From 434a53fd3742f8b1034fbbf64f74490300d9d28a Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 18 Jun 2025 15:28:55 +0200 Subject: [PATCH 01/10] gnu-efi: Switch to upstream 4.0.2 release Replace the shim-specific fork with the upstream version, specifically the most recent release. Some adjustment to shim's code are necessary to adapt to this change. Signed-off-by: Andrea Bolognani --- .gitmodules | 4 ++-- gnu-efi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 756c2c5d9..232a93204 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ [submodule "gnu-efi"] path = gnu-efi - url = https://github.com/rhboot/gnu-efi.git - branch = shim-16.1 + url = https://github.com/ncroxon/gnu-efi.git + branch = master diff --git a/gnu-efi b/gnu-efi index dc7fd96f2..1fee8ab56 160000 --- a/gnu-efi +++ b/gnu-efi @@ -1 +1 @@ -Subproject commit dc7fd96f23d6b582416f672844362d776d175cf4 +Subproject commit 1fee8ab566ce91b9cbab9f2c85db96566d79063b From 54abf812cc0878123c8c5bfc65f061338ee37386 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 30 Apr 2025 01:31:45 +0200 Subject: [PATCH 02/10] Set NO_GLIBC=1 when building gnu-efi shim is a standalone EFI application so it shouldn't be necessary to look at the glibc headers when building it, and in fact attempting to do so results in a build failure. Signed-off-by: Andrea Bolognani --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 9a39cd13f..7e27a2285 100644 --- a/Makefile +++ b/Makefile @@ -174,6 +174,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CCC_CC="$(COMPILER)" \ CC="$(CC)" \ ARCH=$(ARCH_GNUEFI) \ + NO_GLIBC=1 \ TOPDIR=$(TOPDIR)/gnu-efi \ -f $(TOPDIR)/gnu-efi/Makefile \ lib gnuefi inc $(IGNORE_COMPILER_ERRORS) From 2c0540b4ec539d118d90b29f9bff0d3bb2ee5252 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 30 Apr 2025 01:31:00 +0200 Subject: [PATCH 03/10] Adopt modern ReallocatePool() ABI We could theoretically set GNU_EFI_USE_REALLOCATEPOOL_ABI=0 to keep using the legacy ABI, but since gnu-efi uses the modern ABI internally and we call into its build systemd directly, doing that messes things up. Switching to the new ABI is just a matter of changing the order of arguments. Signed-off-by: Andrea Bolognani --- errlog.c | 7 ++++--- fallback.c | 6 +++--- shim.c | 7 ++++--- tpm.c | 5 +++-- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/errlog.c b/errlog.c index b43a4bc28..c29db0bb4 100644 --- a/errlog.c +++ b/errlog.c @@ -35,8 +35,9 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, if (file == NULL || func == NULL || fmt == NULL) return EFI_INVALID_PARAMETER; - newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), - (nerrs + 3) * sizeof(*errs)); + newerrs = ReallocatePool((nerrs + 1) * sizeof(*errs), + (nerrs + 3) * sizeof(*errs), + errs); if (!newerrs) return EFI_OUT_OF_RESOURCES; @@ -148,7 +149,7 @@ log_debug_print(const CHAR16 *fmt, ...) new_alloc_sz += buf_sz; new_alloc_sz = ALIGN_UP(new_alloc_sz, EFI_PAGE_SIZE); - new_debug_log = ReallocatePool(debug_log, debug_log_alloc, new_alloc_sz); + new_debug_log = ReallocatePool(debug_log_alloc, new_alloc_sz, debug_log); if (!new_debug_log) return 0; debug_log = (UINT8 *)new_debug_log; diff --git a/fallback.c b/fallback.c index 86ebe234c..71e33824e 100644 --- a/fallback.c +++ b/fallback.c @@ -359,9 +359,9 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, if (efi_status == EFI_BUFFER_TOO_SMALL) { VerbosePrint(L"Buffer too small for next variable name, re-allocating it to be %d bytes and retrying\n", varname_size); - varname = ReallocatePool(varname, - buffer_size, - varname_size); + varname = ReallocatePool(buffer_size, + varname_size, + varname); if (!varname) return EFI_OUT_OF_RESOURCES; buffer_size = varname_size; diff --git a/shim.c b/shim.c index b62042ed7..c6a599bd1 100644 --- a/shim.c +++ b/shim.c @@ -742,8 +742,9 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName, break; } - tmp = ReallocatePool(user_cert, original, - user_cert_size); + tmp = ReallocatePool(original, + user_cert_size, + user_cert); if (!tmp) { FreePool(data); return EFI_OUT_OF_RESOURCES; @@ -847,7 +848,7 @@ load_unbundled_trust(EFI_HANDLE image_handle) if (buffersize > 1024) goto done; } - buffer = ReallocatePool(buffer, old, buffersize); + buffer = ReallocatePool(old, buffersize, buffer); if (buffer == NULL) { perror(L"Failed to read directory %s - %r\n", PathName, EFI_OUT_OF_RESOURCES); diff --git a/tpm.c b/tpm.c index 7f4a1b092..75c733f17 100644 --- a/tpm.c +++ b/tpm.c @@ -363,8 +363,9 @@ static EFI_STATUS tpm_record_data_measurement(CHAR16 *VarName, EFI_GUID VendorGu if (measureddata == NULL) { measureddata = AllocatePool(sizeof(*measureddata)); } else { - measureddata = ReallocatePool(measureddata, measuredcount * sizeof(*measureddata), - (measuredcount + 1) * sizeof(*measureddata)); + measureddata = ReallocatePool(measuredcount * sizeof(*measureddata), + (measuredcount + 1) * sizeof(*measureddata), + measureddata); } if (measureddata == NULL) From 6714cade01b43ea27621dfb4283e22476d6ed619 Mon Sep 17 00:00:00 2001 From: Jason Montleon Date: Mon, 8 Jul 2024 12:04:32 -0400 Subject: [PATCH 04/10] Correct signedness when calling string functions. Signed-off-by: Jason Montleon --- Cryptlib/SysCall/BaseStrings.c | 4 ++-- csv.c | 2 +- httpboot.c | 20 ++++++++++---------- mok.c | 2 +- netboot.c | 22 +++++++++++----------- sbat.c | 18 +++++++++--------- tpm.c | 2 +- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c index 29a16100a..11f9567f7 100644 --- a/Cryptlib/SysCall/BaseStrings.c +++ b/Cryptlib/SysCall/BaseStrings.c @@ -3,7 +3,7 @@ CHAR8 * AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) { - UINTN dest_len = strlen((CHAR8 *)Destination); + UINTN dest_len = strlen((char *)Destination); UINTN i; for (i = 0; Source[i] != '\0'; i++) @@ -61,7 +61,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value) UINTN AsciiStrSize(const CHAR8 *string) { - return strlen(string) + 1; + return strlen((char *)string) + 1; } /* Based on AsciiStrDecimalToUintnS() in edk2 diff --git a/csv.c b/csv.c index 18460cd7b..81dbb833e 100644 --- a/csv.c +++ b/csv.c @@ -63,7 +63,7 @@ parse_csv_data(char *data, char *data_end, size_t n_columns, list_t *list) } max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0); - if (is_utf8_bom(line, max)) + if (is_utf8_bom((CHAR8 *)line, max)) line += UTF8_BOM_SIZE; diff --git a/httpboot.c b/httpboot.c index ccbe0281d..3a801c366 100644 --- a/httpboot.c +++ b/httpboot.c @@ -175,7 +175,7 @@ find_httpboot (EFI_HANDLE device) /* Save the current URI */ UriNode = (URI_DEVICE_PATH *)Node; - uri_size = strlen(UriNode->Uri); + uri_size = strlen((char *)UriNode->Uri); uri = AllocatePool(uri_size + 1); if (!uri) { perror(L"Failed to allocate uri\n"); @@ -201,10 +201,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, UINTN path_len = 0; UINTN count = 0; - if (strncmp(current_uri, (CHAR8 *)"http://", 7) == 0) { + if (strncmp((char *)current_uri, "http://", 7) == 0) { ptr = current_uri + 7; count += 7; - } else if (strncmp(current_uri, (CHAR8 *)"https://", 8) == 0) { + } else if (strncmp((char *)current_uri, "https://", 8) == 0) { ptr = current_uri + 8; count += 8; } else { @@ -212,7 +212,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, } /* Extract the path */ - next_len = strlen(next_loader); + next_len = strlen((char *)next_loader); while (*ptr != '\0') { count++; if (*ptr == '/') @@ -237,9 +237,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname) CONST CHAR8 *ptr, *start; UINTN host_len = 0; - if (strncmp(url, (CHAR8 *)"http://", 7) == 0) + if (strncmp((char *)url, "http://", 7) == 0) start = url + 7; - else if (strncmp(url, (CHAR8 *)"https://", 8) == 0) + else if (strncmp((char *)url, "https://", 8) == 0) start = url + 8; else return EFI_INVALID_PARAMETER; @@ -618,8 +618,8 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) /* Check