+ VOID *data, EFI_STATUS *status, const char * const file,
+ const int line, const char * const func)
+{
+ if (mock_get_variable_post_hook)
+ mock_get_variable_post_hook(name, guid, attrs, size, data,
+ status, file, line, func);
+}
+#define mock_gv_post_hook(name, guid, attrs, size, data, status) \
+ mock_gv_post_hook_(name, guid, attrs, size, data, status,\
+ __FILE__, __LINE__, __func__)
+
+static EFI_STATUS
+mock_gnvn_pre_hook(UINTN *size, CHAR16 *name, EFI_GUID *guid)
+{
+ EFI_STATUS status = EFI_SUCCESS;
+ if (mock_get_next_variable_name_pre_hook)
+ status = mock_get_next_variable_name_pre_hook(size, name, guid);
+ return status;
+}
+
+static void
+mock_gnvn_post_hook_(UINTN *size, CHAR16 *name, EFI_GUID *guid,
+ EFI_STATUS *status, const char * const file,
+ const int line, const char * const func)
+{
+ if (mock_get_next_variable_name_post_hook)
+ mock_get_next_variable_name_post_hook(size, name, guid, status,
+ file, line, func);
+}
+#define mock_gnvn_post_hook(size, name, guid, status) \
+ mock_gnvn_post_hook_(size, name, guid, status,\
+ __FILE__, __LINE__, __func__)
+
+static EFI_STATUS
+mock_qvi_pre_hook(UINT32 attrs, UINT64 *max_var_storage,
+ UINT64 *remaining_var_storage, UINT64 *max_var_size)
+{
+ EFI_STATUS status = EFI_SUCCESS;
+ if (mock_query_variable_info_pre_hook)
+ status = mock_query_variable_info_pre_hook(
+ attrs, max_var_storage,
+ remaining_var_storage, max_var_size);
+ return status;
+}
+
+static void
+mock_qvi_post_hook_(UINT32 attrs, UINT64 *max_var_storage,
+ UINT64 *remaining_var_storage, UINT64 *max_var_size,
+ EFI_STATUS *status, const char * const file,
+ const int line, const char * const func)
+{
+ if (mock_query_variable_info_post_hook)
+ mock_query_variable_info_post_hook(attrs, max_var_storage,
+ remaining_var_storage,
+ max_var_size, status,
+ file, line, func);
+}
+#define mock_qvi_post_hook(attrs, max_var_storage, remaining_var_storage,\
+ max_var_size, status) \
+ mock_qvi_post_hook_(attrs, max_var_storage, remaining_var_storage,\
+ max_var_size, status, \
+ __FILE__, __LINE__, __func__)
+
+static const size_t guidstr_size = sizeof("8be4df61-93ca-11d2-aa0d-00e098032b8c");
+
+static int
+variable_limits_cmp(const struct mock_variable_limits * const v0,
+ const struct mock_variable_limits * const v1)
+{
+ UINT32 mask = EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS;
+
+ return (v0->attrs & mask) - (v1->attrs & mask);
+}
+
+static INT64
+variable_cmp(const struct mock_variable * const v0,
+ const struct mock_variable * const v1)
+{
+ INT64 ret;
+ if (v0 == NULL || v1 == NULL)
+ return (uintptr_t)v0 - (uintptr_t)v1;
+
+ ret = CompareGuid(&v0->guid, &v1->guid);
+ ret <<= 8ul;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): "GUID_FMT" %s "GUID_FMT" (0x%011"PRIx64" %"PRId64")\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(v0->guid),
+ ret < 0 ? "<" : (ret > 0 ? ">" : "="),
+ GUID_ARGS(v1->guid),
+ (UINT64)ret & 0x1fffffffffful,
+ ret);
+#endif
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = StrCmp(v0->name, v1->name);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): \"%s\" %s \"%s\" (0x%02hhx (%d)\n",
+ __FILE__, __LINE__-1, __func__,
+ Str2str(v0->name),
+ ret < 0 ? "<" : (ret > 0 ? ">" : "=="),
+ Str2str(v1->name),
+ ret, ret);
+#endif
+ return ret;
+}
+
+static char *
+list2var(list_t *pos)
+{
+ static char buf0[1024];
+ static char buf1[1024];
+ char *out;
+ static int n;
+ struct mock_variable *var;
+
+ out = n++ % 2 ? buf0 : buf1;
+ if (n > 1)
+ n -= 2;
+ SetMem(out, 1024, 0);
+ if (pos == &mock_variables) {
+ strcpy(out, "list tail");
+ return out;
+ }
+ var = list_entry(pos, struct mock_variable, list);
+ snprintf(out, 1023, GUID_FMT"-%s",
+ GUID_ARGS(var->guid),
+ Str2str(var->name));
+ return out;
+}
+
+EFI_STATUS EFIAPI
+mock_get_variable(CHAR16 *name, EFI_GUID *guid, UINT32 *attrs, UINTN *size,
+ VOID *data)
+{
+ list_t *pos = NULL;
+ struct mock_variable goal = {
+ .name = name,
+ .guid = *guid,
+ };
+ struct mock_variable *result = NULL;
+ EFI_STATUS status;
+
+ status = mock_gv_pre_hook(name, guid, attrs, size, data);
+ if (EFI_ERROR(status))
+ return status;
+
+ if (name == NULL || guid == NULL || size == NULL) {
+ status = EFI_INVALID_PARAMETER;
+ mock_gv_post_hook(name, guid, attrs, size, data, &status);
+ return status;
+ }
+
+ list_for_each(pos, &mock_variables) {
+ struct mock_variable *var;
+
+ var = list_entry(pos, struct mock_variable, list);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): varcmp("GUID_FMT"-%s, "GUID_FMT"-%s)\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(goal.guid), Str2str(goal.name),
+ GUID_ARGS(var->guid), Str2str(var->name));
+#endif
+ if (variable_cmp(&goal, var) == 0) {
+ if (attrs != NULL)
+ *attrs = var->attrs;
+ if (var->size > *size) {
+ *size = var->size;
+ status = EFI_BUFFER_TOO_SMALL;
+ mock_gv_post_hook(name, guid, attrs, size, data,
+ &status);
+ return status;
+ }
+ if (data == NULL) {
+ status = EFI_INVALID_PARAMETER;
+ mock_gv_post_hook(name, guid, attrs, size, data,
+ &status);
+ return status;
+ }
+ *size = var->size;
+ memcpy(data, var->data, var->size);
+ status = EFI_SUCCESS;
+ mock_gv_post_hook(name, guid, attrs, size, data,
+ &status);
+ return status;
+ }
+ }
+
+ status = EFI_NOT_FOUND;
+ mock_gv_post_hook(name, guid, attrs, size, data, &status);
+ return status;
+}
+
+static EFI_STATUS
+mock_gnvn_set_result(UINTN *size, CHAR16 *name, EFI_GUID *guid,
+ struct mock_variable *result)
+{
+ EFI_STATUS status;
+
+ if (*size < StrSize(result->name)) {
+ *size = StrSize(result->name);
+ status = EFI_BUFFER_TOO_SMALL;
+ mock_gnvn_post_hook(size, name, guid, &status);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning %lx\n",
+ __FILE__, __LINE__-1, __func__, status);
+#endif
+ return status;
+ }
+
+ *size = StrLen(result->name) + 1;
+ StrCpy(name, result->name);
+ memcpy(guid, &result->guid, sizeof(EFI_GUID));
+
+ status = EFI_SUCCESS;
+ mock_gnvn_post_hook(size, name, guid, &status);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): returning %lx\n",
+ __FILE__, __LINE__-1, __func__, status);
+#endif
+ return status;
+}
+
+EFI_STATUS EFIAPI
+mock_get_next_variable_name(UINTN *size, CHAR16 *name, EFI_GUID *guid)
+{
+ list_t *pos = NULL;
+ struct mock_variable goal = {
+ .name = name,
+ .guid = *guid,
+ };
+ struct mock_variable *result = NULL;
+ bool found = false;
+ EFI_STATUS status;
+
+ status = mock_gnvn_pre_hook(size, name, guid);
+ if (EFI_ERROR(status))
+ return status;
+
+ if (size == NULL || name == NULL || guid == NULL) {
+ status = EFI_INVALID_PARAMETER;
+ mock_gnvn_post_hook(size, name, guid, &status);
+ return status;
+ }
+
+ for (size_t i = 0; i < *size; i++) {
+ if (name[i] == 0) {
+ found = true;
+ break;
+ }
+ }
+
+ if (found == false) {
+ status = EFI_INVALID_PARAMETER;
+ mock_gnvn_post_hook(size, name, guid, &status);
+ return status;
+ }
+
+ found = false;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():searching for "GUID_FMT"%s%s\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(*guid),
+ name[0] == 0 ? "" : "-",
+ name[0] == 0 ? "" : Str2str(name));
+#endif
+ list_for_each(pos, &mock_variables) {
+ struct mock_variable *var;
+
+ var = list_entry(pos, struct mock_variable, list);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): candidate var:%p &var->guid:%p &var->list:%p\n",
+ __FILE__, __LINE__-1, __func__, var, &var->guid, &var->list);
+#endif
+ if (name[0] == 0) {
+ if (CompareGuid(&var->guid, guid) == 0) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): found\n",
+ __FILE__, __LINE__-1, __func__);
+#endif
+ result = var;
+ found = true;
+ break;
+ }
+ } else {
+ if (found) {
+ if (CompareGuid(&var->guid, guid) == 0) {
+ result = var;
+ break;
+ }
+ continue;
+ }
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): varcmp("GUID_FMT"-%s, "GUID_FMT"-%s)\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(goal.guid), Str2str(goal.name),
+ GUID_ARGS(var->guid), Str2str(var->name));
+#endif
+ if (variable_cmp(&goal, var) == 0) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): found\n",
+ __FILE__, __LINE__-1, __func__);
+#endif
+ found = true;
+ }
+ }
+ }
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ if (result) {
+ printf("%s:%d:%s(): found:%d result:%p &result->guid:%p &result->list:%p\n"
+ __FILE__, __LINE__-1, __func__, found, result,
+ &result->guid, &result->list);
+ printf("%s:%d:%s(): "GUID_FMT"-%s\n",
+ __FILE__, __LINE__-1, __func__, GUID_ARGS(result->guid),
+ Str2str(result->name));
+ } else {
+ printf("%s:%d:%s(): not found\n",
+ __FILE__, __LINE__-1, __func__);
+ }
+#endif
+
+ if (!found) {
+ if (name[0] == 0)
+ status = EFI_NOT_FOUND;
+ else
+ status = EFI_INVALID_PARAMETER;
+ mock_gnvn_post_hook(size, name, guid, &status);
+ return status;
+ }
+
+ if (!result) {
+ status = EFI_NOT_FOUND;
+ mock_gnvn_post_hook(size, name, guid, &status);
+ return status;
+ }
+
+ return mock_gnvn_set_result(size, name, guid, result);
+}
+
+static void
+free_var(struct mock_variable *var)
+{
+ if (!var)
+ return;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): var:%p &var->guid:%p ",
+ __FILE__, __LINE__-1, __func__,
+ var, var ? &var->guid : NULL);
+ if (var)
+ printf(GUID_FMT"-%s", GUID_ARGS(var->guid),
+ var->name ? Str2str(var->name) : "");
+ printf("\n");
+#endif
+ list_del(&var->list);
+ if (var->size && var->data)
+ free(var->data);
+ SetMem(var, sizeof(*var), 0);
+ free(var);
+}
+
+static bool
+mock_sv_attrs_match(UINT32 old, UINT32 new)
+{
+ UINT32 mask = ~EFI_VARIABLE_APPEND_WRITE;
+
+ return (old & mask) == (new & mask);
+}
+
+static EFI_STATUS
+mock_sv_adjust_usage_data(UINT32 attrs, size_t size, ssize_t change)
+{
+ const UINT32 bs = EFI_VARIABLE_BOOTSERVICE_ACCESS;
+ const UINT32 bs_nv = bs | EFI_VARIABLE_NON_VOLATILE;
+ const UINT32 bs_rt = bs | EFI_VARIABLE_RUNTIME_ACCESS;
+ const UINT32 bs_rt_nv = bs_nv | bs_rt;
+ struct mock_variable_limits goal = {
+ .attrs = attrs & bs_rt_nv,
+ };
+ struct mock_variable_limits *qvi_limits = NULL;
+ struct mock_variable_limits *sv_limits = NULL;
+ list_t var, *pos = NULL;
+ UINT64 remaining;
+
+ list_for_each(pos, mock_qvi_limits) {
+ struct mock_variable_limits *candidate;
+
+ candidate = list_entry(pos, struct mock_variable_limits, list);
+ if (variable_limits_cmp(&goal, candidate) == 0) {
+ qvi_limits = candidate;
+ break;
+ }
+ }
+
+ list_for_each(pos, mock_sv_limits) {
+ struct mock_variable_limits *candidate;
+
+ candidate = list_entry(pos, struct mock_variable_limits, list);
+ if (variable_limits_cmp(&goal, candidate) == 0) {
+ sv_limits = candidate;
+ break;
+ }
+ }
+ if (!sv_limits) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (sv_limits->status != EFI_SUCCESS)
+ return sv_limits->status;
+
+ if (*sv_limits->max_var_size < size) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():*sv_limits->max_var_size:%zu size:%zu\n",
+ __FILE__, __LINE__, __func__,
+ *sv_limits->max_var_size, size);
+#endif
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ if (change > 0 && (UINT64)change > *sv_limits->remaining_var_storage) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():*sv_limits->remaining_var_storage:%zu change:%zd\n",
+ __FILE__, __LINE__, __func__,
+ *sv_limits->remaining_var_storage, change);
+#endif
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ *sv_limits->remaining_var_storage += change;
+
+ if (qvi_limits) {
+ /*
+ * If the adjustment here is wrong, we don't want to not do
+ * the set variable, we also don't want to not account
+ * for it, and of course we can't have any integer UB. So
+ * just limit it safely and move on, even though that may
+ * result in wrong checks against QueryVariableInfo() later.
+ *
+ * As if there are correct checks against QueryVariableInfo()...
+ */
+ if (qvi_limits->remaining_var_storage == sv_limits->remaining_var_storage)
+ ;
+ else if (change < 0 && (UINT64)-change > *qvi_limits->remaining_var_storage)
+ *qvi_limits->remaining_var_storage = 0;
+ else if (change > 0 && UINT64_MAX - *qvi_limits->remaining_var_storage < (UINT64)change)
+ *qvi_limits->remaining_var_storage = UINT64_MAX;
+ else
+ *qvi_limits->remaining_var_storage += change;
+ }
+ return EFI_SUCCESS;
+}
+
+static EFI_STATUS
+mock_delete_variable(struct mock_variable *var)
+{
+ EFI_STATUS status;
+
+ status = mock_sv_adjust_usage_data(var->attrs, 0, - var->size);
+ if (EFI_ERROR(status)) {
+ printf("%s:%d:%s(): status:0x%lx\n",
+ __FILE__, __LINE__ - 1, __func__, status);
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, DELETE);
+ return status;
+ }
+
+ status = EFI_SUCCESS;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, 0, 0, &status,
+ DELETE);
+ free_var(var);
+ return status;
+}
+
+static EFI_STATUS
+mock_replace_variable(struct mock_variable *var, VOID *data, UINTN size)
+{
+ EFI_STATUS status;
+ VOID *new;
+
+ status = mock_sv_adjust_usage_data(var->attrs, size,
+ - var->size + size);
+ if (EFI_ERROR(status)) {
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, REPLACE);
+ return status;
+ }
+
+ new = calloc(1, size);
+ if (!new) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():calloc(1, %zu) failed\n",
+ __FILE__, __LINE__, __func__,
+ size);
+#endif
+ status = EFI_OUT_OF_RESOURCES;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, REPLACE);
+ return status;
+ }
+ memcpy(new, data, size);
+ free(var->data);
+ var->data = new;
+ var->size = size;
+
+ status = EFI_SUCCESS;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, REPLACE);
+ return status;
+}
+
+static EFI_STATUS
+mock_sv_extend(struct mock_variable *var, VOID *data, UINTN size)
+{
+ EFI_STATUS status;
+ uint8_t *new;
+
+ if (size == 0) {
+ status = EFI_SUCCESS;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, APPEND);
+ return status;
+ }
+
+ status = mock_sv_adjust_usage_data(var->attrs, var->size + size, size);
+ if (EFI_ERROR(status)) {
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, APPEND);
+ return status;
+ }
+
+ new = realloc(var->data, var->size + size);
+ if (!new) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():realloc(%zu) failed\n",
+ __FILE__, __LINE__, __func__,
+ var->size + size);
+#endif
+ status = EFI_OUT_OF_RESOURCES;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, APPEND);
+ return status;
+ }
+
+ memcpy(&new[var->size], data, size);
+ var->data = (void *)new;
+ var->size += size;
+
+ status = EFI_SUCCESS;
+ mock_sv_post_hook(var->name, &var->guid, var->attrs, var->size,
+ var->data, &status, APPEND);
+ return status;
+}
+
+void
+mock_print_var_list(list_t *head)
+{
+ list_t *pos = NULL;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():variables so far:\n", __FILE__, __LINE__, __func__);
+#endif
+ list_for_each(pos, head) {
+ struct mock_variable *var = NULL;
+
+ var = list_entry(pos, struct mock_variable, list);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): "GUID_FMT"-%s (%lu bytes)\n",
+ __FILE__, __LINE__ - 1, __func__,
+ GUID_ARGS(var->guid), Str2str(var->name), var->size);
+#endif
+ }
+}
+
+static EFI_STATUS
+mock_new_variable(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, UINTN size,
+ VOID *data, struct mock_variable **out)
+{
+ EFI_STATUS status;
+ struct mock_variable *var;
+ uint8_t *buf;
+
+ if (size == 0) {
+ status = EFI_INVALID_PARAMETER;
+ return status;
+ }
+
+ status = EFI_OUT_OF_RESOURCES;
+ buf = calloc(1, sizeof(struct mock_variable) + StrSize(name));
+ if (!buf) {
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): calloc(1, %zu) failed\n",
+ __FILE__, __LINE__, __func__,
+ sizeof(struct mock_variable) + StrSize(name));
+#endif
+ goto err;
+ }
+ var = (struct mock_variable *)buf;
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): var:%p &var->guid:%p &var->list:%p\n",
+ __FILE__, __LINE__-1, __func__, var, &var->guid, &var->list);
+#endif
+
+ var->data = malloc(size);
+ if (!var->data)
+ goto err_free;
+
+ var->name = (CHAR16 *)&buf[sizeof(*var)];
+ StrCpy(var->name, name);
+ memcpy(&var->guid, guid, sizeof(EFI_GUID));
+ memcpy(var->data, data, size);
+ var->size = size;
+ var->attrs = attrs;
+ INIT_LIST_HEAD(&var->list);
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): var: "GUID_FMT"-%s\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(var->guid), Str2str(var->name));
+#endif
+
+ *out = var;
+ status = EFI_SUCCESS;
+err_free:
+ if (EFI_ERROR(status))
+ free_var(var);
+err:
+ return status;
+}
+
+EFI_STATUS EFIAPI
+mock_set_variable(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, UINTN size,
+ VOID *data)
+{
+ list_t *pos = NULL, *tmp = NULL, *var_list = NULL;
+ struct mock_variable goal = {
+ .name = name,
+ .guid = *guid,
+ };
+ struct mock_variable *var = NULL;
+ bool found = false;
+ bool add_tail = true;
+ EFI_STATUS status;
+ long cmp = -1;
+
+ status = mock_sv_pre_hook(name, guid, attrs, size, data);
+ if (EFI_ERROR(status))
+ return status;
+
+ if (!name || name[0] == 0 || !guid) {
+ status = EFI_INVALID_PARAMETER;
+ mock_sv_post_hook(name, guid, attrs, size, data, &status,
+ CREATE);
+ return status;
+ }
+
+ if ((attrs & EFI_VARIABLE_RUNTIME_ACCESS) &&
+ !(attrs & EFI_VARIABLE_BOOTSERVICE_ACCESS)) {
+ status = EFI_INVALID_PARAMETER;
+ mock_sv_post_hook(name, guid, attrs, size, data, &status,
+ CREATE);
+ return status;
+ }
+
+#if 0
+ /*
+ * We don't ever operate after ExitBootServices(), so I'm not
+ * checking for the missing EFI_VARIABLE_RUNTIME_ACCESS case
+ */
+ if (has_exited_boot_services() && !(attrs & EFI_VARIABLE_RUNTIME_ACCESS)) {
+ status = EFI_INVALID_PARAMETER;
+ mock_sv_post_hook(name, guid, attrs, size, data, &status,
+ CREATE);
+ return status;
+ }
+#endif
+
+#if 0
+ /*
+ * For now, we're ignoring that we don't support these.
