[Buildroot] [PATCH 0/4] Misc shim related fixes/bumps

[Buildroot] [PATCH 0/4] Misc shim related fixes/bumps

[Thomas Petazzoni]

Hello,

While looking at the CVEs for shim, I found out that we were not using
the latest version. And while bumping, I found out that even the
current version doesn't build with recent compiler versions.

PATCH 1/4 and 2/4 fix build issues by backporting upstream
patches. Those patches are already in the newer 15.4, but for the sake
of backporting to 2021.02, it felt better to have them as separate
fixes first. PATCH 3/4 does the 15.4 bump, and PATCH 4/4 re-enables on
ARM32.

Note that I don't have any particular interest in shim, so this has
only been build tested (arm32, arm64 and x86-64).

Thomas

Thomas Petazzoni (4):
  boot/shim: fix build issue due to gnu-efi
  boot/shim: fix build issues with gcc 9.x
  boot/shim: bump to version 15.4
  boot/shim: re-enable on ARM32

 boot/shim/Config.in |  4 +---
 boot/shim/shim.hash |  2 +-
 boot/shim/shim.mk   | 11 ++++-------
 3 files changed, 6 insertions(+), 11 deletions(-)

-- 
2.30.2

[Buildroot] [PATCH 1/4] boot/shim: fix build issue due to gnu-efi

[Thomas Petazzoni]

shim fails to build with:

console.c:448:5: error: ?EFI_WARN_UNKOWN_GLYPH? undeclared here (not in a function); did you mean ?EFI_WARN_UNKNOWN_GLYPH??
  448 |  {  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
      |     ^~~~~~~~~~~~~~~~~~~~~
      |     EFI_WARN_UNKNOWN_GLYPH
make[2]: *** [<builtin>: console.o] Error 1
make[2]: *** Waiting for unfinished jobs....

Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
resolve this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...po-in-the-EFI-warning-list-in-gnu-ef.patch | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch

diff --git a/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch b/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
new file mode 100644
index 0000000000..77d1b54f16
--- /dev/null
+++ b/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
@@ -0,0 +1,57 @@
+From b00d7f63df7ee6f74a63515f1469768e9cb2aa7a Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 26 Aug 2019 16:12:05 -0400
+Subject: [PATCH] console: Fix a typo in the EFI warning list in gnu-efi
+
+Some versions of gnu-efi have a typo, in which "EFI_WARN_UNKNOWN_GLYPH"
+is accidentally "EFI_WARN_UNKOWN_GLYPH".  Work around that, so that we
+can use the not-silly one in console.c's list of error and warning
+messages.
+
+This is a backport from devel for:
+
+  commit 5f62b22ccd636d326b3229a2b196118701c6f3f7
+  Author: Peter Jones <pjones@redhat.com>
+  Date:   Mon Aug 26 16:12:05 2019 -0400
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Upstream: d230d02f990f02293736dca78b108f86c86d1bd0
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ include/console.h | 6 ++++++
+ lib/console.c     | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/include/console.h b/include/console.h
+index deb4fa3..00da98d 100644
+--- a/include/console.h
++++ b/include/console.h
+@@ -7,6 +7,12 @@
+ #define PrintAt(fmt, ...) \
+ 	({"Do not directly call PrintAt() use console_print_at() instead" = 1;});
+ 
++#if !defined(EFI_WARN_UNKNOWN_GLYPH) && defined(EFI_WARN_UNKOWN_GLYPH)
++#define EFI_WARN_UNKNOWN_GLYPH EFI_WARN_UNKOWN_GLYPH
++#elif !defined(EFI_WARN_UNKNOWN_GLYPH)
++#define EFI_WARN_UNKNOWN_GLYPH EFIWARN(1)
++#endif
++
+ EFI_STATUS
+ console_get_keystroke(EFI_INPUT_KEY *key);
+ UINTN
+diff --git a/lib/console.c b/lib/console.c
+index 3aee41c..ccd4d4d 100644
+--- a/lib/console.c
++++ b/lib/console.c
+@@ -445,7 +445,7 @@ static struct {
+ 	{  EFI_SECURITY_VIOLATION,     L"Security Violation"},
+ 
+ 	// warnings
+-	{  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
++	{  EFI_WARN_UNKNOWN_GLYPH,     L"Warning Unknown Glyph"},
+ 	{  EFI_WARN_DELETE_FAILURE,    L"Warning Delete Failure"},
+ 	{  EFI_WARN_WRITE_FAILURE,     L"Warning Write Failure"},
+ 	{  EFI_WARN_BUFFER_TOO_SMALL,  L"Warning Buffer Too Small"},
+-- 
+2.30.2
+
-- 
2.30.2