the length of the file */ for (i = 0; i < rx_message.HeaderCount; i++) { - if (!strcasecmp(rx_message.Headers[i].FieldName, - (CHAR8 *)"Content-Length")) { + if (!strcasecmp((char *)rx_message.Headers[i].FieldName, + "Content-Length")) { new_buf_size = ascii_to_int(rx_message.Headers[i].FieldValue); if (buf_size_set && new_buf_size != *buf_size) { perror(L"Content-Length is invalid\n"); @@ -784,8 +784,8 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size, if (!uri) return EFI_NOT_READY; - next_loader = (CHAR8 *)AllocatePool((strlen(name) + 1) * sizeof (CHAR8)); - translate_slashes(next_loader, name); + next_loader = (CHAR8 *)AllocatePool((strlen((char *)name) + 1) * sizeof (CHAR8)); + translate_slashes((char *)next_loader, (char *)name); /* Create the URI for the next loader based on the original URI */ efi_status = generate_next_uri(uri, next_loader, &next_uri); diff --git a/mok.c b/mok.c index a94516e3c..fc368e541 100644 --- a/mok.c +++ b/mok.c @@ -1422,7 +1422,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) struct mok_state_variable *v = &mok_state_variables[i]; ZeroMem(&config_template, sizeof(config_template)); - strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); + strncpy((char *)config_template.name, v->rtname8, 255); config_template.name[255] = '\0'; config_template.data_size = v->data_size; diff --git a/netboot.c b/netboot.c index 0ec43e5a6..520b28c7a 100644 --- a/netboot.c +++ b/netboot.c @@ -146,7 +146,7 @@ static CHAR8 *str2ip6(CHAR8 *str) if (dotcount > MAX_IP6_DOTS) return (CHAR8 *)ip; - len = strlen(str); + len = strlen((char *)str); a = b = str; for (i = 0; i < len; i++) { @@ -203,7 +203,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) while (name[template_len++] != '\0'); template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); - translate_slashes(template, name); + translate_slashes((char *)template, (char *)name); // to check against str2ip6() errors memset(ip6inv, 0, sizeof(ip6inv)); @@ -243,17 +243,17 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) FreePool(template); return FALSE; } - full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); + full_path = AllocateZeroPool(strlen((char *)end)+strlen((char *)template)+1); if (!full_path) { FreePool(template); return FALSE; } - memcpy(full_path, end, strlen(end)); + memcpy(full_path, end, strlen((char *)end)); end = (CHAR8 *)strrchr((char *)full_path, '/'); if (!end) end = (CHAR8 *)full_path; - memcpy(end, template, strlen(template)); - end[strlen(template)] = '\0'; + memcpy(end, template, strlen((char *)template)); + end[strlen((char *)template)] = '\0'; FreePool(template); return TRUE; @@ -284,8 +284,8 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) while (name[template_len++] != '\0'); template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); - translate_slashes(template, name); - template_len = strlen(template) + 1; + translate_slashes((char *)template, (char *)name); + template_len = strlen((char *)template) + 1; if(pxe->Mode->ProxyOfferReceived) { /* @@ -305,7 +305,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4; } - INTN dir_len = strnlen((CHAR8 *)pkt_v4->BootpBootFile, 127); + INTN dir_len = strnlen((char *)pkt_v4->BootpBootFile, 127); INTN i; UINT8 *dir = pkt_v4->BootpBootFile; @@ -323,7 +323,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) } if (dir_len > 0) { - strncpy(full_path, (CHAR8 *)dir, dir_len); + strncpy((char *)full_path, (char *)dir, dir_len); if (full_path[dir_len-1] == '/' && template[0] == '/') full_path[dir_len-1] = '\0'; /* @@ -338,7 +338,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) } if (dir_len == 0 && dir[0] != '/' && template[0] == '/') template_ofs++; - strcat(full_path, template + template_ofs); + strcat((char *)full_path, (char *)template + template_ofs); memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4); FreePool(template); diff --git a/sbat.c b/sbat.c index f31d9454a..965f42cb6 100644 --- a/sbat.c +++ b/sbat.c @@ -95,12 +95,12 @@ parse_sbat_section(char *section_base, size_t section_size, struct csv_row * row; size_t i; const char **ptrs[] = { - &entry->component_name, - &entry->component_generation, - &entry->vendor_name, - &entry->vendor_package_name, - &entry->vendor_version, - &entry->vendor_url, + (const char **)&entry->component_name, + (const char **)&entry->component_generation, + (const char **)&entry->vendor_name, + (const char **)&entry->vendor_package_name, + (const char **)&entry->vendor_version, + (const char **)&entry->vendor_url, }; @@ -280,9 +280,9 @@ parse_sbat_var_data(list_t *entry_list, UINT8 *data, UINTN datasize) struct csv_row * row; size_t i; const char **ptrs[] = { - &entry->component_name, - &entry->component_generation, - &entry->sbat_datestamp, + (const char **)&entry->component_name, + (const char **)&entry->component_generation, + (const char **)&entry->sbat_datestamp, }; row = list_entry(pos, struct csv_row, list); diff --git a/tpm.c b/tpm.c index 75c733f17..7d2f45f19 100644 --- a/tpm.c +++ b/tpm.c @@ -296,7 +296,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, const CHAR8 *description) { return tpm_log_event_raw(buf, size, pcr, description, - strlen(description) + 1, EV_IPL, NULL); + strlen((char *)description) + 1, EV_IPL, NULL); } EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, From 8f3115c20f5b9621c02879c1f495c93aec45b03d Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Thu, 19 Jun 2025 13:40:25 +0000 Subject: [PATCH 05/10] fixup! update more calls to string functions Signed-off-by: Andrea Bolognani --- errlog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/errlog.c b/errlog.c index c29db0bb4..cb40ec61b 100644 --- a/errlog.c +++ b/errlog.c @@ -261,7 +261,7 @@ save_logs(void) entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos); if (errlog_sz) { - strcpy(entry->name, "shim-err.txt"); + strcpy((char *)entry->name, "shim-err.txt"); entry->data_size = errlog_sz; format_error_log(&entry->data[0], errlog_sz); @@ -269,7 +269,7 @@ save_logs(void) entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos); } if (dbglog_sz) { - strcpy(entry->name, "shim-dbg.txt"); + strcpy((char *)entry->name, "shim-dbg.txt"); entry->data_size = dbglog_sz; format_debug_log(&entry->data[0], dbglog_sz); From d84e43e59d99e5d50746a1f5757d9f27de0ac4d4 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Sat, 11 Jan 2025 20:26:09 +0000 Subject: [PATCH 06/10] Remove GNU_EFI_USE_EXTERNAL_STDARG --- Cryptlib/Include/OpenSslSupport.h | 3 --- Cryptlib/Library/BaseLib.h | 4 ---- Makefile | 1 - include/system/efistdarg.h | 4 ---- include/system/stdarg.h | 16 ---------------- shim.h | 4 ---- 6 files changed, 32 deletions(-) diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 0c2fb8b0c..54f53fd60 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -18,9 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #if defined(__x86_64__) /* shim.h will check if the compiler is new enough in some other CU */ -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h index 94b25c935..5e07239de 100644 --- a/Cryptlib/Library/BaseLib.h +++ b/Cryptlib/Library/BaseLib.h @@ -1,10 +1,6 @@ #if defined(__x86_64__) /* shim.h will check if the compiler is new enough in some other CU */ -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI #endif diff --git a/Makefile b/Makefile index 7e27a2285..3bea3a0ae 100644 --- a/Makefile +++ b/Makefile @@ -166,7 +166,6 @@ MokManager.o: $(MOK_SOURCES) $(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a -gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: mkdir -p gnu-efi/lib gnu-efi/gnuefi $(MAKE) -C gnu-efi \ diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h index 034977cca..837c4f23f 100644 --- a/include/system/efistdarg.h +++ b/include/system/efistdarg.h @@ -8,10 +8,6 @@ #ifndef _EFISTDARG_H_ #define _EFISTDARG_H_ -#ifndef GNU_EFI_USE_EXTERNAL_STDARG -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #include #endif /* !