+ */
+ if (attrs & (EFI_VARIABLE_HARDWARE_ERROR_RECORD |
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS |
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS |
+ EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS)) {
+ status = EFI_UNSUPPORTED;
+ mock_sv_post_hook(name, guid, attrs, size, data, &status,
+ CREATE);
+ return status;
+ }
+#endif
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():Setting "GUID_FMT"-%s\n",
+ __FILE__, __LINE__ - 1, __func__,
+ GUID_ARGS(*guid), Str2str(name));
+#endif
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_PREPEND:
+ var_list = &mock_variables;
+ add_tail = false;
+ break;
+ case MOCK_SORT_APPEND:
+ var_list = &mock_variables;
+ add_tail = true;
+ break;
+ case MOCK_SORT_DESCENDING:
+ add_tail = true;
+ break;
+ case MOCK_SORT_ASCENDING:
+ add_tail = true;
+ break;
+ default:
+ break;
+ }
+
+ pos = &mock_variables;
+ list_for_each_safe(pos, tmp, &mock_variables) {
+ found = false;
+ var = list_entry(pos, struct mock_variable, list);
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): varcmp("GUID_FMT"-%s, "GUID_FMT"-%s)\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(goal.guid), Str2str(goal.name),
+ GUID_ARGS(var->guid), Str2str(var->name));
+#endif
+ cmp = variable_cmp(&goal, var);
+ cmp = cmp < 0 ? -1 : (cmp > 0 ? 1 : 0);
+
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ if (cmp >= 0) {
+ var_list = pos;
+ found = true;
+ }
+ break;
+ case MOCK_SORT_ASCENDING:
+ if (cmp <= 0) {
+ var_list = pos;
+ found = true;
+ }
+ break;
+ default:
+ if (cmp == 0) {
+ var_list = pos;
+ found = true;
+ }
+ break;
+ }
+ if (found)
+ break;
+ }
+#if defined(SHIM_DEBUG) && SHIM_DEBUG != 0
+ printf("%s:%d:%s():var_list:%p &mock_variables:%p cmp:%ld\n",
+ __FILE__, __LINE__ - 1, __func__,
+ var_list, &mock_variables, cmp);
+#endif
+ if (cmp != 0 || (cmp == 0 && var_list == &mock_variables)) {
+ size_t totalsz = size + StrSize(name);
+#if defined(SHIM_DEBUG) && SHIM_DEBUG != 0
+ printf("%s:%d:%s():var:%p attrs:0x%lx\n",
+ __FILE__, __LINE__ - 1, __func__, var, attrs);
+#endif
+ status = mock_new_variable(name, guid, attrs, size, data, &var);
+ if (EFI_ERROR(status)) {
+ mock_sv_post_hook(name, guid, attrs, size, data,
+ &status, CREATE);
+ return status;
+ }
+ mock_sv_adjust_usage_data(attrs, size, totalsz);
+ mock_sv_post_hook(name, guid, attrs, size, data,
+ &status, CREATE);
+ if (EFI_ERROR(status)) {
+ mock_sv_adjust_usage_data(attrs, 0, -totalsz);
+ return status;
+ }
+
+#if defined(SHIM_DEBUG) && SHIM_DEBUG != 0
+ printf("%s:%d:%s(): Adding "GUID_FMT"-%s %s %s\n",
+ __FILE__, __LINE__ - 1, __func__,
+ GUID_ARGS(var->guid), Str2str(var->name),
+ add_tail ? "after" : "before",
+ list2var(pos));
+#endif
+ if (add_tail)
+ list_add_tail(&var->list, pos);
+ else
+ list_add(&var->list, pos);
+ return status;
+ }
+
+ var = list_entry(var_list, struct mock_variable, list);
+#if defined(SHIM_DEBUG) && SHIM_DEBUG != 0
+ printf("%s:%d:%s():var:%p attrs:%s cmp:%ld size:%ld\n",
+ __FILE__, __LINE__ - 1, __func__,
+ var, format_var_attrs(var->attrs), cmp, size);
+#endif
+ if (!mock_sv_attrs_match(var->attrs, attrs)) {
+ status = EFI_INVALID_PARAMETER;
+ if (size == 0 && !(attrs & EFI_VARIABLE_APPEND_WRITE)) {
+ if ((mock_variable_delete_attr_policy & MOCK_VAR_DELETE_ATTR_ALLOW_ZERO)
+ && attrs == 0) {
+ status = EFI_SUCCESS;
+ } else if (mock_variable_delete_attr_policy & MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH) {
+ status = EFI_SUCCESS;
+ }
+ }
+ if (EFI_ERROR(status)) {
+ printf("%s:%d:%s(): var->attrs:%s attrs:%s\n",
+ __FILE__, __LINE__ - 1, __func__,
+ format_var_attrs(var->attrs),
+ format_var_attrs(attrs));
+ mock_sv_post_hook(name, guid, attrs, size, data,
+ &status, REPLACE);
+ return status;
+ }
+ }
+
+ if (attrs & EFI_VARIABLE_APPEND_WRITE)
+ return mock_sv_extend(var, data, size);
+
+ if (size == 0) {
+ UINT32 mask = EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ | EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS;
+ /*
+ * We can't process deletes on these correctly unless we
+ * parse the header.
+ */
+ if (attrs & mask) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return mock_delete_variable(var);
+ }
+
+ return mock_replace_variable(var, data, size);
+}
+
+EFI_STATUS EFIAPI
+mock_query_variable_info(UINT32 attrs, UINT64 *max_var_storage,
+ UINT64 *remaining_var_storage, UINT64 *max_var_size)
+{
+ list_t mvl, *pos = NULL;
+ struct mock_variable_limits goal = {
+ .attrs = attrs,
+ };
+ struct mock_variable_limits *limits = NULL;
+ EFI_STATUS status;
+
+ status = mock_qvi_pre_hook(attrs, max_var_storage,
+ remaining_var_storage, max_var_size);
+ if (EFI_ERROR(status))
+ return status;
+
+ if (max_var_storage == NULL ||
+ remaining_var_storage == NULL ||
+ max_var_size == NULL) {
+ status = EFI_INVALID_PARAMETER;
+ mock_qvi_post_hook(attrs, max_var_storage,
+ remaining_var_storage, max_var_size,
+ &status);
+ return status;
+ }
+
+ list_for_each(pos, mock_qvi_limits) {
+ limits = list_entry(pos, struct mock_variable_limits, list);
+ if (variable_limits_cmp(&goal, limits) == 0) {
+ *max_var_storage = *limits->max_var_storage;
+ *remaining_var_storage = *limits->remaining_var_storage;
+ *max_var_size = *limits->max_var_size;
+
+ status = EFI_SUCCESS;
+ mock_qvi_post_hook(attrs, max_var_storage,
+ remaining_var_storage, max_var_size,
+ &status);
+ return status;
+ }
+ }
+
+ status = EFI_UNSUPPORTED;
+ mock_qvi_post_hook(attrs, max_var_storage, remaining_var_storage,
+ max_var_size, &status);
+ return status;
+}
+
+static UINT64 default_max_var_storage;
+static UINT64 default_remaining_var_storage;
+static UINT64 default_max_var_size;
+
+static struct mock_variable_limits default_limits[] = {
+ {.attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ .max_var_storage = &default_max_var_storage,
+ .remaining_var_storage = &default_remaining_var_storage,
+ .max_var_size = &default_max_var_size,
+ .status = EFI_SUCCESS,
+ },
+ {.attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .max_var_storage = &default_max_var_storage,
+ .remaining_var_storage = &default_remaining_var_storage,
+ .max_var_size = &default_max_var_size,
+ .status = EFI_SUCCESS,
+ },
+ {.attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .max_var_storage = &default_max_var_storage,
+ .remaining_var_storage = &default_remaining_var_storage,
+ .max_var_size = &default_max_var_size,
+ .status = EFI_SUCCESS,
+ },
+ {.attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .max_var_storage = &default_max_var_storage,
+ .remaining_var_storage = &default_remaining_var_storage,
+ .max_var_size = &default_max_var_size,
+ .status = EFI_SUCCESS,
+ },
+ {.attrs = 0, }
+};
+
+void
+mock_set_default_usage_limits(void)
+{
+ default_max_var_storage = 65536;
+ default_remaining_var_storage = 65536;
+ default_max_var_size = 32768;
+
+ INIT_LIST_HEAD(&mock_default_variable_limits);
+ for (size_t i = 0; default_limits[i].attrs != 0; i++) {
+ INIT_LIST_HEAD(&default_limits[i].list);
+ list_add_tail(&default_limits[i].list,
+ &mock_default_variable_limits);
+ }
+}
+
+void
+mock_load_one_variable(int dfd, const char * const dirname, char * const name)
+{
+ int fd;
+ FILE *f;
+ int rc;
+ struct stat statbuf;
+ size_t guidlen, namelen;
+ efi_guid_t guid;
+ size_t sz;
+ ssize_t offset = 0;
+ EFI_STATUS status;
+ UINT32 attrs;
+
+ rc = fstatat(dfd, name, &statbuf, 0);
+ if (rc < 0)
+ err(2, "Could not stat \"%s/%s\"", dirname, name);
+
+ if (!(S_ISREG(statbuf.st_mode)))
+ return;
+
+ if (statbuf.st_size < 5)
+ errx(2, "Test data variable \"%s/%s\" is too small (%ld bytes)",
+ dirname, name, statbuf.st_size);
+
+#if 0
+ mock_print_var_list(&mock_variables);
+#endif
+
+ uint8_t buf[statbuf.st_size];
+
+ fd = openat(dfd, name, O_RDONLY);
+ if (fd < 0)
+ err(2, "Could not open \"%s/%s\"", dirname, name);
+
+ f = fdopen(fd, "r");
+ if (!f)
+ err(2, "Could not open \"%s/%s\"", dirname, name);
+
+ while (offset != statbuf.st_size) {
+ sz = fread(buf + offset, 1, statbuf.st_size - offset, f);
+ if (sz == 0) {
+ if (ferror(f))
+ err(2, "Could not read from \"%s/%s\"",
+ dirname, name);
+ if (feof(f))
+ errx(2, "Unexpected end of file reading \"%s/%s\"",
+ dirname, name);
+ }
+
+ offset += sz;
+ }
+
+ guidlen = strlen("8be4df61-93ca-11d2-aa0d-00e098032b8c");
+ namelen = strlen(name) - guidlen;
+
+ if (namelen < 2)
+ errx(2, "namelen for \"%s\" is %zu!?!", name, namelen);
+
+ CHAR16 namebuf[namelen];
+
+ name[namelen-1] = 0;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("loading %s-%s\n", &name[namelen], name);
+#endif
+ for (size_t i = 0; i < namelen; i++)
+ namebuf[i] = name[i];
+
+ rc = efi_str_to_guid(&name[namelen], &guid);
+ if (rc < 0)
+ err(2, "Could not parse \"%s\" as EFI GUID", &name[namelen]);
+
+ memcpy(&attrs, (UINT32 *)buf, sizeof(UINT32));
+
+ status = RT->SetVariable(namebuf, (EFI_GUID *)&guid, attrs,
+ statbuf.st_size - sizeof(attrs),
+ &buf[sizeof(attrs)]);
+ if (EFI_ERROR(status))
+ errx(2, "%s:%d:%s(): Could not set variable: 0x%llx",
+ __FILE__, __LINE__ - 1, __func__,
+ (unsigned long long)status);
+
+ fclose(f);
+}
+
+void
+mock_load_variables(const char *const dirname, const char *filters[],
+ bool filter_out)
+{
+ int dfd;
+ DIR *d;
+ struct dirent *entry;
+
+ d = opendir(dirname);
+ if (!d)
+ err(1, "Could not open directory \"%s\"", dirname);
+
+ dfd = dirfd(d);
+ if (dfd < 0)
+ err(1, "Could not get directory file descriptor for \"%s\"",
+ dirname);
+
+ while ((entry = readdir(d)) != NULL) {
+ size_t len = strlen(entry->d_name);
+ bool found = false;
+ if (filters && len > guidstr_size + 1) {
+ char spacebuf[len];
+
+ len -= guidstr_size;
+ SetMem(spacebuf, sizeof(spacebuf)-1, ' ');
+ spacebuf[len] = '\0';
+ for (size_t i = 0; filters[i]; i++) {
+ if (strlen(filters[i]) > len)
+ continue;
+ if (!strncmp(entry->d_name, filters[i], len)) {
+ found = true;
+ break;
+ }
+ }
+ }
+ if ((found == false && filter_out == true) ||
+ (found == true && filter_out == false)) {
+ mock_load_one_variable(dfd, dirname, entry->d_name);
+ }
+ }
+
+ closedir(d);
+#if 0
+ mock_print_var_list(&mock_variables);
+#endif
+}
+
+static bool qvi_installed = false;
+
+void
+mock_install_query_variable_info(void)
+{
+ qvi_installed = true;
+ RT->Hdr.Revision = 2ul << 16ul;
+ RT->QueryVariableInfo = mock_query_variable_info;
+}
+
+void
+mock_uninstall_query_variable_info(void)
+{
+ qvi_installed = false;
+ RT->Hdr.Revision = EFI_1_10_SYSTEM_TABLE_REVISION;
+ RT->QueryVariableInfo = mock_efi_unsupported;
+}
+
+EFI_CONFIGURATION_TABLE mock_config_table[MOCK_CONFIG_TABLE_ENTRIES] = {
+ {
+ .VendorGuid = { 0, },
+ .VendorTable = NULL
+ },
+};
+
+int
+mock_config_table_cmp(const void *p0, const void *p1)
+{
+ EFI_CONFIGURATION_TABLE *entry0, *entry1;
+ long cmp;
+
+ if (!p0 || !p1) {
+ cmp = (int)((intptr_t)p0 - (intptr_t)p1);
+ } else {
+ entry0 = (EFI_CONFIGURATION_TABLE *)p0;
+ entry1 = (EFI_CONFIGURATION_TABLE *)p1;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("comparing %p to %p\n", p0, p1);
+#endif
+ cmp = CompareGuid(&entry0->VendorGuid, &entry1->VendorGuid);
+ }
+
+ if (mock_config_table_sort_policy == MOCK_SORT_DESCENDING) {
+ cmp = -cmp;
+ }
+
+ return cmp;
+}
+
+EFI_STATUS EFIAPI
+mock_install_configuration_table(EFI_GUID *guid, VOID *table)
+{
+ bool found = false;
+ EFI_CONFIGURATION_TABLE *entry;
+ int idx = 0;
+ size_t sz;
+
+ if (!guid)
+ return EFI_INVALID_PARAMETER;
+
+ for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) {
+ EFI_CONFIGURATION_TABLE *entry = &ST->ConfigurationTable[i];
+
+ if (CompareGuid(guid, &entry->VendorGuid) == 0) {
+ found = true;
+ if (table) {
+ // replace it
+ entry->VendorTable = table;
+ } else {
+ // delete it
+ ST->NumberOfTableEntries -= 1;
+ sz = ST->NumberOfTableEntries - i;
+ sz *= sizeof(*entry);
+ memmove(&entry[0], &entry[1], sz);
+ }
+ return EFI_SUCCESS;
+ }
+ }
+ if (!found && table == NULL)
+ return EFI_NOT_FOUND;
+ if (ST->NumberOfTableEntries == MOCK_CONFIG_TABLE_ENTRIES - 1) {
+ /*
+ * If necessary, we could allocate another table and copy
+ * the data, but I'm lazy and we probably don't need to.
+ */
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ case MOCK_SORT_ASCENDING:
+ case MOCK_SORT_APPEND:
+ idx = ST->NumberOfTableEntries;
+ break;
+ case MOCK_SORT_PREPEND:
+ sz = ST->NumberOfTableEntries ? ST->NumberOfTableEntries : 0;
+ sz *= sizeof(ST->ConfigurationTable[0]);
+ memmove(&ST->ConfigurationTable[1], &ST->ConfigurationTable[0], sz);
+ idx = 0;
+ break;
+ default:
+ break;
+ }
+
+ entry = &ST->ConfigurationTable[idx];
+ memcpy(&entry->VendorGuid, guid, sizeof(EFI_GUID));
+ entry->VendorTable = table;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): installing entry %p={%p,%p} as entry %d\n",
+ __FILE__, __LINE__, __func__,
+ entry, &entry->VendorGuid, entry->VendorTable, idx);
+#endif
+ ST->NumberOfTableEntries += 1;
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():ST->ConfigurationTable:%p\n"
+ "\t[%d]:%p\n"
+ "\t[%d]:%p\n",
+ __FILE__, __LINE__, __func__, ST->ConfigurationTable,
+ 0, &ST->ConfigurationTable[0],
+ 1, &ST->ConfigurationTable[1]);
+#endif
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ case MOCK_SORT_ASCENDING:
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): entries before sorting:\n", __FILE__, __LINE__, __func__);
+ for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) {
+ printf("\t[%d] = %p = {", i, &ST->ConfigurationTable[i]);
+ printf(".VendorGuid=" GUID_FMT, GUID_ARGS(ST->ConfigurationTable[i].VendorGuid));
+ printf(".VendorTable=%p}\n", ST->ConfigurationTable[i].VendorTable);
+ }
+#endif
+ qsort(&ST->ConfigurationTable[0], ST->NumberOfTableEntries,
+ sizeof(ST->ConfigurationTable[0]),
+ mock_config_table_cmp);
+ break;
+ default:
+ break;
+ }
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s(): entries:\n", __FILE__, __LINE__, __func__);
+ for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) {
+ printf("\t[%d] = %p = {", i, &ST->ConfigurationTable[i]);
+ printf(".VendorGuid=" GUID_FMT, GUID_ARGS(ST->ConfigurationTable[i].VendorGuid));
+ printf(".VendorTable=%p}\n", ST->ConfigurationTable[i].VendorTable);
+ }
+#endif
+
+ return EFI_SUCCESS;
+}
+
+void CONSTRUCTOR
+mock_reset_variables(void)
+{
+ list_t *pos = NULL, *tmp = NULL;
+ static bool once = true;
+
+ init_efi_system_table();
+
+ mock_set_variable_pre_hook = NULL;
+ mock_set_variable_post_hook = NULL;
+ mock_get_variable_pre_hook = NULL;
+ mock_get_variable_post_hook = NULL;
+ mock_get_next_variable_name_pre_hook = NULL;
+ mock_get_next_variable_name_post_hook = NULL;
+ mock_query_variable_info_pre_hook = NULL;
+ mock_query_variable_info_post_hook = NULL;
+
+ if (once) {
+ INIT_LIST_HEAD(&mock_variables);
+ once = false;
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():mock_variables = {%p,%p};\n",
+ __FILE__, __LINE__-1, __func__,
+ mock_variables.next,
+ mock_variables.prev);
+ printf("%s:%d:%s():list_empty(&mock_variables):%d\n",
+ __FILE__, __LINE__-1, __func__, list_empty(&mock_variables));
+ printf("%s:%d:%s():list_size(&mock_variables):%d\n",
+ __FILE__, __LINE__-1, __func__, list_size(&mock_variables));
+#endif
+ }
+
+ list_for_each_safe(pos, tmp, &mock_variables) {
+ struct mock_variable *var = NULL;
+ var = list_entry(pos, struct mock_variable, list);
+
+#if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0)
+ printf("%s:%d:%s():var:"GUID_FMT"-%s\n",
+ __FILE__, __LINE__-1, __func__,
+ GUID_ARGS(var->guid), Str2str(var->name));
+#endif
+ mock_delete_variable(var);
+ }
+ INIT_LIST_HEAD(&mock_variables);
+ mock_set_default_usage_limits();
+
+ mock_variable_delete_attr_policy = MOCK_VAR_DELETE_ATTR_ALLOW_ZERO;
+
+ RT->GetVariable = mock_get_variable;
+ RT->GetNextVariableName = mock_get_next_variable_name;
+ RT->SetVariable = mock_set_variable;
+ if (qvi_installed)
+ mock_install_query_variable_info();
+ else
+ mock_uninstall_query_variable_info();
+}
+
+void CONSTRUCTOR
+mock_reset_config_table(void)
+{
+ init_efi_system_table();
+
+ /*
+ * Note that BS->InstallConfigurationTable() is *not* defined as
+ * freeing these. If a test case installs non-malloc()ed tables,
+ * it needs to call BS->InstallConfigurationTable(guid, NULL) to
+ * clear them.
+ */
+ for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) {
+ EFI_CONFIGURATION_TABLE *entry = &ST->ConfigurationTable[i];
+
+ if (entry->VendorTable)
+ free(entry->VendorTable);
+ }
+
+ SetMem(ST->ConfigurationTable,
+ ST->NumberOfTableEntries * sizeof(EFI_CONFIGURATION_TABLE),
+ 0);
+
+ ST->NumberOfTableEntries = 0;
+
+ if (ST->ConfigurationTable != mock_config_table) {
+ free(ST->ConfigurationTable);
+ ST->ConfigurationTable = mock_config_table;
+ SetMem(mock_config_table, sizeof(mock_config_table), 0);
+ }
+
+ BS->InstallConfigurationTable = mock_install_configuration_table;
+}
+
+void DESTRUCTOR
+mock_finalize_vars_and_configs(void)
+{
+ mock_reset_variables();
+ mock_reset_config_table();
+}
+
+// vim:fenc=utf-8:tw=75:noet
UINT32 MokVar;
UINT32 attributes;
- efi_status = gRT->GetVariable(varname, &SHIM_LOCK_GUID, &attributes,
- &size, (void *)&MokVar);
+ efi_status = RT->GetVariable(varname, &SHIM_LOCK_GUID, &attributes,
+ &size, (void *)&MokVar);
if (!EFI_ERROR(efi_status) || efi_status == EFI_BUFFER_TOO_SMALL)
return TRUE;
#define SetVariable(name, guid, attrs, varsz, var) \
({ \
EFI_STATUS efi_status_; \
- efi_status_ = gRT->SetVariable(name, guid, attrs, varsz, var); \
+ efi_status_ = RT->SetVariable(name, guid, attrs, varsz, var); \
dprint_(L"%a:%d:%a() SetVariable(\"%s\", ... varsz=0x%llx) = %r\n", \
__FILE__, __LINE__ - 5, __func__, name, varsz, \
efi_status_); \
check_var(L"MokPW") || check_var(L"MokAuth") ||
check_var(L"MokDel") || check_var(L"MokDB") ||
check_var(L"MokXNew") || check_var(L"MokXDel") ||
- check_var(L"MokXAuth")) {
+ check_var(L"MokXAuth") || check_var(L"MokListTrustedNew")) {
efi_status = start_image(image_handle, MOK_MANAGER);
if (EFI_ERROR(efi_status)) {
return EFI_SUCCESS;
}
-typedef enum {
- VENDOR_ADDEND_DB,
- VENDOR_ADDEND_X509,
- VENDOR_ADDEND_NONE,
-} vendor_addend_category_t;
-
-struct mok_state_variable;
-typedef vendor_addend_category_t (vendor_addend_categorizer_t)(struct mok_state_variable *);
-
-/*
- * MoK variables that need to have their storage validated.