[Buildroot] [PATCH 2/4] boot/shim: fix build issues with gcc 9.x

[Thomas Petazzoni]

Backport a set of upstream patches to fix:

MokManager.c: In function ?write_back_mok_list?:
MokManager.c:1081:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1081 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
      |                   ^~~~~~~~~~~~~~~
MokManager.c:1103:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1103 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~
MokManager.c: In function ?delete_cert?:
MokManager.c:1144:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1144 |   if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
      |                   ^~~~~~~~~~~~~~
MokManager.c: In function ?delete_hash_in_list?:
MokManager.c:1195:20: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1195 |   if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
      |                    ^~~~~~~~~~~~~~
MokManager.c: In function ?delete_keys?:
MokManager.c:1359:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
 1359 |   if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
      |                   ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [<builtin>: MokManager.o] Error 1

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...tuff-Waddress-of-packed-member-finds.patch |  90 ++++++++++++++
 ...ompareMem-on-MokListNode.Type-instea.patch |  73 ++++++++++++
 ...void-Werror-address-of-packed-member.patch | 112 ++++++++++++++++++
 3 files changed, 275 insertions(+)
 create mode 100644 boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
 create mode 100644 boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
 create mode 100644 boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch

diff --git a/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch b/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
new file mode 100644
index 0000000000..9a6187b1a1
--- /dev/null
+++ b/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
@@ -0,0 +1,90 @@
+From 7c1d3d8116b78bf096b7b8c6da5486f37efeb75f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 13 May 2019 16:34:35 -0400
+Subject: [PATCH] Work around stuff -Waddress-of-packed-member finds.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In MokManager we get a lot of these:
+
+../src/MokManager.c:1063:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
+ 1063 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
+      |                   ^~~~~~~~~~~~~~~
+
+The reason for this is that gnu-efi takes EFI_GUID * as its argument
+instead of VOID *, and there's nothing telling the compiler that it
+doesn't have alignment constraints on the input, so the compiler wants
+it to have 16-byte alignment.
+
+Just use CompareMem() for these, as that's all CompareGuid is calling
+anyway.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Upstream: 2cbf56b82a5102777b37c4f7f47c8cf058cea027
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ MokManager.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 7e40a38..5d0a979 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -22,6 +22,8 @@
+ #define CERT_STRING L"Select an X509 certificate to enroll:\n\n"
+ #define HASH_STRING L"Select a file to trust:\n\n"
+ 
++#define CompareMemberGuid(x, y) CompareMem(x, y, sizeof(EFI_GUID))
++
+ typedef struct {
+ 	UINT32 MokSize;
+ 	UINT8 *Mok;
+@@ -1078,7 +1080,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 			continue;
+ 
+ 		DataSize += sizeof(EFI_SIGNATURE_LIST);
+-		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
++		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
+ 			DataSize += sizeof(EFI_GUID);
+ 		DataSize += list[i].MokSize;
+ 	}
+@@ -1100,7 +1102,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 		CertList->SignatureType = list[i].Type;
+ 		CertList->SignatureHeaderSize = 0;
+ 
+-		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
++		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
+ 			CertList->SignatureListSize = list[i].MokSize +
+ 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
+ 			CertList->SignatureSize =
+@@ -1141,7 +1143,7 @@ static void delete_cert(void *key, UINT32 key_size,
+ 	int i;
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
++		if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
+ 			continue;
+ 
+ 		if (mok[i].MokSize == key_size &&
+@@ -1192,7 +1194,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
+ 	sig_size = hash_size + sizeof(EFI_GUID);
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
++		if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
+ 		    (mok[i].MokSize < sig_size))
+ 			continue;
+ 
+@@ -1356,7 +1358,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
+ 
+ 	/* Search and destroy */
+ 	for (i = 0; i < del_num; i++) {
+-		if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
++		if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
+ 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
+ 				    mok, mok_num);
+ 		} else if (is_sha2_hash(del_key[i].Type)) {
+-- 
+2.30.2
+
diff --git a/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch b/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
new file mode 100644
index 0000000000..5f8f44519d
--- /dev/null
+++ b/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
@@ -0,0 +1,73 @@
+From 694a91664a7f5018bdc1e1092e07a8ac7fc35fc0 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Tue, 26 Feb 2019 11:33:53 +0800
+Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of
+ CompareGuid
+
+Fix the errors from gcc9 '-Werror=address-of-packed-member'
+
+https://github.com/rhboot/shim/issues/161
+
+Signed-off-by: Gary Lin <glin@suse.com>
+Upstream: 5d30a31fef4eb7e773da24c5e6c20576282a9c3a
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ MokManager.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index 5d0a979..e13400b 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1080,7 +1080,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 			continue;
