From 8fabb3ee87907f1bc39e7cde2a74d9127f3387f4 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 18 Jun 2025 15:28:55 +0200 Subject: [PATCH 01/11] gnu-efi: Switch to upstream 4.0.4 release Replace the shim-specific fork with the upstream version, specifically the most recent release. Some adjustment to shim's code are necessary to adapt to this change. Signed-off-by: Andrea Bolognani --- .gitmodules | 4 ++-- gnu-efi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitmodules b/.gitmodules index 756c2c5d9..232a93204 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ [submodule "gnu-efi"] path = gnu-efi - url = https://github.com/rhboot/gnu-efi.git - branch = shim-16.1 + url = https://github.com/ncroxon/gnu-efi.git + branch = master diff --git a/gnu-efi b/gnu-efi index dc7fd96f2..37cd8f069 160000 --- a/gnu-efi +++ b/gnu-efi @@ -1 +1 @@ -Subproject commit dc7fd96f23d6b582416f672844362d776d175cf4 +Subproject commit 37cd8f069bde6715eebdc5e38a8f15ee6de5edcf From 2c23f2ccc4a6e660b6f6df7c64dcd1a0d0c8d80e Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 30 Apr 2025 01:31:45 +0200 Subject: [PATCH 02/11] Set NO_GLIBC=1 when building gnu-efi shim is a standalone EFI application so it shouldn't be necessary to look at the glibc headers when building it, and in fact attempting to do so results in a build failure. Signed-off-by: Andrea Bolognani --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index f03b7f386..6b93e7d87 100644 --- a/Makefile +++ b/Makefile @@ -174,6 +174,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CCC_CC="$(COMPILER)" \ CC="$(CC)" \ ARCH=$(ARCH_GNUEFI) \ + NO_GLIBC=1 \ TOPDIR=$(TOPDIR)/gnu-efi \ -f $(TOPDIR)/gnu-efi/Makefile \ lib gnuefi inc $(IGNORE_COMPILER_ERRORS) From 2f08b1b4cb1465cd18208d89981e6cf179eda802 Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Wed, 30 Apr 2025 01:31:00 +0200 Subject: [PATCH 03/11] Adopt modern ReallocatePool() ABI We could theoretically set GNU_EFI_USE_REALLOCATEPOOL_ABI=0 to keep using the legacy ABI, but since gnu-efi uses the modern ABI internally and we call into its build systemd directly, doing that messes things up. Switching to the new ABI is just a matter of changing the order of arguments. Signed-off-by: Andrea Bolognani --- errlog.c | 7 ++++--- fallback.c | 6 +++--- shim.c | 7 ++++--- tpm.c | 5 +++-- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/errlog.c b/errlog.c index b43a4bc28..c29db0bb4 100644 --- a/errlog.c +++ b/errlog.c @@ -35,8 +35,9 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, if (file == NULL || func == NULL || fmt == NULL) return EFI_INVALID_PARAMETER; - newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs), - (nerrs + 3) * sizeof(*errs)); + newerrs = ReallocatePool((nerrs + 1) * sizeof(*errs), + (nerrs + 3) * sizeof(*errs), + errs); if (!newerrs) return EFI_OUT_OF_RESOURCES; @@ -148,7 +149,7 @@ log_debug_print(const CHAR16 *fmt, ...) new_alloc_sz += buf_sz; new_alloc_sz = ALIGN_UP(new_alloc_sz, EFI_PAGE_SIZE); - new_debug_log = ReallocatePool(debug_log, debug_log_alloc, new_alloc_sz); + new_debug_log = ReallocatePool(debug_log_alloc, new_alloc_sz, debug_log); if (!new_debug_log) return 0; debug_log = (UINT8 *)new_debug_log; diff --git a/fallback.c b/fallback.c index 86ebe234c..71e33824e 100644 --- a/fallback.c +++ b/fallback.c @@ -359,9 +359,9 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, if (efi_status == EFI_BUFFER_TOO_SMALL) { VerbosePrint(L"Buffer too small for next variable name, re-allocating it to be %d bytes and retrying\n", varname_size); - varname = ReallocatePool(varname, - buffer_size, - varname_size); + varname = ReallocatePool(buffer_size, + varname_size, + varname); if (!varname) return EFI_OUT_OF_RESOURCES; buffer_size = varname_size; diff --git a/shim.c b/shim.c index b62042ed7..c6a599bd1 100644 --- a/shim.c +++ b/shim.c @@ -742,8 +742,9 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName, break; } - tmp = ReallocatePool(user_cert, original, - user_cert_size); + tmp = ReallocatePool(original, + user_cert_size, + user_cert); if (!tmp) { FreePool(data); return EFI_OUT_OF_RESOURCES; @@ -847,7 +848,7 @@ load_unbundled_trust(EFI_HANDLE image_handle) if (buffersize > 1024) goto done; } - buffer = ReallocatePool(buffer, old, buffersize); + buffer = ReallocatePool(old, buffersize, buffer); if (buffer == NULL) { perror(L"Failed to read directory %s - %r\n", PathName, EFI_OUT_OF_RESOURCES); diff --git a/tpm.c b/tpm.c index 7f4a1b092..75c733f17 100644 --- a/tpm.c +++ b/tpm.c @@ -363,8 +363,9 @@ static EFI_STATUS tpm_record_data_measurement(CHAR16 *VarName, EFI_GUID VendorGu if (measureddata == NULL) { measureddata = AllocatePool(sizeof(*measureddata)); } else { - measureddata = ReallocatePool(measureddata, measuredcount * sizeof(*measureddata), - (measuredcount + 1) * sizeof(*measureddata)); + measureddata = ReallocatePool(measuredcount * sizeof(*measureddata), + (measuredcount + 1) * sizeof(*measureddata), + measureddata); } if (measureddata == NULL) From 4147abf1c8175c8b91215598df36c6a47e3a302a Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Tue, 31 Mar 2026 09:32:06 +0200 Subject: [PATCH 04/11] Adopt modern CompareGuid() ABI We could theoretically set GNU_EFI_USE_COMPARE_ABI=0 to keep using the legacy ABI, but since gnu-efi uses the modern ABI internally and we call into its build systemd directly, doing that messes things up. In a very small handful of cases we actually rely on the behavior of the old ABI because we don't just need to know whether or not the two GUIDs are identical, but also their relative sorting order. CompareGuidForSorting(), which retains the old behavior, is introduced to deal with those scenarios. Signed-off-by: Andrea Bolognani --- MokManager.c | 44 +++++++++++++++++----------------- errlog.c | 2 +- fallback.c | 2 +- include/test.h | 4 +++- lib/configtable.c | 2 +- lib/variables.c | 2 +- load-options.c | 2 +- mock-variables.c | 10 ++++---- test-mock-variables.c | 56 +++++++++++++++++++++---------------------- test-mok-mirror.c | 8 +++---- tpm.c | 2 +- verify.c | 4 ++-- 12 files changed, 70 insertions(+), 68 deletions(-) diff --git a/MokManager.c b/MokManager.c index 010180fd4..7fa3d92d4 100644 --- a/MokManager.c +++ b/MokManager.c @@ -89,13 +89,13 @@ static EFI_STATUS get_sha1sum(void *Data, int DataSize, UINT8 * hash) static BOOLEAN is_sha2_hash(EFI_GUID Type) { - if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0) + if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID)) return TRUE; - else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID)) return TRUE; - else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID)) return TRUE; - else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID)) return TRUE; return FALSE; @@ -103,15 +103,15 @@ static BOOLEAN is_sha2_hash(EFI_GUID Type) static UINT32 sha_size(EFI_GUID Type) { - if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID) == 0) + if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID)) return SHA1_DIGEST_SIZE; - else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID)) return SHA224_DIGEST_LENGTH; - else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID)) return SHA256_DIGEST_SIZE; - else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID)) return SHA384_DIGEST_LENGTH; - else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0) + else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID)) return SHA512_DIGEST_LENGTH; return 0; @@ -121,7 +121,7 @@ static BOOLEAN is_valid_siglist(EFI_GUID Type, UINT32 SigSize) { UINT32 hash_sig_size; - if (CompareGuid (&Type, &X509_GUID) == 0 && SigSize != 0) + if (CompareGuid (&Type, &X509_GUID) && SigSize != 0) return TRUE; if (!is_sha2_hash(Type)) @@ -206,7 +206,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) } list[count].Type = CertList->SignatureType; - if (CompareGuid (&CertList->SignatureType, &X509_GUID) == 0) { + if (CompareGuid (&CertList->SignatureType, &X509_GUID)) { list[count].MokSize = CertList->SignatureSize - sizeof(EFI_GUID); list[count].Mok = (void *)Cert->SignatureData; @@ -463,19 +463,19 @@ static void show_sha_digest(EFI_GUID Type, UINT8 * hash) int i; int length; - if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID) == 0) { + if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID)) { length = SHA1_DIGEST_SIZE; text[0] = L"SHA1 hash"; - } else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0) { + } else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID)) { length = SHA224_DIGEST_LENGTH; text[0] = L"SHA224 hash"; - } else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0) { + } else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID)) { length = SHA256_DIGEST_SIZE; text[0] = L"SHA256 hash"; - } else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0) { + } else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID)) { length = SHA384_DIGEST_LENGTH; text[0] = L"SHA384 hash"; - } else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0) { + } else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID)) { length = SHA512_DIGEST_LENGTH; text[0] = L"SHA512 hash"; } else { @@ -564,7 +564,7 @@ static void show_mok_info(EFI_GUID Type, void *Mok, UINTN MokSize) if (!Mok || MokSize == 0) return; - if (CompareGuid (&Type, &X509_GUID) == 0) { + if (CompareGuid (&Type, &X509_GUID)) { UINT8 hash[SHA1_DIGEST_SIZE]; X509 *X509Cert; @@ -1062,7 +1062,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, DataSize += sizeof(EFI_SIGNATURE_LIST); type = list[i].Type; /* avoid -Werror=address-of-packed-member */ - if (CompareGuid(&type, &X509_GUID) == 0) + if (CompareGuid(&type, &X509_GUID)) DataSize += sizeof(EFI_GUID); DataSize += list[i].MokSize; } @@ -1093,7 +1093,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, CertList->SignatureType = list[i].Type; CertList->SignatureHeaderSize = 0; - if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) { + if (CompareGuid(&(CertList->SignatureType), &X509_GUID)) { CertList->SignatureListSize = list[i].MokSize + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); CertList->SignatureSize = @@ -1136,7 +1136,7 @@ static void delete_cert(void *key, UINT32 key_size, for (i = 0; i < mok_num; i++) { type = mok[i].Type; /* avoid -Werror=address-of-packed-member */ - if (CompareGuid(&type, &X509_GUID) != 0) + if (!CompareGuid(&type, &X509_GUID)) continue; if (mok[i].MokSize == key_size && @@ -1189,7 +1189,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, for (i = 0; i < mok_num; i++) { type = mok[i].Type; /* avoid -Werror=address-of-packed-member */ - if ((CompareGuid(&type, &Type) != 0) || + if ((!CompareGuid(&type, &Type)) || (mok[i].MokSize < sig_size)) continue; @@ -1360,7 +1360,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) dprint(L"deleting certs from %a\n", MokX ? "MokListX" : "MokList"); for (i = 0; i < del_num; i++) { type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */ - if (CompareGuid(&type, &X509_GUID) == 0) { + if (CompareGuid(&type, &X509_GUID)) { dprint(L"deleting key %d (total %d):\n", i, mok_num); dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0); delete_cert(del_key[i].Mok, del_key[i].MokSize, diff --git a/errlog.c b/errlog.c index c29db0bb4..6455b7743 100644 --- a/errlog.c +++ b/errlog.c @@ -223,7 +223,7 @@ save_logs(void) EFI_CONFIGURATION_TABLE *CT; CT = &ST->ConfigurationTable[i]; - if (CompareGuid(&MOK_VARIABLE_STORE, &CT->VendorGuid) == 0) { + if (CompareGuid(&MOK_VARIABLE_STORE, &CT->VendorGuid)) { cfg_table = CT->VendorTable; break; } diff --git