- *
- * The order here is important, since this is where we measure for the
- * tpm as well.
- */
-struct mok_state_variable {
- CHAR16 *name; /* UCS-2 BS|NV variable name */
- char *name8; /* UTF-8 BS|NV variable name */
- CHAR16 *rtname; /* UCS-2 RT variable name */
- char *rtname8; /* UTF-8 RT variable name */
- EFI_GUID *guid; /* variable GUID */
-
- /*
- * these are used during processing, they shouldn't be filled out
- * in the static table below.
- */
- UINT8 *data;
- UINTN data_size;
-
- /*
- * addend are added to the input variable, as part of the runtime
- * variable, so that they're visible to the kernel. These are
- * where we put vendor_cert / vendor_db / vendor_dbx
- *
- * These are indirect pointers just to make initialization saner...
- */
- vendor_addend_categorizer_t *categorize_addend; /* determines format */
- /*
- * we call categorize_addend() and it determines what kind of thing
- * this is. That is, if this shim was built with VENDOR_CERT, for
- * the DB entry it'll return VENDOR_ADDEND_X509; if you used
- * VENDOR_DB instead, it'll return VENDOR_ADDEND_DB. If you used
- * neither, it'll do VENDOR_ADDEND_NONE.
- *
- * The existing categorizers are for db and dbx; they differ
- * because we don't currently support a CERT for dbx.
- */
- UINT8 **addend;
- UINT32 *addend_size;
-
- /*
- * build_cert is our build-time cert. Like addend, this is added
- * to the input variable, as part of the runtime variable, so that
- * they're visible to the kernel. This is the ephemeral cert used
- * for signing MokManager.efi and fallback.efi.
- *
- * These are indirect pointers just to make initialization saner...
- */
- UINT8 **build_cert;
- UINT32 *build_cert_size;
-
- UINT32 yes_attr; /* var attrs that must be set */
- UINT32 no_attr; /* var attrs that must not be set */
- UINT32 flags; /* flags on what and how to mirror */
- /*
- * MOK_MIRROR_KEYDB mirror this as a key database
- * MOK_MIRROR_DELETE_FIRST delete any existing variable first
- * MOK_VARIABLE_MEASURE extend PCR 7 and log the hash change
- * MOK_VARIABLE_LOG measure into whatever .pcr says and log
- */
- UINTN pcr; /* PCR to measure and hash to */
-
- /*
- * if this is a state value, a pointer to our internal state to be
- * mirrored.
- */
- UINT8 *state;
-};
-
static vendor_addend_category_t
categorize_authorized(struct mok_state_variable *v)
{
#define MOK_VARIABLE_MEASURE 0x04
#define MOK_VARIABLE_LOG 0x08
-struct mok_state_variable mok_state_variables[] = {
+struct mok_state_variable mok_state_variable_data[] = {
{.name = L"MokList",
.name8 = "MokList",
.rtname = L"MokListRT",
MOK_VARIABLE_MEASURE,
.pcr = 7,
},
+ {.name = L"MokListTrusted",
+ .name8 = "MokListTrusted",
+ .rtname = L"MokListTrustedRT",
+ .rtname8 = "MokListTrustedRT",
+ .guid = &SHIM_LOCK_GUID,
+ .yes_attr = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
+ .flags = MOK_MIRROR_DELETE_FIRST |
+ MOK_VARIABLE_MEASURE |
+ MOK_VARIABLE_LOG,
+ .pcr = 14,
+ .state = &trust_mok_list,
+ },
{ NULL, }
};
+size_t n_mok_state_variables = sizeof(mok_state_variable_data) / sizeof(mok_state_variable_data[0]);
+struct mok_state_variable *mok_state_variables = &mok_state_variable_data[0];
#define should_mirror_addend(v) (((v)->categorize_addend) && ((v)->categorize_addend(v) != VENDOR_ADDEND_NONE))
typedef UINTN SIZE_T;
+#define EFI_MAJOR_VERSION(tablep) ((UINT16)((((tablep)->Hdr.Revision) >> 16) & 0xfffful))
+#define EFI_MINOR_VERSION(tablep) ((UINT16)(((tablep)->Hdr.Revision) & 0xfffful))
+
static EFI_STATUS
get_max_var_sz(UINT32 attrs, SIZE_T *max_var_szp)
{
uint64_t max_var_sz = 0;
*max_var_szp = 0;
- efi_status = gRT->QueryVariableInfo(attrs, &max_storage_sz,
- &remaining_sz, &max_var_sz);
- if (EFI_ERROR(efi_status)) {
- perror(L"Could not get variable storage info: %r\n", efi_status);
- return efi_status;
+ if (EFI_MAJOR_VERSION(RT) < 2) {
+ dprint(L"EFI %d.%d; no RT->QueryVariableInfo(). Using 1024!\n",
+ EFI_MAJOR_VERSION(RT), EFI_MINOR_VERSION(RT));
+ max_var_sz = remaining_sz = max_storage_sz = 1024;
+ efi_status = EFI_SUCCESS;
+ } else {
+ dprint(L"calling RT->QueryVariableInfo() at 0x%lx\n",
+ RT->QueryVariableInfo);
+ efi_status = RT->QueryVariableInfo(attrs, &max_storage_sz,
+ &remaining_sz, &max_var_sz);
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Could not get variable storage info: %r\n",
+ efi_status);
+ return efi_status;
+ }
}
/*
SIZE_T max_var_sz;
efi_status = get_max_var_sz(attrs, &max_var_sz);
- if (EFI_ERROR(efi_status)) {
+ if (EFI_ERROR(efi_status) && efi_status != EFI_UNSUPPORTED) {
LogError(L"Could not get maximum variable size: %r",
efi_status);
return efi_status;
}
- if (FullDataSize <= max_var_sz) {
+ /* Some UEFI environment such as u-boot doesn't implement
+ * QueryVariableInfo() and we will only get EFI_UNSUPPORTED when
+ * querying the available space. In this case, we just mirror
+ * the variable directly. */
+ if (FullDataSize <= max_var_sz || efi_status == EFI_UNSUPPORTED) {
+ efi_status = EFI_SUCCESS;
if (only_first)
efi_status = SetVariable(name, guid, attrs,
FullDataSize, FullData);
BOOLEAN present = FALSE;
if (v->rtname) {
- if (!only_first && (v->flags & MOK_MIRROR_DELETE_FIRST)) {
+ if (only_first && (v->flags & MOK_MIRROR_DELETE_FIRST)) {
dprint(L"deleting \"%s\"\n", v->rtname);
efi_status = LibDeleteVariable(v->rtname, v->guid);
dprint(L"LibDeleteVariable(\"%s\",...) => %r\n", v->rtname, efi_status);
return ret;
}
-struct mok_variable_config_entry {
- CHAR8 name[256];
- UINT64 data_size;
- UINT8 data[];
-};
-
EFI_STATUS import_one_mok_state(struct mok_state_variable *v,
BOOLEAN only_first)
{
EFI_STATUS ret = EFI_SUCCESS;
EFI_STATUS efi_status;
- user_insecure_mode = 0;
- ignore_db = 0;
-
UINT32 attrs = 0;
BOOLEAN delete = FALSE;
dprint(L"importing mok state for \"%s\"\n", v->name);
- efi_status = get_variable_attr(v->name,
- &v->data, &v->data_size,
- *v->guid, &attrs);
- if (efi_status == EFI_NOT_FOUND) {
- v->data = NULL;
- v->data_size = 0;
- } else if (EFI_ERROR(efi_status)) {
- perror(L"Could not verify %s: %r\n", v->name,
- efi_status);
- delete = TRUE;
- } else {
- if (!(attrs & v->yes_attr)) {
- perror(L"Variable %s is missing attributes:\n",
- v->name);
- perror(L" 0x%08x should have 0x%08x set.\n",
- attrs, v->yes_attr);
- delete = TRUE;
- }
- if (attrs & v->no_attr) {
- perror(L"Variable %s has incorrect attribute:\n",
- v->name);
- perror(L" 0x%08x should not have 0x%08x set.\n",
- attrs, v->no_attr);
+ if (!v->data && !v->data_size) {
+ efi_status = get_variable_attr(v->name,
+ &v->data, &v->data_size,
+ *v->guid, &attrs);
+ if (efi_status == EFI_NOT_FOUND) {
+ v->data = NULL;
+ v->data_size = 0;
+ } else if (EFI_ERROR(efi_status)) {
+ perror(L"Could not verify %s: %r\n", v->name,
+ efi_status);
delete = TRUE;
+ } else {
+ if (!(attrs & v->yes_attr)) {
+ perror(L"Variable %s is missing attributes:\n",
+ v->name);
+ perror(L" 0x%08x should have 0x%08x set.\n",
+ attrs, v->yes_attr);
+ delete = TRUE;
+ }
+ if (attrs & v->no_attr) {
+ perror(L"Variable %s has incorrect attribute:\n",
+ v->name);
+ perror(L" 0x%08x should not have 0x%08x set.\n",
+ attrs, v->no_attr);
+ delete = TRUE;
+ }
}
}
if (delete == TRUE) {
}
dprint(L"maybe mirroring \"%s\". original data:\n", v->name);
- dhexdumpat(v->data, v->data_size, 0);
+ if (v->data && v->data_size) {
+ dhexdumpat(v->data, v->data_size, 0);
+ }
ret = maybe_mirror_one_mok_variable(v, ret, only_first);
dprint(L"returning %r\n", ret);
user_insecure_mode = 0;
ignore_db = 0;
+ trust_mok_list = 0;
UINT64 config_sz = 0;
UINT8 *config_table = NULL;
config_sz += sizeof(config_template);
npages = ALIGN_VALUE(config_sz, PAGE_SIZE) >> EFI_PAGE_SHIFT;
config_table = NULL;
- efi_status = gBS->AllocatePages(AllocateAnyPages,
- EfiRuntimeServicesData,
- npages,
- (EFI_PHYSICAL_ADDRESS *)&config_table);
+ efi_status = BS->AllocatePages(
+ AllocateAnyPages, EfiRuntimeServicesData, npages,
+ (EFI_PHYSICAL_ADDRESS *)&config_table);
if (EFI_ERROR(efi_status) || !config_table) {
console_print(L"Allocating %lu pages for mok config table failed: %r\n",
npages, efi_status);
config_template.data_size = v->data_size;
- CopyMem(p, &config_template, sizeof(config_template));
- p += sizeof(config_template);
- CopyMem(p, v->data, v->data_size);
- p += v->data_size;
+ if (v->data && v->data_size) {
+ CopyMem(p, &config_template, sizeof(config_template));
+ p += sizeof(config_template);
+ CopyMem(p, v->data, v->data_size);
+ p += v->data_size;
+ }
}
if (p) {
ZeroMem(&config_template, sizeof(config_template));
CopyMem(p, &config_template, sizeof(config_template));
- efi_status = gBS->InstallConfigurationTable(&MOK_VARIABLE_STORE,
- config_table);
+ efi_status = BS->InstallConfigurationTable(&MOK_VARIABLE_STORE,
+ config_table);
if (EFI_ERROR(efi_status)) {
console_print(L"Couldn't install MoK configuration table\n");
}
{
EFI_STATUS efi_status;
- efi_status = gBS->HandleProtocol(device, &PxeBaseCodeProtocol,
- (VOID **) &pxe);
+ efi_status = BS->HandleProtocol(device, &PxeBaseCodeProtocol,
+ (VOID **) &pxe);
if (EFI_ERROR(efi_status)) {
pxe = NULL;
return FALSE;
*/
EFI_STATUS
-generate_hash(char *data, unsigned int datasize_in,
+generate_hash(char *data, unsigned int datasize,
PE_COFF_LOADER_IMAGE_CONTEXT *context, UINT8 *sha256hash,
UINT8 *sha1hash)
{
unsigned int sha256ctxsize, sha1ctxsize;
- unsigned int size = datasize_in;
void *sha256ctx = NULL, *sha1ctx = NULL;
char *hashbase;
unsigned int hashsize;
unsigned int SumOfBytesHashed, SumOfSectionBytes;
unsigned int index, pos;
- unsigned int datasize;
EFI_IMAGE_SECTION_HEADER *Section;
EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL;
EFI_STATUS efi_status = EFI_SUCCESS;
EFI_IMAGE_DOS_HEADER *DosHdr = (void *)data;
unsigned int PEHdr_offset = 0;
- size = datasize = datasize_in;
-
if (datasize <= sizeof (*DosHdr) ||
DosHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE) {
perror(L"Invalid signature\n");
hashbase = data;
hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum -
hashbase;
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum +
sizeof (int);
hashsize = (char *)context->SecDir - hashbase;
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
EFI_IMAGE_DATA_DIRECTORY *dd = context->SecDir + 1;
hashbase = (char *)dd;
hashsize = context->SizeOfHeaders - (unsigned long)((char *)dd - data);
- if (hashsize > datasize_in) {
+ if (hashsize > datasize) {
perror(L"Data Directory size %d is invalid\n", hashsize);
efi_status = EFI_INVALID_PARAMETER;
goto done;
}
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
continue;
}
- hashbase = ImageAddress(data, size, Section->PointerToRawData);
+ hashbase = ImageAddress(data, datasize,
+ Section->PointerToRawData);
if (!hashbase) {
perror(L"Malformed section header\n");
efi_status = EFI_INVALID_PARAMETER;
goto done;
}
hashsize = (unsigned int) Section->SizeOfRawData;
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
efi_status = EFI_INVALID_PARAMETER;
goto done;
}
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
hashbase = data + SumOfBytesHashed;
hashsize = datasize - SumOfBytesHashed;
- check_size(data, datasize_in, hashbase, hashsize);
+ check_size(data, datasize, hashbase, hashsize);
if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
!(Sha1Update(sha1ctx, hashbase, hashsize))) {
PAGE_SIZE);
*alloc_pages = alloc_size / PAGE_SIZE;
- efi_status = gBS->AllocatePages(AllocateAnyPages, EfiLoaderCode,
- *alloc_pages, alloc_address);
+ efi_status = BS->AllocatePages(AllocateAnyPages, EfiLoaderCode,
+ *alloc_pages, alloc_address);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to allocate image buffer\n");
return EFI_OUT_OF_RESOURCES;
*entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint);
if (!*entry_point) {
perror(L"Entry point is invalid\n");
- gBS->FreePages(*alloc_address, *alloc_pages);
+ BS->FreePages(*alloc_address, *alloc_pages);
return EFI_UNSUPPORTED;
}
if (end < base) {
perror(L"Section %d has negative size\n", i);
- gBS->FreePages(*alloc_address, *alloc_pages);
+ BS->FreePages(*alloc_address, *alloc_pages);
return EFI_UNSUPPORTED;
}
li->ImageSize = context.ImageSize;
/* Pass the load options to the second stage loader */
- if ( load_options ) {
- li->LoadOptions = load_options;
- li->LoadOptionsSize = load_options_size;
- }
+ li->LoadOptions = load_options;
+ li->LoadOptionsSize = load_options_size;
if (!found_entry_point) {
perror(L"Entry point is not within sections\n");
return EFI_UNSUPPORTED;
}
if (found_entry_point > 1) {
- perror(L"%d sections contain entry point\n");
+ perror(L"%d sections contain entry point\n", found_entry_point);
return EFI_UNSUPPORTED;
}
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * post-process-pe.c - fix up timestamps and checksums in broken PE files
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#define _GNU_SOURCE 1
+
+#include <err.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <inttypes.h>
+#include <limits.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifndef PAGE_SIZE
+#define PAGE_SIZE 4096
+#endif
+
+static int verbosity;
+#define ERROR 0
+#define WARNING 1
+#define INFO 2
+#define NOISE 3
+#define MIN_VERBOSITY ERROR
+#define MAX_VERBOSITY NOISE
+#define debug(level, ...) \
+ ({ \
+ if (verbosity >= (level)) { \
+ printf("%s():%d: ", __func__, __LINE__); \
+ printf(__VA_ARGS__); \
+ } \
+ 0; \
+ })
+
+typedef uint8_t UINT8;
+typedef uint16_t UINT16;
+typedef uint32_t UINT32;
+typedef uint64_t UINT64;
+
+typedef uint16_t CHAR16;
+
+typedef unsigned long UINTN;
+
+typedef struct {
+ UINT32 Data1;
+ UINT16 Data2;
+ UINT16 Data3;
+ UINT8 Data4[8];
+} EFI_GUID;
+
+#include "include/peimage.h"
+
+#if defined(__GNUC__) && defined(__GNUC_MINOR__)
+#define GNUC_PREREQ(maj, min) \
+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+#else
+#define GNUC_PREREQ(maj, min) 0
+#endif
+
+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
+#define CLANG_PREREQ(maj, min) \
+ ((__clang_major__ > (maj)) || \
+ (__clang_major__ == (maj) && __clang_minor__ >= (min)))
+#else
+#define CLANG_PREREQ(maj, min) 0
+#endif
+
+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
+#define add(a0, a1, s) __builtin_add_overflow(a0, a1, s)
+#define sub(s0, s1, d) __builtin_sub_overflow(s0, s1, d)
+#define mul(f0, f1, p) __builtin_mul_overflow(f0, f1, p)
+#else
+#define add(a0, a1, s) \
+ ({ \
+ (*s) = ((a0) + (a1)); \
+ 0; \
+ })
+#define sub(s0, s1, d) \
+ ({ \
+ (*d) = ((s0) - (s1)); \
+ 0; \
+ })
+#define mul(f0, f1, p) \
+ ({ \
+ (*p) = ((f0) * (f1)); \
+ 0; \
+ })
+#endif
+#define div(d0, d1, q) \
+ ({ \
+ unsigned int ret_ = ((d1) == 0); \
+ if (ret_ == 0) \
+ (*q) = ((d0) / (d1)); \
+ ret_; \
+ })
+
+static int
+image_is_64_bit(EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr)
+{
+ /* .Magic is the same offset in all cases */
+ if (PEHdr->Pe32Plus.OptionalHeader.Magic ==
+ EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC)
+ return 1;
+ return 0;
+}
+
+static void
+load_pe(const char *const file, void *const data, const size_t datasize,
+ PE_COFF_LOADER_IMAGE_CONTEXT *ctx)
+{
+ EFI_IMAGE_DOS_HEADER *DOSHdr = data;
+ EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr = data;
+ size_t HeaderWithoutDataDir, SectionHeaderOffset, OptHeaderSize;
+ size_t FileAlignment = 0;
+ size_t sz0 = 0, sz1 = 0;
+ uintptr_t loc = 0;
+
+ debug(NOISE, "datasize:%zu sizeof(PEHdr->Pe32):%zu\n", datasize,
+ sizeof(PEHdr->Pe32));
+ if (datasize < sizeof(PEHdr->Pe32))
+ errx(1, "%s: Invalid image size %zu (%zu < %zu)", file,
+ datasize, datasize, sizeof(PEHdr->Pe32));
+
+ debug(NOISE,
+ "DOSHdr->e_magic:0x%02hx EFI_IMAGE_DOS_SIGNATURE:0x%02hx\n",
+ DOSHdr->e_magic, EFI_IMAGE_DOS_SIGNATURE);
+ if (DOSHdr->e_magic != EFI_IMAGE_DOS_SIGNATURE)
+ errx(1,
+ "%s: Invalid DOS header signature 0x%04hx (expected 0x%04hx)",