+ 
+ 		DataSize += sizeof(EFI_SIGNATURE_LIST);
+-		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
++		if (CompareMem(&(list[i].Type), &X509_GUID,
++			       sizeof(EFI_GUID)) == 0)
+ 			DataSize += sizeof(EFI_GUID);
+ 		DataSize += list[i].MokSize;
+ 	}
+@@ -1102,7 +1103,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 		CertList->SignatureType = list[i].Type;
+ 		CertList->SignatureHeaderSize = 0;
+ 
+-		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
++		if (CompareMem(&(list[i].Type), &X509_GUID,
++			       sizeof(EFI_GUID)) == 0) {
+ 			CertList->SignatureListSize = list[i].MokSize +
+ 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
+ 			CertList->SignatureSize =
+@@ -1143,7 +1145,8 @@ static void delete_cert(void *key, UINT32 key_size,
+ 	int i;
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
++		if (CompareMem(&(mok[i].Type), &X509_GUID,
++			       sizeof(EFI_GUID)) != 0)
+ 			continue;
+ 
+ 		if (mok[i].MokSize == key_size &&
+@@ -1194,7 +1197,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
+ 	sig_size = hash_size + sizeof(EFI_GUID);
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
++		if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
+ 		    (mok[i].MokSize < sig_size))
+ 			continue;
+ 
+@@ -1358,7 +1361,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
+ 
+ 	/* Search and destroy */
+ 	for (i = 0; i < del_num; i++) {
+-		if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
++		if (CompareMem(&(del_key[i].Type), &X509_GUID,
++			       sizeof(EFI_GUID)) == 0) {
+ 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
+ 				    mok, mok_num);
+ 		} else if (is_sha2_hash(del_key[i].Type)) {
+-- 
+2.30.2
+
diff --git a/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch b/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
new file mode 100644
index 0000000000..d86c5bb005
--- /dev/null
+++ b/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
@@ -0,0 +1,112 @@
+From f17f67fef7ae05cbad8609aacef41a448a2d8d54 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@gmx.de>
+Date: Thu, 5 Sep 2019 10:39:37 +0200
+Subject: [PATCH] MokManager: avoid -Werror=address-of-packed-member
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When compiling with GCC 9, there are a couple of errors of the form
+
+MokManager.c: In function ?write_back_mok_list?:
+MokManager.c:1056:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
+ 1056 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
+      |                   ^~~~~~~~~~~~~~~
+
+Copying the member of the packed struct to a temporary variable and
+pointing to that variable solves the problem.
+
+Upstream: d57e53f3bddc4bc7299b3d5efd5ba8c547e8dfa5
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+---
+ MokManager.c | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/MokManager.c b/MokManager.c
+index e13400b..1a8d666 100644
+--- a/MokManager.c
++++ b/MokManager.c
+@@ -1065,6 +1065,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 	EFI_STATUS efi_status;
+ 	EFI_SIGNATURE_LIST *CertList;
+ 	EFI_SIGNATURE_DATA *CertData;
++	EFI_GUID type;
+ 	void *Data = NULL, *ptr;
+ 	INTN DataSize = 0;
+ 	int i;
+@@ -1080,8 +1081,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 			continue;
+ 
+ 		DataSize += sizeof(EFI_SIGNATURE_LIST);
+-		if (CompareMem(&(list[i].Type), &X509_GUID,
+-			       sizeof(EFI_GUID)) == 0)
++		type = list[i].Type; /* avoid -Werror=address-of-packed-member */
++		if (CompareGuid(&type, &X509_GUID) == 0)
+ 			DataSize += sizeof(EFI_GUID);
+ 		DataSize += list[i].MokSize;
+ 	}
+@@ -1103,8 +1104,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ 		CertList->SignatureType = list[i].Type;
+ 		CertList->SignatureHeaderSize = 0;
+ 
+-		if (CompareMem(&(list[i].Type), &X509_GUID,
+-			       sizeof(EFI_GUID)) == 0) {
++		if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) {
+ 			CertList->SignatureListSize = list[i].MokSize +
+ 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
+ 			CertList->SignatureSize =
+@@ -1142,11 +1142,12 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
+ static void delete_cert(void *key, UINT32 key_size,
+ 			MokListNode * mok, INTN mok_num)
+ {
++	EFI_GUID type;
+ 	int i;
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if (CompareMem(&(mok[i].Type), &X509_GUID,
+-			       sizeof(EFI_GUID)) != 0)
++		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
++		if (CompareGuid(&type, &X509_GUID) != 0)
+ 			continue;
+ 
+ 		if (mok[i].MokSize == key_size &&
+@@ -1188,6 +1189,7 @@ static void mem_move(void *dest, void *src, UINTN size)
+ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
+ 				MokListNode * mok, INTN mok_num)
+ {
++	EFI_GUID type;
+ 	UINT32 sig_size;
+ 	UINT32 list_num;
+ 	int i, del_ind;
+@@ -1197,7 +1199,8 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
+ 	sig_size = hash_size + sizeof(EFI_GUID);
+ 
+ 	for (i = 0; i < mok_num; i++) {
+-		if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
++		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
++		if ((CompareGuid(&type, &Type) != 0) ||
+ 		    (mok[i].MokSize < sig_size))
+ 			continue;
+ 
+@@ -1253,6 +1256,7 @@ static void delete_hash_list(EFI_GUID Type, void *hash_list, UINT32 list_size,
+ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
+ {
+ 	EFI_STATUS efi_status;
++	EFI_GUID type;
+ 	CHAR16 *db_name;
+ 	CHAR16 *auth_name;
+ 	CHAR16 *err_strs[] = { NULL, NULL, NULL };
+@@ -1361,8 +1365,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
+ 
+ 	/* Search and destroy */
+ 	for (i = 0; i < del_num; i++) {
+-		if (CompareMem(&(del_key[i].Type), &X509_GUID,
+-			       sizeof(EFI_GUID)) == 0) {
++		type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
++		if (CompareGuid(&type, &X509_GUID) == 0) {
+ 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
+ 				    mok, mok_num);
+ 		} else if (is_sha2_hash(del_key[i].Type)) {
+-- 
+2.30.2
+
-- 
2.30.2