a/fallback.c b/fallback.c index 71e33824e..c73094c4c 100644 --- a/fallback.c +++ b/fallback.c @@ -260,7 +260,7 @@ check_masked_boot_option(CHAR8 *candidate, unsigned int candidate_size, DevicePathType(dp) != HARDWARE_DEVICE_PATH || DevicePathSubType(dp) != HW_VENDOR_DP || node_size != sizeof(ami_masked_device_path_guid) || - CompareGuid((EFI_GUID *)(cursor + sizeof(EFI_DEVICE_PATH)), + !CompareGuid((EFI_GUID *)(cursor + sizeof(EFI_DEVICE_PATH)), &ami_masked_device_path_guid)) return 1; diff --git a/include/test.h b/include/test.h index ccb611483..bffad7d55 100644 --- a/include/test.h +++ b/include/test.h @@ -185,7 +185,9 @@ guidcmp(const EFI_GUID * const guid0, const EFI_GUID * const guid1) return ret; } -#define CompareGuid(a, b) guidcmp(a, b) +#define CompareGuid(a, b) (guidcmp(a, b) == 0) + +#define CompareGuidForSorting(a, b) guidcmp(a, b) static inline char * efi_strerror(EFI_STATUS status) diff --git a/lib/configtable.c b/lib/configtable.c index 66e97f63f..60a28d66e 100644 --- a/lib/configtable.c +++ b/lib/configtable.c @@ -14,7 +14,7 @@ configtable_get_table(EFI_GUID *guid) for (i = 0; i < ST->NumberOfTableEntries; i++) { EFI_CONFIGURATION_TABLE *CT = &ST->ConfigurationTable[i]; - if (CompareGuid(guid, &CT->VendorGuid) == 0) { + if (CompareGuid(guid, &CT->VendorGuid)) { return CT->VendorTable; } } diff --git a/lib/variables.c b/lib/variables.c index 1a2c7d480..b2e99014a 100644 --- a/lib/variables.c +++ b/lib/variables.c @@ -449,7 +449,7 @@ variable_enroll_hash(const CHAR16 * const var, EFI_GUID owner, CopyMem(&d->SignatureData, hash, SHA256_DIGEST_SIZE); d->SignatureOwner = SHIM_LOCK_GUID; - if (CompareGuid(&owner, &SIG_DB) == 0) + if (CompareGuid(&owner, &SIG_DB)) efi_status = SetSecureVariable(var, sig, sizeof(sig), owner, EFI_VARIABLE_APPEND_WRITE, 0); else diff --git a/load-options.c b/load-options.c index 660eaa910..7316a6fef 100644 --- a/load-options.c +++ b/load-options.c @@ -404,7 +404,7 @@ parse_load_options(EFI_LOADED_IMAGE *li) if (li->LoadOptionsSize > 16) { if (CompareGuid((EFI_GUID *)(li->LoadOptions + (li->LoadOptionsSize - 16)), - &BDS_GUID) == 0) + &BDS_GUID)) li->LoadOptionsSize -= 16; } diff --git a/mock-variables.c b/mock-variables.c index 736171cb6..a7919d876 100644 --- a/mock-variables.c +++ b/mock-variables.c @@ -161,7 +161,7 @@ variable_cmp(const struct mock_variable * const v0, if (v0 == NULL || v1 == NULL) return (uintptr_t)v0 - (uintptr_t)v1; - ret = CompareGuid(&v0->guid, &v1->guid); + ret = CompareGuidForSorting(&v0->guid, &v1->guid); ret <<= 8ul; #if (defined(SHIM_DEBUG) && SHIM_DEBUG > 3) printf("%s:%d:%s(): "GUID_FMT" %s "GUID_FMT" (0x%011"PRIx64" %"PRId64")\n", @@ -361,7 +361,7 @@ mock_get_next_variable_name(UINTN *size, CHAR16 *name, EFI_GUID *guid) # endif #endif if (name[0] == 0) { - if (CompareGuid(&var->guid, guid) == 0) { + if (CompareGuid(&var->guid, guid)) { #if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0) printf("%s:%d:%s(): found guid in entry var:%p var->name:%p\n", __FILE__, __LINE__-1, __func__, var, var->name); @@ -372,7 +372,7 @@ mock_get_next_variable_name(UINTN *size, CHAR16 *name, EFI_GUID *guid) } } else { if (found) { - if (CompareGuid(&var->guid, guid) == 0) { + if (CompareGuid(&var->guid, guid)) { result = var; break; } @@ -1235,7 +1235,7 @@ mock_config_table_cmp(const void *p0, const void *p1) #if (defined(SHIM_DEBUG) && SHIM_DEBUG != 0) printf("comparing %p to %p\n", p0, p1); #endif - cmp = CompareGuid(&entry0->VendorGuid, &entry1->VendorGuid); + cmp = CompareGuidForSorting(&entry0->VendorGuid, &entry1->VendorGuid); } if (mock_config_table_sort_policy == MOCK_SORT_DESCENDING) { @@ -1259,7 +1259,7 @@ mock_install_configuration_table(EFI_GUID *guid, VOID *table) for (UINTN i = 0; i < ST->NumberOfTableEntries; i++) { EFI_CONFIGURATION_TABLE *entry = &ST->ConfigurationTable[i]; - if (CompareGuid(guid, &entry->VendorGuid) == 0) { + if (CompareGuid(guid, &entry->VendorGuid)) { found = true; if (table) { // replace it diff --git a/test-mock-variables.c b/test-mock-variables.c index dd4a9eb11..98baa5fb5 100644 --- a/test-mock-variables.c +++ b/test-mock-variables.c @@ -448,7 +448,7 @@ dump_config_table_if_wrong(const char * const func, int line, ...) } entry = &ST->ConfigurationTable[idx]; - if (CompareGuid(guid, &entry->VendorGuid) != 0) + if (!CompareGuid(guid, &entry->VendorGuid)) okay = false; nexta: @@ -479,7 +479,7 @@ dump_config_table_if_wrong(const char * const func, int line, ...) printf("\t[%d]: %p ", idx, entry); printf("{.VendorGuid:" GUID_FMT ",", GUID_ARGS(entry->VendorGuid)); printf("&.VendorTable:%p}\n", entry->VendorTable); - if (CompareGuid(guid, &entry->VendorGuid) != 0) + if (!CompareGuid(guid, &entry->VendorGuid)) printf("\t\t\t expected:" GUID_FMT "\n", GUID_ARGS(*guid)); } next: @@ -549,8 +549,8 @@ test_install_config_table_0(void) assert_equal_goto(ST->NumberOfTableEntries, 1, err, "%lu != %lu\n"); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[0].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[0].VendorTable, bstrp, err, "%p != %p\n"); @@ -562,8 +562,8 @@ test_install_config_table_0(void) assert_equal_goto(ST->NumberOfTableEntries, 1, err, "%lu != %lu\n"); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[0].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[0].