+ file, DOSHdr->e_magic, EFI_IMAGE_DOS_SIGNATURE);
+
+ debug(NOISE, "DOSHdr->e_lfanew:%u datasize:%zu\n", DOSHdr->e_lfanew,
+ datasize);
+ if (DOSHdr->e_lfanew >= datasize ||
+ add((uintptr_t)data, DOSHdr->e_lfanew, &loc))
+ errx(1, "%s: invalid pe header location", file);
+
+ ctx->PEHdr = PEHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)loc;
+ debug(NOISE, "PE signature:0x%04x EFI_IMAGE_NT_SIGNATURE:0x%04x\n",
+ PEHdr->Pe32.Signature, EFI_IMAGE_NT_SIGNATURE);
+ if (PEHdr->Pe32.Signature != EFI_IMAGE_NT_SIGNATURE)
+ errx(1, "%s: Unsupported image type", file);
+
+ if (image_is_64_bit(PEHdr)) {
+ debug(NOISE, "image is 64bit\n");
+ ctx->NumberOfRvaAndSizes =
+ PEHdr->Pe32Plus.OptionalHeader.NumberOfRvaAndSizes;
+ ctx->SizeOfHeaders =
+ PEHdr->Pe32Plus.OptionalHeader.SizeOfHeaders;
+ ctx->ImageSize = PEHdr->Pe32Plus.OptionalHeader.SizeOfImage;
+ ctx->SectionAlignment =
+ PEHdr->Pe32Plus.OptionalHeader.SectionAlignment;
+ FileAlignment = PEHdr->Pe32Plus.OptionalHeader.FileAlignment;
+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER64);
+ } else {
+ debug(NOISE, "image is 32bit\n");
+ ctx->NumberOfRvaAndSizes =
+ PEHdr->Pe32.OptionalHeader.NumberOfRvaAndSizes;
+ ctx->SizeOfHeaders = PEHdr->Pe32.OptionalHeader.SizeOfHeaders;
+ ctx->ImageSize = (UINT64)PEHdr->Pe32.OptionalHeader.SizeOfImage;
+ ctx->SectionAlignment =
+ PEHdr->Pe32.OptionalHeader.SectionAlignment;
+ FileAlignment = PEHdr->Pe32.OptionalHeader.FileAlignment;
+ OptHeaderSize = sizeof(EFI_IMAGE_OPTIONAL_HEADER32);
+ }
+
+ if (FileAlignment % 2 != 0)
+ errx(1, "%s: Invalid file alignment %ld", file, FileAlignment);
+
+ if (FileAlignment == 0)
+ FileAlignment = 0x200;
+ if (ctx->SectionAlignment == 0)
+ ctx->SectionAlignment = PAGE_SIZE;
+ if (ctx->SectionAlignment < FileAlignment)
+ ctx->SectionAlignment = FileAlignment;
+
+ ctx->NumberOfSections = PEHdr->Pe32.FileHeader.NumberOfSections;
+
+ debug(NOISE,
+ "Number of RVAs:%"PRIu64" EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES:%d\n",
+ ctx->NumberOfRvaAndSizes, EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES);
+ if (EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES < ctx->NumberOfRvaAndSizes)
+ errx(1, "%s: invalid number of RVAs (%lu entries, max is %d)",
+ file, ctx->NumberOfRvaAndSizes,
+ EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES);
+
+ if (mul(sizeof(EFI_IMAGE_DATA_DIRECTORY),
+ EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES, &sz0) ||
+ sub(OptHeaderSize, sz0, &HeaderWithoutDataDir) ||
+ sub(PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ HeaderWithoutDataDir, &sz0) ||
+ mul(ctx->NumberOfRvaAndSizes, sizeof(EFI_IMAGE_DATA_DIRECTORY),
+ &sz1) ||
+ (sz0 != sz1)) {
+ if (mul(sizeof(EFI_IMAGE_DATA_DIRECTORY),
+ EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES, &sz0))
+ debug(ERROR,
+ "sizeof(EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES overflows\n");
+ else
+ debug(ERROR,
+ "sizeof(EFI_IMAGE_DATA_DIRECTORY) * EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES = %zu\n",
+ sz0);
+ if (sub(OptHeaderSize, sz0, &HeaderWithoutDataDir))
+ debug(ERROR,
+ "OptHeaderSize (%zu) - HeaderWithoutDataDir (%zu) overflows\n",
+ OptHeaderSize, HeaderWithoutDataDir);
+ else
+ debug(ERROR,
+ "OptHeaderSize (%zu) - HeaderWithoutDataDir (%zu) = %zu\n",
+ OptHeaderSize, sz0, HeaderWithoutDataDir);
+
+ if (sub(PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ HeaderWithoutDataDir, &sz0)) {
+ debug(ERROR,
+ "PEHdr->Pe32.FileHeader.SizeOfOptionalHeader (%d) - %zu overflows\n",
+ PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ HeaderWithoutDataDir);
+ } else {
+ debug(ERROR,
+ "PEHdr->Pe32.FileHeader.SizeOfOptionalHeader (%d)- %zu = %zu\n",
+ PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ HeaderWithoutDataDir, sz0);
+ }
+ if (mul(ctx->NumberOfRvaAndSizes,
+ sizeof(EFI_IMAGE_DATA_DIRECTORY), &sz1))
+ debug(ERROR,
+ "ctx->NumberOfRvaAndSizes (%zu) * sizeof(EFI_IMAGE_DATA_DIRECTORY) overflows\n",
+ ctx->NumberOfRvaAndSizes);
+ else
+ debug(ERROR,
+ "ctx->NumberOfRvaAndSizes (%zu) * sizeof(EFI_IMAGE_DATA_DIRECTORY) = %zu\n",
+ ctx->NumberOfRvaAndSizes, sz1);
+ debug(ERROR,
+ "space after image header:%zu data directory size:%zu\n",
+ sz0, sz1);
+
+ errx(1, "%s: image header overflows data directory", file);
+ }
+
+ if (add(DOSHdr->e_lfanew, sizeof(UINT32), &SectionHeaderOffset) ||
+ add(SectionHeaderOffset, sizeof(EFI_IMAGE_FILE_HEADER),
+ &SectionHeaderOffset) ||
+ add(SectionHeaderOffset,
+ PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ &SectionHeaderOffset)) {
+ debug(ERROR, "SectionHeaderOffset:%" PRIu32 " + %zu + %zu + %d",
+ DOSHdr->e_lfanew, sizeof(UINT32),
+ sizeof(EFI_IMAGE_FILE_HEADER),
+ PEHdr->Pe32.FileHeader.SizeOfOptionalHeader);
+ errx(1, "%s: SectionHeaderOffset would overflow", file);
+ }
+
+ if (sub(ctx->ImageSize, SectionHeaderOffset, &sz0) ||
+ div(sz0, EFI_IMAGE_SIZEOF_SECTION_HEADER, &sz0) ||
+ (sz0 <= ctx->NumberOfSections)) {
+ debug(ERROR, "(%" PRIu64 " - %zu) / %d > %d\n", ctx->ImageSize,
+ SectionHeaderOffset, EFI_IMAGE_SIZEOF_SECTION_HEADER,
+ ctx->NumberOfSections);
+ errx(1, "%s: image sections overflow image size", file);
+ }
+
+ if (sub(ctx->SizeOfHeaders, SectionHeaderOffset, &sz0) ||
+ div(sz0, EFI_IMAGE_SIZEOF_SECTION_HEADER, &sz0) ||
+ (sz0 < ctx->NumberOfSections)) {
+ debug(ERROR, "(%zu - %zu) / %d >= %d\n", ctx->SizeOfHeaders,
+ SectionHeaderOffset, EFI_IMAGE_SIZEOF_SECTION_HEADER,
+ ctx->NumberOfSections);
+ errx(1, "%s: image sections overflow section headers", file);
+ }
+
+ if (sub((uintptr_t)PEHdr, (uintptr_t)data, &sz0) ||
+ add(sz0, sizeof(EFI_IMAGE_OPTIONAL_HEADER_UNION), &sz0) ||
+ (sz0 > datasize)) {
+ errx(1, "%s: PE Image size %zu > %zu", file, sz0, datasize);
+ }
+
+ if (PEHdr->Pe32.FileHeader.Characteristics & EFI_IMAGE_FILE_RELOCS_STRIPPED)
+ errx(1, "%s: Unsupported image - Relocations have been stripped", file);
+
+ if (image_is_64_bit(PEHdr)) {
+ ctx->ImageAddress = PEHdr->Pe32Plus.OptionalHeader.ImageBase;
+ ctx->EntryPoint =
+ PEHdr->Pe32Plus.OptionalHeader.AddressOfEntryPoint;
+ ctx->RelocDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory
+ [EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
+ ctx->SecDir = &PEHdr->Pe32Plus.OptionalHeader.DataDirectory
+ [EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+ } else {
+ ctx->ImageAddress = PEHdr->Pe32.OptionalHeader.ImageBase;
+ ctx->EntryPoint =
+ PEHdr->Pe32.OptionalHeader.AddressOfEntryPoint;
+ ctx->RelocDir = &PEHdr->Pe32.OptionalHeader.DataDirectory
+ [EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC];
+ ctx->SecDir = &PEHdr->Pe32.OptionalHeader.DataDirectory
+ [EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+ }
+
+ if (add((uintptr_t)PEHdr, PEHdr->Pe32.FileHeader.SizeOfOptionalHeader,
+ &loc) ||
+ add(loc, sizeof(UINT32), &loc) ||
+ add(loc, sizeof(EFI_IMAGE_FILE_HEADER), &loc))
+ errx(1, "%s: invalid location for first section", file);
+
+ ctx->FirstSection = (EFI_IMAGE_SECTION_HEADER *)loc;
+
+ if (ctx->ImageSize < ctx->SizeOfHeaders)
+ errx(1,
+ "%s: Image size %"PRIu64" is smaller than header size %lu",
+ file, ctx->ImageSize, ctx->SizeOfHeaders);
+
+ if (sub((uintptr_t)ctx->SecDir, (uintptr_t)data, &sz0) ||
+ sub(datasize, sizeof(EFI_IMAGE_DATA_DIRECTORY), &sz1) ||
+ sz0 > sz1)
+ errx(1,
+ "%s: security direcory offset %zu past data directory at %zu",
+ file, sz0, sz1);
+
+ if (ctx->SecDir->VirtualAddress > datasize ||
+ (ctx->SecDir->VirtualAddress == datasize &&
+ ctx->SecDir->Size > 0))
+ errx(1, "%s: Security directory extends past end", file);
+}
+
+static void
+fix_timestamp(PE_COFF_LOADER_IMAGE_CONTEXT *ctx)
+{
+ uint32_t ts;
+
+ if (image_is_64_bit(ctx->PEHdr)) {
+ ts = ctx->PEHdr->Pe32Plus.FileHeader.TimeDateStamp;
+ } else {
+ ts = ctx->PEHdr->Pe32.FileHeader.TimeDateStamp;
+ }
+
+ if (ts != 0) {
+ debug(INFO, "Updating timestamp from 0x%08x to 0\n", ts);
+ if (image_is_64_bit(ctx->PEHdr)) {
+ ctx->PEHdr->Pe32Plus.FileHeader.TimeDateStamp = 0;
+ } else {
+ ctx->PEHdr->Pe32.FileHeader.TimeDateStamp = 0;
+ }
+ }
+}
+
+static void
+fix_checksum(PE_COFF_LOADER_IMAGE_CONTEXT *ctx, void *map, size_t mapsize)
+{
+ uint32_t old;
+ uint32_t checksum = 0;
+ uint16_t word;
+ uint8_t *data = map;
+
+ if (image_is_64_bit(ctx->PEHdr)) {
+ old = ctx->PEHdr->Pe32Plus.OptionalHeader.CheckSum;
+ ctx->PEHdr->Pe32Plus.OptionalHeader.CheckSum = 0;
+ } else {
+ old = ctx->PEHdr->Pe32.OptionalHeader.CheckSum;
+ ctx->PEHdr->Pe32.OptionalHeader.CheckSum = 0;
+ }
+ debug(NOISE, "old checksum was 0x%08x\n", old);
+
+ for (size_t i = 0; i < mapsize - 1; i += 2) {
+ word = (data[i + 1] << 8ul) | data[i];
+ checksum += word;
+ checksum = 0xffff & (checksum + (checksum >> 0x10));
+ }
+ debug(NOISE, "checksum = 0x%08x + 0x%08zx = 0x%08zx\n", checksum,
+ mapsize, checksum + mapsize);
+
+ checksum += mapsize;
+
+ if (checksum != old)
+ debug(INFO, "Updating checksum from 0x%08x to 0x%08x\n",
+ old, checksum);
+
+ if (image_is_64_bit(ctx->PEHdr)) {
+ ctx->PEHdr->Pe32Plus.OptionalHeader.CheckSum = checksum;
+ } else {
+ ctx->PEHdr->Pe32.OptionalHeader.CheckSum = checksum;
+ }
+}
+
+static void
+handle_one(char *f)
+{
+ int fd;
+ int rc;
+ struct stat statbuf;
+ size_t sz;
+ void *map;
+ int failed = 0;
+
+ PE_COFF_LOADER_IMAGE_CONTEXT ctx = { 0, 0 };
+
+ fd = open(f, O_RDWR | O_EXCL);
+ if (fd < 0)
+ err(1, "Could not open \"%s\"", f);
+
+ rc = fstat(fd, &statbuf);
+ if (rc < 0)
+ err(1, "Could not stat \"%s\"", f);
+
+ sz = statbuf.st_size;
+
+ map = mmap(NULL, sz, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+ if (map == MAP_FAILED)
+ err(1, "Could not map \"%s\"", f);
+
+ load_pe(f, map, sz, &ctx);
+
+ fix_timestamp(&ctx);
+
+ fix_checksum(&ctx, map, sz);
+
+ rc = msync(map, sz, MS_SYNC);
+ if (rc < 0) {
+ warn("msync(%p, %zu, MS_SYNC) failed", map, sz);
+ failed = 1;
+ }
+ munmap(map, sz);
+ if (rc < 0) {
+ warn("munmap(%p, %zu) failed", map, sz);
+ failed = 1;
+ }
+ rc = close(fd);
+ if (rc < 0) {
+ warn("close(%d) failed", fd);
+ failed = 1;
+ }
+ if (failed)
+ exit(1);
+}
+
+static void __attribute__((__noreturn__)) usage(int status)
+{
+ FILE *out = status ? stderr : stdout;
+
+ fprintf(out,
+ "Usage: post-process-pe [OPTIONS] file0 [file1 [.. fileN]]\n");
+ fprintf(out, "Options:\n");
+ fprintf(out, " -q Be more quiet\n");
+ fprintf(out, " -v Be more verbose\n");
+ fprintf(out, " -h Print this help text and exit\n");
+
+ exit(status);
+}
+
+int main(int argc, char **argv)
+{
+ int i;
+ struct option options[] = {
+ {.name = "help",
+ .val = '?',
+ },
+ {.name = "usage",
+ .val = '?',
+ },
+ {.name = "quiet",
+ .val = 'q',
+ },
+ {.name = "verbose",
+ .val = 'v',
+ },
+ {.name = ""}
+ };
+ int longindex = -1;
+
+ while ((i = getopt_long(argc, argv, "hqsv", options, &longindex)) != -1) {
+ switch (i) {
+ case 'h':
+ case '?':
+ usage(longindex == -1 ? 1 : 0);
+ break;
+ case 'q':
+ verbosity = MAX(verbosity - 1, MIN_VERBOSITY);
+ break;
+ case 'v':
+ verbosity = MIN(verbosity + 1, MAX_VERBOSITY);
+ break;
+ }
+ }
+
+ if (optind == argc)
+ usage(1);
+
+ for (i = optind; i < argc; i++)
+ handle_one(argv[i]);
+
+ return 0;
+}
+
+// vim:fenc=utf-8:tw=75:noet
static typeof(systab->BootServices->LoadImage) system_load_image;
static typeof(systab->BootServices->StartImage) system_start_image;
static typeof(systab->BootServices->Exit) system_exit;
+#if !defined(DISABLE_EBS_PROTECTION)
static typeof(systab->BootServices->ExitBootServices) system_exit_boot_services;
+#endif /* !defined(DISABLE_EBS_PROTECTION) */
static EFI_HANDLE last_loaded_image;
systab->BootServices->LoadImage = system_load_image;
systab->BootServices->StartImage = system_start_image;
+#if !defined(DISABLE_EBS_PROTECTION)
systab->BootServices->ExitBootServices = system_exit_boot_services;
- gBS = systab->BootServices;
+#endif /* !defined(DISABLE_EBS_PROTECTION) */
+ BS = systab->BootServices;
}
static EFI_STATUS EFIAPI
EFI_STATUS efi_status;
unhook_system_services();
- efi_status = gBS->LoadImage(BootPolicy, ParentImageHandle, DevicePath,
- SourceBuffer, SourceSize, ImageHandle);
+ efi_status = BS->LoadImage(BootPolicy, ParentImageHandle, DevicePath,
+ SourceBuffer, SourceSize, ImageHandle);
hook_system_services(systab);
if (EFI_ERROR(efi_status))
last_loaded_image = NULL;
loader_is_participating = 1;
uninstall_shim_protocols();
}
- efi_status = gBS->StartImage(image_handle, exit_data_size, exit_data);
+ efi_status = BS->StartImage(image_handle, exit_data_size, exit_data);
if (EFI_ERROR(efi_status)) {
if (image_handle == last_loaded_image) {
EFI_STATUS efi_status2 = install_shim_protocols();
efi_status2);
console_print(L"shim cannot continue, sorry.\n");
msleep(5000000);
- gRT->ResetSystem(EfiResetShutdown,
- EFI_SECURITY_VIOLATION,
- 0, NULL);
+ RT->ResetSystem(EfiResetShutdown,
+ EFI_SECURITY_VIOLATION,
+ 0, NULL);
}
}
hook_system_services(systab);
verification_method == VERIFIED_BY_HASH) {
unhook_system_services();
EFI_STATUS efi_status;
- efi_status = gBS->ExitBootServices(image_key, map_key);
+ efi_status = BS->ExitBootServices(image_key, map_key);
if (EFI_ERROR(efi_status))
hook_system_services(systab);
return efi_status;
console_print(L"Bootloader has not verified loaded image.\n");
console_print(L"System is compromised. halting.\n");
msleep(5000000);
- gRT->ResetSystem(EfiResetShutdown, EFI_SECURITY_VIOLATION, 0, NULL);
+ RT->ResetSystem(EfiResetShutdown, EFI_SECURITY_VIOLATION, 0, NULL);
return EFI_SECURITY_VIOLATION;
}
#endif /* !defined(DISABLE_EBS_PROTECTION) */
restore_loaded_image();
- efi_status = gBS->Exit(ImageHandle, ExitStatus,
- ExitDataSize, ExitData);
+ efi_status = BS->Exit(ImageHandle, ExitStatus,
+ ExitDataSize, ExitData);
if (EFI_ERROR(efi_status)) {
EFI_STATUS efi_status2 = shim_init();
efi_status2);
console_print(L"shim cannot continue, sorry.\n");
msleep(5000000);
- gRT->ResetSystem(EfiResetShutdown,
- EFI_SECURITY_VIOLATION, 0, NULL);
+ RT->ResetSystem(EfiResetShutdown,
+ EFI_SECURITY_VIOLATION, 0, NULL);
}
}
return efi_status;
hook_system_services(EFI_SYSTEM_TABLE *local_systab)
{
systab = local_systab;
- gBS = systab->BootServices;
+ BS = systab->BootServices;
/* We need to hook various calls to make this work... */
void
unhook_exit(void)
{
-#if !defined(DISABLE_EBS_PROTECTION)
systab->BootServices->Exit = system_exit;
- gBS = systab->BootServices;
-#endif /* defined(DISABLE_EBS_PROTECTION) */
- return;
+ BS = systab->BootServices;
}
void
hook_exit(EFI_SYSTEM_TABLE *local_systab)
{
systab = local_systab;
- gBS = local_systab->BootServices;
+ BS = local_systab->BootServices;
/* we need to hook Exit() so that we can allow users to quit the
* bootloader and still e.g. start a new one or run an internal
static EFI_LOADED_IMAGE *shim_li;
static EFI_LOADED_IMAGE shim_li_bak;
-static CHAR16 *second_stage;
-void *load_options;
-UINT32 load_options_size;
-
list_t sbat_var;
/*
UINT32 vendor_deauthorized_offset;
} cert_table;
-UINT32 vendor_authorized_size = 0;
-UINT8 *vendor_authorized = NULL;
-
-UINT32 vendor_deauthorized_size = 0;
-UINT8 *vendor_deauthorized = NULL;
-
-#if defined(ENABLE_SHIM_CERT)
-UINT32 build_cert_size;
-UINT8 *build_cert;
-#endif /* defined(ENABLE_SHIM_CERT) */
-
-/*
- * indicator of how an image has been verified
- */
-verification_method_t verification_method;
-int loader_is_participating;
-
#define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }}
-UINT8 user_insecure_mode;
-UINT8 ignore_db;
-
typedef enum {
DATA_FOUND,
DATA_NOT_FOUND,
return FALSE;
if (variable_is_secureboot() != 1) {
- if (verbose && !in_protocol && first)
- console_notify(L"Secure boot not enabled");
+ if (verbose && !in_protocol && first) {
+ CHAR16 *title = L"Secure boot not enabled";
+ CHAR16 *message = L"Press any key to continue";
+ console_countdown(title, message, 5);
+ }
first = 0;
return FALSE;
}
* to consider it.