[Buildroot] [PATCH 3/4] boot/shim: bump to version 15.4

[Thomas Petazzoni]

- Use the tarball provided by upstream developers instead of the one
  generated by Github. Indeed
  https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
  usual, please use the shim-15.4.tar.bz2 tarball, rather than the
  other two archives github automatically produces."

- The tarball now includes the gnu-efi code, so we no longer need to
  select gnu-efi and have it as a build dependency. We continue to use
  BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
  architectures that have gnu-efi support. We also drop the
  EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
  needs to be searched in STAGING_DIR.

- Drop all four patches, which were backports from upstream.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...po-in-the-EFI-warning-list-in-gnu-ef.patch |  57 ---------
 ...tuff-Waddress-of-packed-member-finds.patch |  90 --------------
 ...ompareMem-on-MokListNode.Type-instea.patch |  73 ------------
 ...void-Werror-address-of-packed-member.patch | 112 ------------------
 boot/shim/Config.in                           |   2 +-
 boot/shim/shim.hash                           |   2 +-
 boot/shim/shim.mk                             |  11 +-
 7 files changed, 6 insertions(+), 341 deletions(-)
 delete mode 100644 boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
 delete mode 100644 boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
 delete mode 100644 boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
 delete mode 100644 boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch

diff --git a/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch b/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
deleted file mode 100644
index 77d1b54f16..0000000000
--- a/boot/shim/0001-console-Fix-a-typo-in-the-EFI-warning-list-in-gnu-ef.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From b00d7f63df7ee6f74a63515f1469768e9cb2aa7a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 26 Aug 2019 16:12:05 -0400
-Subject: [PATCH] console: Fix a typo in the EFI warning list in gnu-efi
-
-Some versions of gnu-efi have a typo, in which "EFI_WARN_UNKNOWN_GLYPH"
-is accidentally "EFI_WARN_UNKOWN_GLYPH".  Work around that, so that we
-can use the not-silly one in console.c's list of error and warning
-messages.
-
-This is a backport from devel for:
-
-  commit 5f62b22ccd636d326b3229a2b196118701c6f3f7
-  Author: Peter Jones <pjones@redhat.com>
-  Date:   Mon Aug 26 16:12:05 2019 -0400
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: d230d02f990f02293736dca78b108f86c86d1bd0
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- include/console.h | 6 ++++++
- lib/console.c     | 2 +-
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/include/console.h b/include/console.h
-index deb4fa3..00da98d 100644
---- a/include/console.h
-+++ b/include/console.h
-@@ -7,6 +7,12 @@
- #define PrintAt(fmt, ...) \
- 	({"Do not directly call PrintAt() use console_print_at() instead" = 1;});
- 
-+#if !defined(EFI_WARN_UNKNOWN_GLYPH) && defined(EFI_WARN_UNKOWN_GLYPH)
-+#define EFI_WARN_UNKNOWN_GLYPH EFI_WARN_UNKOWN_GLYPH
-+#elif !defined(EFI_WARN_UNKNOWN_GLYPH)
-+#define EFI_WARN_UNKNOWN_GLYPH EFIWARN(1)
-+#endif
-+
- EFI_STATUS
- console_get_keystroke(EFI_INPUT_KEY *key);
- UINTN
-diff --git a/lib/console.c b/lib/console.c
-index 3aee41c..ccd4d4d 100644
---- a/lib/console.c
-+++ b/lib/console.c
-@@ -445,7 +445,7 @@ static struct {
- 	{  EFI_SECURITY_VIOLATION,     L"Security Violation"},
- 
- 	// warnings
--	{  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
-+	{  EFI_WARN_UNKNOWN_GLYPH,     L"Warning Unknown Glyph"},
- 	{  EFI_WARN_DELETE_FAILURE,    L"Warning Delete Failure"},
- 	{  EFI_WARN_WRITE_FAILURE,     L"Warning Write Failure"},
- 	{  EFI_WARN_BUFFER_TOO_SMALL,  L"Warning Buffer Too Small"},
--- 
-2.30.2
-