_EFISTDARG_H_ */ diff --git a/include/system/stdarg.h b/include/system/stdarg.h index 68c171b8f..813edd748 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -15,10 +15,6 @@ typedef __builtin_va_list __builtin_sysv_va_list; #pragma GCC diagnostic pop #endif -#ifndef GNU_EFI_USE_EXTERNAL_STDARG -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #ifdef SHIM_UNIT_TEST #include_next #endif @@ -26,13 +22,6 @@ typedef __builtin_va_list __builtin_sysv_va_list; #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ defined(__i486__) || defined(__i686__) || defined(__COVERITY__) -typedef __builtin_va_list ms_va_list; -typedef __builtin_va_list __builtin_ms_va_list; -#define ms_va_copy(dest, start) __builtin_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_va_end(marker) - typedef __builtin_va_list sysv_va_list; #define sysv_va_copy(dest, start) __builtin_va_copy(dest, start) #define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) @@ -49,11 +38,6 @@ typedef __builtin_va_list VA_LIST; #elif defined(__x86_64__) -typedef __builtin_ms_va_list ms_va_list; -#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_ms_va_end(marker) typedef __builtin_sysv_va_list sysv_va_list; #define sysv_va_copy(dest, start) __builtin_sysv_va_copy(dest, start) #define sysv_va_start(marker, arg) __builtin_sysv_va_start(marker, arg) diff --git a/shim.h b/shim.h index 8b52ce7a4..b76c16d9e 100644 --- a/shim.h +++ b/shim.h @@ -31,10 +31,6 @@ #pragma GCC diagnostic ignored "-Wpointer-bool-conversion" #endif -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI #endif From f657c6e972530ee7f825757a81988c452d6f9d69 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Sun, 12 Jan 2025 17:12:40 +0000 Subject: [PATCH 07/10] errlog: Avoid misuse of Print sys_va_list funcs Signed-off-by: Callum Farmer --- errlog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/errlog.c b/errlog.c index cb40ec61b..39def4972 100644 --- a/errlog.c +++ b/errlog.c @@ -19,7 +19,7 @@ vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, if (verbose) { ms_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); - efi_status = VPrint(fmt, args2); + efi_status = MS_VPrint(fmt, args2); ms_va_end(args2); } return efi_status; @@ -45,7 +45,7 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; ms_va_copy(args2, args); - newerrs[nerrs+1] = VPoolPrint(fmt, args2); + newerrs[nerrs+1] = MS_VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; ms_va_end(args2); From abca72ba0e56302351c11a34a4655ba5d7f63366 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Thu, 19 Jun 2025 18:10:27 +0200 Subject: [PATCH 08/10] fixup! update more calls to VPoolPrint() Signed-off-by: Andrea Bolognani --- errlog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/errlog.c b/errlog.c index 39def4972..32c816a15 100644 --- a/errlog.c +++ b/errlog.c @@ -135,7 +135,7 @@ log_debug_print(const CHAR16 *fmt, ...) UINTN ret = 0; ms_va_start(args, fmt); - buf = VPoolPrint(fmt, args); + buf = MS_VPoolPrint(fmt, args); if (!buf) return 0; ms_va_end(args); From a31ed43392a3b10f5bc8096c80ae5aaed955368f Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Sun, 12 Jan 2025 17:20:10 +0000 Subject: [PATCH 09/10] console.c same --- lib/console.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/console.c b/lib/console.c index f60383209..991dcee69 100644 --- a/lib/console.c +++ b/lib/console.c @@ -96,7 +96,7 @@ console_print(const CHAR16 *fmt, ...) setup_console(1); ms_va_start(args, fmt); - ret = VPrint(fmt, args); + ret = MS_VPrint(fmt, args); ms_va_end(args); return ret; @@ -116,7 +116,7 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); ms_va_start(args, fmt); - ret = VPrint(fmt, args); + ret = MS_VPrint(fmt, args); ms_va_end(args); return ret; From 7ff4ac37b84e4d867d80f6e901cab724b6ad22db Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Fri, 26 Sep 2025 15:23:46 +0200 Subject: [PATCH 10/10] Revert "Add a "VariableInfo" variable to mok-variables." Upstream gnu-efi doesn't implement the AsciiSPrint() function. Drop its only user. This reverts commit 77a292273aa813d0c373fd2adabb140e843420cb Signed-off-by: Andrea Bolognani --- mok.c | 110 ---------------------------------------------------------- 1 file changed, 110 deletions(-) diff --git a/mok.c b/mok.c index fc368e541..0c93119a0 100644 --- a/mok.c +++ b/mok.c @@ -130,105 +130,6 @@ format_hsi_status(UINT8 *buf, size_t sz, return ret; } -static UINTN -format_variable_info(UINT8 *buf, size_t bufsz, - struct mok_state_variable *msv UNUSED) -{ - typedef enum { - BS, - BS_NV, - BS_RT, - BS_RT_NV, - STOP - } variable_attr_t; - typedef struct { - uint64_t attrs; - char prefix[10]; - uint64_t max_storage_sz; - uint64_t remaining_sz; - uint64_t max_var_sz; - bool valid; - } var_set_t; - var_set_t var_sets[] = { - [BS] = { EFI_VARIABLE_BOOTSERVICE_ACCESS, - "bs", 0, 0, 0, false }, - [BS_NV] = { EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, - "bs_rt", 0, 0, 0, false }, - [BS_RT] = { EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - "bs_nv", 0, 0, 0, false }, - [BS_RT_NV] = { EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE, - "bs_nv_rt", 0, 0, 0, false }, - [STOP] = { 0, "", 0, 0, 0, false } - }; - UINTN sz = 0; - UINTN pos = 0; - - if (EFI_MAJOR_VERSION(RT) < 2 || is_apple_firmware_vendor()) { - dprint(L"EFI %d.%d; no RT->QueryVariableInfo() %a\n", - EFI_MAJOR_VERSION(RT), EFI_MINOR_VERSION(RT), - is_apple_firmware_vendor() ? "(Apple)" : ""); - if (bufsz > 0) - buf[0] = '\0'; - return 0; - } else { - EFI_STATUS efi_status; - variable_attr_t i; - for (i = BS; i < STOP; i++) { - var_set_t *var_set = &var_sets[i]; - dprint(L"calling RT->QueryVariableInfo() for %a\n", - var_set->prefix); - efi_status = RT->QueryVariableInfo(var_set->attrs, - &var_set->max_storage_sz, - &var_set->remaining_sz, - &var_set->max_var_sz); - if (EFI_ERROR(efi_status)) { - perror(L"Could not get variable storage info: %r\n", - efi_status); - var_set->max_storage_sz = 0; - var_set->remaining_sz = 0; - var_set->max_var_sz = 0; - } else { - var_set->valid = true; - sz += strlen(var_set->prefix) - + strlen("-max_storage_sz: ") - + strlen("0x0123456701234567\n"); - sz += strlen(var_set->prefix) - + strlen("-remaining_sz: ") - + strlen("0x0123456701234567\n"); - sz += strlen(var_set->prefix) - + strlen("-max_var_sz: ") - + strlen("0x0123456701234567\n"); - } - } - sz += 1; - } - - if (!buf || bufsz < sz) { - dprint(L"buf:0x%lx bufsz:0x%lx returning 0x%lx\n", buf, bufsz, sz); - return sz; - } - - variable_attr_t i; - for (i = BS; i < STOP; i++) { - var_set_t *var_set = &var_sets[i]; - UINTN rc; - rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_max_storage_sz: 0x%lx\n", - var_set->prefix, var_set->max_storage_sz); - pos += rc; - rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_remaining_sz: 0x%lx\n", - var_set->prefix, var_set->remaining_sz); - pos += rc; - rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_max_var_sz: 0x%lx\n", - var_set->prefix, var_set->max_var_sz); - pos += rc; - } - - return pos; -} - /* * If the OS has set any of these variables we need to drop into MOK and * handle them appropriately @@ -566,17 +467,6 @@ struct mok_state_variable mok_state_variable_data[] = { .guid = &SECUREBOOT_EFI_NAMESPACE_GUID, .flags = MOK_VARIABLE_CONFIG_ONLY, }, - /* - * Keep this entry last, or it'll be wrong. - */ - {.name = L"VariableInfo", - .name8 = "VariableInfo", - .rtname = L"VariableInfo", - .rtname8 = "VariableInfo", - .guid = &SHIM_LOCK_GUID, - .flags = MOK_VARIABLE_CONFIG_ONLY, - .format = format_variable_info, - }, { NULL, } }; size_t n_mok_state_variables = sizeof(mok_state_variable_data) / sizeof(mok_state_variable_data[0]);