*/
if (variable_is_setupmode(0) == 1) {
- if (verbose && !in_protocol && first)
- console_notify(L"Platform is in setup mode");
+ if (verbose && !in_protocol && first) {
+ CHAR16 *title = L"Platform is in setup mode";
+ CHAR16 *message = L"Press any key to continue";
+ console_countdown(title, message, 5);
+ }
first = 0;
return FALSE;
}
}
static int
-should_use_fallback(EFI_HANDLE image_handle)
+is_removable_media_path(EFI_LOADED_IMAGE *li)
{
- EFI_LOADED_IMAGE *li;
unsigned int pathlen = 0;
CHAR16 *bootpath = NULL;
- EFI_FILE_IO_INTERFACE *fio = NULL;
- EFI_FILE *vh = NULL;
- EFI_FILE *fh = NULL;
- EFI_STATUS efi_status;
int ret = 0;
- efi_status = gBS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
- (void **)&li);
- if (EFI_ERROR(efi_status)) {
- perror(L"Could not get image for bootx64.efi: %r\n",
- efi_status);
- return 0;
- }
-
bootpath = DevicePathToStr(li->FilePath);
/* Check the beginning of the string and the end, to avoid
if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI"))
goto error;
- efi_status = gBS->HandleProtocol(li->DeviceHandle, &FileSystemProtocol,
- (void **) &fio);
+ ret = 1;
+
+error:
+ if (bootpath)
+ FreePool(bootpath);
+
+ return ret;
+}
+
+static int
+should_use_fallback(EFI_HANDLE image_handle)
+{
+ EFI_LOADED_IMAGE *li;
+ EFI_FILE_IO_INTERFACE *fio = NULL;
+ EFI_FILE *vh = NULL;
+ EFI_FILE *fh = NULL;
+ EFI_STATUS efi_status;
+ int ret = 0;
+
+ efi_status = BS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
+ (void **)&li);
+ if (EFI_ERROR(efi_status)) {
+ perror(L"Could not get image for boot" EFI_ARCH L".efi: %r\n",
+ efi_status);
+ return 0;
+ }
+
+ if (!is_removable_media_path(li))
+ goto error;
+
+ efi_status = BS->HandleProtocol(li->DeviceHandle, &FileSystemProtocol,
+ (void **) &fio);
if (EFI_ERROR(efi_status)) {
perror(L"Could not get fio for li->DeviceHandle: %r\n",
efi_status);
fh->Close(fh);
if (vh)
vh->Close(vh);
- if (bootpath)
- FreePool(bootpath);
return ret;
}
-
-/*
- * Generate the path of an executable given shim's path and the name
- * of the executable
- */
-static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
- CHAR16 *ImagePath,
- CHAR16 **PathName)
-{
- EFI_DEVICE_PATH *devpath;
- unsigned int i;
- int j, last = -1;
- unsigned int pathlen = 0;
- EFI_STATUS efi_status = EFI_SUCCESS;
- CHAR16 *bootpath;
-
- /*
- * Suuuuper lazy technique here, but check and see if this is a full
- * path to something on the ESP. Backwards compatibility demands
- * that we don't just use \\, because we (not particularly brightly)
- * used to require that the relative file path started with that.
- *
- * If it is a full path, don't try to merge it with the directory
- * from our Loaded Image handle.
- */
- if (StrSize(ImagePath) > 5 && StrnCmp(ImagePath, L"\\EFI\\", 5) == 0) {
- *PathName = StrDuplicate(ImagePath);
- if (!*PathName) {
- perror(L"Failed to allocate path buffer\n");
- return EFI_OUT_OF_RESOURCES;
- }
- return EFI_SUCCESS;
- }
-
- devpath = li->FilePath;
-
- bootpath = DevicePathToStr(devpath);
-
- pathlen = StrLen(bootpath);
-
- /*
- * DevicePathToStr() concatenates two nodes with '/'.
- * Convert '/' to '\\'.
- */
- for (i = 0; i < pathlen; i++) {
- if (bootpath[i] == '/')
- bootpath[i] = '\\';
- }
-
- for (i=pathlen; i>0; i--) {
- if (bootpath[i] == '\\' && bootpath[i-1] == '\\')
- bootpath[i] = '/';
- else if (last == -1 && bootpath[i] == '\\')
- last = i;
- }
-
- if (last == -1 && bootpath[0] == '\\')
- last = 0;
- bootpath[last+1] = '\0';
-
- if (last > 0) {
- for (i = 0, j = 0; bootpath[i] != '\0'; i++) {
- if (bootpath[i] != '/') {
- bootpath[j] = bootpath[i];
- j++;
- }
- }
- bootpath[j] = '\0';
- }
-
- for (i = 0, last = 0; i < StrLen(ImagePath); i++)
- if (ImagePath[i] == '\\')
- last = i + 1;
-
- ImagePath = ImagePath + last;
- *PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
-
- if (!*PathName) {
- perror(L"Failed to allocate path buffer\n");
- efi_status = EFI_OUT_OF_RESOURCES;
- goto error;
- }
-
- *PathName[0] = '\0';
- if (StrnCaseCmp(bootpath, ImagePath, StrLen(bootpath)))
- StrCat(*PathName, bootpath);
- StrCat(*PathName, ImagePath);
-
-error:
- FreePool(bootpath);
-
- return efi_status;
-}
-
/*
* Open the second stage bootloader and read it into a buffer
*/
/*
* Open the device
*/
- efi_status = gBS->HandleProtocol(device, &EFI_SIMPLE_FILE_SYSTEM_GUID,
- (void **) &drive);
+ efi_status = BS->HandleProtocol(device, &EFI_SIMPLE_FILE_SYSTEM_GUID,
+ (void **) &drive);
if (EFI_ERROR(efi_status)) {
perror(L"Failed to find fs: %r\n", efi_status);
goto error;
* We need to refer to the loaded image protocol on the running
* binary in order to find our path
*/
- efi_status = gBS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
- (void **)&shim_li);
+ efi_status = BS->HandleProtocol(image_handle, &EFI_LOADED_IMAGE_GUID,
+ (void **)&shim_li);
if (EFI_ERROR(efi_status)) {
perror(L"Unable to init protocol\n");
return efi_status;
use_fb ? FALLBACK : second_stage);
}
- if (EFI_ERROR(efi_status)) {
- console_print(L"start_image() returned %r\n", efi_status);
+ // If the filename is invalid, or the file does not exist,
+ // just fallback to the default loader.
+ if (!use_fb && (efi_status == EFI_INVALID_PARAMETER ||
+ efi_status == EFI_NOT_FOUND)) {
+ console_print(
+ L"start_image() returned %r, falling back to default loader\n",
+ efi_status);
msleep(2000000);
+ load_options = NULL;
+ load_options_size = 0;
+ efi_status = start_image(image_handle, DEFAULT_LOADER);
}
- return efi_status;
-}
-
-static inline EFI_STATUS
-get_load_option_optional_data(UINT8 *data, UINTN data_size,
- UINT8 **od, UINTN *ods)
-{
- /*
- * If it's not at least Attributes + FilePathListLength +
- * Description=L"" + 0x7fff0400 (EndEntrireDevicePath), it can't
- * be valid.
- */
- if (data_size < (sizeof(UINT32) + sizeof(UINT16) + 2 + 4))
- return EFI_INVALID_PARAMETER;
-
- UINT8 *cur = data + sizeof(UINT32);
- UINT16 fplistlen = *(UINT16 *)cur;
- /*
- * If there's not enough space for the file path list and the
- * smallest possible description (L""), it's not valid.
- */
- if (fplistlen > data_size - (sizeof(UINT32) + 2 + 4))
- return EFI_INVALID_PARAMETER;
-
- cur += sizeof(UINT16);
- UINTN limit = data_size - (cur - data) - fplistlen;
- UINTN i;
- for (i = 0; i < limit ; i++) {
- /* If the description isn't valid UCS2-LE, it's not valid. */
- if (i % 2 != 0) {
- if (cur[i] != 0)
- return EFI_INVALID_PARAMETER;
- } else if (cur[i] == 0) {
- /* we've found the end */
- i++;
- if (i >= limit || cur[i] != 0)
- return EFI_INVALID_PARAMETER;
- break;
- }
- }
- i++;
- if (i > limit)
- return EFI_INVALID_PARAMETER;
-
- /*
- * If i is limit, we know the rest of this is the FilePathList and
- * there's no optional data. So just bail now.
- */
- if (i == limit) {
- *od = NULL;
- *ods = 0;
- return EFI_SUCCESS;
- }
-
- cur += i;
- limit -= i;
- limit += fplistlen;
- i = 0;
- while (limit - i >= 4) {
- struct {
- UINT8 type;
- UINT8 subtype;
- UINT16 len;
- } dp = {
- .type = cur[i],
- .subtype = cur[i+1],
- /*
- * it's a little endian UINT16, but we're not
- * guaranteed alignment is sane, so we can't just
- * typecast it directly.
- */
- .len = (cur[i+3] << 8) | cur[i+2],
- };
-
- /*
- * We haven't found an EndEntire, so this has to be a valid
- * EFI_DEVICE_PATH in order for the data to be valid. That
- * means it has to fit, and it can't be smaller than 4 bytes.
- */
- if (dp.len < 4 || dp.len > limit)
- return EFI_INVALID_PARAMETER;
-
- /*
- * see if this is an EndEntire node...
- */
- if (dp.type == 0x7f && dp.subtype == 0xff) {
- /*
- * if we've found the EndEntire node, it must be 4
- * bytes
- */
- if (dp.len != 4)
- return EFI_INVALID_PARAMETER;
-
- i += dp.len;
- break;
- }
-
- /*
- * It's just some random DP node; skip it.
- */
- i += dp.len;
- }
- if (i != fplistlen)
- return EFI_INVALID_PARAMETER;
-
- /*
- * if there's any space left, it's "optional data"
- */
- *od = cur + i;
- *ods = limit - i;
- return EFI_SUCCESS;
-}
-
-static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
-{
- CHAR16 *dppath = NULL;
- CHAR16 *PathName = NULL;
- EFI_STATUS efi_status;
- int ret = 1;
-
- dppath = DevicePathToStr(li->FilePath);
- if (!dppath)
- return 0;
-
- efi_status = generate_path_from_image_path(li, path, &PathName);
if (EFI_ERROR(efi_status)) {
- perror(L"Unable to generate path %s: %r\n", path,
- efi_status);
- goto done;
+ console_print(L"start_image() returned %r\n", efi_status);
+ msleep(2000000);
}
- dprint(L"dppath: %s\n", dppath);
- dprint(L"path: %s\n", path);
- if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
- ret = 0;
-
-done:
- FreePool(dppath);
- FreePool(PathName);
- return ret;
+ return efi_status;
}
/*
{
EFI_STATUS efi_status;
EFI_LOADED_IMAGE *li = NULL;
- CHAR16 *start = NULL;
- UINTN remaining_size = 0;
- CHAR16 *loader_str = NULL;
- UINTN loader_len = 0;
- unsigned int i;
- UINTN second_stage_len;
-
- second_stage_len = (StrLen(DEFAULT_LOADER) + 1) * sizeof(CHAR16);
- second_stage = AllocatePool(second_stage_len);
- if (!second_stage) {
- perror(L"Could not allocate %lu bytes\n", second_stage_len);
- return EFI_OUT_OF_RESOURCES;
- }
- StrCpy(second_stage, DEFAULT_LOADER);
+
+ second_stage = DEFAULT_LOADER;
load_options = NULL;
load_options_size = 0;
- efi_status = gBS->HandleProtocol(image_handle, &LoadedImageProtocol,
- (void **) &li);
+ efi_status = BS->HandleProtocol(image_handle, &LoadedImageProtocol,
+ (void **) &li);
if (EFI_ERROR(efi_status)) {
perror (L"Failed to get load options: %r\n", efi_status);
return efi_status;
}
- /* Sanity check since we make several assumptions about the length */
- if (li->LoadOptionsSize % 2 != 0)
- return EFI_INVALID_PARAMETER;
-
- /* So, load options are a giant pain in the ass. If we're invoked
- * from the EFI shell, we get something like this:
-
-00000000 5c 00 45 00 36 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
-00000010 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 6d 00 |o.r.a.\.s.h.i.m.|
-00000020 78 00 36 00 34 00 2e 00 64 00 66 00 69 00 20 00 |x.6.4...e.f.i. .|
-00000030 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
-00000040 6f 00 72 00 61 00 5c 00 66 00 77 00 75 00 70 00 |o.r.a.\.f.w.u.p.|
-00000050 64 00 61 00 74 00 65 00 2e 00 65 00 66 00 20 00 |d.a.t.e.e.f.i. .|
-00000060 00 00 66 00 73 00 30 00 3a 00 5c 00 00 00 |..f.s.0.:.\...|
-
- *
- * which is just some paths rammed together separated by a UCS-2 NUL.
- * But if we're invoked from BDS, we get something more like:
- *
-
-00000000 01 00 00 00 62 00 4c 00 69 00 6e 00 75 00 78 00 |....b.L.i.n.u.x.|
-00000010 20 00 46 00 69 00 72 00 6d 00 77 00 61 00 72 00 | .F.i.r.m.w.a.r.|
-00000020 65 00 20 00 55 00 70 00 64 00 61 00 74 00 65 00 |e. .U.p.d.a.t.e.|
-00000030 72 00 00 00 40 01 2a 00 01 00 00 00 00 08 00 00 |r.....*.........|
-00000040 00 00 00 00 00 40 06 00 00 00 00 00 1a 9e 55 bf |.....@........U.|
-00000050 04 57 f2 4f b4 4a ed 26 4a 40 6a 94 02 02 04 04 |.W.O.:.&J@j.....|
-00000060 34 00 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 |4.\.E.F.I.f.e.d.|
-00000070 64 00 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 |o.r.a.\.s.h.i.m.|
-00000080 6d 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |x.6.4...e.f.i...|
-00000090 00 00 7f ff 40 00 20 00 5c 00 66 00 77 00 75 00 |...... .\.f.w.u.|
-000000a0 70 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |p.x.6.4...e.f.i.|
-000000b0 00 00 |..|
-
- *
- * which is clearly an EFI_LOAD_OPTION filled in halfway reasonably.
- * In short, the UEFI shell is still a useless piece of junk.
- *
- * But then on some versions of BDS, we get:
-
-00000000 5c 00 66 00 77 00 75 00 70 00 78 00 36 00 34 00 |\.f.w.u.p.x.6.4.|
-00000010 2e 00 65 00 66 00 69 00 00 00 |..e.f.i...|
-0000001a
-
- * which as you can see is one perfectly normal UCS2-EL string
- * containing the load option from the Boot#### variable.
- *
- * We also sometimes find a guid or partial guid at the end, because
- * BDS will add that, but we ignore that here.
- */
-
- /*
- * Maybe there just aren't any options...
- */
- if (li->LoadOptionsSize == 0)
- return EFI_SUCCESS;
-
- /*
- * In either case, we've got to have at least a UCS2 NUL...
- */
- if (li->LoadOptionsSize < 2)
- return EFI_BAD_BUFFER_SIZE;
-
- /*
- * Some awesome versions of BDS will add entries for Linux. On top
- * of that, some versions of BDS will "tag" any Boot#### entries they
- * create by putting a GUID at the very end of the optional data in
- * the EFI_LOAD_OPTIONS, thus screwing things up for everybody who
- * tries to actually *use* the optional data for anything. Why they
- * did this instead of adding a flag to the spec to /say/ it's
- * created by BDS, I do not know. For shame.
- *
- * Anyway, just nerf that out from the start. It's always just
- * garbage at the end.
- */
- if (li->LoadOptionsSize > 16) {
- if (CompareGuid((EFI_GUID *)(li->LoadOptions
- + (li->LoadOptionsSize - 16)),
- &BDS_GUID) == 0)
- li->LoadOptionsSize -= 16;
- }
-
+#if defined(DISABLE_REMOVABLE_LOAD_OPTIONS)
/*
- * Apparently sometimes we get L"\0\0"? Which isn't useful at all.
+ * boot services build very strange load options, and we might misparse them,
+ * causing boot failures on removable media.
*/
- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize))
+ if (is_removable_media_path(li)) {
+ dprint("Invoked from removable media path, ignoring boot options");
return EFI_SUCCESS;
-
- /*
- * Check and see if this is just a list of strings. If it's an
- * EFI_LOAD_OPTION, it'll be 0, since we know EndEntire device path
- * won't pass muster as UCS2-LE.
- *
- * If there are 3 strings, we're launched from the shell most likely,
- * But we actually only care about the second one.
- */
- UINTN strings = count_ucs2_strings(li->LoadOptions,
- li->LoadOptionsSize);
-
- /*
- * In some cases we get strings == 1 because BDS is using L' ' as the
- * delimeter:
- * 0000:74 00 65 00 73 00 74 00 2E 00 65 00 66 00 69 00 t.e.s.t...e.f.i.
- * 0016:20 00 6F 00 6E 00 65 00 20 00 74 00 77 00 6F 00 ..o.n.e...t.w.o.
- * 0032:20 00 74 00 68 00 72 00 65 00 65 00 00 00 ..t.h.r.e.e...
- *
- * If so replace it with NULs since the code already handles that
- * case.
- */
- if (strings == 1) {
- UINT16 *cur = start = li->LoadOptions;
-
- /* replace L' ' with L'\0' if we find any */
- for (i = 0; i < li->LoadOptionsSize / 2; i++) {
- if (cur[i] == L' ')
- cur[i] = L'\0';
- }
-
- /* redo the string count */
- strings = count_ucs2_strings(li->LoadOptions,
- li->LoadOptionsSize);
}
+#endif
- /*
- * If it's not string data, try it as an EFI_LOAD_OPTION.
- */
- if (strings == 0) {
- /*
- * We at least didn't find /enough/ strings. See if it works
- * as an EFI_LOAD_OPTION.
- */
- efi_status = get_load_option_optional_data(li->LoadOptions,
- li->LoadOptionsSize,
- (UINT8 **)&start,
- &loader_len);
- if (EFI_ERROR(efi_status))
- return EFI_SUCCESS;
-
- remaining_size = 0;
- } else if (strings >= 2) {
- /*
- * UEFI shell copies the whole line of the command into
- * LoadOptions. We ignore the string before the first L'\0',
- * i.e. the name of this program.
- */
- UINT16 *cur = li->LoadOptions;
- for (i = 1; i < li->LoadOptionsSize / 2; i++) {
- if (cur[i - 1] == L'\0') {
- start = &cur[i];
- remaining_size = li->LoadOptionsSize - (i * 2);
- break;
- }
- }
-
- remaining_size -= i * 2 + 2;
- } else if (strings == 1 && is_our_path(li, start)) {
- /*
- * And then I found a version of BDS that gives us our own path
- * in LoadOptions:
-
-77162C58 5c 00 45 00 46 00 49 00 |\.E.F.I.|
-77162C60 5c 00 42 00 4f 00 4f 00 54 00 5c 00 42 00 4f 00 |\.B.O.O.T.\.B.O.|
-77162C70 4f 00 54 00 58 00 36 00 34 00 2e 00 45 00 46 00 |O.T.X.6.4...E.F.|
-77162C80 49 00 00 00 |I...|
-
- * which is just cruel... So yeah, just don't use it.
- */
- return EFI_SUCCESS;
- }
-
- /*
- * Set up the name of the alternative loader and the LoadOptions for
- * the loader
- */
- if (loader_len > 0) {
- /* we might not always have a NULL at the end */
- loader_str = AllocatePool(loader_len + 2);
- if (!loader_str) {
- perror(L"Failed to allocate loader string\n");
- return EFI_OUT_OF_RESOURCES;
- }
-
- for (i = 0; i < loader_len / 2; i++)
- loader_str[i] = start[i];
- loader_str[loader_len/2] = L'\0';
-
- second_stage = loader_str;
- load_options = remaining_size ? start + (loader_len/2) : NULL;
- load_options_size = remaining_size;
+ efi_status = parse_load_options(li);
+ if (EFI_ERROR(efi_status)) {
+ perror (L"Failed to get load options: %r\n", efi_status);
+ return efi_status;
}
return EFI_SUCCESS;
/*
* Install the protocol
*/
- efi_status = gBS->InstallProtocolInterface(&shim_lock_handle,
- &SHIM_LOCK_GUID,
- EFI_NATIVE_INTERFACE,
- &shim_lock_interface);
+ efi_status = BS->InstallProtocolInterface(&shim_lock_handle,
+ &SHIM_LOCK_GUID,
+ EFI_NATIVE_INTERFACE,
+ &shim_lock_interface);
if (EFI_ERROR(efi_status)) {
console_error(L"Could not install security protocol",
efi_status);
/*
* If we're back here then clean everything up before exiting
*/
- gBS->UninstallProtocolInterface(shim_lock_handle, &SHIM_LOCK_GUID,
- &shim_lock_interface);
+ BS->UninstallProtocolInterface(shim_lock_handle, &SHIM_LOCK_GUID,
+ &shim_lock_interface);
if (!secure_mode())
return;
unhook_exit();
- /*
- * Free the space allocated for the alternative 2nd stage loader
- */
- if (load_options_size > 0 && second_stage)
- FreePool(second_stage);
-
console_fini();
}
if (x > 12000)
break;
#endif
- pause();
+ wait_for_debug();
}
x = 1;
}
console_print(L"\ndoing %a\n", action);
if (action == COLD_RESET)
- gRT->ResetSystem(EfiResetCold, EFI_SECURITY_VIOLATION, 0, NULL);
+ RT->ResetSystem(EfiResetCold, EFI_SECURITY_VIOLATION, 0, NULL);
#endif
}
* boot-services-only state variables are what we think they are.