diff --git a/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch b/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
deleted file mode 100644
index 9a6187b1a1..0000000000
--- a/boot/shim/0002-Work-around-stuff-Waddress-of-packed-member-finds.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 7c1d3d8116b78bf096b7b8c6da5486f37efeb75f Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 13 May 2019 16:34:35 -0400
-Subject: [PATCH] Work around stuff -Waddress-of-packed-member finds.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In MokManager we get a lot of these:
-
-../src/MokManager.c:1063:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1063 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-      |                   ^~~~~~~~~~~~~~~
-
-The reason for this is that gnu-efi takes EFI_GUID * as its argument
-instead of VOID *, and there's nothing telling the compiler that it
-doesn't have alignment constraints on the input, so the compiler wants
-it to have 16-byte alignment.
-
-Just use CompareMem() for these, as that's all CompareGuid is calling
-anyway.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Upstream: 2cbf56b82a5102777b37c4f7f47c8cf058cea027
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- MokManager.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 7e40a38..5d0a979 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -22,6 +22,8 @@
- #define CERT_STRING L"Select an X509 certificate to enroll:\n\n"
- #define HASH_STRING L"Select a file to trust:\n\n"
- 
-+#define CompareMemberGuid(x, y) CompareMem(x, y, sizeof(EFI_GUID))
-+
- typedef struct {
- 	UINT32 MokSize;
- 	UINT8 *Mok;
-@@ -1078,7 +1080,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 			continue;
- 
- 		DataSize += sizeof(EFI_SIGNATURE_LIST);
--		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-+		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
- 			DataSize += sizeof(EFI_GUID);
- 		DataSize += list[i].MokSize;
- 	}
-@@ -1100,7 +1102,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 		CertList->SignatureType = list[i].Type;
- 		CertList->SignatureHeaderSize = 0;
- 
--		if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
-+		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
- 			CertList->SignatureListSize = list[i].MokSize +
- 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- 			CertList->SignatureSize =
-@@ -1141,7 +1143,7 @@ static void delete_cert(void *key, UINT32 key_size,
- 	int i;
- 
- 	for (i = 0; i < mok_num; i++) {
--		if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
-+		if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
- 			continue;
- 
- 		if (mok[i].MokSize == key_size &&
-@@ -1192,7 +1194,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- 	sig_size = hash_size + sizeof(EFI_GUID);
- 
- 	for (i = 0; i < mok_num; i++) {
--		if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
-+		if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
- 		    (mok[i].MokSize < sig_size))
- 			continue;
- 
-@@ -1356,7 +1358,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- 
- 	/* Search and destroy */
- 	for (i = 0; i < del_num; i++) {
--		if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+		if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
- 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
- 				    mok, mok_num);
- 		} else if (is_sha2_hash(del_key[i].Type)) {
--- 
-2.30.2
-
diff --git a/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch b/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
deleted file mode 100644
index 5f8f44519d..0000000000
--- a/boot/shim/0003-MokManager-Use-CompareMem-on-MokListNode.Type-instea.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 694a91664a7f5018bdc1e1092e07a8ac7fc35fc0 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Tue, 26 Feb 2019 11:33:53 +0800
-Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of
- CompareGuid