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[0].VendorTable, bstrp, err, "%p != %p\n"); @@ -602,14 +602,14 @@ test_install_config_table_0(void) -1, NULL); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), - err, "%d != 0 (%s != %s)\n", tmpstr, astr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), + true, err, "%d != true (%s != %s)\n", tmpstr, astr); assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp, err, "%p != %p\n"); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp, err, "%p != %p\n"); @@ -652,22 +652,22 @@ test_install_config_table_0(void) -1, NULL); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), - err, "%d != 0 (%s != %s)\n", tmpstr, astr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), + true, err, "%d != true (%s != %s)\n", tmpstr, astr); assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp, err, "%p != %p\n"); memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID)); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp, err, "%p != %p\n"); memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID)); sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), - err, "%d != 0 (%s != %s)\n", tmpstr, cstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), + true, err, "%d != true (%s != %s)\n", tmpstr, cstr); assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp, err, "%p != %p\n"); memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID)); @@ -726,8 +726,8 @@ test_install_config_table_0(void) if (aidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), - err, "%d != 0 (%s != %s)\n", tmpstr, astr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), + true, err, "%d != true (%s != %s)\n", tmpstr, astr); assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp, err, "%p != %p\n"); memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID)); @@ -735,8 +735,8 @@ test_install_config_table_0(void) if (bidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp, err, "%p != %p\n"); memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID)); @@ -744,8 +744,8 @@ test_install_config_table_0(void) if (cidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), - err, "%d != 0 (%s != %s)\n", tmpstr, cstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), + true, err, "%d != true (%s != %s)\n", tmpstr, cstr); assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp, err, "%p != %p\n"); memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID)); @@ -791,8 +791,8 @@ test_install_config_table_0(void) if (aidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[aidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), - err, "%d != 0 (%s != %s)\n", tmpstr, astr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[aidx].VendorGuid, &aguid), + true, err, "%d != true (%s != %s)\n", tmpstr, astr); assert_equal_goto(ST->ConfigurationTable[aidx].VendorTable, astrp, err, "%p != %p\n"); memcpy(&guids[aidx], &aguid, sizeof(EFI_GUID)); @@ -800,8 +800,8 @@ test_install_config_table_0(void) if (bidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[bidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), - err, "%d != 0 (%s != %s)\n", tmpstr, bstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[bidx].VendorGuid, &bguid), + true, err, "%d != true (%s != %s)\n", tmpstr, bstr); assert_equal_goto(ST->ConfigurationTable[bidx].VendorTable, bstrp, err, "%p != %p\n"); memcpy(&guids[bidx], &bguid, sizeof(EFI_GUID)); @@ -809,8 +809,8 @@ test_install_config_table_0(void) if (cidx >= 0) { sprintf(tmpstr, GUID_FMT, GUID_ARGS(ST->ConfigurationTable[cidx].VendorGuid)); - assert_zero_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), - err, "%d != 0 (%s != %s)\n", tmpstr, cstr); + assert_equal_goto(CompareGuid(&ST->ConfigurationTable[cidx].VendorGuid, &cguid), + true, err, "%d != true (%s != %s)\n", tmpstr, cstr); assert_equal_goto(ST->ConfigurationTable[cidx].VendorTable, cstrp, err, "%p != %p\n"); memcpy(&guids[cidx], &cguid, sizeof(EFI_GUID)); diff --git a/test-mok-mirror.c b/test-mok-mirror.c index 38b7ed979..66e7fc2ce 100644 --- a/test-mok-mirror.c +++ b/test-mok-mirror.c @@ -82,7 +82,7 @@ setvar_post(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, for (UINTN i = 0; test_vars[i].name != NULL; i++) { struct test_var *tv = &test_vars[i]; - if (CompareGuid(&tv->guid, guid) != 0 || + if (!CompareGuid(&tv->guid, guid) || StrCmp(tv->name, name) != 0) continue; tv->ops[tv->n_ops] = op; @@ -116,7 +116,7 @@ getvar_post(CHAR16 *name, EFI_GUID *guid, for (UINTN i = 0; test_vars[i].name != NULL; i++) { struct test_var *tv = &test_vars[i]; - if (CompareGuid(&tv->guid, guid) != 0 || + if (!CompareGuid(&tv->guid, guid) || StrCmp(tv->name, name) != 0) continue; tv->ops[tv->n_ops] = GET; @@ -144,7 +144,7 @@ check_variables(struct test_var *vars) int gets = 0; var = list_entry(pos, struct mock_variable, list); - if (CompareGuid(&tv->guid, &var->guid) != 0 || + if (!CompareGuid(&tv->guid, &var->guid) || StrCmp(var->name, tv->name) != 0) continue; found = true; @@ -292,7 +292,7 @@ test_mok_mirror(struct test_var *vars, for (size_t i = 0; i < ST->NumberOfTableEntries; i++) { EFI_CONFIGURATION_TABLE *ct = &ST->ConfigurationTable[i]; - if (CompareGuid(&ct->VendorGuid, &mok_config_guid) != 0) + if (!CompareGuid(&ct->VendorGuid, &mok_config_guid)) continue; pos = (void *)ct->VendorTable; diff --git a/tpm.c b/tpm.c index 75c733f17..2514d4645 100644 --- a/tpm.c +++ b/tpm.c @@ -348,7 +348,7 @@ static BOOLEAN tpm_data_measured(CHAR16 *VarName, EFI_GUID VendorGuid, UINTN Var for (i=0; i 0) && (dbsize >= CertList->SignatureListSize)) { - if (CompareGuid (&CertList->SignatureType, &EFI_CERT_TYPE_X509_GUID) == 0) { + if (CompareGuid (&CertList->SignatureType, &EFI_CERT_TYPE_X509_GUID)) { Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); CertSize = CertList->SignatureSize - sizeof(EFI_GUID); dprint(L"trying to verify cert %d (%s)\n", i++, dbname); @@ -218,7 +218,7 @@ check_db_hash_in_ram(EFI_SIGNATURE_LIST *CertList, UINTN dbsize, UINT8 *data, while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { CertCount = (CertList->SignatureListSize -sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); - if (CompareGuid(&CertList->SignatureType, &CertType) == 0) { + if (CompareGuid(&CertList->SignatureType, &CertType)) { for (Index = 0; Index < CertCount; Index++) { if (CompareMem (Cert->SignatureData, data, SignatureSize) == 0) { // From d9af01e3ec5943d44342ad1bc89ff2cd44c83f3f Mon Sep 17 00:00:00 2001 From: Jason Montleon Date: Mon, 8 Jul 2024 12:04:32 -0400 Subject: [PATCH 05/11] Correct signedness when calling string functions. Signed-off-by: Jason Montleon --- Cryptlib/SysCall/BaseStrings.c | 4 ++-- csv.c | 2 +- errlog.c | 4 ++-- httpboot.c | 20 ++++++++++---------- mok.c | 8 ++++---- netboot.c | 22 +++++++++++----------- sbat.c | 18 +++++++++--------- tpm.c | 2 +- 8 files changed, 40 insertions(+), 40 deletions(-) diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c index 29a16100a..11f9567f7 100644 --- a/Cryptlib/SysCall/BaseStrings.c +++ b/Cryptlib/SysCall/BaseStrings.c @@ -3,7 +3,7 @@ CHAR8 * AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) { - UINTN dest_len = strlen((CHAR8 *)Destination); + UINTN dest_len = strlen((char *)Destination); UINTN i; for (i = 0; Source[i] != '\0'; i++) @@ -61,7 +61,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value) UINTN AsciiStrSize(const CHAR8 *string) { - return strlen(string) + 1; + return strlen((char *)string) + 1; } /* Based on AsciiStrDecimalToUintnS() in edk2 diff --git a/csv.c b/csv.c index 18460cd7b..81dbb833e 100644 --- a/csv.c +++ b/csv.c @@ -63,7 +63,7 @@ parse_csv_data(char *data, char *data_end, size_t n_columns, list_t *list) } max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0); - if (is_utf8_bom(line, max)) + if (is_utf8_bom((CHAR8 *)line, max)) line += UTF8_BOM_SIZE; diff --git a/errlog.c b/errlog.c index 6455b7743..6971e80b4 100644 --- a/errlog.c +++ b/errlog.c @@ -261,7 +261,7 @@ save_logs(void) entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos); if (errlog_sz) { - strcpy(entry->name, "shim-err.txt"); + strcpy((char *)entry->name, "shim-err.txt"); entry->data_size = errlog_sz; format_error_log(&entry->data[0], errlog_sz); @@ -269,7 +269,7 @@ save_logs(void) entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos); } if (dbglog_sz) { - strcpy(entry->name, "shim-dbg.txt"); + strcpy((char *)entry->name, "shim-dbg.txt"); entry->data_size = dbglog_sz; format_debug_log(&entry->data[0], dbglog_sz); diff --git a/httpboot.c b/httpboot.c index ccbe0281d..3a801c366 100644 --- a/httpboot.c +++ b/httpboot.c @@ -175,7 +175,7 @@ find_httpboot (EFI_HANDLE device) /* Save the current URI */ UriNode = (URI_DEVICE_PATH *)Node; - uri_size = strlen(UriNode->Uri); + uri_size = strlen((char *)UriNode->Uri); uri = AllocatePool(uri_size + 1); if (!uri) { perror(L"Failed to allocate uri\n"); @@ -201,10 +201,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, UINTN path_len = 0; UINTN count = 0; - if (strncmp(current_uri, (CHAR8 *)"http://", 7) == 0) { + if (strncmp((char *)current_uri, "http://", 7) == 0) { ptr = current_uri + 7; count += 7; - } else if (strncmp(current_uri, (CHAR8 *)"https://", 8) == 0) { + } else if (strncmp((char *)current_uri, "https://", 8) == 0) { ptr = current_uri + 8; count += 8; } else { @@ -212,7 +212,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, } /* Extract the path */ - next_len = strlen(next_loader); + next_len = strlen((char *)next_loader); while (*ptr != '\0') { count++; if (*ptr == '/') @@ -237,9 +237,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname) CONST CHAR8 *ptr, *start; UINTN host_len = 0; - if (strncmp(url, (CHAR8 *)"http://", 7) == 0) + if (strncmp((char *)url, "http://", 7) == 0) start = url + 7; - else if (strncmp(url, (CHAR8 *)"https://", 8) == 0) + else if (strncmp((char *)url, "https://", 8) == 0) start = url + 8; else return EFI_INVALID_PARAMETER; @@ -618,8 +618,8 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) /* Check the length of the file */ for (i = 0; i < rx_message.HeaderCount; i++) { - if (!strcasecmp(rx_message.Headers[i].FieldName, - (CHAR8 *)"Content-Length")) { + if (!strcasecmp((char *)rx_message.Headers[i].FieldName, + "Content-Length")) { new_buf_size = ascii_to_int(rx_message.Headers[i].FieldValue); if (buf_size_set && new_buf_size != *buf_size) { perror(L"Content-Length is invalid\n"); @@ -784,8 +784,8 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size, if (!uri) return EFI_NOT_READY; - next_loader = (CHAR8 *)AllocatePool((strlen(name) + 1) * sizeof (CHAR8)); - translate_slashes(next_loader, name); + next_loader = (CHAR8 *)AllocatePool((strlen((char *)name) + 1) * sizeof (CHAR8)); + translate_slashes((char *)next_loader, (char *)name); /* Create the URI for the next loader based on the original URI */ efi_status = generate_next_uri(uri, next_loader, &next_uri); diff --git a/mok.c b/mok.c index a94516e3c..a13355e41 100644 --- a/mok.c +++ b/mok.c @@ -213,15 +213,15 @@ format_variable_info(UINT8 *buf, size_t bufsz, var_set_t *var_set = &var_sets[i]; UINTN rc; rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_max_storage_sz: 0x%lx\n", + (const CHAR8 *)"%a_max_storage_sz: 0x%lx\n", var_set->prefix, var_set->max_storage_sz); pos += rc; rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_remaining_sz: 0x%lx\n", + (const CHAR8 *)"%a_remaining_sz: 0x%lx\n", var_set->prefix, var_set->remaining_sz); pos += rc; rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos, - "%a_max_var_sz: 0x%lx\n", + (const CHAR8 *)"%a_max_var_sz: 0x%lx\n", var_set->prefix, var_set->max_var_sz); pos += rc; } @@ -1422,7 +1422,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) struct mok_state_variable *v = &mok_state_variables[i]; ZeroMem(&config_template, sizeof(config_template)); - strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); + strncpy((char *)config_template.name, v->rtname8, 255); config_template.name[255] = '\0'; config_template.data_size = v->data_size; diff --git a/netboot.c b/netboot.c index 0ec43e5a6..520b28c7a 100644 --- a/netboot.c +++ b/netboot.c @@ -146,7 +146,7 @@ static CHAR8 *str2ip6(CHAR8 *str) if (dotcount > MAX_IP6_DOTS) return (CHAR8 *)ip; - len = strlen(str); + len = strlen((char *)str); a = b = str; for (i = 0; i < len; i++) { @@ -203,7 +203,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) while (name[template_len++] != '\0'); template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); - translate_slashes(template, name); + translate_slashes((char *)template, (char *)name); // to check against str2ip6() errors memset(ip6inv, 0, sizeof(ip6inv)); @@ -243,17 +243,17 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) FreePool(template); return FALSE; } - full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); + full_path = AllocateZeroPool(strlen((char *)end)+strlen((char *)template)+1); if (!full_path) { FreePool(template); return FALSE; } - memcpy(full_path, end, strlen(end)); + memcpy(full_path, end, strlen((char *)end)); end = (CHAR8 *)strrchr((char *)full_path, '/'); if (!end) end = (CHAR8 *)full_path; - memcpy(end, template, strlen(template)); - end[strlen(template)] = '\0'; + memcpy(end, template, strlen((char *)template)); + end[strlen((char *)template)] = '\0'; FreePool(template); return TRUE; @@ -284,8 +284,8 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) while (name[template_len++] != '\0'); template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); - translate_slashes(template, name); - template_len = strlen(template) + 1; + translate_slashes((char *)template, (char *)name); + template_len = strlen((char *)template) + 1; if(pxe->Mode->ProxyOfferReceived) { /* @@ -305,7 +305,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4; } - INTN dir_len = strnlen((CHAR8 *)pkt_v4->BootpBootFile, 127); + INTN dir_len = strnlen((char *)pkt_v4->BootpBootFile, 127); INTN i; UINT8 *dir = pkt_v4->BootpBootFile; @@ -323,7 +323,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) } if (dir_len > 0) { - strncpy(full_path, (CHAR8 *)dir, dir_len); + strncpy((char *)full_path, (char *)dir, dir_len); if (full_path[dir_len-1] == '/' && template[0] == '/') full_path[dir_len-1] = '\0'; /* @@ -338,7 +338,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) } if (dir_len == 0 && dir[0] != '/' && template[0] == '/') template_ofs++; - strcat(full_path, template + template_ofs); + strcat((char *)full_path, (char *)template + template_ofs); memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4); FreePool(template); diff --git a/sbat.c b/sbat.c index 8f29e3982..830de6469 100644 --- a/sbat.c +++ b/sbat.c @@ -95,12 +95,12 @@ parse_sbat_section(char *section_base, size_t section_size, struct csv_row * row; size_t i; const char **ptrs[] = { - &entry->component_name, - &entry->component_generation, - &entry->vendor_name, - &entry->vendor_package_name, - &entry->vendor_version, - &entry->vendor_url, + (const char **)&entry->component_name, + (const char **)&entry->component_generation, + (const char **)&entry->vendor_name, + (const char **)&entry->vendor_package_name, + (const char **)&entry->vendor_version, + (const char **)&entry->vendor_url, }; @@ -280,9 +280,9 @@ parse_sbat_var_data(list_t *entry_list, UINT8 *data, UINTN datasize) struct csv_row * row; size_t i; const char **ptrs[] = { - &entry->component_name, - &entry->component_generation, - &entry->sbat_datestamp, + (const char **)&entry->component_name, + (const char **)&entry->component_generation, + (const char **)&entry->sbat_datestamp, }; row = list_entry(pos, struct csv_row, list); diff --git a/tpm.c b/tpm.c index 2514d4645..a67418ead 100644 --- a/tpm.c +++ b/tpm.c @@ -296,7 +296,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, const CHAR8 *description) { return tpm_log_event_raw(buf, size, pcr, description, - strlen(description) + 1, EV_IPL, NULL); + strlen((char *)description) + 1, EV_IPL, NULL); } EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, From d12d4a18276629d460ed2af37c197919b5411c3a Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Sat, 11 Jan 2025 20:26:09 +0000 Subject: [PATCH 06/11] Remove GNU_EFI_USE_EXTERNAL_STDARG Signed-off-by: Callum Farmer --- Cryptlib/Include/OpenSslSupport.h | 3 --- Cryptlib/Library/BaseLib.h | 4 ---- Makefile | 1 - include/system/efistdarg.h | 4 ---- include/system/stdarg.h | 16 ---------------- shim.h | 4 ---- 6 files changed, 32 deletions(-) diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h index 0c2fb8b0c..54f53fd60 100644 --- a/Cryptlib/Include/OpenSslSupport.h +++ b/Cryptlib/Include/OpenSslSupport.h @@ -18,9 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #if defined(__x86_64__) /* shim.h will check if the compiler is new enough in some other CU */ -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h index 94b25c935..5e07239de 100644 --- a/Cryptlib/Library/BaseLib.h +++ b/Cryptlib/Library/BaseLib.h @@ -1,10 +1,6 @@ #if defined(__x86_64__) /* shim.h will check if the compiler is new enough in some other CU */ -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI #endif diff --git a/Makefile b/Makefile index 6b93e7d87..7c5ebcc33 100644 --- a/Makefile +++ b/Makefile @@ -166,7 +166,6 @@ MokManager.o: $(MOK_SOURCES) $(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a -gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: mkdir -p gnu-efi/lib gnu-efi/gnuefi $(MAKE) -C gnu-efi \ diff --git a/include/system/efistdarg.h b/include/system/efistdarg.h index 034977cca..837c4f23f 100644 --- a/include/system/efistdarg.h +++ b/include/system/efistdarg.h @@ -8,10 +8,6 @@ #ifndef _EFISTDARG_H_ #define _EFISTDARG_H_ -#ifndef GNU_EFI_USE_EXTERNAL_STDARG -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #include #endif /* !