*/
efi_status = import_mok_state(image_handle);
- if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
+ if (!secure_mode() &&
+ (efi_status == EFI_INVALID_PARAMETER ||
+ efi_status == EFI_OUT_OF_RESOURCES)) {
/*
* Make copy failures fatal only if secure_mode is enabled, or
- * the error was anything else than EFI_INVALID_PARAMETER.
+ * the error was anything else than EFI_INVALID_PARAMETER or
+ * EFI_OUT_OF_RESOURCES.
* There are non-secureboot firmware implementations that don't
* reserve enough EFI variable memory to fit the variable.
*/
devel_egress(COLD_RESET);
#else
msleep(5000000);
- gRT->ResetSystem(EfiResetShutdown, EFI_SECURITY_VIOLATION,
- 0, NULL);
+ RT->ResetSystem(EfiResetShutdown, EFI_SECURITY_VIOLATION,
+ 0, NULL);
#endif
}
#error On x86_64 you must have a compiler new enough to support __attribute__((__ms_abi__))
#endif
+#if CLANG_PREREQ(3, 4)
+#pragma GCC diagnostic ignored "-Wpointer-bool-conversion"
+#endif
+
#if !defined(GNU_EFI_USE_EXTERNAL_STDARG)
#define GNU_EFI_USE_EXTERNAL_STDARG
#endif
#include "include/httpboot.h"
#include "include/ip4config2.h"
#include "include/ip6config.h"
+#include "include/load-options.h"
+#include "include/mok.h"
#include "include/netboot.h"
#include "include/passwordcrypt.h"
#include "include/peimage.h"
extern UINT8 user_insecure_mode;
extern UINT8 ignore_db;
+extern UINT8 trust_mok_list;
extern UINT8 in_protocol;
extern void *load_options;
extern UINT32 load_options_size;
return -1;
}
+int
+test_csv_3(void)
+{
+ char csv[] =
+ "a,b,c,d,e,f,g,h\n"
+ "a,b,c\n"
+ "\n"
+ "\n"
+ "a,b,c,d,e,f,g,h\n"
+ "a,b,c\0x,y\0z\0";
+ struct test_entry test_entries[]= {
+ { 7, { "a", "b", "c", "d", "e", "f", "g" } },
+ { 3, { "a", "b", "c", NULL, NULL, NULL, NULL } },
+ { 7, { "a", "b", "c", "d", "e", "f", "g" } },
+ { 3, { "a", "b", "c", NULL, NULL, NULL, NULL } },
+ };
+ list_t entry_list;
+ size_t i;
+ char *current, *end;
+ list_t *pos = NULL;
+ EFI_STATUS efi_status;
+
+ INIT_LIST_HEAD(&entry_list);
+ assert_equal_return(list_size(&entry_list), 0, -1,
+ "got %d expected %d\n");
+
+ current = csv;
+ end = csv + sizeof(csv) - 1;
+
+ efi_status = parse_csv_data(current, end, 7, &entry_list);
+ assert_equal_return(efi_status, EFI_SUCCESS, -1, "got %x expected %x\n");
+
+ i = 0;
+ list_for_each(pos, &entry_list) {
+ struct csv_row *csv_row;
+ struct test_entry *test_entry = &test_entries[i++];
+ size_t j;
+
+ assert_goto(i > 0 && i <= 4, fail, "got %d expected 0 to 4\n", i);
+
+ csv_row = list_entry(pos, struct csv_row, list);
+
+ assert_equal_goto(csv_row->n_columns, test_entry->n_columns,
+ fail, "got %d expected %d\n");
+ for (j = 0; j < csv_row->n_columns; j++) {
+ assert_equal_goto(strcmp(csv_row->columns[j],
+ test_entry->columns[j]), 0,
+ fail, "got %d expected %d\n");
+ }
+ }
+
+ assert_equal_return(list_size(&entry_list), 4, -1,
+ "got %d expected %d\n");
+ free_csv_list(&entry_list);
+ assert_equal_return(list_size(&entry_list), 0, -1,
+ "got %d expected %d\n");
+ return 0;
+fail:
+ free_csv_list(&entry_list);
+ return -1;
+}
+
int
test_simple_sbat_csv(void)
{
test(test_csv_0);
test(test_csv_1);
test(test_csv_2);
+ test(test_csv_3);
test(test_simple_sbat_csv);
test(test_csv_simple_fuzz, random_bin, random_bin_len, false);
for (i = 0; i < random_bin_len; i++) {
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-argv.c - test our loader_opts parsing
+ */
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#pragma GCC diagnostic error "-Wnonnull"
+#pragma GCC diagnostic error "-Wunused-function"
+
+#pragma GCC diagnostic warning "-Wcpp"
+
+#ifndef SHIM_UNIT_TEST
+#define SHIM_UNIT_TEST
+#endif
+
+#include "shim.h"
+
+#include <execinfo.h>
+#include <stdio.h>
+#include <efivar/efivar.h>
+
+EFI_DEVICE_PATH *
+make_file_dp(char *filename)
+{
+ void *filedp = NULL;
+ size_t filedpsz = 0, filedpneeded = 0;
+
+ filedpneeded = efidp_make_file(filedp, filedpneeded, filename);
+ assert_positive_return(filedpneeded, NULL, "\n");
+
+ filedp = calloc(1, filedpneeded + 4);
+ assert_nonzero_return(filedp, NULL, "\n");
+
+ filedpsz = efidp_make_file(filedp, filedpneeded, filename);
+ assert_equal_goto(filedpsz, filedpneeded, err, "got %zu expected %zu\n");
+
+ efidp_make_end_entire((uint8_t *)filedp + filedpneeded, 4);
+
+ return filedp;
+err:
+ free(filedp);
+ return NULL;
+}
+
+int
+test_parse_load_options(char *load_option_data,
+ size_t load_option_data_size,
+ char *file_path,
+ CHAR16 *target_second_stage,
+ char *target_remaining,
+ size_t target_remaining_size)
+{
+ EFI_STATUS status = EFI_SUCCESS;
+ EFI_LOADED_IMAGE li = {
+ .LoadOptions = load_option_data,
+ .LoadOptionsSize = load_option_data_size,
+ .FilePath = make_file_dp(file_path),
+ };
+ CHAR16 *dummy_second_stage = calloc(1, 8);
+ int rc = -1;
+
+ assert_nonzero_goto(li.FilePath, err, "\n");
+ assert_nonzero_goto(dummy_second_stage, err, "\n");
+
+ StrCat(dummy_second_stage, L"foo");
+ second_stage = dummy_second_stage;
+
+ status = parse_load_options(&li);
+ assert_false_goto(EFI_ERROR(status), err, "\n");
+
+ assert_nonzero_goto(second_stage, err, "\n");
+ assert_not_equal_goto(second_stage, dummy_second_stage, err, "%p == %p\n");
+ assert_zero_goto(StrnCmp(second_stage, target_second_stage, 90),
+ err_print_second_stage, "%d != 0\n");
+
+ assert_equal_goto(load_options_size, target_remaining_size, err_remaining, "%zu != %zu\n");
+ assert_equal_goto(load_options, target_remaining, err_remaining, "%p != %p\n");
+ assert_zero_goto(memcmp(load_options, target_remaining, load_options_size), err_remaining, "\n");
+
+ rc = 0;
+err_remaining:
+ if (rc != 0) {
+ printf("expected remaining:%p\n", target_remaining);
+ for (size_t i = 0; i < target_remaining_size; i++)
+ printf("0x%02hhx ", target_remaining[i]);
+ printf("\n");
+ printf("actual remaining:%p\n", load_options);
+ for (size_t i = 0; i < load_options_size; i++)
+ printf("0x%02hhx ", ((char *)load_options)[i]);
+ printf("\n");
+ }
+err_print_second_stage:
+ if (rc != 0) {
+ printf("second stage:\"");
+ for(int i = 0; second_stage[i] != 0; i++)
+ printf("%c", second_stage[i]);
+ printf("\"\nexpected:\"");
+ for(int i = 0; target_second_stage[i] != 0; i++)
+ printf("%c", target_second_stage[i]);
+ printf("\"\n");
+ }
+err:
+ if (rc != 0) {
+ print_traceback(0);
+ }
+ if (li.FilePath) {
+ free(li.FilePath);
+ }
+ if (dummy_second_stage && dummy_second_stage != second_stage) {
+ free(dummy_second_stage);
+ }
+ second_stage = NULL;
+
+ return rc;
+}
+
+int __attribute__((__flatten__))
+test_efi_shell_0(void)
+{
+/*
+00000000 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
+00000010 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 6d 00 |o.r.a.\.s.h.i.m.|
+00000020 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 20 00 |x.6.4...e.f.i. .|
+00000030 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 64 00 |\.E.F.I.\.f.e.d.|
+00000040 6f 00 72 00 61 00 5c 00 66 00 77 00 75 00 70 00 |o.r.a.\.f.w.u.p.|
+00000050 64 00 61 00 74 00 65 00 2e 00 65 00 66 00 69 00 |d.a.t.e...e.f.i.|
+00000060 20 00 00 00 66 00 73 00 30 00 3a 00 5c 00 00 00 | ...f.s.0.:.\...|
+*/
+
+ char load_option_data[] = {
+ 0x5c, 0x00, 0x45, 0x00, 0x46, 0x00, 0x49, 0x00,
+ 0x5c, 0x00, 0x66, 0x00, 0x65, 0x00, 0x64, 0x00,
+ 0x6f, 0x00, 0x72, 0x00, 0x61, 0x00, 0x5c, 0x00,
+ 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6d, 0x00,
+ 0x78, 0x00, 0x36, 0x00, 0x34, 0x00, 0x2e, 0x00,
+ 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x20, 0x00,
+ 0x5c, 0x00, 0x45, 0x00, 0x46, 0x00, 0x49, 0x00,
+ 0x5c, 0x00, 0x66, 0x00, 0x65, 0x00, 0x64, 0x00,
+ 0x6f, 0x00, 0x72, 0x00, 0x61, 0x00, 0x5c, 0x00,
+ 0x66, 0x00, 0x77, 0x00, 0x75, 0x00, 0x70, 0x00,
+ 0x64, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+ 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x20, 0x00, 0x00, 0x00, 0x66, 0x00, 0x73, 0x00,
+ 0x30, 0x00, 0x3a, 0x00, 0x5c, 0x00, 0x00, 0x00,
+ };
+ size_t load_option_data_size = sizeof(load_option_data);
+ char *remaining = &load_option_data[sizeof(load_option_data)-14];
+ size_t remaining_size = 14;
+
+ return test_parse_load_options(load_option_data,
+ load_option_data_size,
+ "\\EFI\\fedora\\shimx64.efi",
+ L"\\EFI\\fedora\\fwupdate.efi",
+ remaining, remaining_size);
+}
+
+int __attribute__((__flatten__))
+test_bds_0(void)
+{
+/*
+00000000 01 00 00 00 62 00 4c 00 69 00 6e 00 75 00 78 00 |....b.L.i.n.u.x.|
+00000010 20 00 46 00 69 00 72 00 6d 00 77 00 61 00 72 00 | .F.i.r.m.w.a.r.|
+00000020 65 00 20 00 55 00 70 00 64 00 61 00 74 00 65 00 |e. .U.p.d.a.t.e.|
+00000030 72 00 00 00 40 01 2a 00 01 00 00 00 00 08 00 00 |r.....*.........|
+00000040 00 00 00 00 00 40 06 00 00 00 00 00 1a 9e 55 bf |.....@........U.|
+00000050 04 57 f2 4f b4 4a ed 26 4a 40 6a 94 02 02 04 04 |.W.O.:.&J@j.....|
+00000060 34 00 5c 00 45 00 46 00 49 00 5c 00 66 00 65 00 |4.\.E.F.I.\.f.e.|
+00000070 64 00 6f 00 72 00 61 00 5c 00 73 00 68 00 69 00 |d.o.r.a.\.s.h.i.|
+00000080 6d 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |m.x.6.4...e.f.i.|
+00000090 00 00 7f ff 04 00 20 00 5c 00 66 00 77 00 75 00 |...... .\.f.w.u.|
+000000a0 70 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 |p.x.6.4...e.f.i.|
+000000b0 00 00 |..|
+*/
+ char load_option_data [] = {
+ 0x01, 0x00, 0x00, 0x00, 0x62, 0x00, 0x4c, 0x00,
+ 0x69, 0x00, 0x6e, 0x00, 0x75, 0x00, 0x78, 0x00,
+ 0x20, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00,
+ 0x6d, 0x00, 0x77, 0x00, 0x61, 0x00, 0x72, 0x00,
+ 0x65, 0x00, 0x20, 0x00, 0x55, 0x00, 0x70, 0x00,
+ 0x64, 0x00, 0x61, 0x00, 0x74, 0x00, 0x65, 0x00,
+ 0x72, 0x00, 0x00, 0x00, 0x40, 0x01, 0x2a, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x06, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x1a, 0x9e, 0x55, 0xbf,
+ 0x04, 0x57, 0xf2, 0x4f, 0xb4, 0x4a, 0xed, 0x26,
+ 0x4a, 0x40, 0x6a, 0x94, 0x02, 0x02, 0x04, 0x04,
+ 0x34, 0x00, 0x5c, 0x00, 0x45, 0x00, 0x46, 0x00,
+ 0x49, 0x00, 0x5c, 0x00, 0x66, 0x00, 0x65, 0x00,
+ 0x64, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x61, 0x00,
+ 0x5c, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00,
+ 0x6d, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00,
+ 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x00, 0x00, 0x7f, 0xff, 0x04, 0x00, 0x20, 0x00,
+ 0x5c, 0x00, 0x66, 0x00, 0x77, 0x00, 0x75, 0x00,
+ 0x70, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00,
+ 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x00, 0x00
+ };
+ size_t load_option_data_size = sizeof(load_option_data);
+
+ return test_parse_load_options(load_option_data,
+ load_option_data_size,
+ "\\EFI\\fedora\\shimx64.efi",
+ L"\\fwupx64.efi",
+ NULL, 0);
+}
+
+int __attribute__((__flatten__))
+test_bds_1(void)
+{
+/*
+00000000 5c 00 66 00 77 00 75 00 70 00 78 00 36 00 34 00 |\.f.w.u.p.x.6.4.|
+00000010 2e 00 65 00 66 00 69 00 00 00 |..e.f.i...|
+0000001a
+*/
+ char load_option_data [] = {
+ 0x5c, 0x00, 0x66, 0x00, 0x77, 0x00, 0x75, 0x00,
+ 0x70, 0x00, 0x78, 0x00, 0x36, 0x00, 0x34, 0x00,
+ 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x00, 0x00
+ };
+ size_t load_option_data_size = sizeof(load_option_data);
+
+ return test_parse_load_options(load_option_data,
+ load_option_data_size,
+ "\\EFI\\fedora\\shimx64.efi",
+ L"\\fwupx64.efi",
+ NULL, 0);
+}
+
+int
+test_bds_2(void)
+{
+/*
+00000000 74 00 65 00 73 00 74 00 2E 00 65 00 66 00 69 00 |t.e.s.t...e.f.i.|
+00000010 20 00 6F 00 6E 00 65 00 20 00 74 00 77 00 6F 00 |..o.n.e...t.w.o.|
+00000020 20 00 74 00 68 00 72 00 65 00 65 00 00 00 |..t.h.r.e.e...|
+*/
+ char load_option_data [] = {
+ 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+ 0x2E, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00,
+ 0x20, 0x00, 0x6F, 0x00, 0x6E, 0x00, 0x65, 0x00,
+ 0x20, 0x00, 0x74, 0x00, 0x77, 0x00, 0x6F, 0x00,
+ 0x20, 0x00, 0x74, 0x00, 0x68, 0x00, 0x72, 0x00,
+ 0x65, 0x00, 0x65, 0x00, 0x00, 0x00
+ };
+ size_t load_option_data_size = sizeof(load_option_data);
+ char *target_remaining = &load_option_data[26];
+ size_t target_remaining_size = 20;
+
+ return test_parse_load_options(load_option_data,
+ load_option_data_size,
+ "test.efi",
+ L"one",
+ target_remaining,
+ target_remaining_size);
+}
+
+int
+main(void)
+{
+ int status = 0;
+ test(test_efi_shell_0);
+ test(test_bds_0);
+ test(test_bds_1);
+ test(test_bds_2);
+ return status;
+}
+
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-mock-variables.c - test our mock variable implementation (irony)
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#include "shim.h"
+#include "mock-variables.h"
+
+#include <errno.h>
+#include <efivar/efivar.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "test-data-efivars-0.h"
+
+#pragma GCC diagnostic ignored "-Wunused-label"
+
+static const size_t guidstr_size = sizeof("8be4df61-93ca-11d2-aa0d-00e098032b8c");
+
+void mock_print_guidname(EFI_GUID *guid, CHAR16 *name);
+void mock_print_var_list(list_t *head);
+
+static int
+test_filter_out_helper(size_t nvars, const CHAR16 *varnames[nvars],
+ bool filter_out, UINTN expected_count)
+{
+ const char *mok_rt_vars[n_mok_state_variables];
+ EFI_STATUS status;
+ EFI_GUID guid = SHIM_LOCK_GUID;
+ CHAR16 name[1024] = L"";
+ UINTN sz;
+ char asciiname[1024];
+ bool found = false;
+ int ret = 0;
+ UINTN count = 0;
+
+ for (size_t i = 0; i < n_mok_state_variables; i++) {
+ mok_rt_vars[i] = mok_state_variables[i].rtname8;
+ }
+
+ sz = sizeof(name);
+ status = RT->GetNextVariableName(&sz, name, &guid);
+ assert_equal_return(status, EFI_NOT_FOUND, -1, "got %lx, expected %lx");
+
+ mock_load_variables("test-data/efivars-1", mok_rt_vars, filter_out);
+
+ while (true) {
+ int rc = 0;
+
+ sz = sizeof(name);
+ status = RT->GetNextVariableName(&sz, name, &guid);
+ if (status == EFI_NOT_FOUND)
+ break;
+ if (EFI_ERROR(status))
+ return -1;
+
+ count += 1;
+ SetMem(asciiname, sizeof(asciiname), 0);
+ for (UINTN i = 0; i < sizeof(asciiname); i++)
+ asciiname[i] = name[i];
+ for (UINTN i = 0; varnames[i] != NULL; i++) {
+ if (sz == 0 || StrLen(varnames[i]) != sz-1)
+ continue;
+ if (StrCmp(name, varnames[i]) == 0) {
+ found = true;
+ if (filter_out) {
+ rc = assert_false_as_expr(found, -1,
+ "found=%u for undesired variable \"%s\"\n",
+ asciiname);
+ break;
+ }
+ }
+ }
+ if (!filter_out)
+ rc = assert_true_as_expr(found, -1,
+ "found=%u for undesired variable \"%s\"\n",
+ asciiname);
+ if (ret >= 0 && rc < 0)
+ ret = rc;
+ }
+
+ mock_reset_variables();
+ assert_equal_return(count, expected_count, -1, "%lu != %lu\n");
+ assert_true_return(list_empty(&mock_variables), -1, "%lu != %lu\n");
+
+ return ret;
+}
+
+static int
+test_filter_out_true(void)
+{
+ const CHAR16 *varnames[] = {
+ L"MokListRT",
+ L"MokListXRT",
+ L"SbatLevelRT",
+ NULL
+ };
+ size_t nvars = sizeof(varnames) / sizeof(varnames[0]);
+
+ return test_filter_out_helper(nvars, varnames, true, 3);
+}
+
+static int
+test_filter_out_false(void)
+{
+ const CHAR16 *varnames[] = {
+ L"MokListRT",
+ L"MokListXRT",
+ L"SbatLevelRT",
+ NULL
+ };
+ size_t nvars = sizeof(varnames) / sizeof(varnames[0]);
+
+ return test_filter_out_helper(nvars, varnames, false, 3);
+}
+
+static int
+test_gnvn_buf_size_0(void)
+{
+ UINTN size = 0;
+ CHAR16 buf[6] = { 0, };
+ EFI_STATUS status;
+ EFI_GUID empty_guid = { 0, };
+ int ret = -1;
+
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ assert_equal_return(status, EFI_INVALID_PARAMETER, -1, "0x%lx != 0x%lx\n");
+
+ size = 1;
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ assert_equal_return(status, EFI_NOT_FOUND, -1, "0x%lx != 0x%lx\n");
+
+ status = RT->SetVariable(L"test", &GV_GUID,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS, 5, "test");
+ assert_equal_return(status, EFI_SUCCESS, -1, "0x%lx != 0x%lx\n");
+
+ size = 1;
+ status = RT->GetNextVariableName(&size, &buf[0], &empty_guid);
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "0x%lx != 0x%lx\n");
+
+ size = 1;
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ assert_equal_goto(status, EFI_BUFFER_TOO_SMALL, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, StrSize(L"test"), err, "%zu != %zu\n");
+
+ size = StrSize(L"test");
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+ status = RT->SetVariable(L"testa", &GV_GUID,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS, 5, "test");
+ assert_equal_return(status, EFI_SUCCESS, -1, "0x%lx != 0x%lx\n");
+
+ buf[0] = 0;
+ size = 1;
+ status = RT->GetNextVariableName(&size, &buf[0], &empty_guid);
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "0x%lx != 0x%lx\n");
+
+ size = StrSize(L"test");
+ StrCpy(buf, L"test");
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ case MOCK_SORT_PREPEND:
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "0x%lx != 0x%lx\n");
+ break;
+ case MOCK_SORT_APPEND:
+ case MOCK_SORT_ASCENDING:
+ assert_equal_goto(status, EFI_BUFFER_TOO_SMALL, err, "0x%lx != 0x%lx\n");
+ break;
+ default:
+ break;
+ }
+
+ size = StrSize(L"testa");
+ StrCpy(buf, L"test");
+ status = RT->GetNextVariableName(&size, &buf[0], &GV_GUID);
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ case MOCK_SORT_PREPEND:
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "0x%lx != 0x%lx\n");
+ break;
+ case MOCK_SORT_APPEND:
+ case MOCK_SORT_ASCENDING:
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ break;
+ default:
+ break;
+ }
+
+ ret = 0;
+err:
+ mock_reset_variables();
+ return ret;
+}
+
+static int
+test_gnvn_helper(char *testvars)
+{
+ UINTN size = 0;
+ CHAR16 buf[8192] = { 0, };
+ EFI_STATUS status;
+ EFI_GUID empty_guid = { 0, };
+ int ret = -1;
+ const char *mok_rt_vars[n_mok_state_variables];
+
+ for (size_t i = 0; i < n_mok_state_variables; i++) {
+ mok_rt_vars[i] = mok_state_variables[i].rtname8;
+ }
+
+ mock_load_variables(testvars, mok_rt_vars, true);
+
+ size = sizeof(buf);
+ buf[0] = L'\0';
+ status = RT->GetNextVariableName(&size, buf, &GV_GUID);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+#if defined(SHIM_DEBUG) && SHIM_DEBUG != 0
+ dump_mock_variables(__FILE__, __LINE__, __func__);
+#endif
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ dump_mock_variables_if_wrong(__FILE__, __LINE__, __func__,
+ &GV_GUID, L"dbxDefault");
+ assert_zero_goto(StrCmp(buf, L"dbxDefault"), err, "0x%lx != 0x%lx\n");
+ break;
+ case MOCK_SORT_ASCENDING:
+ dump_mock_variables_if_wrong(__FILE__, __LINE__, __func__,
+ &GV_GUID, L"Boot0000");
+ assert_zero_goto(StrCmp(buf, L"Boot0000"), err, "0x%lx != 0x%lx buf:\"%s\"\n",
+ 0, Str2str(buf));
+ break;
+ default:
+ break;
+ }
+
+ size = sizeof(buf);
+ buf[0] = 0;
+ status = RT->GetNextVariableName(&size, buf, &EFI_SECURE_BOOT_DB_GUID);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ switch (mock_variable_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ assert_zero_goto(StrCmp(buf, L"dbx"), err, "0x%lx != 0x%lx\n");
+ break;
+ case MOCK_SORT_ASCENDING:
+ assert_zero_goto(StrCmp(buf, L"db"), err, "0x%lx != 0x%lx\n");
+ break;
+ default:
+ break;
+ }
+
+ ret = 0;
+err:
+ if (ret)
+ mock_print_var_list(&mock_variables);
+ mock_reset_variables();
+ return ret;
+}
+
+static int
+test_gnvn_0(void)
+{
+ return test_gnvn_helper("test-data/efivars-0");
+}
+
+static int
+test_gnvn_1(void)
+{
+ return test_gnvn_helper("test-data/efivars-1");
+}
+
+static int
+test_get_variable_0(void)
+{
+ UINTN size = 0;
+ uint8_t buf[8192] = { 0, };
+ EFI_STATUS status;
+ EFI_GUID empty_guid = { 0, };
+ UINT32 attrs = 0;
+ int ret = -1;
+ int cmp;
+ const char *mok_rt_vars[n_mok_state_variables];
+
+ for (size_t i = 0; i < n_mok_state_variables; i++) {