-
-Fix the errors from gcc9 '-Werror=address-of-packed-member'
-
-https://github.com/rhboot/shim/issues/161
-
-Signed-off-by: Gary Lin <glin@suse.com>
-Upstream: 5d30a31fef4eb7e773da24c5e6c20576282a9c3a
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- MokManager.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index 5d0a979..e13400b 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1080,7 +1080,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 			continue;
- 
- 		DataSize += sizeof(EFI_SIGNATURE_LIST);
--		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0)
-+		if (CompareMem(&(list[i].Type), &X509_GUID,
-+			       sizeof(EFI_GUID)) == 0)
- 			DataSize += sizeof(EFI_GUID);
- 		DataSize += list[i].MokSize;
- 	}
-@@ -1102,7 +1103,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 		CertList->SignatureType = list[i].Type;
- 		CertList->SignatureHeaderSize = 0;
- 
--		if (CompareMemberGuid(&(list[i].Type), &X509_GUID) == 0) {
-+		if (CompareMem(&(list[i].Type), &X509_GUID,
-+			       sizeof(EFI_GUID)) == 0) {
- 			CertList->SignatureListSize = list[i].MokSize +
- 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- 			CertList->SignatureSize =
-@@ -1143,7 +1145,8 @@ static void delete_cert(void *key, UINT32 key_size,
- 	int i;
- 
- 	for (i = 0; i < mok_num; i++) {
--		if (CompareMemberGuid(&(mok[i].Type), &X509_GUID) != 0)
-+		if (CompareMem(&(mok[i].Type), &X509_GUID,
-+			       sizeof(EFI_GUID)) != 0)
- 			continue;
- 
- 		if (mok[i].MokSize == key_size &&
-@@ -1194,7 +1197,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- 	sig_size = hash_size + sizeof(EFI_GUID);
- 
- 	for (i = 0; i < mok_num; i++) {
--		if ((CompareMemberGuid(&(mok[i].Type), &Type) != 0) ||
-+		if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
- 		    (mok[i].MokSize < sig_size))
- 			continue;
- 
-@@ -1358,7 +1361,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- 
- 	/* Search and destroy */
- 	for (i = 0; i < del_num; i++) {
--		if (CompareMemberGuid(&(del_key[i].Type), &X509_GUID) == 0) {
-+		if (CompareMem(&(del_key[i].Type), &X509_GUID,
-+			       sizeof(EFI_GUID)) == 0) {
- 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
- 				    mok, mok_num);
- 		} else if (is_sha2_hash(del_key[i].Type)) {
--- 
-2.30.2
-
diff --git a/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch b/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
deleted file mode 100644
index d86c5bb005..0000000000
--- a/boot/shim/0004-MokManager-avoid-Werror-address-of-packed-member.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From f17f67fef7ae05cbad8609aacef41a448a2d8d54 Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas@gmx.de>
-Date: Thu, 5 Sep 2019 10:39:37 +0200
-Subject: [PATCH] MokManager: avoid -Werror=address-of-packed-member
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When compiling with GCC 9, there are a couple of errors of the form
-
-MokManager.c: In function ?write_back_mok_list?:
-MokManager.c:1056:19: error: taking address of packed member of ?struct <anonymous>? may result in an unaligned pointer value [-Werror=address-of-packed-member]
- 1056 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
-      |                   ^~~~~~~~~~~~~~~
-
-Copying the member of the packed struct to a temporary variable and
-pointing to that variable solves the problem.
-
-Upstream: d57e53f3bddc4bc7299b3d5efd5ba8c547e8dfa5
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- MokManager.c | 22 +++++++++++++---------
- 1 file changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/MokManager.c b/MokManager.c
-index e13400b..1a8d666 100644
---- a/MokManager.c
-+++ b/MokManager.c
-@@ -1065,6 +1065,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 	EFI_STATUS efi_status;
- 	EFI_SIGNATURE_LIST *CertList;
- 	EFI_SIGNATURE_DATA *CertData;
-+	EFI_GUID type;
- 	void *Data = NULL, *ptr;
- 	INTN DataSize = 0;