_EFISTDARG_H_ */ diff --git a/include/system/stdarg.h b/include/system/stdarg.h index 68c171b8f..813edd748 100644 --- a/include/system/stdarg.h +++ b/include/system/stdarg.h @@ -15,10 +15,6 @@ typedef __builtin_va_list __builtin_sysv_va_list; #pragma GCC diagnostic pop #endif -#ifndef GNU_EFI_USE_EXTERNAL_STDARG -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #ifdef SHIM_UNIT_TEST #include_next #endif @@ -26,13 +22,6 @@ typedef __builtin_va_list __builtin_sysv_va_list; #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ defined(__i486__) || defined(__i686__) || defined(__COVERITY__) -typedef __builtin_va_list ms_va_list; -typedef __builtin_va_list __builtin_ms_va_list; -#define ms_va_copy(dest, start) __builtin_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_va_end(marker) - typedef __builtin_va_list sysv_va_list; #define sysv_va_copy(dest, start) __builtin_va_copy(dest, start) #define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) @@ -49,11 +38,6 @@ typedef __builtin_va_list VA_LIST; #elif defined(__x86_64__) -typedef __builtin_ms_va_list ms_va_list; -#define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) -#define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) -#define ms_va_arg(marker, type) __builtin_va_arg(marker, type) -#define ms_va_end(marker) __builtin_ms_va_end(marker) typedef __builtin_sysv_va_list sysv_va_list; #define sysv_va_copy(dest, start) __builtin_sysv_va_copy(dest, start) #define sysv_va_start(marker, arg) __builtin_sysv_va_start(marker, arg) diff --git a/shim.h b/shim.h index 8b52ce7a4..b76c16d9e 100644 --- a/shim.h +++ b/shim.h @@ -31,10 +31,6 @@ #pragma GCC diagnostic ignored "-Wpointer-bool-conversion" #endif -#if !defined(GNU_EFI_USE_EXTERNAL_STDARG) -#define GNU_EFI_USE_EXTERNAL_STDARG -#endif - #if !defined(GNU_EFI_USE_MS_ABI) #define GNU_EFI_USE_MS_ABI #endif From 5bbeb3732be76fed2582d507fcacb8ae86929473 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Sun, 12 Jan 2025 17:12:40 +0000 Subject: [PATCH 07/11] Avoid misuse of Print sys_va_list funcs Signed-off-by: Callum Farmer --- errlog.c | 6 +++--- lib/console.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/errlog.c b/errlog.c index 6971e80b4..49028f03e 100644 --- a/errlog.c +++ b/errlog.c @@ -19,7 +19,7 @@ vdprint_(const CHAR16 *fmt, const char *file, int line, const char *func, if (verbose) { ms_va_copy(args2, args); console_print(L"%a:%d:%a() ", file, line, func); - efi_status = VPrint(fmt, args2); + efi_status = MS_VPrint(fmt, args2); ms_va_end(args2); } return efi_status; @@ -45,7 +45,7 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt, if (!newerrs[nerrs]) return EFI_OUT_OF_RESOURCES; ms_va_copy(args2, args); - newerrs[nerrs+1] = VPoolPrint(fmt, args2); + newerrs[nerrs+1] = MS_VPoolPrint(fmt, args2); if (!newerrs[nerrs+1]) return EFI_OUT_OF_RESOURCES; ms_va_end(args2); @@ -135,7 +135,7 @@ log_debug_print(const CHAR16 *fmt, ...) UINTN ret = 0; ms_va_start(args, fmt); - buf = VPoolPrint(fmt, args); + buf = MS_VPoolPrint(fmt, args); if (!buf) return 0; ms_va_end(args); diff --git a/lib/console.c b/lib/console.c index f60383209..991dcee69 100644 --- a/lib/console.c +++ b/lib/console.c @@ -96,7 +96,7 @@ console_print(const CHAR16 *fmt, ...) setup_console(1); ms_va_start(args, fmt); - ret = VPrint(fmt, args); + ret = MS_VPrint(fmt, args); ms_va_end(args); return ret; @@ -116,7 +116,7 @@ console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...) co->SetCursorPosition(co, col, row); ms_va_start(args, fmt); - ret = VPrint(fmt, args); + ret = MS_VPrint(fmt, args); ms_va_end(args); return ret; From 5826f7f738a6b7bf8c710ae586daa3000a331879 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Tue, 14 Jan 2025 09:37:59 +0000 Subject: [PATCH 08/11] avoid conflicting CompareGuid Signed-off-by: Callum Farmer --- include/test.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/test.h b/include/test.h index bffad7d55..4b717ddea 100644 --- a/include/test.h +++ b/include/test.h @@ -185,6 +185,10 @@ guidcmp(const EFI_GUID * const guid0, const EFI_GUID * const guid1) return ret; } +#if defined(CompareGuid) +#undef CompareGuid +#endif + #define CompareGuid(a, b) (guidcmp(a, b) == 0) #define CompareGuidForSorting(a, b) guidcmp(a, b) From 8e434c0f64a2dbb89dacd7571020d2cc4be32146 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Tue, 11 Feb 2025 12:55:25 +0000 Subject: [PATCH 09/11] disable gnuefi_signed_strncmp Signed-off-by: Callum Farmer --- test-str.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test-str.c b/test-str.c index 30f8dd0b4..9218a8ebb 100644 --- a/test-str.c +++ b/test-str.c @@ -484,7 +484,7 @@ gnuefi_strncmp ( * This is still broken, and fails the test case as written on arm. * We no longer use this, so we do not strictly need to run it. */ -#if !defined(__arm__) && !defined(__aarch64__) +#if 0 static inline INTN gnuefi_signed_strncmp ( IN CONST CHAR8 *s1, @@ -719,7 +719,7 @@ test_strncmp(void) * This is still broken, and fails the test case as written on arm. * We no longer use this, so we do not strictly need to run it. */ -#if !defined(__arm__) && !defined(__aarch64__) +#if 0 /* * gnu-efi's broken strncmpa with the return type fixed */ From 6a980e286a28fb004a5aacfd1a20bbcfe4573f4b Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Mon, 13 Jan 2025 15:23:03 +0000 Subject: [PATCH 10/11] fix gnu-efi paths Signed-off-by: Callum Farmer --- Make.defaults | 6 +++--- Makefile | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Make.defaults b/Make.defaults index afbf44d0a..b9c3f4a71 100644 --- a/Make.defaults +++ b/Make.defaults @@ -160,8 +160,8 @@ endif LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) FORMAT ?= --output-target efi-app-$(ARCH) -LOCAL_EFI_PATH = gnu-efi/$(ARCH_GNUEFI)/gnuefi -LIBDIR = gnu-efi/$(ARCH_GNUEFI)/lib +LOCAL_EFI_PATH = $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi +LIBDIR = $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib MMSTEM ?= mm$(ARCH_SUFFIX) MMNAME = $(MMSTEM).efi @@ -192,7 +192,7 @@ ifneq ($(origin SBAT_AUTOMATIC_DATE), undefined) DEFINES += -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE) endif -LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined +LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LIBDIR) -L$(LOCAL_EFI_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined ifneq ($(DEBUG),) export DEBUG diff --git a/Makefile b/Makefile index 7c5ebcc33..55318457a 100644 --- a/Makefile +++ b/Makefile @@ -150,8 +150,8 @@ $(SHIMNAME) $(MMNAME) $(FBNAME) : | post-process-pe LIBS = Cryptlib/libcryptlib.a \ Cryptlib/OpenSSL/libopenssl.a \ lib/lib.a \ - gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \ - gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a + $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \ + $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a $(SHIMSONAME): $(OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a @@ -166,7 +166,7 @@ MokManager.o: $(MOK_SOURCES) $(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a -gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: +$(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: mkdir -p gnu-efi/lib gnu-efi/gnuefi $(MAKE) -C gnu-efi \ COMPILER="$(COMPILER)" \ @@ -175,6 +175,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: ARCH=$(ARCH_GNUEFI) \ NO_GLIBC=1 \ TOPDIR=$(TOPDIR)/gnu-efi \ + VPATH=$(TOPDIR)/gnu-efi \ -f $(TOPDIR)/gnu-efi/Makefile \ lib gnuefi inc $(IGNORE_COMPILER_ERRORS) @@ -358,6 +359,7 @@ clean-gnu-efi: COMPILER="$(COMPILER)" \ ARCH=$(ARCH_GNUEFI) \ TOPDIR=$(TOPDIR)/gnu-efi \ + VPATH=$(TOPDIR)/gnu-efi \ -f $(TOPDIR)/gnu-efi/Makefile \ clean ; \ fi From 4b96f2a37990bf372790b03d352a4618b74d26a6 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Mon, 13 Oct 2025 14:38:25 +0100 Subject: [PATCH 11/11] Fix some lds issues * De-duplicate uses of .note.gnu.build-id/.eh_frame * Push .reloc after .data (see ncroxon/gnu-efi@03bfe2f5ced3cfda8cc693bbb2ff647b8087d5a8) * ARM updates: * use new .text placement (0x1000) fixes allocation issue (ncroxon/gnu-efi@24a4cd0e5653fd84b004c00c808c45cc3fb7a7e2) * add needed symbols from gnu-efi * Add missed reloc section (ncroxon/gnu-efi@eadee98bf007a577d461cf9529eae655c9aebd03) Signed-off-by: Callum Farmer --- elf_aarch64_efi.lds | 15 +++++++-------- elf_arm_efi.lds | 18 +++++++++++++++--- elf_ia32_efi.lds | 13 +++++++------ elf_x86_64_efi.lds | 15 +++++++-------- 4 files changed, 36 insertions(+), 25 deletions(-) diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds index ff2e408ae..7f26a1457 100644 --- a/elf_aarch64_efi.lds +++ b/elf_aarch64_efi.lds @@ -5,7 +5,8 @@ SECTIONS { . = 0; ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ + /* this MUST come first! */ + .hash : { *(.hash) } . = ALIGN(65536); .eh_frame : { @@ -21,11 +22,6 @@ SECTIONS _etext = .; } . = ALIGN(65536); - .reloc : - { - *(.reloc) - } - . = ALIGN(65536); .note.gnu.build-id : { *(.note.gnu.build-id) } @@ -57,6 +53,11 @@ SECTIONS *(COMMON) *(.rel.local) } + . = ALIGN(65536); + .reloc : + { + *(.reloc) + } . = ALIGN(65536); .vendor_cert : @@ -92,9 +93,7 @@ SECTIONS .ignored.reloc : { *(.rela.reloc) - *(.eh_frame) *(.note.GNU-stack) } .comment 0 : { *(.comment) } - .note.gnu.build-id : { *(.note.gnu.build-id) } } diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds index 533462193..66185a4fc 100644 --- a/elf_arm_efi.lds +++ b/elf_arm_efi.lds @@ -3,9 +3,10 @@ OUTPUT_ARCH(arm) ENTRY(_start) SECTIONS { - .text 0x0 : { - _text = .; + .text 0 : { *(.text.head) + . = 0x1000; + _text = .; *(.text) *(.text.*) *(.gnu.linkonce.t.*) @@ -45,6 +46,16 @@ SECTIONS _edata = .; _data_vsize = _evdata - _data; _data_size = . - _data; + . = ALIGN(4096); + _reloc = .; + .areloc : { + *(.areloc) + _evreloc = .; + . = ALIGN(4096); + _ereloc = .; + } =0 + _reloc_vsize = _evreloc - _reloc; + _reloc_size = _ereloc - _reloc; /* * Note that _sbat must be the beginning of the data, and _esbat must be the @@ -99,7 +110,8 @@ SECTIONS _erodata = .; _rodata_size = . - _rodata; _rodata_vsize = _evrodata - _rodata; - _alldata_size = . - _data; + _image_end = .; + _alldata_size = _image_end - _data; /DISCARD/ : { diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds index e8da91bdf..3f22c9336 100644 --- a/elf_ia32_efi.lds +++ b/elf_ia32_efi.lds @@ -5,7 +5,8 @@ SECTIONS { . = 0; ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ + /* .hash and/or .gnu.hash MUST come first! */ + .hash : { *(.hash) } . = ALIGN(4096); .text : { @@ -16,11 +17,6 @@ SECTIONS _etext = .; } . = ALIGN(4096); - .reloc : - { - *(.reloc) - } - . = ALIGN(4096); .note.gnu.build-id : { *(.note.gnu.build-id) } @@ -52,6 +48,11 @@ SECTIONS *(.bss) *(COMMON) } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } . = ALIGN(4096); .vendor_cert : diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds index 39aff6b07..56a1c71bf 100644 --- a/elf_x86_64_efi.lds +++ b/elf_x86_64_efi.lds @@ -6,7 +6,8 @@ SECTIONS { . = 0; ImageBase = .; - .hash : { *(.hash) } /* this MUST come first! */ + /* this MUST come first! */ + .hash : { *(.hash) } . = ALIGN(4096); .eh_frame : { @@ -22,11 +23,6 @@ SECTIONS _etext = .; } . = ALIGN(4096); - .reloc : - { - *(.reloc) - } - . = ALIGN(4096); .note.gnu.build-id : { *(.note.gnu.build-id) } @@ -58,6 +54,11 @@ SECTIONS *(COMMON) *(.rel.local) } + . = ALIGN(4096); + .reloc : + { + *(.reloc) + } . = ALIGN(4096); .vendor_cert : @@ -93,9 +94,7 @@ SECTIONS .ignored.reloc : { *(.rela.reloc) - *(.eh_frame) *(.note.GNU-stack) } .comment 0 : { *(.comment) } - .note.gnu.build-id : { *(.note.gnu.build-id) } }