+ mok_rt_vars[i] = mok_state_variables[i].rtname8;
+ }
+
+ mock_load_variables("test-data/efivars-1", mok_rt_vars, true);
+
+ size = 0;
+ status = RT->GetVariable(L"Boot0000", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_BUFFER_TOO_SMALL, err, "0x%lx != 0x%lx\n");
+
+ size = sizeof(buf);
+ status = RT->GetVariable(L"Boot0000", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, sizeof(test_data_efivars_0_Boot0000), err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, test_data_efivars_0_Boot0000, size), err, "%zu != %zu\n");
+
+ ret = 0;
+err:
+ if (ret)
+ mock_print_var_list(&mock_variables);
+ mock_reset_variables();
+ return ret;
+}
+
+static int
+test_set_variable_0(void)
+{
+ UINTN size = 0;
+ uint8_t buf[8192] = { 0, };
+ EFI_STATUS status;
+ EFI_GUID empty_guid = { 0, };
+ UINT32 attrs = 0;
+ int ret = -1;
+ UINT32 bs_rt_nv = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE;
+
+ size = 4;
+ strcpy(buf, "foo");
+ status = RT->SetVariable(L"tmp", &GV_GUID, bs_rt_nv, size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+ size = sizeof(buf);
+ SetMem(buf, sizeof(buf), 0);
+ status = RT->GetVariable(L"tmp", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, 4, err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, "foo", 4), err, "0x%lx != 0x%lx\n");
+
+ size = 5;
+ strcpy(buf, "bang");
+ status = RT->SetVariable(L"tmp", &GV_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ size, buf);
+ size = sizeof(buf);
+ SetMem(buf, sizeof(buf), 0);
+ status = RT->GetVariable(L"tmp", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, 5, err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, "bang", 5), err, "%d != %d\n");
+
+ size = 5;
+ strcpy(buf, "foop");
+ status = RT->SetVariable(L"tmp", &GV_GUID, bs_rt_nv, size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+ size = sizeof(buf);
+ SetMem(buf, sizeof(buf), 0);
+ status = RT->GetVariable(L"tmp", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, 5, err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, "foop", 5), err, "%d != %d\n");
+
+ size = 0;
+ strcpy(buf, "");
+ status = RT->SetVariable(L"tmp", &GV_GUID, bs_rt_nv | EFI_VARIABLE_APPEND_WRITE, size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+ size = sizeof(buf);
+ SetMem(buf, sizeof(buf), 0);
+ status = RT->GetVariable(L"tmp", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, 5, err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, "foop", 5), err, "%d != %d\n");
+
+ size = 5;
+ strcpy(buf, "poof");
+ status = RT->SetVariable(L"tmp", &GV_GUID, bs_rt_nv | EFI_VARIABLE_APPEND_WRITE, size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+
+ size = sizeof(buf);
+ SetMem(buf, sizeof(buf), 0);
+ status = RT->GetVariable(L"tmp", &GV_GUID, &attrs, &size, buf);
+ assert_equal_goto(status, EFI_SUCCESS, err, "0x%lx != 0x%lx\n");
+ assert_equal_goto(size, 10, err, "%zu != %zu\n");
+ assert_zero_goto(memcmp(buf, "foop\0poof", 10), err, "%d != %d\n");
+ ret = 0;
+err:
+ if (ret)
+ mock_print_var_list(&mock_variables);
+ mock_reset_variables();
+ return ret;
+}
+
+static void
+dump_config_table_if_wrong(const char * const func, int line, ...)
+{
+ va_list alist, blist;
+ bool okay = true;
+ size_t n = 0, m = 0;
+
+ va_start(alist, line);
+ va_copy(blist, alist);
+
+ int idx = va_arg(alist, int);
+ EFI_GUID *guid = va_arg(alist, EFI_GUID *);
+ while (idx >= 0 && guid != NULL) {
+ EFI_CONFIGURATION_TABLE *entry;
+ if (idx < 0)
+ goto nexta;
+
+ n += 1;
+ if (idx >= (int)ST->NumberOfTableEntries) {
+ okay = false;
+ goto nexta;
+ }
+
+ entry = &ST->ConfigurationTable[idx];
+ if (CompareGuid(guid, &entry->VendorGuid) != 0)
+ okay = false;
+
+nexta:
+ idx = va_arg(alist, int);
+ guid = va_arg(alist, EFI_GUID *);
+ }
+ va_end(alist);
+
+ if (okay)
+ return;
+
+ printf("%s:%d:%s(): %d entries:\n", __FILE__, line, func, ST->NumberOfTableEntries);
+ idx = va_arg(blist, int);
+ guid = va_arg(blist, EFI_GUID *);
+ while (idx >= 0 && guid != NULL) {
+ EFI_CONFIGURATION_TABLE *entry;
+
+ if (idx >= (int)ST->NumberOfTableEntries) {
+ printf("\t[%d]: invalid index for " GUID_FMT "\n",
+ idx, GUID_ARGS(*guid));
+ goto nexta;
+ }
+
+ if (idx < 0) {
+ printf("\t[%d]: " GUID_FMT "\n", idx, GUID_ARGS(*guid));
+ } else {
+ entry = &ST->ConfigurationTable[idx];
+ printf("\t[%d]: %p ", idx, entry);
+ printf("{.VendorGuid:" GUID_FMT ",", GUID_ARGS(entry->VendorGuid));
+ printf("&.VendorTable:%p}\n", entry->VendorTable);
+ if (CompareGuid(guid, &entry->VendorGuid) != 0)
+ printf("\t\t\t expected:" GUID_FMT "\n", GUID_ARGS(*guid));
+ }
+next:
+ idx = va_arg(blist, int);
+ guid = va_arg(blist, EFI_GUID *);
+ }
+ va_end(blist);
+
+ if ((int)ST->NumberOfTableEntries - n == 0)
+ return;
+
+ printf("%d extra table entries:\n", ST->NumberOfTableEntries - n);
+ for (m = n; m < ST->NumberOfTableEntries; m++) {
+ EFI_CONFIGURATION_TABLE *entry;
+
+ entry = &ST->ConfigurationTable[m];
+
+ printf("\t[%d]: %p ", m, entry);
+ printf("{.VendorGuid:" GUID_FMT ",", GUID_ARGS(entry->VendorGuid));
+ printf("&.VendorTable:%p}\n", entry->VendorTable);
+ }
+}
+
+static int
+test_install_config_table_0(void)
+{
+ int ret = -1;
+ EFI_STATUS status;
+
+ /*
+ * These three guids are chosen on purpose: they start with "a",
+ * "b", and "c", respective to their variable names, so you can
+ * identify them when dumped.
+ */
+ EFI_GUID aguid = SECURITY_PROTOCOL_GUID;
+ char astr[guidstr_size];
+ void *astrp = &astr[0];
+ int aidx = -1;
+
+ EFI_GUID bguid = EFI_HTTP_BINDING_GUID;
+ char bstr[guidstr_size];
+ void *bstrp = &bstr[0];
+ int bidx = -1;
+
+ EFI_GUID cguid = MOK_VARIABLE_STORE;
+ char cstr[guidstr_size];
+ void *cstrp = &cstr[0];
+ int cidx = -1;
+
+ EFI_GUID lip = LOADED_IMAGE_PROTOCOL;
+
+ EFI_GUID guids[3];
+
+ char tmpstr[guidstr_size];
+
+ sprintf(astrp, GUID_FMT, GUID_ARGS(aguid));
+ sprintf(bstrp, GUID_FMT, GUID_ARGS(bguid));
+ sprintf(cstrp, GUID_FMT, GUID_ARGS(cguid));
+
+ assert_equal_return(ST->NumberOfTableEntries, 0, -1, "%lu != %lu\n");
+
+ /*
+ * test installing one
+ */
+ status = BS->InstallConfigurationTable(&bguid, bstrp);
+ assert_equal_return(status, EFI_SUCCESS, -1, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 1, err, "%lu != %lu\n");
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[0].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[0].VendorTable,
+ bstrp, err, "%p != %p\n");
+
+ /*
+ * test re-installing the same one
+ */
+ status = BS->InstallConfigurationTable(&bguid, bstrp);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 1, err, "%lu != %lu\n");
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[0].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[0].VendorTable,
+ bstrp, err, "%p != %p\n");
+
+ /*
+ * Test installing a second one
+ */
+ status = BS->InstallConfigurationTable(&aguid, astrp);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 2, err, "%lu != %lu\n");
+
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ aidx = 1;
+ bidx = 0;
+ break;
+ case MOCK_SORT_PREPEND:
+ aidx = 0;
+ bidx = 1;
+ break;
+ case MOCK_SORT_APPEND:
+ aidx = 1;
+ bidx = 0;
+ break;
+ case MOCK_SORT_ASCENDING:
+ aidx = 0;
+ bidx = 1;
+ break;
+ default:
+ break;
+ }
+
+ dump_config_table_if_wrong(__func__, __LINE__,
+ aidx, &aguid,
+ bidx, &bguid,
+ cidx, &cguid,
+ -1, NULL);
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, astr);
+ assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp,
+ err, "%p != %p\n");
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp,
+ err, "%p != %p\n");
+
+ /*
+ * Test installing a third one
+ */
+ status = BS->InstallConfigurationTable(&cguid, cstrp);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 3, err, "%lu != %lu\n");
+
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ aidx = 2;
+ bidx = 1;
+ cidx = 0;
+ break;
+ case MOCK_SORT_PREPEND:
+ aidx = 1;
+ bidx = 2;
+ cidx = 0;
+ break;
+ case MOCK_SORT_APPEND:
+ aidx = 1;
+ bidx = 0;
+ cidx = 2;
+ break;
+ case MOCK_SORT_ASCENDING:
+ aidx = 0;
+ bidx = 1;
+ cidx = 2;
+ break;
+ default:
+ break;
+ }
+
+ dump_config_table_if_wrong(__func__, __LINE__,
+ aidx, &aguid,
+ bidx, &bguid,
+ cidx, &cguid,
+ -1, NULL);
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, astr);
+ assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp,
+ err, "%p != %p\n");
+ memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID));
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID));
+
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, cstr);
+ assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID));
+
+ /*
+ * Test removing NULL guid
+ */
+ status = BS->InstallConfigurationTable(NULL, NULL);
+ assert_equal_goto(status, EFI_INVALID_PARAMETER, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 3, err, "%lu != %lu\n");
+
+ /*
+ * Test removing a guid that's not present
+ */
+ status = BS->InstallConfigurationTable(&lip, NULL);
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 3, err, "%lu != %lu\n");
+
+ /*
+ * Test removing the middle one
+ */
+ status = BS->InstallConfigurationTable(&guids[1], NULL);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 2, err, "%lu != %lu\n");
+
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ aidx = 1;
+ bidx = -1;
+ cidx = 0;
+ break;
+ case MOCK_SORT_PREPEND:
+ aidx = -1;
+ bidx = 1;
+ cidx = 0;
+ break;
+ case MOCK_SORT_APPEND:
+ aidx = -1;
+ bidx = 0;
+ cidx = 1;
+ break;
+ case MOCK_SORT_ASCENDING:
+ aidx = 0;
+ bidx = -1;
+ cidx = 1;
+ break;
+ default:
+ break;
+ }
+
+ dump_config_table_if_wrong(__func__, __LINE__,
+ aidx, &aguid,
+ bidx, &bguid,
+ cidx, &cguid,
+ -1, NULL);
+
+ if (aidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, astr);
+ assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp,
+ err, "%p != %p\n");
+ memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID));
+ }
+
+ if (bidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID));
+ }
+
+ if (cidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, cstr);
+ assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID));
+ }
+
+ /*
+ * Test removing the lowest one
+ */
+ status = BS->InstallConfigurationTable(&guids[0], NULL);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 1, err, "%lu != %lu\n");
+
+ switch (mock_config_table_sort_policy) {
+ case MOCK_SORT_DESCENDING:
+ aidx = 0;
+ bidx = -1;
+ cidx = -1;
+ break;
+ case MOCK_SORT_PREPEND:
+ aidx = -1;
+ bidx = 0;
+ cidx = -1;
+ break;
+ case MOCK_SORT_APPEND:
+ aidx = -1;
+ bidx = -1;
+ cidx = 0;
+ break;
+ case MOCK_SORT_ASCENDING:
+ aidx = -1;
+ bidx = -1;
+ cidx = 0;
+ break;
+ default:
+ break;
+ }
+
+ dump_config_table_if_wrong(__func__, __LINE__,
+ aidx, &aguid,
+ bidx, &bguid,
+ cidx, &cguid,
+ -1, NULL);
+
+ if (aidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, astr);
+ assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp,
+ err, "%p != %p\n");
+ memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID));
+ }
+
+ if (bidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, bstr);
+ assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID));
+ }
+
+ if (cidx >= 0) {
+ sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid));
+ assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid),
+ err, "%d != 0 (%s != %s)\n", tmpstr, cstr);
+ assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp,
+ err, "%p != %p\n");
+ memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID));
+ }
+
+ /*
+ * Test removing the last one
+ */
+ status = BS->InstallConfigurationTable(&guids[0], NULL);
+ assert_equal_goto(status, EFI_SUCCESS, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 0, err, "%lu != %lu\n");
+
+ /*
+ * Test removing it again
+ */
+ status = BS->InstallConfigurationTable(&guids[0], NULL);
+ assert_equal_goto(status, EFI_NOT_FOUND, err, "%lx != %lx\n");
+ assert_equal_goto(ST->NumberOfTableEntries, 0, err, "%lu != %lu\n");
+
+ ret = 0;
+err:
+ while (ST->NumberOfTableEntries)
+ BS->InstallConfigurationTable(&ST->ConfigurationTable[0].VendorGuid, NULL);
+ mock_reset_config_table();
+
+ return ret;
+}
+
+int
+main(void)
+{
+ int status = 0;
+ setbuf(stdout, NULL);
+
+ const char *policies[] = {
+ "MOCK_SORT_DESCENDING",
+ "MOCK_SORT_PREPEND",
+ "MOCK_SORT_APPEND",
+ "MOCK_SORT_ASCENDING",
+ "MOCK_SORT_MAX_SENTINEL"
+ };
+
+ test(test_filter_out_true);
+ test(test_filter_out_false);
+
+ for (int i = 0; i < MOCK_SORT_MAX_SENTINEL; i++) {
+ mock_variable_sort_policy = i;
+ mock_config_table_sort_policy = i;
+ printf("%s: setting variable sort policy to %s\n",
+ program_invocation_short_name, policies[i]);
+
+ test(test_gnvn_buf_size_0);
+ test(test_gnvn_0);
+ test(test_gnvn_1);
+
+ test(test_install_config_table_0);
+ }
+
+ test(test_get_variable_0);
+ test(test_set_variable_0);
+ return status;
+}
+
+// vim:fenc=utf-8:tw=75:noet
--- /dev/null
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * test-mok-mirror.c - try to test our mok mirroring code
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#include "shim.h"
+#include "mock-variables.h"
+#include "test-data-efivars-1.h"
+
+#include <stdio.h>
+
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+
+EFI_STATUS
+start_image(EFI_HANDLE image_handle UNUSED, CHAR16 *mm)
+{
+ printf("Attempted to launch %s\n", Str2str(mm));
+ return EFI_SUCCESS;
+}
+
+#define N_TEST_VAR_OPS 40
+struct test_var {
+ EFI_GUID guid;
+ CHAR16 *name;
+ UINT32 attrs;
+ UINTN n_ops;
+ bool must_be_present;
+ bool must_be_absent;
+ mock_variable_op_t ops[N_TEST_VAR_OPS];
+ EFI_STATUS results[N_TEST_VAR_OPS];
+};
+
+static struct test_var *test_vars;
+
+struct mock_mok_variable_config_entry {
+ CHAR8 name[256];
+ UINT64 data_size;
+ const unsigned char *data;
+};
+
+static void
+setvar_post(CHAR16 *name, EFI_GUID *guid, UINT32 attrs,
+ UINTN size, VOID *data, EFI_STATUS *status,
+ mock_variable_op_t op, const char * const file,
+ const int line, const char * const func)
+{
+ if (!test_vars)
+ return;
+
+ for (UINTN i = 0; test_vars[i].name != NULL; i++) {
+ struct test_var *tv = &test_vars[i];
+
+ if (CompareGuid(&tv->guid, guid) != 0 ||
+ StrCmp(tv->name, name) != 0)
+ continue;
+ tv->ops[tv->n_ops] = op;
+ tv->results[tv->n_ops] = *status;
+ tv->n_ops += 1;
+ }
+}
+
+static void
+getvar_post(CHAR16 *name, EFI_GUID *guid,
+ UINT32 *attrs, UINTN *size,
+ VOID *data, EFI_STATUS *status,
+ const char * const file, const int line, const char * func)
+{
+ if (EFI_ERROR(*status) &&
+ (*status != EFI_NOT_FOUND &&
+ *status != EFI_BUFFER_TOO_SMALL)) {
+ printf("%s:%d:%s():Getting "GUID_FMT"-%s ",
+ file, line, func,
+ GUID_ARGS(*guid), Str2str(name));
+ if (attrs)
+ printf("attrs:%s\n", format_var_attrs(*attrs));
+ else
+ printf("attrs:NULL\n");
+ printf("failed:%s\n", efi_strerror(*status));
+ }
+
+ if (!test_vars)
+ return;
+
+ for (UINTN i = 0; test_vars[i].name != NULL; i++) {
+ struct test_var *tv = &test_vars[i];
+
+ if (CompareGuid(&tv->guid, guid) != 0 ||
+ StrCmp(tv->name, name) != 0)
+ continue;
+ tv->ops[tv->n_ops] = GET;
+ tv->results[tv->n_ops] = *status;
+ tv->n_ops += 1;
+ }
+}
+
+static int
+test_mok_mirror_0(void)
+{
+ const char *mok_rt_vars[n_mok_state_variables];
+ EFI_STATUS status;
+ EFI_GUID guid = SHIM_LOCK_GUID;
+ EFI_GUID mok_config_guid = MOK_VARIABLE_STORE;
+ int ret = -1;
+
+ struct test_var test_mok_mirror_0_vars[] = {
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokList",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokListRT",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokListX",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokListXRT",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"SbatLevel",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"SbatLevelRT",
+ .must_be_present = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokIgnoreDB",
+ .must_be_absent = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokSBState",
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_NON_VOLATILE,
+ .ops = { NONE, },
+ },
+ {.guid = SHIM_LOCK_GUID,
+ .name = L"MokSBStateRT",
+ .must_be_absent = true,
+ .attrs = EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS,
+ .ops = { NONE, },
+ },
+ {.guid = { 0, },
+ .name = NULL,
+ }
+ };
+
+ struct mock_mok_variable_config_entry test_mok_config_table[] = {
+ {.name = "MokListRT",
+ .data_size = sizeof(test_data_efivars_1_MokListRT),
+ .data = test_data_efivars_1_MokListRT
+ },
+ {.name = "MokListXRT",
+ .data_size = sizeof(test_data_efivars_1_MokListXRT),
+ .data = test_data_efivars_1_MokListXRT
+ },
+ {.name = "SbatLevelRT",
+ .data_size = sizeof(test_data_efivars_1_SbatLevelRT),
+ .data = test_data_efivars_1_SbatLevelRT
+ },
+ {.name = { 0, },
+ .data_size = 0,
+ .data = NULL,
+ }
+ };
+
+ for (size_t i = 0; i < n_mok_state_variables; i++) {
+ mok_rt_vars[i] = mok_state_variables[i].rtname8;
+ }
+
+ mock_load_variables("test-data/efivars-1", mok_rt_vars, true);
+
+ mock_set_variable_post_hook = setvar_post;
+ mock_get_variable_post_hook = getvar_post;
+ test_vars = &test_mok_mirror_0_vars[0];
+
+ import_mok_state(NULL);
+
+ for (size_t i = 0; test_mok_mirror_0_vars[i].name != NULL; i++) {
+ struct test_var *tv = &test_mok_mirror_0_vars[i];
+ list_t *pos = NULL;
+ bool found = false;
+ char buf[1];
+ UINTN size = 0;
+ UINT32 attrs = 0;
+ bool present = false;
+
+ list_for_each(pos, &mock_variables) {
+ struct mock_variable *var;
+ bool deleted;
+ bool created;
+ int gets = 0;
+
+ var = list_entry(pos, struct mock_variable, list);
+ if (CompareGuid(&tv->guid, &var->guid) != 0 ||
+ StrCmp(var->name, tv->name) != 0)
+ continue;
+ found = true;
+ assert_equal_goto(var->attrs, tv->attrs, err,
+ "\"%s\": wrong attrs; got %s expected %s\n",
+ Str2str(tv->name),
+ format_var_attrs(var->attrs),
+ format_var_attrs(tv->attrs));
+ for (UINTN j = 0; j < N_TEST_VAR_OPS
+ && tv->ops[j] != NONE; j++) {
+ switch (tv->ops[j]) {
+ case NONE:
+ default:
+ break;
+ case CREATE:
+ if (tv->results[j] == EFI_SUCCESS)
+ created = true;
+ break;
+ case DELETE:
+ assert_goto(tv->results[j] != EFI_SUCCESS, err,
+ "Tried to delete absent variable \"%s\"\n",
+ Str2str(tv->name));
+ assert_goto(created == false, err,
+ "Deleted variable \"%s\" was previously created.\n",
+ Str2str(tv->name));
+ break;
+ case APPEND:
+ assert_goto(false, err,
+ "No append action should have been tested\n");
+ break;
+ case REPLACE:
+ assert_goto(false, err,
+ "No replace action should have been tested\n");
+ break;
+ case GET:
+ if (tv->results[j] == EFI_SUCCESS)
+ gets += 1;
+ break;
+ }
+ }
+ assert_goto(gets == 0 || gets == 1, err,
+ "Variable should not be read %d times.\n", gets);
+ }
+ if (tv->must_be_present) {
+ assert_goto(found == true, err,
+ "variable \"%s\" was not found.\n",
+ Str2str(tv->name));
+ }
+
+ if (tv->must_be_absent) {
+ assert_goto(found == false, err,
+ "variable \"%s\" was found.\n",
+ Str2str(tv->name));
+ }
+ }
+
+ uint8_t *pos = NULL;
+ for (size_t i = 0; i < ST->NumberOfTableEntries; i++) {
+ EFI_CONFIGURATION_TABLE *ct = &ST->ConfigurationTable[i];
+
+ if (CompareGuid(&ct->VendorGuid, &mok_config_guid) != 0)
+ continue;
+
+ pos = (void *)ct->VendorTable;
+ break;
+ }
+
+ assert_nonzero_goto(pos, err, "%p != 0\n");
+
+ size_t i = 0;
+ while (pos) {
+ struct mock_mok_variable_config_entry *mock_entry =
+ &test_mok_config_table[i];
+ struct mok_variable_config_entry *mok_entry =
+ (struct mok_variable_config_entry *)pos;
+
+ /*
+ * If the tables are different lengths, this will trigger.