- 	int i;
-@@ -1080,8 +1081,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 			continue;
- 
- 		DataSize += sizeof(EFI_SIGNATURE_LIST);
--		if (CompareMem(&(list[i].Type), &X509_GUID,
--			       sizeof(EFI_GUID)) == 0)
-+		type = list[i].Type; /* avoid -Werror=address-of-packed-member */
-+		if (CompareGuid(&type, &X509_GUID) == 0)
- 			DataSize += sizeof(EFI_GUID);
- 		DataSize += list[i].MokSize;
- 	}
-@@ -1103,8 +1104,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- 		CertList->SignatureType = list[i].Type;
- 		CertList->SignatureHeaderSize = 0;
- 
--		if (CompareMem(&(list[i].Type), &X509_GUID,
--			       sizeof(EFI_GUID)) == 0) {
-+		if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) {
- 			CertList->SignatureListSize = list[i].MokSize +
- 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
- 			CertList->SignatureSize =
-@@ -1142,11 +1142,12 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
- static void delete_cert(void *key, UINT32 key_size,
- 			MokListNode * mok, INTN mok_num)
- {
-+	EFI_GUID type;
- 	int i;
- 
- 	for (i = 0; i < mok_num; i++) {
--		if (CompareMem(&(mok[i].Type), &X509_GUID,
--			       sizeof(EFI_GUID)) != 0)
-+		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+		if (CompareGuid(&type, &X509_GUID) != 0)
- 			continue;
- 
- 		if (mok[i].MokSize == key_size &&
-@@ -1188,6 +1189,7 @@ static void mem_move(void *dest, void *src, UINTN size)
- static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- 				MokListNode * mok, INTN mok_num)
- {
-+	EFI_GUID type;
- 	UINT32 sig_size;
- 	UINT32 list_num;
- 	int i, del_ind;
-@@ -1197,7 +1199,8 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
- 	sig_size = hash_size + sizeof(EFI_GUID);
- 
- 	for (i = 0; i < mok_num; i++) {
--		if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) ||
-+		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-+		if ((CompareGuid(&type, &Type) != 0) ||
- 		    (mok[i].MokSize < sig_size))
- 			continue;
- 
-@@ -1253,6 +1256,7 @@ static void delete_hash_list(EFI_GUID Type, void *hash_list, UINT32 list_size,
- static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- {
- 	EFI_STATUS efi_status;
-+	EFI_GUID type;
- 	CHAR16 *db_name;
- 	CHAR16 *auth_name;
- 	CHAR16 *err_strs[] = { NULL, NULL, NULL };
-@@ -1361,8 +1365,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
- 
- 	/* Search and destroy */
- 	for (i = 0; i < del_num; i++) {
--		if (CompareMem(&(del_key[i].Type), &X509_GUID,
--			       sizeof(EFI_GUID)) == 0) {
-+		type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
-+		if (CompareGuid(&type, &X509_GUID) == 0) {
- 			delete_cert(del_key[i].Mok, del_key[i].MokSize,
- 				    mok, mok_num);
- 		} else if (is_sha2_hash(del_key[i].Type)) {
--- 
-2.30.2
-
diff --git a/boot/shim/Config.in b/boot/shim/Config.in
index ea6650f54c..596ff5b2cf 100644
--- a/boot/shim/Config.in
+++ b/boot/shim/Config.in
@@ -1,9 +1,9 @@
 config BR2_TARGET_SHIM
 	bool "shim"
+	# it includes gnu-efi
 	depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS
 	# ARM32 build currently broken
 	depends on !BR2_ARM_CPU_HAS_ARM
-	select BR2_PACKAGE_GNU_EFI
 	help
 	  Boot loader to chain-load signed boot loaders under Secure
 	  Boot.
diff --git a/boot/shim/shim.hash b/boot/shim/shim.hash
index 318390f80b..15c763abca 100644
--- a/boot/shim/shim.hash
+++ b/boot/shim/shim.hash
@@ -1,3 +1,3 @@
 # locally computed hash
-sha256 279d19cc95b9974ea2379401a6a0653d949c3fa3d61f0c4bd6a7b9e840bdc425  shim-15.tar.gz
+sha256 8344473dd10569588b8238a4656b8fab226714eea9f5363f8c410aa8a5090297  shim-15.4.tar.bz2
 sha256 15edf527919ddcb2f514ab9d16ad07ef219e4bb490e0b79560be510f0c159cc2  COPYRIGHT
diff --git a/boot/shim/shim.mk b/boot/shim/shim.mk
index e0f01a8a9d..0a6d1527aa 100644
--- a/boot/shim/shim.mk
+++ b/boot/shim/shim.mk
@@ -4,22 +4,19 @@
 #
 ################################################################################
 