+ */
+ assert_equal_goto(mok_entry->name[0], mock_entry->name[0], err,
+ "mok.name[0] %ld != test.name[0] %ld\n");
+ if (mock_entry->name[0] == 0)
+ break;
+
+ assert_nonzero_goto(mok_entry->name[0], err, "%ld != %ld\n");
+ assert_zero_goto(strncmp(mok_entry->name, mock_entry->name,
+ sizeof(mock_entry->name)),
+ err, "%ld != %ld: strcmp(\"%s\",\"%s\")\n",
+ mok_entry->name, mock_entry->name);
+
+ /*
+ * As of 7501b6bb449f ("mok: fix potential buffer overrun in
+ * import_mok_state"), we should not see any mok config
+ * variables with data_size == 0.
+ */
+ assert_nonzero_goto(mok_entry->data_size, err, "%ld != 0\n");
+
+ assert_equal_goto(mok_entry->data_size, mock_entry->data_size,
+ err, "%ld != %ld\n");
+ assert_zero_goto(CompareMem(mok_entry->data, mock_entry->data,
+ mok_entry->data_size),
+ err, "%ld != %ld\n");
+ pos += offsetof(struct mok_variable_config_entry, data)
+ + mok_entry->data_size;
+ i += 1;
+ }
+
+ ret = 0;
+err:
+ for (UINTN k = 0; k < n_mok_state_variables; k++) {
+ struct mok_state_variable *v =
+ &mok_state_variables[k];
+ if (v->data_size && v->data) {
+ free(v->data);
+ v->data = NULL;
+ v->data_size = 0;
+ }
+ }
+
+ test_vars = NULL;
+ mock_set_variable_post_hook = NULL;
+ mock_get_variable_post_hook = NULL;
+ return ret;
+}
+
+int
+main(void)
+{
+ int status = 0;
+ setbuf(stdout, NULL);
+
+ const char *sort_policy_names[] = {
+ "MOCK_SORT_DESCENDING",
+ "MOCK_SORT_PREPEND",
+ "MOCK_SORT_APPEND",
+ "MOCK_SORT_ASCENDING",
+ "MOCK_SORT_MAX_SENTINEL"
+ };
+
+ const char *del_policy_names[] = {
+ "MOCK_VAR_DELETE_ATTR_ALLOW_ZERO",
+ "MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH",
+ "MOCK_VAR_DELETE_ATTR_ALLOW_ZERO|MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH",
+ "MOCK_VAR_DELETE_ATTR_ALLOW_NONE",
+ NULL
+ };
+
+ int delete_policies[] = {
+ MOCK_VAR_DELETE_ATTR_ALLOW_ZERO,
+ MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH,
+ MOCK_VAR_DELETE_ATTR_ALLOW_ZERO
+ | MOCK_VAR_DELETE_ATTR_ALOW_MISMATCH,
+ 0
+ };
+
+ for (int i = 0; i < MOCK_SORT_MAX_SENTINEL; i++) {
+ mock_variable_sort_policy = i;
+ mock_config_table_sort_policy = i;
+ int j = 0;
+
+ printf("%s: setting variable sort policy to %s\n",
+ program_invocation_short_name, sort_policy_names[i]);
+ do {
+ printf("%s: setting delete policy to %s\n",
+ program_invocation_short_name,
+ del_policy_names[j]);
+
+ mock_variable_delete_attr_policy = delete_policies[j];
+ test(test_mok_mirror_0);
+ mock_finalize_vars_and_configs();
+
+ if (delete_policies[j] == 0)
+ break;
+ } while (++j);
+ }
+
+ return status;
+}
+
+// vim:fenc=utf-8:tw=75:noet
* I don't know.
*/
#pragma GCC diagnostic push
-#pragma GCC diagnostic warning "-Warray-bounds"
+#pragma GCC diagnostic ignored "-Warray-bounds"
assert_zero_return(strncmp(s1, s0, sizeof(s)-1), 0, -1, "\n");
assert_negative_return(memcmp(s1, s0, sizeof(s)), 0, -1, "\n");
#pragma GCC diagnostic pop
* Copyright Peter Jones <pjones@redhat.com>
*/
-#ifndef SHIM_UNIT_TEST
-#define SHIM_UNIT_TEST
-#endif
#include "shim.h"
+#include <execinfo.h>
+#include <stdio.h>
+#include <string.h>
+
+#define BT_BUF_SIZE (4096/sizeof(void *))
+
+static void *frames[BT_BUF_SIZE] = { 0, };
+
UINT8 in_protocol = 0;
int debug = DEFAULT_DEBUG_PRINT_STATE;
+void
+print_traceback(int skip)
+{
+ int nptrs;
+ char **strings;
+
+ nptrs = backtrace(frames, BT_BUF_SIZE);
+ if (nptrs < skip)
+ return;
+
+ strings = backtrace_symbols(frames, nptrs);
+ for (int i = skip; strings != NULL && i < nptrs; i++) {
+ printf("%p %s\n", (void *)frames[i], strings[i]);
+ }
+ if (strings)
+ free(strings);
+}
+
#pragma GCC diagnostic ignored "-Wunused-parameter"
#pragma GCC diagnostic ignored "-Wunused-function"
+static EFI_STATUS EFIAPI
+mock_efi_allocate_pages(EFI_ALLOCATE_TYPE type,
+ EFI_MEMORY_TYPE memory_type,
+ UINTN nmemb,
+ EFI_PHYSICAL_ADDRESS *memory)
+{
+ /*
+ * XXX so far this does not honor the type at all, and there's no
+ * tracking for memory_type either.
+ */
+ *memory = (EFI_PHYSICAL_ADDRESS)(uintptr_t)calloc(nmemb, 4096);
+ if ((void *)(uintptr_t)(*memory) == NULL)
+ return EFI_OUT_OF_RESOURCES;
+
+ return EFI_SUCCESS;
+}
+
+static EFI_STATUS EFIAPI
+mock_efi_free_pages(EFI_PHYSICAL_ADDRESS memory,
+ UINTN nmemb)
+{
+ free((void *)(uintptr_t)memory);
+
+ return EFI_SUCCESS;
+}
+
+static EFI_STATUS EFIAPI
+mock_efi_allocate_pool(EFI_MEMORY_TYPE pool_type,
+ UINTN size,
+ VOID **buf)
+{
+ *buf = calloc(1, size);
+ if (*buf == NULL)
+ return EFI_OUT_OF_RESOURCES;
+
+ return EFI_SUCCESS;
+}
+
+static EFI_STATUS EFIAPI
+mock_efi_free_pool(void *buf)
+{
+ free(buf);
+
+ return EFI_SUCCESS;
+}
+
+void EFIAPI
+mock_efi_void()
+{
+ ;
+}
+
EFI_STATUS EFIAPI
-LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...)
+mock_efi_success()
{
- assert(0);
return EFI_SUCCESS;
}
-INTN
-StrCmp(CONST CHAR16 *s1, CONST CHAR16 *s2) {
- assert(s1 != NULL);
- assert(s2 != NULL);
+EFI_STATUS EFIAPI
+mock_efi_unsupported()
+{
+ return EFI_UNSUPPORTED;
+}
- int i;
- for (i = 0; s1[i] && s2[i]; i++) {
- if (s1[i] != s2[i])
- return s2[i] - s1[i];
- }
- return 0;
+EFI_STATUS EFIAPI
+mock_efi_not_found()
+{
+ return EFI_NOT_FOUND;
}
-INTN
-StrnCmp(CONST CHAR16 *s1, CONST CHAR16 *s2, UINTN len) {
- assert(s1 != NULL);
- assert(s2 != NULL);
+EFI_BOOT_SERVICES mock_bs, mock_default_bs = {
+ .Hdr = {
+ .Signature = EFI_BOOT_SERVICES_SIGNATURE,
+ .Revision = EFI_1_10_BOOT_SERVICES_REVISION,
+ .HeaderSize = offsetof(EFI_BOOT_SERVICES, SetMem)
+ + sizeof(mock_bs.SetMem),
+ },
+
+ .RaiseTPL = mock_efi_unsupported,
+ .RestoreTPL = mock_efi_void,
+
+ .AllocatePages = mock_efi_allocate_pages,
+ .FreePages = mock_efi_free_pages,
+ .GetMemoryMap = mock_efi_unsupported,
+ .AllocatePool = mock_efi_allocate_pool,
+ .FreePool = mock_efi_free_pool,
+
+ .CreateEvent = mock_efi_unsupported,
+ .SetTimer = mock_efi_unsupported,
+ .WaitForEvent = mock_efi_unsupported,
+ .SignalEvent = mock_efi_unsupported,
+ .CloseEvent = mock_efi_unsupported,
+ .CheckEvent = mock_efi_unsupported,
+
+ .InstallProtocolInterface = mock_efi_unsupported,
+ .ReinstallProtocolInterface = mock_efi_unsupported,
+ .UninstallProtocolInterface = mock_efi_unsupported,
+ .HandleProtocol = mock_efi_unsupported,
+#if 0
+ /*
+ * EFI 1.10 has a "Reserved" field here that's not in later
+ * revisions.
+ *
+ * I don't think it's in any actual *firmware* either.
+ */
+ .Reserved = NULL,
+#endif
+ .RegisterProtocolNotify = mock_efi_unsupported,
+ .LocateHandle = mock_efi_not_found,
+ .LocateDevicePath = mock_efi_unsupported,
+ .InstallConfigurationTable = mock_efi_unsupported,
+
+ .LoadImage = (void *)mock_efi_unsupported,
+ .StartImage = mock_efi_unsupported,
+ .Exit = mock_efi_unsupported,
+ .UnloadImage = mock_efi_unsupported,
+ .ExitBootServices = mock_efi_unsupported,
+
+ .GetNextMonotonicCount = mock_efi_unsupported,
+ .Stall = mock_efi_unsupported,
+ .SetWatchdogTimer = mock_efi_unsupported,
+
+ .ConnectController = (void *)mock_efi_unsupported,
+ .DisconnectController = mock_efi_unsupported,
+
+ .OpenProtocol = mock_efi_unsupported,
+ .CloseProtocol = mock_efi_unsupported,
+ .OpenProtocolInformation = mock_efi_unsupported,
+
+ .ProtocolsPerHandle = mock_efi_unsupported,
+ .LocateHandleBuffer = mock_efi_unsupported,
+ .LocateProtocol = mock_efi_unsupported,
+
+ .InstallMultipleProtocolInterfaces = (void *)mock_efi_unsupported,
+ .UninstallMultipleProtocolInterfaces = (void *)mock_efi_unsupported,
+
+ .CalculateCrc32 = mock_efi_unsupported,
+
+ .CopyMem = NULL,
+ .SetMem = NULL,
+ .CreateEventEx = mock_efi_unsupported,
+};
+
+EFI_RUNTIME_SERVICES mock_rt, mock_default_rt = {
+ .Hdr = {
+ .Signature = EFI_RUNTIME_SERVICES_SIGNATURE,
+ .Revision = EFI_1_10_RUNTIME_SERVICES_REVISION,
+ .HeaderSize = offsetof(EFI_RUNTIME_SERVICES, ResetSystem)
+ + sizeof(mock_rt.ResetSystem),
+ },
+
+ .GetTime = mock_efi_unsupported,
+ .SetTime = mock_efi_unsupported,
+ .GetWakeupTime = mock_efi_unsupported,
+ .SetWakeupTime = (void *)mock_efi_unsupported,
+
+ .SetVirtualAddressMap = mock_efi_unsupported,
+ .ConvertPointer = mock_efi_unsupported,
+
+ .GetVariable = mock_efi_unsupported,
+ .SetVariable = mock_efi_unsupported,
+ .GetNextVariableName = mock_efi_unsupported,
+
+ .GetNextHighMonotonicCount = mock_efi_unsupported,
+ .ResetSystem = mock_efi_unsupported,
+
+ .UpdateCapsule = mock_efi_unsupported,
+ .QueryCapsuleCapabilities = mock_efi_unsupported,
+
+ .QueryVariableInfo = mock_efi_unsupported,
+};
- UINTN i;
- for (i = 0; i < len && s1[i] && s2[i]; i++) {
- if (s1[i] != s2[i])
- return s2[i] - s1[i];
+EFI_SYSTEM_TABLE mock_st, mock_default_st = {
+ .Hdr = {
+ .Signature = EFI_SYSTEM_TABLE_SIGNATURE,
+ .Revision = EFI_1_10_SYSTEM_TABLE_REVISION,
+ .HeaderSize = sizeof(EFI_SYSTEM_TABLE),
+ },
+ .BootServices = &mock_bs,
+ .RuntimeServices = &mock_rt,
+};
+void CONSTRUCTOR
+init_efi_system_table(void)
+{
+ static bool once = true;
+ if (once) {
+ once = false;
+ reset_efi_system_table();
}
- return 0;
}
-EFI_STATUS
-get_variable_attr(const CHAR16 * const var, UINT8 **data, UINTN *len,
- EFI_GUID owner, UINT32 *attributes)
+void
+reset_efi_system_table(void)
{
- return EFI_UNSUPPORTED;
+ ST = &mock_st;
+ BS = &mock_bs;
+ RT = &mock_rt;
+
+ memcpy(&mock_bs, &mock_default_bs, sizeof(mock_bs));
+ memcpy(&mock_rt, &mock_default_rt, sizeof(mock_rt));
+ memcpy(&mock_st, &mock_default_st, sizeof(mock_st));
}
-EFI_STATUS
-get_variable(const CHAR16 * const var, UINT8 **data, UINTN *len, EFI_GUID owner)
+EFI_STATUS EFIAPI
+LogError_(const char *file, int line, const char *func, const CHAR16 *fmt, ...)
{
- return get_variable_attr(var, data, len, owner, NULL);
+ assert(0);
+ return EFI_SUCCESS;
}
+#ifndef HAVE_SHIM_LOCK_GUID
EFI_GUID SHIM_LOCK_GUID = {0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } };
+#endif
+
+UINTN EFIAPI
+console_print(const CHAR16 *fmt, ...)
+{
+ return 0;
+}
+
+#ifndef HAVE_START_IMAGE
+EFI_STATUS
+start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath)
+{
+ return EFI_UNSUPPORTED;
+}
+#endif
// vim:fenc=utf-8:tw=75:noet
UINTN measuredcount = 0;
VARIABLE_RECORD *measureddata = NULL;
+static BOOLEAN tpm_defective = FALSE;
static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm)
{
UINT32 flags;
EFI_PHYSICAL_ADDRESS eventlog, lastevent;
+ if (tpm_defective)
+ return FALSE;
+
caps.Size = (UINT8)sizeof(caps);
efi_status = tpm->status_check(tpm, &caps, &flags,
&eventlog, &lastevent);
(UINT64)size, TPM_ALG_SHA, event, &eventnum,
&lastevent);
}
+ if (efi_status == EFI_UNSUPPORTED) {
+ perror(L"Could not write TPM event: %r. Considering "
+ "the TPM as defective.\n", efi_status);
+ tpm_defective = TRUE;
+ efi_status = EFI_SUCCESS;
+ }
FreePool(event);
return efi_status;
}
return EFI_NOT_FOUND;
return EFI_SUCCESS;
}
+
+#ifdef SHIM_UNIT_TEST
+static void DESTRUCTOR
+tpm_clean_up_measurements(void)
+{
+ for (UINTN i = 0; i < measuredcount; i++) {
+ VARIABLE_RECORD *vr = &measureddata[i];
+
+ if (vr->VariableName)
+ FreePool(vr->VariableName);
+ if (vr->VendorGuid)
+ FreePool(vr->VendorGuid);
+ if (vr->Data)
+ FreePool(vr->Data);
+ }
+ if (measureddata)
+ FreePool(measureddata);
+
+ measuredcount = 0;
+ measureddata = NULL;
+}
+#endif