-SHIM_VERSION = 15
-SHIM_SITE = $(call github,rhboot,shim,$(SHIM_VERSION))
+SHIM_VERSION = 15.4
+SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
+SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
 SHIM_LICENSE = BSD-2-Clause
 SHIM_LICENSE_FILES = COPYRIGHT
 SHIM_CPE_ID_VENDOR = redhat
-SHIM_DEPENDENCIES = gnu-efi
 SHIM_INSTALL_TARGET = NO
 SHIM_INSTALL_IMAGES = YES
 
 SHIM_MAKE_OPTS = \
 	ARCH="$(GNU_EFI_PLATFORM)" \
 	CROSS_COMPILE="$(TARGET_CROSS)" \
-	DASHJ="-j$(PARALLEL_JOBS)" \
-	EFI_INCLUDE="$(STAGING_DIR)/usr/include/efi" \
-	EFI_PATH="$(STAGING_DIR)/usr/lib" \
-	LIBDIR="$(STAGING_DIR)/usr/lib"
+	DASHJ="-j$(PARALLEL_JOBS)"
 
 define SHIM_BUILD_CMDS
 	$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) $(SHIM_MAKE_OPTS)
-- 
2.30.2

[Buildroot] [PATCH 4/4] boot/shim: re-enable on ARM32

[Thomas Petazzoni]

shim 15.4 builds just fine on ARM32.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 boot/shim/Config.in | 2 --
 1 file changed, 2 deletions(-)

diff --git a/boot/shim/Config.in b/boot/shim/Config.in
index 596ff5b2cf..2f74d6f332 100644
--- a/boot/shim/Config.in
+++ b/boot/shim/Config.in
@@ -2,8 +2,6 @@ config BR2_TARGET_SHIM
 	bool "shim"
 	# it includes gnu-efi
 	depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS
-	# ARM32 build currently broken
-	depends on !BR2_ARM_CPU_HAS_ARM
 	help
 	  Boot loader to chain-load signed boot loaders under Secure
 	  Boot.
-- 
2.30.2

[Buildroot] [PATCH 1/4] boot/shim: fix build issue due to gnu-efi

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > shim fails to build with:
 > console.c:448:5: error: ?EFI_WARN_UNKOWN_GLYPH? undeclared here (not
 > in a function); did you mean ?EFI_WARN_UNKNOWN_GLYPH??
 >   448 |  {  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
 >       |     ^~~~~~~~~~~~~~~~~~~~~
 >       |     EFI_WARN_UNKNOWN_GLYPH
 > make[2]: *** [<builtin>: console.o] Error 1
 > make[2]: *** Waiting for unfinished jobs....

 > Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
 > resolve this issue.

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 4/4] boot/shim: re-enable on ARM32

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > shim 15.4 builds just fine on ARM32.
 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 3/4] boot/shim: bump to version 15.4

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > - Use the tarball provided by upstream developers instead of the one
 >   generated by Github. Indeed
 >   https://github.com/rhboot/shim/releases/tag/15.4 indicates "As
 >   usual, please use the shim-15.4.tar.bz2 tarball, rather than the
 >   other two archives github automatically produces."

 > - The tarball now includes the gnu-efi code, so we no longer need to
 >   select gnu-efi and have it as a build dependency. We continue to use
 >   BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those
 >   architectures that have gnu-efi support. We also drop the
 >   EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer
 >   needs to be searched in STAGING_DIR.

 > - Drop all four patches, which were backports from upstream.

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/4] boot/shim: fix build issues with gcc 9.x

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > Backport a set of upstream patches to fix:
 > MokManager.c: In function ?write_back_mok_list?:
 > MokManager.c:1081:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1081 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
 >       |                   ^~~~~~~~~~~~~~~
 > MokManager.c:1103:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1103 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
 >       |                   ^~~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_cert?:
 > MokManager.c:1144:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1144 |   if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
 >       |                   ^~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_hash_in_list?:
 > MokManager.c:1195:20: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1195 |   if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
 >       |                    ^~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_keys?:
 > MokManager.c:1359:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1359 |   if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
 >       |                   ^~~~~~~~~~~~~~~~~~
 > cc1: all warnings being treated as errors
 > make[1]: *** [<builtin>: MokManager.o] Error 1

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/4] boot/shim: fix build issue due to gnu-efi

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > shim fails to build with:
 > console.c:448:5: error: ?EFI_WARN_UNKOWN_GLYPH? undeclared here (not
 > in a function); did you mean ?EFI_WARN_UNKNOWN_GLYPH??
 >   448 |  {  EFI_WARN_UNKOWN_GLYPH,      L"Warning Unknown Glyph"},
 >       |     ^~~~~~~~~~~~~~~~~~~~~
 >       |     EFI_WARN_UNKNOWN_GLYPH
 > make[2]: *** [<builtin>: console.o] Error 1
 > make[2]: *** Waiting for unfinished jobs....

 > Backport upstream commit d230d02f990f02293736dca78b108f86c86d1bd0 to
 > resolve this issue.

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/4] boot/shim: fix build issues with gcc 9.x

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:

 > Backport a set of upstream patches to fix:
 > MokManager.c: In function ?write_back_mok_list?:
 > MokManager.c:1081:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1081 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0)
 >       |                   ^~~~~~~~~~~~~~~
 > MokManager.c:1103:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1103 |   if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
 >       |                   ^~~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_cert?:
 > MokManager.c:1144:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1144 |   if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0)
 >       |                   ^~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_hash_in_list?:
 > MokManager.c:1195:20: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1195 |   if ((CompareGuid(&(mok[i].Type), &Type) != 0) ||
 >       |                    ^~~~~~~~~~~~~~
 > MokManager.c: In function ?delete_keys?:
 > MokManager.c:1359:19: error: taking address of packed member of
 > ?struct <anonymous>? may result in an unaligned pointer value
 > [-Werror=address-of-packed-member]
 >  1359 |   if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) {
 >       |                   ^~~~~~~~~~~~~~~~~~
 > cc1: all warnings being treated as errors
 > make[1]: *** [<builtin>: MokManager.o] Error 1

 > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard