├── .clang-format ├── .github └── workflows │ └── pullrequest.yml ├── .gitignore ├── .gitmodules ├── BUILDING ├── CODE_OF_CONDUCT.md ├── COPYRIGHT ├── Cryptlib ├── Base.h ├── Cipher │ ├── CryptAesNull.c │ ├── CryptArc4Null.c │ └── CryptTdesNull.c ├── Cryptlib.diff ├── Hash │ ├── CryptMd4Null.c │ ├── CryptMd5.c │ ├── CryptSha1.c │ ├── CryptSha256.c │ └── CryptSha512.c ├── Hmac │ ├── CryptHmacMd5Null.c │ ├── CryptHmacSha1Null.c │ └── CryptHmacSha256Null.c ├── Include │ ├── OpenSslSupport.h │ ├── Protocol │ │ └── RuntimeCrypt.h │ ├── arpa │ │ └── inet.h │ ├── assert.h │ ├── dirent.h │ ├── errno.h │ ├── limits.h │ ├── malloc.h │ ├── math.h │ ├── memory.h │ ├── netdb.h │ ├── netinet │ │ └── in.h │ ├── openssl │ │ ├── README │ │ ├── aes.h │ │ ├── asn1.h │ │ ├── asn1_mac.h │ │ ├── asn1t.h │ │ ├── bio.h │ │ ├── blowfish.h │ │ ├── bn.h │ │ ├── buffer.h │ │ ├── camellia.h │ │ ├── cast.h │ │ ├── cmac.h │ │ ├── cms.h │ │ ├── comp.h │ │ ├── conf.h │ │ ├── conf_api.h │ │ ├── crypto.h │ │ ├── des.h │ │ ├── des_old.h │ │ ├── dh.h │ │ ├── dsa.h │ │ ├── dso.h │ │ ├── dtls1.h │ │ ├── e_os2.h │ │ ├── ebcdic.h │ │ ├── ec.h │ │ ├── ecdh.h │ │ ├── ecdsa.h │ │ ├── engine.h │ │ ├── err.h │ │ ├── evp.h │ │ ├── hmac.h │ │ ├── idea.h │ │ ├── kssl.h │ │ ├── lhash.h │ │ ├── md4.h │ │ ├── md5.h │ │ ├── mdc2.h │ │ ├── modes.h │ │ ├── obj_mac.h │ │ ├── objects.h │ │ ├── ocsp.h │ │ ├── opensslconf.h │ │ ├── opensslv.h │ │ ├── ossl_typ.h │ │ ├── pem.h │ │ ├── pem2.h │ │ ├── pkcs12.h │ │ ├── pkcs7.h │ │ ├── pqueue.h │ │ ├── rand.h │ │ ├── rc2.h │ │ ├── rc4.h │ │ ├── ripemd.h │ │ ├── rsa.h │ │ ├── safestack.h │ │ ├── seed.h │ │ ├── sha.h │ │ ├── srp.h │ │ ├── srtp.h │ │ ├── ssl.h │ │ ├── ssl2.h │ │ ├── ssl23.h │ │ ├── ssl3.h │ │ ├── stack.h │ │ ├── symhacks.h │ │ ├── tls1.h │ │ ├── ts.h │ │ ├── txt_db.h │ │ ├── ui.h │ │ ├── ui_compat.h │ │ ├── whrlpool.h │ │ ├── x509.h │ │ ├── x509_vfy.h │ │ └── x509v3.h │ ├── sgtty.h │ ├── signal.h │ ├── stdio.h │ ├── sys │ │ ├── ioctl.h │ │ ├── param.h │ │ ├── socket.h │ │ ├── stat.h │ │ ├── time.h │ │ ├── times.h │ │ ├── types.h │ │ └── un.h │ ├── syslog.h │ ├── time.h │ └── unistd.h ├── InternalCryptLib.h ├── Library │ ├── BaseCryptLib.h │ ├── BaseLib.h │ ├── BaseMemoryLib.h │ ├── DebugLib.h │ └── MemoryAllocationLib.h ├── Makefile ├── OpenSSL │ ├── Makefile │ ├── buildinf.h │ ├── crypto │ │ ├── LPdir_nyi.c │ │ ├── aes │ │ │ ├── aes_cbc.c │ │ │ ├── aes_cfb.c │ │ │ ├── aes_core.c │ │ │ ├── aes_ctr.c │ │ │ ├── aes_ecb.c │ │ │ ├── aes_ige.c │ │ │ ├── aes_locl.h │ │ │ ├── aes_misc.c │ │ │ ├── aes_ofb.c │ │ │ └── aes_wrap.c │ │ ├── asn1 │ │ │ ├── a_bitstr.c │ │ │ ├── a_bool.c │ │ │ ├── a_bytes.c │ │ │ ├── a_d2i_fp.c │ │ │ ├── a_digest.c │ │ │ ├── a_dup.c │ │ │ ├── a_enum.c │ │ │ ├── a_gentm.c │ │ │ ├── a_i2d_fp.c │ │ │ ├── a_int.c │ │ │ ├── a_mbstr.c │ │ │ ├── a_object.c │ │ │ ├── a_octet.c │ │ │ ├── a_print.c │ │ │ ├── a_set.c │ │ │ ├── a_sign.c │ │ │ ├── a_strex.c │ │ │ ├── a_strnid.c │ │ │ ├── a_time.c │ │ │ ├── a_type.c │ │ │ ├── a_utctm.c │ │ │ ├── a_utf8.c │ │ │ ├── a_verify.c │ │ │ ├── ameth_lib.c │ │ │ ├── asn1_err.c │ │ │ ├── asn1_gen.c │ │ │ ├── asn1_lib.c │ │ │ ├── asn1_locl.h │ │ │ ├── asn1_par.c │ │ │ ├── asn_mime.c │ │ │ ├── asn_moid.c │ │ │ ├── asn_pack.c │ │ │ ├── bio_asn1.c │ │ │ ├── bio_ndef.c │ │ │ ├── charmap.h │ │ │ ├── d2i_pr.c │ │ │ ├── d2i_pu.c │ │ │ ├── evp_asn1.c │ │ │ ├── f_enum.c │ │ │ ├── f_int.c │ │ │ ├── f_string.c │ │ │ ├── i2d_pr.c │ │ │ ├── i2d_pu.c │ │ │ ├── n_pkey.c │ │ │ ├── nsseq.c │ │ │ ├── p5_pbe.c │ │ │ ├── p5_pbev2.c │ │ │ ├── p8_pkey.c │ │ │ ├── t_bitst.c │ │ │ ├── t_crl.c │ │ │ ├── t_pkey.c │ │ │ ├── t_req.c │ │ │ ├── t_spki.c │ │ │ ├── t_x509.c │ │ │ ├── t_x509a.c │ │ │ ├── tasn_dec.c │ │ │ ├── tasn_enc.c │ │ │ ├── tasn_fre.c │ │ │ ├── tasn_new.c │ │ │ ├── tasn_prn.c │ │ │ ├── tasn_typ.c │ │ │ ├── tasn_utl.c │ │ │ ├── x_algor.c │ │ │ ├── x_attrib.c │ │ │ ├── x_bignum.c │ │ │ ├── x_crl.c │ │ │ ├── x_exten.c │ │ │ ├── x_info.c │ │ │ ├── x_long.c │ │ │ ├── x_name.c │ │ │ ├── x_nx509.c │ │ │ ├── x_pkey.c │ │ │ ├── x_pubkey.c │ │ │ ├── x_req.c │ │ │ ├── x_sig.c │ │ │ ├── x_spki.c │ │ │ ├── x_val.c │ │ │ ├── x_x509.c │ │ │ └── x_x509a.c │ │ ├── bio │ │ │ ├── b_dump.c │ │ │ ├── b_print.c │ │ │ ├── b_sock.c │ │ │ ├── bf_buff.c │ │ │ ├── bf_nbio.c │ │ │ ├── bf_null.c │ │ │ ├── bio_cb.c │ │ │ ├── bio_err.c │ │ │ ├── bio_lcl.h │ │ │ ├── bio_lib.c │ │ │ ├── bss_acpt.c │ │ │ ├── bss_bio.c │ │ │ ├── bss_conn.c │ │ │ ├── bss_dgram.c │ │ │ ├── bss_fd.c │ │ │ ├── bss_file.c │ │ │ ├── bss_log.c │ │ │ ├── bss_mem.c │ │ │ ├── bss_null.c │ │ │ └── bss_sock.c │ │ ├── bn │ │ │ ├── bn.h │ │ │ ├── bn_add.c │ │ │ ├── bn_asm.c │ │ │ ├── bn_blind.c │ │ │ ├── bn_const.c │ │ │ ├── bn_ctx.c │ │ │ ├── bn_depr.c │ │ │ ├── bn_div.c │ │ │ ├── bn_err.c │ │ │ ├── bn_exp.c │ │ │ ├── bn_exp2.c │ │ │ ├── bn_gcd.c │ │ │ ├── bn_gf2m.c │ │ │ ├── bn_kron.c │ │ │ ├── bn_lcl.h │ │ │ ├── bn_lib.c │ │ │ ├── bn_mod.c │ │ │ ├── bn_mont.c │ │ │ ├── bn_mpi.c │ │ │ ├── bn_mul.c │ │ │ ├── bn_nist.c │ │ │ ├── bn_prime.c │ │ │ ├── bn_prime.h │ │ │ ├── bn_print.c │ │ │ ├── bn_rand.c │ │ │ ├── bn_recp.c │ │ │ ├── bn_shift.c │ │ │ ├── bn_sqr.c │ │ │ ├── bn_sqrt.c │ │ │ ├── bn_word.c │ │ │ ├── bn_x931p.c │ │ │ └── rsaz_exp.h │ │ ├── buffer │ │ │ ├── buf_err.c │ │ │ ├── buf_str.c │ │ │ └── buffer.c │ │ ├── cmac │ │ │ ├── cm_ameth.c │ │ │ ├── cm_pmeth.c │ │ │ └── cmac.c │ │ ├── comp │ │ │ ├── c_rle.c │ │ │ ├── c_zlib.c │ │ │ ├── comp_err.c │ │ │ └── comp_lib.c │ │ ├── conf │ │ │ ├── conf_api.c │ │ │ ├── conf_def.c │ │ │ ├── conf_def.h │ │ │ ├── conf_err.c │ │ │ ├── conf_lib.c │ │ │ ├── conf_mall.c │ │ │ ├── conf_mod.c │ │ │ └── conf_sap.c │ │ ├── constant_time_locl.h │ │ ├── cpt_err.c │ │ ├── cryptlib.c │ │ ├── cryptlib.h │ │ ├── cversion.c │ │ ├── dh │ │ │ ├── dh_ameth.c │ │ │ ├── dh_asn1.c │ │ │ ├── dh_check.c │ │ │ ├── dh_depr.c │ │ │ ├── dh_err.c │ │ │ ├── dh_gen.c │ │ │ ├── dh_key.c │ │ │ ├── dh_lib.c │ │ │ ├── dh_pmeth.c │ │ │ ├── dh_prn.c │ │ │ └── dh_rfc5114.c │ │ ├── dso │ │ │ ├── dso_beos.c │ │ │ ├── dso_dl.c │ │ │ ├── dso_dlfcn.c │ │ │ ├── dso_err.c │ │ │ ├── dso_lib.c │ │ │ ├── dso_null.c │ │ │ ├── dso_openssl.c │ │ │ ├── dso_vms.c │ │ │ └── dso_win32.c │ │ ├── ebcdic.c │ │ ├── err │ │ │ ├── err.c │ │ │ ├── err_all.c │ │ │ └── err_prn.c │ │ ├── evp │ │ │ ├── bio_b64.c │ │ │ ├── bio_enc.c │ │ │ ├── bio_md.c │ │ │ ├── bio_ok.c │ │ │ ├── c_all.c │ │ │ ├── c_allc.c │ │ │ ├── c_alld.c │ │ │ ├── digest.c │ │ │ ├── e_aes.c │ │ │ ├── e_aes_cbc_hmac_sha1.c │ │ │ ├── e_aes_cbc_hmac_sha256.c │ │ │ ├── e_bf.c │ │ │ ├── e_camellia.c │ │ │ ├── e_cast.c │ │ │ ├── e_des.c │ │ │ ├── e_des3.c │ │ │ ├── e_idea.c │ │ │ ├── e_null.c │ │ │ ├── e_old.c │ │ │ ├── e_rc2.c │ │ │ ├── e_rc4.c │ │ │ ├── e_rc4_hmac_md5.c │ │ │ ├── e_rc5.c │ │ │ ├── e_seed.c │ │ │ ├── e_xcbc_d.c │ │ │ ├── encode.c │ │ │ ├── evp_acnf.c │ │ │ ├── evp_cnf.c │ │ │ ├── evp_enc.c │ │ │ ├── evp_err.c │ │ │ ├── evp_key.c │ │ │ ├── evp_lib.c │ │ │ ├── evp_locl.h │ │ │ ├── evp_pbe.c │ │ │ ├── evp_pkey.c │ │ │ ├── m_dss.c │ │ │ ├── m_dss1.c │ │ │ ├── m_ecdsa.c │ │ │ ├── m_md2.c │ │ │ ├── m_md4.c │ │ │ ├── m_md5.c │ │ │ ├── m_mdc2.c │ │ │ ├── m_null.c │ │ │ ├── m_ripemd.c │ │ │ ├── m_sha.c │ │ │ ├── m_sha1.c │ │ │ ├── m_sigver.c │ │ │ ├── m_wp.c │ │ │ ├── names.c │ │ │ ├── p5_crpt.c │ │ │ ├── p5_crpt2.c │ │ │ ├── p_dec.c │ │ │ ├── p_enc.c │ │ │ ├── p_lib.c │ │ │ ├── p_open.c │ │ │ ├── p_seal.c │ │ │ ├── p_sign.c │ │ │ ├── p_verify.c │ │ │ ├── pmeth_fn.c │ │ │ ├── pmeth_gn.c │ │ │ └── pmeth_lib.c │ │ ├── ex_data.c │ │ ├── fips_ers.c │ │ ├── hmac │ │ │ ├── hm_ameth.c │ │ │ ├── hm_pmeth.c │ │ │ └── hmac.c │ │ ├── lhash │ │ │ ├── lh_stats.c │ │ │ └── lhash.c │ │ ├── md32_common.h │ │ ├── md5 │ │ │ ├── md5_dgst.c │ │ │ ├── md5_locl.h │ │ │ └── md5_one.c │ │ ├── mem.c │ │ ├── mem_clr.c │ │ ├── mem_dbg.c │ │ ├── modes │ │ │ ├── cbc128.c │ │ │ ├── ccm128.c │ │ │ ├── cfb128.c │ │ │ ├── ctr128.c │ │ │ ├── cts128.c │ │ │ ├── gcm128.c │ │ │ ├── modes_lcl.h │ │ │ ├── ofb128.c │ │ │ ├── wrap128.c │ │ │ └── xts128.c │ │ ├── o_dir.c │ │ ├── o_dir.h │ │ ├── o_fips.c │ │ ├── o_init.c │ │ ├── o_str.c │ │ ├── o_str.h │ │ ├── o_time.c │ │ ├── o_time.h │ │ ├── objects │ │ │ ├── o_names.c │ │ │ ├── obj_dat.c │ │ │ ├── obj_dat.h │ │ │ ├── obj_err.c │ │ │ ├── obj_lib.c │ │ │ ├── obj_xref.c │ │ │ └── obj_xref.h │ │ ├── ocsp │ │ │ ├── ocsp_asn.c │ │ │ ├── ocsp_cl.c │ │ │ ├── ocsp_err.c │ │ │ ├── ocsp_ext.c │ │ │ ├── ocsp_ht.c │ │ │ ├── ocsp_lib.c │ │ │ ├── ocsp_prn.c │ │ │ ├── ocsp_srv.c │ │ │ └── ocsp_vfy.c │ │ ├── pem │ │ │ ├── pem_all.c │ │ │ ├── pem_err.c │ │ │ ├── pem_info.c │ │ │ ├── pem_lib.c │ │ │ ├── pem_oth.c │ │ │ ├── pem_pk8.c │ │ │ ├── pem_pkey.c │ │ │ ├── pem_seal.c │ │ │ ├── pem_sign.c │ │ │ ├── pem_x509.c │ │ │ ├── pem_xaux.c │ │ │ └── pvkfmt.c │ │ ├── pkcs12 │ │ │ ├── p12_add.c │ │ │ ├── p12_asn.c │ │ │ ├── p12_attr.c │ │ │ ├── p12_crpt.c │ │ │ ├── p12_crt.c │ │ │ ├── p12_decr.c │ │ │ ├── p12_init.c │ │ │ ├── p12_key.c │ │ │ ├── p12_kiss.c │ │ │ ├── p12_mutl.c │ │ │ ├── p12_npas.c │ │ │ ├── p12_p8d.c │ │ │ ├── p12_p8e.c │ │ │ ├── p12_utl.c │ │ │ └── pk12err.c │ │ ├── pkcs7 │ │ │ ├── bio_pk7.c │ │ │ ├── pk7_asn1.c │ │ │ ├── pk7_attr.c │ │ │ ├── pk7_doit.c │ │ │ ├── pk7_lib.c │ │ │ ├── pk7_mime.c │ │ │ ├── pk7_smime.c │ │ │ └── pkcs7err.c │ │ ├── rand │ │ │ ├── md_rand.c │ │ │ ├── rand_err.c │ │ │ ├── rand_lcl.h │ │ │ ├── rand_lib.c │ │ │ ├── rand_unix.c │ │ │ └── randfile.c │ │ ├── rc4 │ │ │ ├── rc4_enc.c │ │ │ ├── rc4_locl.h │ │ │ ├── rc4_skey.c │ │ │ └── rc4_utl.c │ │ ├── rsa │ │ │ ├── rsa_ameth.c │ │ │ ├── rsa_asn1.c │ │ │ ├── rsa_chk.c │ │ │ ├── rsa_crpt.c │ │ │ ├── rsa_depr.c │ │ │ ├── rsa_eay.c │ │ │ ├── rsa_err.c │ │ │ ├── rsa_gen.c │ │ │ ├── rsa_lib.c │ │ │ ├── rsa_locl.h │ │ │ ├── rsa_none.c │ │ │ ├── rsa_null.c │ │ │ ├── rsa_oaep.c │ │ │ ├── rsa_pk1.c │ │ │ ├── rsa_pmeth.c │ │ │ ├── rsa_prn.c │ │ │ ├── rsa_pss.c │ │ │ ├── rsa_saos.c │ │ │ ├── rsa_sign.c │ │ │ ├── rsa_ssl.c │ │ │ └── rsa_x931.c │ │ ├── sha │ │ │ ├── sha1_one.c │ │ │ ├── sha1dgst.c │ │ │ ├── sha256.c │ │ │ ├── sha512.c │ │ │ ├── sha_dgst.c │ │ │ ├── sha_locl.h │ │ │ └── sha_one.c │ │ ├── stack │ │ │ └── stack.c │ │ ├── txt_db │ │ │ └── txt_db.c │ │ ├── uid.c │ │ ├── x509 │ │ │ ├── vpm_int.h │ │ │ ├── x509_att.c │ │ │ ├── x509_cmp.c │ │ │ ├── x509_d2.c │ │ │ ├── x509_def.c │ │ │ ├── x509_err.c │ │ │ ├── x509_ext.c │ │ │ ├── x509_lu.c │ │ │ ├── x509_obj.c │ │ │ ├── x509_r2x.c │ │ │ ├── x509_req.c │ │ │ ├── x509_set.c │ │ │ ├── x509_trs.c │ │ │ ├── x509_txt.c │ │ │ ├── x509_v3.c │ │ │ ├── x509_vfy.c │ │ │ ├── x509_vpm.c │ │ │ ├── x509cset.c │ │ │ ├── x509name.c │ │ │ ├── x509rset.c │ │ │ ├── x509spki.c │ │ │ ├── x509type.c │ │ │ └── x_all.c │ │ └── x509v3 │ │ │ ├── ext_dat.h │ │ │ ├── pcy_cache.c │ │ │ ├── pcy_data.c │ │ │ ├── pcy_int.h │ │ │ ├── pcy_lib.c │ │ │ ├── pcy_map.c │ │ │ ├── pcy_node.c │ │ │ ├── pcy_tree.c │ │ │ ├── v3_addr.c │ │ │ ├── v3_akey.c │ │ │ ├── v3_akeya.c │ │ │ ├── v3_alt.c │ │ │ ├── v3_asid.c │ │ │ ├── v3_bcons.c │ │ │ ├── v3_bitst.c │ │ │ ├── v3_conf.c │ │ │ ├── v3_cpols.c │ │ │ ├── v3_crld.c │ │ │ ├── v3_enum.c │ │ │ ├── v3_extku.c │ │ │ ├── v3_genn.c │ │ │ ├── v3_ia5.c │ │ │ ├── v3_info.c │ │ │ ├── v3_int.c │ │ │ ├── v3_lib.c │ │ │ ├── v3_ncons.c │ │ │ ├── v3_ocsp.c │ │ │ ├── v3_pci.c │ │ │ ├── v3_pcia.c │ │ │ ├── v3_pcons.c │ │ │ ├── v3_pku.c │ │ │ ├── v3_pmaps.c │ │ │ ├── v3_prn.c │ │ │ ├── v3_purp.c │ │ │ ├── v3_skey.c │ │ │ ├── v3_sxnet.c │ │ │ ├── v3_utl.c │ │ │ └── v3err.c │ ├── e_os.h │ ├── openssl-bio-b_print-disable-sse.patch │ └── update.sh ├── Pem │ └── CryptPemNull.c ├── Pk │ ├── CryptAuthenticode.c │ ├── CryptDhNull.c │ ├── CryptPkcs7SignNull.c │ ├── CryptPkcs7Verify.c │ ├── CryptPkcs7VerifyEku.c │ ├── CryptRsaBasic.c │ ├── CryptRsaExtNull.c │ ├── CryptTs.c │ └── CryptX509.c ├── Rand │ └── CryptRand.c ├── SysCall │ ├── BaseMemAllocation.c │ ├── BaseStrings.c │ ├── CrtWrapper.c │ └── TimerWrapper.c ├── opensslconf-diff.patch └── update.sh ├── Delivering_Sbat_Revocations.md ├── Make.defaults ├── Make.rules ├── Makefile ├── MokManager.c ├── MokVars.txt ├── PasswordCrypt.c ├── README.fallback ├── README.md ├── README.tpm ├── SBAT.example.md ├── SBAT.md ├── SbatLevel_Variable.txt ├── TODO ├── buildid.c ├── cert.S ├── crypt_blowfish.c ├── csv.c ├── data └── sbat.csv ├── dp.c ├── elf_aarch64_efi.lds ├── elf_arm_efi.lds ├── elf_ia32_efi.lds ├── elf_ia64_efi.lds ├── elf_x86_64_efi.lds ├── errlog.c ├── fallback.c ├── fuzz-csv.c ├── fuzz-pe-relocate.c ├── fuzz-sbat.c ├── generate_sbat_var_defs.c ├── globals.c ├── httpboot.c ├── include ├── asm.h ├── cc.h ├── compiler.h ├── configtable.h ├── console.h ├── coverity.mk ├── crypt_blowfish.h ├── dp.h ├── efiauthenticated.h ├── endian.h ├── errlog.h ├── errors.h ├── execute.h ├── fanalyzer.mk ├── fuzz.mk ├── guid.h ├── hexdump.h ├── http.h ├── httpboot.h ├── ip4config2.h ├── ip6config.h ├── list.h ├── load-options.h ├── loader-proto.h ├── memattrs.h ├── mock-variables.h ├── mok.h ├── netboot.h ├── passwordcrypt.h ├── pe.h ├── peimage.h ├── sbat.h ├── sbat_var_defs.h ├── scan-build.mk ├── security_policy.h ├── shell.h ├── simple_file.h ├── ssp.h ├── ssp_var_defs.h ├── str.h ├── system │ ├── alloca.h │ ├── builtins_begin_.h │ ├── builtins_end_.h │ ├── ctype.h │ ├── efistdarg.h │ ├── inttypes.h │ ├── stdarg.h │ ├── stdio.h │ ├── stdlib.h │ ├── string.h │ └── strings.h ├── test-data-efivars-0.h ├── test-data-efivars-1.h ├── test.h ├── test.mk ├── tpm.h ├── ucs2.h ├── utils.h ├── variables.h └── wincert.h ├── lib ├── Makefile ├── configtable.c ├── console.c ├── execute.c ├── guid.c ├── print_crypto.c ├── security_policy.c ├── shell.c ├── simple_file.c ├── string.c └── variables.c ├── load-options.c ├── loader-proto.c ├── make-archive ├── make-certs ├── memattrs.c ├── mock-variables.c ├── model.c ├── mok.c ├── netboot.c ├── pe-relocate.c ├── pe.c ├── post-process-pe.c ├── sbat.c ├── sbat_var.S ├── shim.c ├── shim.h ├── test-csv.c ├── test-data ├── .gitignore ├── efivars-0 │ ├── AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226 │ ├── AMD_RAID-fe26a894-d199-47d4-8afa-070e3d54ba86 │ ├── AMITCGPPIVAR-a8a2093b-fefa-43c1-8e62-ce526847265e │ ├── Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── db-d719b2cb-3d3a-4596-a3bc-dad00e67656f │ ├── dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f │ └── dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c ├── efivars-1 │ ├── AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226 │ ├── AMD_RAID-fe26a894-d199-47d4-8afa-070e3d54ba86 │ ├── AMITCGPPIVAR-a8a2093b-fefa-43c1-8e62-ce526847265e │ ├── AMITSESetup-c811fa38-42c8-4579-a9bb-60e94eddfb34 │ ├── AOD_SETUP-5ed15dc0-edef-4161-9151-6014c4cc630c │ ├── AmdAcpiVar-79941ecd-ed36-49d0-8124-e4c31ac75cd4 │ ├── AmdSetup-3a997502-647a-4c82-998e-52ef9486a247 │ ├── AmiHardwareSignatureSetupUpdateCountVar-81c76078-bfde-4368-9790-570914c01a65 │ ├── ApSyncFlagNv-ad3f6761-f0a3-46c8-a4cb-19b70ffdb305 │ ├── AsbkpInfo-cb825795-feb1-4c0b-894f-cc70f8064395 │ ├── AsusExtFancard-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── AsusFanSetupFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── AsusHwmSetupOneof-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── AsusNodePsu-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── AsusQFanSetupData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── AsusRomLayout-7186d975-2dba-4413-81a8-9f1538faef5e │ ├── AsusSetupDataBackup-1111b056-c5e9-40ca-aba3-ec172533d814 │ ├── AutoDetectData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── BiosEventLog-4034591c-48ea-4cdc-864f-e7cb61cfd0f2 │ ├── Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── BootFromUSB-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── CMOSfailflag-c89dc9c7-5105-472c-a743-b1621e142b41 │ ├── ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── DefaultBootOrder-45cf35f6-0d6e-4d04-856a-0370a5b16f53 │ ├── DeploymentModeNv-97e8965f-c761-4f48-b6e4-9ffa9cb2a2d6 │ ├── DownCoreStatus-29749bad-401b-4f6d-b124-cece8c590c48 │ ├── EnWpData-cbab171f-f356-4009-baaa-6628353a0a29 │ ├── ErrOut-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── FPLayoutOrder-4db88a62-6721-47a0-9082-280b00323594 │ ├── FTMActiveFlag-4034591c-48ea-4cdc-864f-e7cb61cfd0f2 │ ├── FastBootOption-b540a530-6978-4da7-91cb-7207d764d262 │ ├── FirstBootFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── HddSmartInfo-a6f44860-b2e8-4fda-bd45-78368994b6ae │ ├── HiiDB-1b838190-4625-4ead-abc9-cd5e6af18fe0 │ ├── HwErrRecSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── Kernel_ATPSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── Kernel_DriverSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── Kernel_RvkSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── Kernel_SiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── Kernel_SkuSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── Kernel_WinSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b │ ├── LastBoot-b540a530-6978-4da7-91cb-7207d764d262 │ ├── MaximumTableSize-4b3082a3-80c6-4d7e-9cd0-583917265df1 │ ├── MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829 │ ├── MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292 │ ├── MokList-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── MokListX-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── MonotonicCounter-01368881-c4ad-4b1d-b631-d57a8ec8db6b │ ├── MyFav-4034591c-48ea-4cdc-864f-e7cb61cfd0f2 │ ├── NVRAM_Verify-15a9dd61-e4f8-4a99-80db-353b13d76490 │ ├── NetworkStackVar-d1405d16-7afc-4695-bb12-41459d3695a2 │ ├── NvHdd0-e57abcbd-9456-4639-8f65-06aab41d840f │ ├── NvHdd8-e57abcbd-9456-4639-8f65-06aab41d840f │ ├── OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── PCI_COMMON-aca9f304-21e2-4852-9875-7ff4881d67a5 │ ├── PK-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── PcieSataModVar-5e9a565f-cdc0-413b-ad13-1fe8713ffdcd │ ├── PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── PreVgaInfo-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── RsdpAddr-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── SIDSUPPORT-7d3dceee-cbce-4ea7-8709-6e552f1edbde │ ├── SbatLevel-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23 │ ├── SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── SecureBootSetup-7b59104a-c00d-4158-87ff-f04d6396a915 │ ├── Setup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── SetupLedData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── SmbiosEntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1 │ ├── SmbiosScratchBuffer-4b3082a3-80c6-4d7e-9cd0-583917265df1 │ ├── SmbiosV3EntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1 │ ├── StdDefaults-4599d26f-1a11-49b8-b91f-858745cff824 │ ├── TPMPERBIOSFLAGS-7d3dceee-cbce-4ea7-8709-6e552f1edbde │ ├── Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── TotalNumberOfRootBridges-fb5703f5-f8a7-f401-18b4-3f108deb2612 │ ├── TpmServFlags-7d3dceee-cbce-4ea7-8709-6e552f1edbde │ ├── UsbSupport-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 │ ├── VARSTORE_OCMR_SETTINGS_NAME-c05fba7d-7a92-49e0-bcee-233b14dca803 │ ├── VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── WpBufAddr-cba83c4a-a5fc-48a8-b3a6-d33636166544 │ ├── WriteOnceStatus-4b3082a3-80c6-4d7e-9cd0-583917265df1 │ ├── db-d719b2cb-3d3a-4596-a3bc-dad00e67656f │ ├── dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c │ ├── dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f │ └── dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c ├── grubx64.0.76.el7.1.efi ├── grubx64.0.76.el7.efi └── grubx64.0.80.el7.efi ├── test-load-options.c ├── test-mock-variables.c ├── test-mok-mirror.c ├── test-pe-relocate.c ├── test-pe-util.c ├── test-sbat.c ├── test-str.c ├── test.c ├── testplan.txt ├── tpm.c ├── utils.c ├── version.c.in └── version.h /.gitignore: -------------------------------------------------------------------------------- 1 | Make.local 2 | *.a 3 | *.CSV 4 | *.cer 5 | *.crl 6 | *.crt 7 | *.csr 8 | *.db 9 | *.db.attr 10 | *.db.attr.old 11 | *.db.old 12 | *.domain.txt 13 | *.efi 14 | *.efi.debug 15 | *.efi.signed 16 | *.esl 17 | *.gdb* 18 | *.gcda 19 | *.gcno 20 | *.gcov 21 | *.hash 22 | *.key 23 | *.key 24 | *.o 25 | *.pem 26 | *.p12 27 | *.so 28 | *.srl 29 | *.srl.old 30 | *.sw? 31 | *.tar.* 32 | /build*/ 33 | /.cache/ 34 | /certdb/ 35 | /compile_commands.json 36 | /compile_commands.events.json 37 | /cov-int/ 38 | /crash-* 39 | /fuzz-* 40 | !/fuzz-*.c 41 | /generate_sbat_var_defs 42 | /generated_sbat_var_defs.h 43 | /leak-* 44 | /post-process-pe 45 | /random.bin 46 | /sbat.*.csv 47 | /scan-results/ 48 | [Ss]creenlog* 49 | shim_cert.h 50 | /test-* 51 | !/test-*.c 52 | !/test-data/ 53 | /test-random.h 54 | version.c 55 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "gnu-efi"] 2 | path = gnu-efi 3 | url = https://github.com/rhboot/gnu-efi.git 4 | branch = shim-16.0 5 | -------------------------------------------------------------------------------- /COPYRIGHT: -------------------------------------------------------------------------------- 1 | Copyright 2012 Red Hat, Inc 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions 5 | are met: 6 | 7 | Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | 10 | Redistributions in binary form must reproduce the above copyright 11 | notice, this list of conditions and the following disclaimer in the 12 | documentation and/or other materials provided with the 13 | distribution. 14 | 15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 20 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 | STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 26 | OF THE POSSIBILITY OF SUCH DAMAGE. 27 | 28 | Significant portions of this code are derived from Tianocore 29 | (http://tianocore.sf.net) and are Copyright 2009-2012 Intel 30 | Corporation. 31 | -------------------------------------------------------------------------------- /Cryptlib/Base.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/Cryptlib/Base.h -------------------------------------------------------------------------------- /Cryptlib/Cryptlib.diff: -------------------------------------------------------------------------------- 1 | diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c 2 | index 68bc25a..1abe78e 100644 3 | --- a/Cryptlib/SysCall/BaseMemAllocation.c 4 | +++ b/Cryptlib/SysCall/BaseMemAllocation.c 5 | @@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size) 6 | // BUG: hardcode OldSize == size! We have no any knowledge about 7 | // memory size of original pointer ptr. 8 | // 9 | - return ReallocatePool ((UINTN) size, (UINTN) size, ptr); 10 | + return ReallocatePool (ptr, (UINTN) size, (UINTN) size); 11 | } 12 | 13 | /* De-allocates or frees a memory block */ 14 | diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c 15 | index 805e6b4..bb7bcba 100644 16 | --- a/Cryptlib/SysCall/TimerWrapper.c 17 | +++ b/Cryptlib/SysCall/TimerWrapper.c 18 | @@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 19 | 20 | **/ 21 | 22 | -#include 23 | #include 24 | -#include 25 | 26 | // 27 | // -- Time Management Routines -- 28 | @@ -78,7 +76,7 @@ time_t time (time_t *timer) 29 | // 30 | // Get the current time and date information 31 | // 32 | - gRT->GetTime (&Time, NULL); 33 | + uefi_call_wrapper(RT->GetTime, 2, &Time, NULL); 34 | 35 | // 36 | // Years Handling 37 | diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c 38 | index fb446b6..5a8322d 100644 39 | --- a/Cryptlib/SysCall/CrtWrapper.c 40 | +++ b/Cryptlib/SysCall/CrtWrapper.c 41 | @@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) 42 | // -- Dummy OpenSSL Support Routines -- 43 | // 44 | 45 | -int BIO_printf (void *bio, const char *format, ...) 46 | -{ 47 | - return 0; 48 | -} 49 | - 50 | -int BIO_snprintf(char *buf, size_t n, const char *format, ...) 51 | -{ 52 | - return 0; 53 | -} 54 | - 55 | void *UI_OpenSSL(void) 56 | { 57 | return NULL; 58 | -------------------------------------------------------------------------------- /Cryptlib/Include/arpa/inet.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/assert.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/dirent.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/errno.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/limits.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/malloc.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/math.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OPEN SSL 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/memory.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2015, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/netdb.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/netinet/in.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/openssl/README: -------------------------------------------------------------------------------- 1 | This directory contains all the public include files from the OpenSSL project. 2 | -------------------------------------------------------------------------------- /Cryptlib/Include/openssl/comp.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef HEADER_COMP_H 3 | # define HEADER_COMP_H 4 | 5 | # include 6 | 7 | # ifdef OPENSSL_NO_COMP 8 | # error COMP is disabled. 9 | # endif 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | typedef struct comp_ctx_st COMP_CTX; 16 | 17 | struct comp_method_st { 18 | int type; /* NID for compression library */ 19 | const char *name; /* A text string to identify the library */ 20 | int (*init) (COMP_CTX *ctx); 21 | void (*finish) (COMP_CTX *ctx); 22 | int (*compress) (COMP_CTX *ctx, 23 | unsigned char *out, unsigned int olen, 24 | unsigned char *in, unsigned int ilen); 25 | int (*expand) (COMP_CTX *ctx, 26 | unsigned char *out, unsigned int olen, 27 | unsigned char *in, unsigned int ilen); 28 | /* 29 | * The following two do NOTHING, but are kept for backward compatibility 30 | */ 31 | long (*ctrl) (void); 32 | long (*callback_ctrl) (void); 33 | }; 34 | 35 | struct comp_ctx_st { 36 | COMP_METHOD *meth; 37 | unsigned long compress_in; 38 | unsigned long compress_out; 39 | unsigned long expand_in; 40 | unsigned long expand_out; 41 | CRYPTO_EX_DATA ex_data; 42 | }; 43 | 44 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); 45 | void COMP_CTX_free(COMP_CTX *ctx); 46 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, 47 | unsigned char *in, int ilen); 48 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, 49 | unsigned char *in, int ilen); 50 | COMP_METHOD *COMP_rle(void); 51 | COMP_METHOD *COMP_zlib(void); 52 | void COMP_zlib_cleanup(void); 53 | 54 | # ifdef HEADER_BIO_H 55 | # ifdef ZLIB 56 | BIO_METHOD *BIO_f_zlib(void); 57 | # endif 58 | # endif 59 | 60 | /* BEGIN ERROR CODES */ 61 | /* 62 | * The following lines are auto generated by the script mkerr.pl. Any changes 63 | * made after this point may be overwritten when the script is next run. 64 | */ 65 | void ERR_load_COMP_strings(void); 66 | 67 | /* Error codes for the COMP functions. */ 68 | 69 | /* Function codes. */ 70 | # define COMP_F_BIO_ZLIB_FLUSH 99 71 | # define COMP_F_BIO_ZLIB_NEW 100 72 | # define COMP_F_BIO_ZLIB_READ 101 73 | # define COMP_F_BIO_ZLIB_WRITE 102 74 | 75 | /* Reason codes. */ 76 | # define COMP_R_ZLIB_DEFLATE_ERROR 99 77 | # define COMP_R_ZLIB_INFLATE_ERROR 100 78 | # define COMP_R_ZLIB_NOT_SUPPORTED 101 79 | 80 | #ifdef __cplusplus 81 | } 82 | #endif 83 | #endif 84 | -------------------------------------------------------------------------------- /Cryptlib/Include/openssl/ebcdic.h: -------------------------------------------------------------------------------- 1 | /* crypto/ebcdic.h */ 2 | 3 | #ifndef HEADER_EBCDIC_H 4 | # define HEADER_EBCDIC_H 5 | 6 | # include 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | /* Avoid name clashes with other applications */ 13 | # define os_toascii _openssl_os_toascii 14 | # define os_toebcdic _openssl_os_toebcdic 15 | # define ebcdic2ascii _openssl_ebcdic2ascii 16 | # define ascii2ebcdic _openssl_ascii2ebcdic 17 | 18 | extern const unsigned char os_toascii[256]; 19 | extern const unsigned char os_toebcdic[256]; 20 | void *ebcdic2ascii(void *dest, const void *srce, size_t count); 21 | void *ascii2ebcdic(void *dest, const void *srce, size_t count); 22 | 23 | #ifdef __cplusplus 24 | } 25 | #endif 26 | #endif 27 | -------------------------------------------------------------------------------- /Cryptlib/Include/openssl/pem2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in 13 | * the documentation and/or other materials provided with the 14 | * distribution. 15 | * 16 | * 3. All advertising materials mentioning features or use of this 17 | * software must display the following acknowledgment: 18 | * "This product includes software developed by the OpenSSL Project 19 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 20 | * 21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22 | * endorse or promote products derived from this software without 23 | * prior written permission. For written permission, please contact 24 | * licensing@OpenSSL.org. 25 | * 26 | * 5. Products derived from this software may not be called "OpenSSL" 27 | * nor may "OpenSSL" appear in their names without prior written 28 | * permission of the OpenSSL Project. 29 | * 30 | * 6. Redistributions of any form whatsoever must retain the following 31 | * acknowledgment: 32 | * "This product includes software developed by the OpenSSL Project 33 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 34 | * 35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 | * OF THE POSSIBILITY OF SUCH DAMAGE. 47 | * ==================================================================== 48 | * 49 | * This product includes cryptographic software written by Eric Young 50 | * (eay@cryptsoft.com). This product includes software written by Tim 51 | * Hudson (tjh@cryptsoft.com). 52 | * 53 | */ 54 | 55 | /* 56 | * This header only exists to break a circular dependency between pem and err 57 | * Ben 30 Jan 1999. 58 | */ 59 | 60 | #ifdef __cplusplus 61 | extern "C" { 62 | #endif 63 | 64 | #ifndef HEADER_PEM_H 65 | void ERR_load_PEM_strings(void); 66 | #endif 67 | 68 | #ifdef __cplusplus 69 | } 70 | #endif 71 | -------------------------------------------------------------------------------- /Cryptlib/Include/openssl/whrlpool.h: -------------------------------------------------------------------------------- 1 | #ifndef HEADER_WHRLPOOL_H 2 | # define HEADER_WHRLPOOL_H 3 | 4 | # include 5 | # include 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | # define WHIRLPOOL_DIGEST_LENGTH (512/8) 12 | # define WHIRLPOOL_BBLOCK 512 13 | # define WHIRLPOOL_COUNTER (256/8) 14 | 15 | typedef struct { 16 | union { 17 | unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; 18 | /* double q is here to ensure 64-bit alignment */ 19 | double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)]; 20 | } H; 21 | unsigned char data[WHIRLPOOL_BBLOCK / 8]; 22 | unsigned int bitoff; 23 | size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; 24 | } WHIRLPOOL_CTX; 25 | 26 | # ifndef OPENSSL_NO_WHIRLPOOL 27 | # ifdef OPENSSL_FIPS 28 | int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); 29 | # endif 30 | int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); 31 | int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); 32 | void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); 33 | int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); 34 | unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); 35 | # endif 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /Cryptlib/Include/sgtty.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/signal.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/stdio.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/ioctl.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/param.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/socket.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/stat.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/time.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/times.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/types.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/sys/un.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | 17 | -------------------------------------------------------------------------------- /Cryptlib/Include/syslog.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | -------------------------------------------------------------------------------- /Cryptlib/Include/time.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | -------------------------------------------------------------------------------- /Cryptlib/Include/unistd.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Include file to support building OpenSSL Crypto Library. 3 | 4 | Copyright (c) 2010, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #include 16 | -------------------------------------------------------------------------------- /Cryptlib/InternalCryptLib.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Internal include file for BaseCryptLib. 3 | 4 | Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #ifndef __INTERNAL_CRYPT_LIB_H__ 16 | #define __INTERNAL_CRYPT_LIB_H__ 17 | 18 | #include 19 | 20 | #include "Library/BaseLib.h" 21 | #include "Library/BaseMemoryLib.h" 22 | #include "Library/MemoryAllocationLib.h" 23 | #include "Library/DebugLib.h" 24 | #include "Library/BaseCryptLib.h" 25 | 26 | #include "OpenSslSupport.h" 27 | 28 | #include 29 | 30 | #if OPENSSL_VERSION_NUMBER < 0x10100000L 31 | #define OBJ_get0_data(o) ((o)->data) 32 | #define OBJ_length(o) ((o)->length) 33 | #endif 34 | 35 | #if defined(ENABLE_CODESIGN_EKU) 36 | /** 37 | Check input P7Data is a wrapped ContentInfo structure or not. If not construct 38 | a new structure to wrap P7Data. 39 | 40 | Caution: This function may receive untrusted input. 41 | UEFI Authenticated Variable is external input, so this function will do basic 42 | check for PKCS#7 data structure. 43 | 44 | @param[in] P7Data Pointer to the PKCS#7 message to verify. 45 | @param[in] P7Length Length of the PKCS#7 message in bytes. 46 | @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise 47 | return FALSE. 48 | @param[out] WrapData If return status of this function is TRUE: 49 | 1) when WrapFlag is TRUE, pointer to P7Data. 50 | 2) when WrapFlag is FALSE, pointer to a new ContentInfo 51 | structure. It's caller's responsibility to free this 52 | buffer. 53 | @param[out] WrapDataSize Length of ContentInfo structure in bytes. 54 | 55 | @retval TRUE The operation is finished successfully. 56 | @retval FALSE The operation is failed due to lack of resources. 57 | 58 | **/ 59 | BOOLEAN 60 | WrapPkcs7Data ( 61 | IN CONST UINT8 *P7Data, 62 | IN UINTN P7Length, 63 | OUT BOOLEAN *WrapFlag, 64 | OUT UINT8 **WrapData, 65 | OUT UINTN *WrapDataSize 66 | ); 67 | 68 | #endif 69 | #endif 70 | -------------------------------------------------------------------------------- /Cryptlib/Library/BaseLib.h: -------------------------------------------------------------------------------- 1 | #if defined(__x86_64__) 2 | /* shim.h will check if the compiler is new enough in some other CU */ 3 | 4 | #if !defined(GNU_EFI_USE_EXTERNAL_STDARG) 5 | #define GNU_EFI_USE_EXTERNAL_STDARG 6 | #endif 7 | 8 | #if !defined(GNU_EFI_USE_MS_ABI) 9 | #define GNU_EFI_USE_MS_ABI 10 | #endif 11 | 12 | #ifdef NO_BUILTIN_VA_FUNCS 13 | #undef NO_BUILTIN_VA_FUNCS 14 | #endif 15 | #endif 16 | 17 | #include 18 | #include 19 | 20 | UINT32 WriteUnaligned32 (UINT32 *Buffer, UINT32 Value); 21 | UINTN AsciiStrSize (const CHAR8 *string); 22 | CHAR8 *AsciiStrnCpy(CHAR8 *Destination, const CHAR8 *Source, UINTN count); 23 | CHAR8 *AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source); 24 | CHAR8 *AsciiStrCpy(CHAR8 *Destination, const CHAR8 *Source); 25 | UINTN AsciiStrDecimalToUintn(const CHAR8 *String); 26 | -------------------------------------------------------------------------------- /Cryptlib/Library/BaseMemoryLib.h: -------------------------------------------------------------------------------- 1 | CHAR8 *ScanMem8(CHAR8 *str, UINTN count, CHAR8 ch); 2 | -------------------------------------------------------------------------------- /Cryptlib/Library/DebugLib.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/Cryptlib/Library/DebugLib.h -------------------------------------------------------------------------------- /Cryptlib/Library/MemoryAllocationLib.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/Cryptlib/Library/MemoryAllocationLib.h -------------------------------------------------------------------------------- /Cryptlib/Makefile: -------------------------------------------------------------------------------- 1 | ifneq ($(CCACHE_DISABLE),) 2 | export CCACHE_DISABLE 3 | endif 4 | 5 | CRYPTDIR = $(TOPDIR)/Cryptlib 6 | 7 | FEATUREFLAGS += -nostdinc 8 | 9 | INCLUDES = -I$(CRYPTDIR) -I$(CRYPTDIR)/Include \ 10 | $(EFI_INCLUDES) \ 11 | -isystem $(TOPDIR)/include/system \ 12 | -isystem $(shell $(CC) -print-file-name=include) 13 | 14 | WARNFLAGS += -Wno-unused-parameter \ 15 | -Wno-unused-but-set-variable 16 | 17 | WERRFLAGS += -Wno-error=unused-but-set-variable \ 18 | -Wno-error=unused-parameter 19 | 20 | CFLAGS = $(FEATUREFLAGS) \ 21 | $(OPTIMIZATIONS) \ 22 | $(WARNFLAGS) \ 23 | $(WERRFLAGS) \ 24 | $(INCLUDES) \ 25 | $(DEFINES) 26 | 27 | CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) 28 | 29 | ifeq ($(ARCH),x86_64) 30 | FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) 31 | DEFINES += -DMDE_CPU_X64 32 | endif 33 | ifeq ($(ARCH),ia32) 34 | FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone $(CLANG_BUGS) 35 | DEFINES += -DMDE_CPU_IA32 36 | endif 37 | ifeq ($(ARCH),aarch64) 38 | DEFINES += -DMDE_CPU_AARCH64 39 | endif 40 | ifeq ($(ARCH),arm) 41 | DEFINES += -DMDE_CPU_ARM 42 | endif 43 | ifeq ($(ENABLE_CODESIGN_EKU),1) 44 | DEFINES += -DENABLE_CODESIGN_EKU 45 | endif 46 | 47 | LDFLAGS = -nostdlib -znocombreloc 48 | 49 | TARGET = libcryptlib.a 50 | OBJS = Hash/CryptMd4Null.o \ 51 | Hash/CryptMd5.o \ 52 | Hash/CryptSha1.o \ 53 | Hash/CryptSha256.o \ 54 | Hash/CryptSha512.o \ 55 | Hmac/CryptHmacMd5Null.o \ 56 | Hmac/CryptHmacSha1Null.o \ 57 | Hmac/CryptHmacSha256Null.o \ 58 | Cipher/CryptAesNull.o \ 59 | Cipher/CryptTdesNull.o \ 60 | Cipher/CryptArc4Null.o \ 61 | Rand/CryptRand.o \ 62 | Pk/CryptRsaBasic.o \ 63 | Pk/CryptRsaExtNull.o \ 64 | Pk/CryptPkcs7SignNull.o \ 65 | Pk/CryptPkcs7Verify.o \ 66 | Pk/CryptDhNull.o \ 67 | Pk/CryptTs.o \ 68 | Pk/CryptX509.o \ 69 | Pk/CryptAuthenticode.o \ 70 | Pem/CryptPemNull.o \ 71 | SysCall/CrtWrapper.o \ 72 | SysCall/TimerWrapper.o \ 73 | SysCall/BaseMemAllocation.o \ 74 | SysCall/BaseStrings.o 75 | 76 | ifeq ($(ENABLE_CODESIGN_EKU),1) 77 | OBJS += Pk/CryptPkcs7VerifyEku.o 78 | endif 79 | 80 | all: $(TARGET) 81 | 82 | libcryptlib.a: $(OBJS) 83 | ar rcs libcryptlib.a $(OBJS) 84 | clean: 85 | rm -f $(TARGET) $(OBJS) 86 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/buildinf.h: -------------------------------------------------------------------------------- 1 | #define PLATFORM "UEFI" 2 | #define DATE "Mon Mar 8 14:17:05 PDT 2010" 3 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/LPdir_nyi.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004, Richard Levitte 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | */ 26 | 27 | #ifndef LPDIR_H 28 | # include "LPdir.h" 29 | #endif 30 | 31 | struct LP_dir_context_st { 32 | void *dummy; 33 | }; 34 | const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) 35 | { 36 | errno = EINVAL; 37 | return 0; 38 | } 39 | 40 | int LP_find_file_end(LP_DIR_CTX **ctx) 41 | { 42 | errno = EINVAL; 43 | return 0; 44 | } 45 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/aes/aes_cbc.c: -------------------------------------------------------------------------------- 1 | /* crypto/aes/aes_cbc.c */ 2 | /* ==================================================================== 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in 14 | * the documentation and/or other materials provided with the 15 | * distribution. 16 | * 17 | * 3. All advertising materials mentioning features or use of this 18 | * software must display the following acknowledgment: 19 | * "This product includes software developed by the OpenSSL Project 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 | * 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 | * endorse or promote products derived from this software without 24 | * prior written permission. For written permission, please contact 25 | * openssl-core@openssl.org. 26 | * 27 | * 5. Products derived from this software may not be called "OpenSSL" 28 | * nor may "OpenSSL" appear in their names without prior written 29 | * permission of the OpenSSL Project. 30 | * 31 | * 6. Redistributions of any form whatsoever must retain the following 32 | * acknowledgment: 33 | * "This product includes software developed by the OpenSSL Project 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 | * 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. 48 | * ==================================================================== 49 | * 50 | */ 51 | 52 | #include 53 | #include 54 | 55 | void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, 56 | size_t len, const AES_KEY *key, 57 | unsigned char *ivec, const int enc) 58 | { 59 | 60 | if (enc) 61 | CRYPTO_cbc128_encrypt(in, out, len, key, ivec, 62 | (block128_f) AES_encrypt); 63 | else 64 | CRYPTO_cbc128_decrypt(in, out, len, key, ivec, 65 | (block128_f) AES_decrypt); 66 | } 67 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/aes/aes_ctr.c: -------------------------------------------------------------------------------- 1 | /* crypto/aes/aes_ctr.c */ 2 | /* ==================================================================== 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in 14 | * the documentation and/or other materials provided with the 15 | * distribution. 16 | * 17 | * 3. All advertising materials mentioning features or use of this 18 | * software must display the following acknowledgment: 19 | * "This product includes software developed by the OpenSSL Project 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 | * 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 | * endorse or promote products derived from this software without 24 | * prior written permission. For written permission, please contact 25 | * openssl-core@openssl.org. 26 | * 27 | * 5. Products derived from this software may not be called "OpenSSL" 28 | * nor may "OpenSSL" appear in their names without prior written 29 | * permission of the OpenSSL Project. 30 | * 31 | * 6. Redistributions of any form whatsoever must retain the following 32 | * acknowledgment: 33 | * "This product includes software developed by the OpenSSL Project 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 | * 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. 48 | * ==================================================================== 49 | * 50 | */ 51 | 52 | #include 53 | #include 54 | 55 | void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, 56 | size_t length, const AES_KEY *key, 57 | unsigned char ivec[AES_BLOCK_SIZE], 58 | unsigned char ecount_buf[AES_BLOCK_SIZE], 59 | unsigned int *num) 60 | { 61 | CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, 62 | (block128_f) AES_encrypt); 63 | } 64 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/aes/aes_ecb.c: -------------------------------------------------------------------------------- 1 | /* crypto/aes/aes_ecb.c */ 2 | /* ==================================================================== 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in 14 | * the documentation and/or other materials provided with the 15 | * distribution. 16 | * 17 | * 3. All advertising materials mentioning features or use of this 18 | * software must display the following acknowledgment: 19 | * "This product includes software developed by the OpenSSL Project 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 | * 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 | * endorse or promote products derived from this software without 24 | * prior written permission. For written permission, please contact 25 | * openssl-core@openssl.org. 26 | * 27 | * 5. Products derived from this software may not be called "OpenSSL" 28 | * nor may "OpenSSL" appear in their names without prior written 29 | * permission of the OpenSSL Project. 30 | * 31 | * 6. Redistributions of any form whatsoever must retain the following 32 | * acknowledgment: 33 | * "This product includes software developed by the OpenSSL Project 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 | * 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. 48 | * ==================================================================== 49 | * 50 | */ 51 | 52 | #ifndef AES_DEBUG 53 | # ifndef NDEBUG 54 | # define NDEBUG 55 | # endif 56 | #endif 57 | #include 58 | 59 | #include 60 | #include "aes_locl.h" 61 | 62 | void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, 63 | const AES_KEY *key, const int enc) 64 | { 65 | 66 | assert(in && out && key); 67 | assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); 68 | 69 | if (AES_ENCRYPT == enc) 70 | AES_encrypt(in, out, key); 71 | else 72 | AES_decrypt(in, out, key); 73 | } 74 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/aes/aes_ofb.c: -------------------------------------------------------------------------------- 1 | /* crypto/aes/aes_ofb.c */ 2 | /* ==================================================================== 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in 14 | * the documentation and/or other materials provided with the 15 | * distribution. 16 | * 17 | * 3. All advertising materials mentioning features or use of this 18 | * software must display the following acknowledgment: 19 | * "This product includes software developed by the OpenSSL Project 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 | * 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 | * endorse or promote products derived from this software without 24 | * prior written permission. For written permission, please contact 25 | * openssl-core@openssl.org. 26 | * 27 | * 5. Products derived from this software may not be called "OpenSSL" 28 | * nor may "OpenSSL" appear in their names without prior written 29 | * permission of the OpenSSL Project. 30 | * 31 | * 6. Redistributions of any form whatsoever must retain the following 32 | * acknowledgment: 33 | * "This product includes software developed by the OpenSSL Project 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 | * 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. 48 | * ==================================================================== 49 | * 50 | */ 51 | 52 | #include 53 | #include 54 | 55 | void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, 56 | size_t length, const AES_KEY *key, 57 | unsigned char *ivec, int *num) 58 | { 59 | CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, 60 | (block128_f) AES_encrypt); 61 | } 62 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/asn1/charmap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Auto generated with chartype.pl script. Mask of various character 3 | * properties 4 | */ 5 | 6 | static const unsigned char char_type[] = { 7 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 8 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 9 | 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, 10 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, 11 | 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 12 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, 13 | 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 14 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 15 | }; 16 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/bio/bio_lcl.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #if BIO_FLAGS_UPLINK==0 4 | /* Shortcut UPLINK calls on most platforms... */ 5 | # define UP_stdin stdin 6 | # define UP_stdout stdout 7 | # define UP_stderr stderr 8 | # define UP_fprintf fprintf 9 | # define UP_fgets fgets 10 | # define UP_fread fread 11 | # define UP_fwrite fwrite 12 | # undef UP_fsetmod 13 | # define UP_feof feof 14 | # define UP_fclose fclose 15 | 16 | # define UP_fopen fopen 17 | # define UP_fseek fseek 18 | # define UP_ftell ftell 19 | # define UP_fflush fflush 20 | # define UP_ferror ferror 21 | # ifdef _WIN32 22 | # define UP_fileno _fileno 23 | # define UP_open _open 24 | # define UP_read _read 25 | # define UP_write _write 26 | # define UP_lseek _lseek 27 | # define UP_close _close 28 | # else 29 | # define UP_fileno fileno 30 | # define UP_open open 31 | # define UP_read read 32 | # define UP_write write 33 | # define UP_lseek lseek 34 | # define UP_close close 35 | # endif 36 | #endif 37 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/comp/c_rle.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, 8 | unsigned int olen, unsigned char *in, 9 | unsigned int ilen); 10 | static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, 11 | unsigned int olen, unsigned char *in, 12 | unsigned int ilen); 13 | 14 | static COMP_METHOD rle_method = { 15 | NID_rle_compression, 16 | LN_rle_compression, 17 | NULL, 18 | NULL, 19 | rle_compress_block, 20 | rle_expand_block, 21 | NULL, 22 | NULL, 23 | }; 24 | 25 | COMP_METHOD *COMP_rle(void) 26 | { 27 | return (&rle_method); 28 | } 29 | 30 | static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, 31 | unsigned int olen, unsigned char *in, 32 | unsigned int ilen) 33 | { 34 | /* int i; */ 35 | 36 | if (ilen == 0 || olen < (ilen - 1)) { 37 | /* ZZZZZZZZZZZZZZZZZZZZZZ */ 38 | return (-1); 39 | } 40 | 41 | *(out++) = 0; 42 | memcpy(out, in, ilen); 43 | return (ilen + 1); 44 | } 45 | 46 | static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, 47 | unsigned int olen, unsigned char *in, 48 | unsigned int ilen) 49 | { 50 | int i; 51 | 52 | if (olen < (ilen - 1)) { 53 | /* ZZZZZZZZZZZZZZZZZZZZZZ */ 54 | return (-1); 55 | } 56 | 57 | i = *(in++); 58 | if (i == 0) { 59 | memcpy(out, in, ilen - 1); 60 | } 61 | return (ilen - 1); 62 | } 63 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/comp/comp_lib.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) 8 | { 9 | COMP_CTX *ret; 10 | 11 | if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { 12 | /* ZZZZZZZZZZZZZZZZ */ 13 | return (NULL); 14 | } 15 | memset(ret, 0, sizeof(COMP_CTX)); 16 | ret->meth = meth; 17 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { 18 | OPENSSL_free(ret); 19 | ret = NULL; 20 | } 21 | return (ret); 22 | } 23 | 24 | void COMP_CTX_free(COMP_CTX *ctx) 25 | { 26 | if (ctx == NULL) 27 | return; 28 | 29 | if (ctx->meth->finish != NULL) 30 | ctx->meth->finish(ctx); 31 | 32 | OPENSSL_free(ctx); 33 | } 34 | 35 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, 36 | unsigned char *in, int ilen) 37 | { 38 | int ret; 39 | if (ctx->meth->compress == NULL) { 40 | /* ZZZZZZZZZZZZZZZZZ */ 41 | return (-1); 42 | } 43 | ret = ctx->meth->compress(ctx, out, olen, in, ilen); 44 | if (ret > 0) { 45 | ctx->compress_in += ilen; 46 | ctx->compress_out += ret; 47 | } 48 | return (ret); 49 | } 50 | 51 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, 52 | unsigned char *in, int ilen) 53 | { 54 | int ret; 55 | 56 | if (ctx->meth->expand == NULL) { 57 | /* ZZZZZZZZZZZZZZZZZ */ 58 | return (-1); 59 | } 60 | ret = ctx->meth->expand(ctx, out, olen, in, ilen); 61 | if (ret > 0) { 62 | ctx->expand_in += ilen; 63 | ctx->expand_out += ret; 64 | } 65 | return (ret); 66 | } 67 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/evp/m_wp.c: -------------------------------------------------------------------------------- 1 | /* crypto/evp/m_wp.c */ 2 | 3 | #include 4 | #include "cryptlib.h" 5 | 6 | #ifndef OPENSSL_NO_WHIRLPOOL 7 | 8 | # include 9 | # include 10 | # include 11 | # include 12 | # include "evp_locl.h" 13 | 14 | static int init(EVP_MD_CTX *ctx) 15 | { 16 | return WHIRLPOOL_Init(ctx->md_data); 17 | } 18 | 19 | static int update(EVP_MD_CTX *ctx, const void *data, size_t count) 20 | { 21 | return WHIRLPOOL_Update(ctx->md_data, data, count); 22 | } 23 | 24 | static int final(EVP_MD_CTX *ctx, unsigned char *md) 25 | { 26 | return WHIRLPOOL_Final(md, ctx->md_data); 27 | } 28 | 29 | static const EVP_MD whirlpool_md = { 30 | NID_whirlpool, 31 | 0, 32 | WHIRLPOOL_DIGEST_LENGTH, 33 | 0, 34 | init, 35 | update, 36 | final, 37 | NULL, 38 | NULL, 39 | EVP_PKEY_NULL_method, 40 | WHIRLPOOL_BBLOCK / 8, 41 | sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), 42 | }; 43 | 44 | const EVP_MD *EVP_whirlpool(void) 45 | { 46 | return (&whirlpool_md); 47 | } 48 | #endif 49 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/fips_ers.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifdef OPENSSL_FIPS 4 | # include "fips_err.h" 5 | #else 6 | static void *dummy = &dummy; 7 | #endif 8 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/o_dir.h: -------------------------------------------------------------------------------- 1 | /* crypto/o_dir.h */ 2 | /* 3 | * Copied from Richard Levitte's (richard@levitte.org) LP library. All 4 | * symbol names have been changed, with permission from the author. 5 | */ 6 | 7 | /* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ 8 | /* 9 | * Copyright (c) 2004, Richard Levitte 10 | * All rights reserved. 11 | * 12 | * Redistribution and use in source and binary forms, with or without 13 | * modification, are permitted provided that the following conditions 14 | * are met: 15 | * 1. Redistributions of source code must retain the above copyright 16 | * notice, this list of conditions and the following disclaimer. 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in the 19 | * documentation and/or other materials provided with the distribution. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | */ 33 | 34 | #ifndef O_DIR_H 35 | # define O_DIR_H 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; 42 | 43 | /* 44 | * returns NULL on error or end-of-directory. If it is end-of-directory, 45 | * errno will be zero 46 | */ 47 | const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); 48 | /* returns 1 on success, 0 on error */ 49 | int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif /* LPDIR_H */ 56 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/pem/pem_x509.c: -------------------------------------------------------------------------------- 1 | /* pem_x509.c */ 2 | /* 3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 | * 2001. 5 | */ 6 | /* ==================================================================== 7 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 21 | * 3. All advertising materials mentioning features or use of this 22 | * software must display the following acknowledgment: 23 | * "This product includes software developed by the OpenSSL Project 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 | * 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 | * endorse or promote products derived from this software without 28 | * prior written permission. For written permission, please contact 29 | * licensing@OpenSSL.org. 30 | * 31 | * 5. Products derived from this software may not be called "OpenSSL" 32 | * nor may "OpenSSL" appear in their names without prior written 33 | * permission of the OpenSSL Project. 34 | * 35 | * 6. Redistributions of any form whatsoever must retain the following 36 | * acknowledgment: 37 | * "This product includes software developed by the OpenSSL Project 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 | * 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. 52 | * ==================================================================== 53 | * 54 | * This product includes cryptographic software written by Eric Young 55 | * (eay@cryptsoft.com). This product includes software written by Tim 56 | * Hudson (tjh@cryptsoft.com). 57 | * 58 | */ 59 | 60 | #include 61 | #include "cryptlib.h" 62 | #include 63 | #include 64 | #include 65 | #include 66 | #include 67 | 68 | IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) 69 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c: -------------------------------------------------------------------------------- 1 | /* bio_pk7.c */ 2 | /* 3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 4 | * project. 5 | */ 6 | /* ==================================================================== 7 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * 21 | * 3. All advertising materials mentioning features or use of this 22 | * software must display the following acknowledgment: 23 | * "This product includes software developed by the OpenSSL Project 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 | * 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 | * endorse or promote products derived from this software without 28 | * prior written permission. For written permission, please contact 29 | * licensing@OpenSSL.org. 30 | * 31 | * 5. Products derived from this software may not be called "OpenSSL" 32 | * nor may "OpenSSL" appear in their names without prior written 33 | * permission of the OpenSSL Project. 34 | * 35 | * 6. Redistributions of any form whatsoever must retain the following 36 | * acknowledgment: 37 | * "This product includes software developed by the OpenSSL Project 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 | * 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. 52 | * ==================================================================== 53 | * 54 | */ 55 | 56 | #include 57 | #include 58 | #include 59 | 60 | #if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) 61 | # include 62 | #endif 63 | #include 64 | 65 | /* Streaming encode support for PKCS#7 */ 66 | 67 | BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 68 | { 69 | return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); 70 | } 71 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h: -------------------------------------------------------------------------------- 1 | #ifndef HEADER_RC4_LOCL_H 2 | # define HEADER_RC4_LOCL_H 3 | # include 4 | # include 5 | #endif 6 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c: -------------------------------------------------------------------------------- 1 | /* crypto/rc4/rc4_utl.c */ 2 | /* ==================================================================== 3 | * Copyright (c) 2011 The OpenSSL Project. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in 14 | * the documentation and/or other materials provided with the 15 | * distribution. 16 | * 17 | * 3. All advertising materials mentioning features or use of this 18 | * software must display the following acknowledgment: 19 | * "This product includes software developed by the OpenSSL Project 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 | * 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 | * endorse or promote products derived from this software without 24 | * prior written permission. For written permission, please contact 25 | * openssl-core@openssl.org. 26 | * 27 | * 5. Products derived from this software may not be called "OpenSSL" 28 | * nor may "OpenSSL" appear in their names without prior written 29 | * permission of the OpenSSL Project. 30 | * 31 | * 6. Redistributions of any form whatsoever must retain the following 32 | * acknowledgment: 33 | * "This product includes software developed by the OpenSSL Project 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 | * 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. 48 | * ==================================================================== 49 | * 50 | */ 51 | 52 | #include 53 | #include 54 | #include 55 | 56 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) 57 | { 58 | #ifdef OPENSSL_FIPS 59 | fips_cipher_abort(RC4); 60 | #endif 61 | private_RC4_set_key(key, len, data); 62 | } 63 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h: -------------------------------------------------------------------------------- 1 | extern int int_rsa_verify(int dtype, const unsigned char *m, 2 | unsigned int m_len, unsigned char *rm, 3 | size_t *prm_len, const unsigned char *sigbuf, 4 | size_t siglen, RSA *rsa); 5 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c: -------------------------------------------------------------------------------- 1 | /* v3_pcia.c */ 2 | /* 3 | * Contributed to the OpenSSL Project 2004 by Richard Levitte 4 | * (richard@levitte.org) 5 | */ 6 | /* Copyright (c) 2004 Kungliga Tekniska Högskolan 7 | * (Royal Institute of Technology, Stockholm, Sweden). 8 | * All rights reserved. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 17 | * 2. Redistributions in binary form must reproduce the above copyright 18 | * notice, this list of conditions and the following disclaimer in the 19 | * documentation and/or other materials provided with the distribution. 20 | * 21 | * 3. Neither the name of the Institute nor the names of its contributors 22 | * may be used to endorse or promote products derived from this software 23 | * without specific prior written permission. 24 | * 25 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 | * SUCH DAMAGE. 36 | */ 37 | 38 | #include 39 | #include 40 | #include 41 | 42 | ASN1_SEQUENCE(PROXY_POLICY) = 43 | { 44 | ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), 45 | ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) 46 | } ASN1_SEQUENCE_END(PROXY_POLICY) 47 | 48 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) 49 | 50 | ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = 51 | { 52 | ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), 53 | ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) 54 | } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) 55 | 56 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) 57 | -------------------------------------------------------------------------------- /Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c 2 | index 90248fa..dfc26bc 100644 3 | --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c 4 | +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c 5 | @@ -129,8 +129,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, 6 | const char *, int, int, int); 7 | static int fmtint(char **, char **, size_t *, size_t *, 8 | LLONG, int, int, int, int); 9 | +#ifndef OPENSSL_SYS_UEFI 10 | static int fmtfp(char **, char **, size_t *, size_t *, 11 | LDOUBLE, int, int, int); 12 | +#endif 13 | static int doapr_outch(char **, char **, size_t *, size_t *, int); 14 | static int _dopr(char **sbuffer, char **buffer, 15 | size_t *maxlen, size_t *retlen, int *truncated, 16 | @@ -173,7 +175,9 @@ _dopr(char **sbuffer, 17 | { 18 | char ch; 19 | LLONG value; 20 | +#ifndef OPENSSL_SYS_UEFI 21 | LDOUBLE fvalue; 22 | +#endif 23 | char *strvalue; 24 | int min; 25 | int max; 26 | @@ -276,10 +280,12 @@ _dopr(char **sbuffer, 27 | cflags = DP_C_LLONG; 28 | ch = *format++; 29 | break; 30 | +#ifndef OPENSSL_SYS_UEFI 31 | case 'L': 32 | cflags = DP_C_LDOUBLE; 33 | ch = *format++; 34 | break; 35 | +#endif 36 | default: 37 | break; 38 | } 39 | @@ -333,6 +339,7 @@ _dopr(char **sbuffer, 40 | min, max, flags)) 41 | return 0; 42 | break; 43 | +#ifndef OPENSSL_SYS_UEFI 44 | case 'f': 45 | if (cflags == DP_C_LDOUBLE) 46 | fvalue = va_arg(args, LDOUBLE); 47 | @@ -358,6 +365,7 @@ _dopr(char **sbuffer, 48 | else 49 | fvalue = va_arg(args, double); 50 | break; 51 | +#endif 52 | case 'c': 53 | if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, 54 | va_arg(args, int))) 55 | @@ -575,6 +583,7 @@ fmtint(char **sbuffer, 56 | return 1; 57 | } 58 | 59 | +#ifndef OPENSSL_SYS_UEFI 60 | static LDOUBLE abs_val(LDOUBLE value) 61 | { 62 | LDOUBLE result = value; 63 | @@ -733,6 +742,7 @@ fmtfp(char **sbuffer, 64 | } 65 | return 1; 66 | } 67 | +#endif 68 | 69 | #define BUFFER_INC 1024 70 | 71 | -------------------------------------------------------------------------------- /Cryptlib/Pem/CryptPemNull.c: -------------------------------------------------------------------------------- 1 | /** @file 2 | PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does 3 | not provide real capabilities. 4 | 5 | Copyright (c) 2012, Intel Corporation. All rights reserved.
6 | This program and the accompanying materials 7 | are licensed and made available under the terms and conditions of the BSD License 8 | which accompanies this distribution. The full text of the license may be found at 9 | http://opensource.org/licenses/bsd-license.php 10 | 11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 | 14 | **/ 15 | 16 | #include "InternalCryptLib.h" 17 | 18 | /** 19 | Retrieve the RSA Private Key from the password-protected PEM key data. 20 | 21 | Return FALSE to indicate this interface is not supported. 22 | 23 | @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. 24 | @param[in] PemSize Size of the PEM key data in bytes. 25 | @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. 26 | @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved 27 | RSA private key component. Use RsaFree() function to free the 28 | resource. 29 | 30 | @retval FALSE This interface is not supported. 31 | 32 | **/ 33 | BOOLEAN 34 | EFIAPI 35 | RsaGetPrivateKeyFromPem ( 36 | IN CONST UINT8 *PemData, 37 | IN UINTN PemSize, 38 | IN CONST CHAR8 *Password, 39 | OUT VOID **RsaContext 40 | ) 41 | { 42 | ASSERT (FALSE); 43 | return FALSE; 44 | } 45 | -------------------------------------------------------------------------------- /Cryptlib/Pk/CryptPkcs7SignNull.c: -------------------------------------------------------------------------------- 1 | /** @file 2 | PKCS#7 SignedData Sign Wrapper Implementation which does not provide real 3 | capabilities. 4 | 5 | Copyright (c) 2012, Intel Corporation. All rights reserved.
6 | This program and the accompanying materials 7 | are licensed and made available under the terms and conditions of the BSD License 8 | which accompanies this distribution. The full text of the license may be found at 9 | http://opensource.org/licenses/bsd-license.php 10 | 11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 | 14 | **/ 15 | 16 | #include "InternalCryptLib.h" 17 | 18 | /** 19 | Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message 20 | Syntax Standard, version 1.5". This interface is only intended to be used for 21 | application to perform PKCS#7 functionality validation. 22 | 23 | Return FALSE to indicate this interface is not supported. 24 | 25 | @param[in] PrivateKey Pointer to the PEM-formatted private key data for 26 | data signing. 27 | @param[in] PrivateKeySize Size of the PEM private key data in bytes. 28 | @param[in] KeyPassword NULL-terminated passphrase used for encrypted PEM 29 | key data. 30 | @param[in] InData Pointer to the content to be signed. 31 | @param[in] InDataSize Size of InData in bytes. 32 | @param[in] SignCert Pointer to signer's DER-encoded certificate to sign with. 33 | @param[in] OtherCerts Pointer to an optional additional set of certificates to 34 | include in the PKCS#7 signedData (e.g. any intermediate 35 | CAs in the chain). 36 | @param[out] SignedData Pointer to output PKCS#7 signedData. 37 | @param[out] SignedDataSize Size of SignedData in bytes. 38 | 39 | @retval FALSE This interface is not supported. 40 | 41 | **/ 42 | BOOLEAN 43 | EFIAPI 44 | Pkcs7Sign ( 45 | IN CONST UINT8 *PrivateKey, 46 | IN UINTN PrivateKeySize, 47 | IN CONST UINT8 *KeyPassword, 48 | IN UINT8 *InData, 49 | IN UINTN InDataSize, 50 | IN UINT8 *SignCert, 51 | IN UINT8 *OtherCerts OPTIONAL, 52 | OUT UINT8 **SignedData, 53 | OUT UINTN *SignedDataSize 54 | ) 55 | { 56 | ASSERT (FALSE); 57 | return FALSE; 58 | } 59 | 60 | -------------------------------------------------------------------------------- /Cryptlib/SysCall/BaseStrings.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | CHAR8 * 4 | AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) 5 | { 6 | UINTN dest_len = strlen((CHAR8 *)Destination); 7 | UINTN i; 8 | 9 | for (i = 0; Source[i] != '\0'; i++) 10 | Destination[dest_len + i] = Source[i]; 11 | Destination[dest_len + i] = '\0'; 12 | 13 | return Destination; 14 | } 15 | 16 | CHAR8 * 17 | AsciiStrCpy(CHAR8 *Destination, const CHAR8 *Source) 18 | { 19 | UINTN i; 20 | 21 | for (i=0; Source[i] != '\0'; i++) 22 | Destination[i] = Source[i]; 23 | Destination[i] = '\0'; 24 | 25 | return Destination; 26 | } 27 | 28 | CHAR8 * 29 | AsciiStrnCpy(CHAR8 *Destination, const CHAR8 *Source, UINTN count) 30 | { 31 | UINTN i; 32 | 33 | for (i=0; i < count && Source[i] != '\0'; i++) 34 | Destination[i] = Source[i]; 35 | for ( ; i < count; i++) 36 | Destination[i] = '\0'; 37 | 38 | return Destination; 39 | } 40 | 41 | CHAR8 * 42 | ScanMem8(CHAR8 *str, UINTN count, CHAR8 ch) 43 | { 44 | UINTN i; 45 | 46 | for (i = 0; i < count; i++) { 47 | if (str[i] == ch) 48 | return str + i; 49 | } 50 | return NULL; 51 | } 52 | 53 | UINT32 54 | WriteUnaligned32(UINT32 *Buffer, UINT32 Value) 55 | { 56 | *Buffer = Value; 57 | 58 | return Value; 59 | } 60 | 61 | UINTN 62 | AsciiStrSize(const CHAR8 *string) 63 | { 64 | return strlen(string) + 1; 65 | } 66 | 67 | /* Based on AsciiStrDecimalToUintnS() in edk2 68 | * MdePkg/Library/BaseLib/SafeString.c */ 69 | UINTN 70 | AsciiStrDecimalToUintn(const CHAR8 *String) 71 | { 72 | UINTN Result; 73 | 74 | if (String == NULL) 75 | return 0; 76 | 77 | /* Ignore the pad spaces (space or tab) */ 78 | while ((*String == ' ') || (*String == '\t')) { 79 | String++; 80 | } 81 | 82 | /* Ignore leading Zeros after the spaces */ 83 | while (*String == '0') { 84 | String++; 85 | } 86 | 87 | Result = 0; 88 | 89 | while (*String >= '0' && *String <= '9') { 90 | Result = Result * 10 + (*String - '0'); 91 | String++; 92 | } 93 | 94 | return Result; 95 | } 96 | -------------------------------------------------------------------------------- /Cryptlib/opensslconf-diff.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h 2 | index 1917d7a..c73d03a 100644 3 | --- a/Cryptlib/Include/openssl/opensslconf.h 4 | +++ b/Cryptlib/Include/openssl/opensslconf.h 5 | @@ -47,6 +47,9 @@ extern "C" { 6 | #ifndef OPENSSL_NO_CT 7 | # define OPENSSL_NO_CT 8 | #endif 9 | +#ifndef OPENSSL_NO_DES 10 | +# define OPENSSL_NO_DES 11 | +#endif 12 | #ifndef OPENSSL_NO_DSA 13 | # define OPENSSL_NO_DSA 14 | #endif 15 | @@ -59,6 +62,9 @@ extern "C" { 16 | #ifndef OPENSSL_NO_MD2 17 | # define OPENSSL_NO_MD2 18 | #endif 19 | +#ifndef OPENSSL_NO_MD4 20 | +# define OPENSSL_NO_MD4 21 | +#endif 22 | #ifndef OPENSSL_NO_MDC2 23 | # define OPENSSL_NO_MDC2 24 | #endif 25 | -------------------------------------------------------------------------------- /Cryptlib/update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | DIR=$1 4 | OPENSSL_VERSION="1.0.2k" 5 | 6 | cp $DIR/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h InternalCryptLib.h 7 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c Hash/CryptMd4Null.c 8 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd5.c Hash/CryptMd5.c 9 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha1.c Hash/CryptSha1.c 10 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha256.c Hash/CryptSha256.c 11 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptSha512.c Hash/CryptSha512.c 12 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacMd5Null.c Hmac/CryptHmacMd5Null.c 13 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha1Null.c Hmac/CryptHmacSha1Null.c 14 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Hmac/CryptHmacSha256Null.c Hmac/CryptHmacSha256Null.c 15 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptAesNull.c Cipher/CryptAesNull.c 16 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptTdesNull.c Cipher/CryptTdesNull.c 17 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Cipher/CryptArc4Null.c Cipher/CryptArc4Null.c 18 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Rand/CryptRand.c Rand/CryptRand.c 19 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c Pk/CryptRsaBasic.c 20 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExtNull.c Pk/CryptRsaExtNull.c 21 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7SignNull.c Pk/CryptPkcs7SignNull.c 22 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c Pk/CryptPkcs7Verify.c 23 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c 24 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c 25 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c 26 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c 27 | cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c 28 | cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c 29 | cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c 30 | cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c 31 | 32 | cp $DIR/CryptoPkg/Library/OpensslLib/openssl-${OPENSSL_VERSION}/include/openssl/* Include/openssl/ 33 | 34 | patch -p2 I am trying to understand how fallback.efi works. I have been reading 4 | > shim.c and see that fallback is called when 5 | > should_use_fallback(EFI_HANDLE image_handle) returns a 1. But in 6 | > should_use_fallback(EFI_HANDLE image_handle), there is a comparison of 7 | > bootpath to \\EFI\\BOOT\\BOOT. Why is it compare to \\EFI\\BOOT\\BOOT 8 | > since bootpath always return \EFI\Boot\shim.efi? 9 | 10 | And it seems like a common enough question that we need some 11 | documentation of how to properly use shim and fallback. Here's the 12 | basics of it: 13 | 14 | It doesn't always return \EFI\boot\shim.efi - in fact, not ever if 15 | installed correctly. The FS layouts are like this: 16 | 17 | for removable media: 18 | \EFI\BOOT\BOOTX64.EFI <-- shim 19 | \EFI\BOOT\MokManager.efi 20 | \EFI\BOOT\grubx64.efi 21 | \EFI\BOOT\grub.cfg 22 | 23 | for an installed system: 24 | \EFI\BOOT\BOOTX64.EFI <-- shim 25 | \EFI\BOOT\MokManager.efi 26 | \EFI\BOOT\fallback.efi 27 | \EFI\fedora\BOOT.CSV 28 | \EFI\fedora\shim.efi 29 | \EFI\fedora\MokManager.efi 30 | \EFI\fedora\grubx64.efi 31 | \EFI\fedora\grub.cfg 32 | 33 | When you boot removable media, it'll be in \EFI\BOOT , but fallback.efi 34 | won't be there, so it goes ahead and boots the normal bootloader 35 | (grubx64.efi). When you boot a normal system through a boot variable, 36 | the boot variable is configured to start \EFI\fedora\shim.efi (or 37 | whatever your distro's EFI directory is.) In that case it won't try to 38 | invoke fallback. But if the boot variables are missing or corrupted, 39 | the firmware will eventually try to boot the hard disk as removable 40 | media. In that case, it'll invoke \EFI\BOOT\BOOTX64.EFI (or whatever 41 | filename is right for your architecture.) In that case it'll be in 42 | \EFI\BOOT, so it'll check for fallback.efi , and it'll find it and run 43 | it. When it runs, fallback will look for every directory in \EFI\ with 44 | a BOOT${ARCH}.CSV in it, or BOOT.CSV if that's not found. It'll parse that, 45 | and create new boot variables from what it finds. Then it'll try to boot one 46 | of them. 47 | 48 | BOOT.CSV is a UCS-2 LE formatted CSV file. So it has the LE byte order 49 | marker, and after that it's just a series of lines, each having 50 | comma-separated date. It looks like this on Fedora: 51 | 52 | shim.efi,Fedora,,This is the boot entry for Fedora 53 | 54 | so basically it's: 55 | 56 | $FILENAME,$LABEL,$LOADER_DATA,$COMMENT0[,$COMMENT1[,...]] 57 | 58 | Where $FILENAME has to be the name of a file in the same directory as 59 | BOOT.CSV . 60 | 61 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # shim, a first-stage UEFI bootloader 2 | 3 | shim is a trivial EFI application that, when run, attempts to open and 4 | execute another application. It will initially attempt to do this via the 5 | standard EFI `LoadImage()` and `StartImage()` calls. If these fail (because Secure 6 | Boot is enabled and the binary is not signed with an appropriate key, for 7 | instance) it will then validate the binary against a built-in certificate. If 8 | this succeeds and if the binary or signing key are not forbidden then shim 9 | will relocate and execute the binary. 10 | 11 | shim will also install a protocol which permits the second-stage bootloader 12 | to perform similar binary validation. This protocol has a GUID as described 13 | in the shim.h header file and provides a single entry point. On 64-bit systems 14 | this entry point expects to be called with SysV ABI rather than MSABI, so calls 15 | to it should not be wrapped. 16 | 17 | On systems with a TPM chip enabled and supported by the system firmware, 18 | shim will extend various PCRs with the digests of the targets it is 19 | loading. A full list is in the file [README.tpm](README.tpm) . 20 | 21 | To use shim, simply place a DER-encoded public certificate in a file such as 22 | pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`. 23 | 24 | There are a couple of build options, and a couple of ways to customize the 25 | build, described in [BUILDING](BUILDING). 26 | 27 | See the [test plan](testplan.txt), and file a ticket if anything fails! 28 | 29 | In the event that the developers need to be contacted related to a security 30 | incident or vulnerability, please mail [secalert@redhat.com]. 31 | 32 | [secalert@redhat.com]: mailto:secalert@redhat.com 33 | -------------------------------------------------------------------------------- /README.tpm: -------------------------------------------------------------------------------- 1 | The following PCRs are extended by shim: 2 | 3 | PCR4: 4 | - the Authenticode hash of the binary being loaded will be extended into 5 | PCR4 before SB verification. 6 | - the hash of any binary for which Verify is called through the shim_lock 7 | protocol 8 | 9 | PCR7: 10 | - Any certificate in one of our certificate databases that matches a binary 11 | we try to load will be extended into PCR7. That includes: 12 | - DBX - the system denylist, logged as "dbx" 13 | - MokListX - the Mok denylist, logged as "MokListX" 14 | - vendor_dbx - shim's built-in vendor denylist, logged as "dbx" 15 | - DB - the system allowlist, logged as "db" 16 | - vendor_db - shim's built-in vendor allowlist, logged as "vendor_db" 17 | - MokListRT the runtime Mok allowlist, logged as "MokListRT" 18 | - vendor_cert - shim's built-in vendor allowlist, logged as "Shim" 19 | - shim_cert - shim's build-time generated allowlist, logged as "Shim" 20 | - MokSBState will be extended into PCR7 if it is set, logged as 21 | "MokSBState". 22 | - SBAT will be extended into PCR7 if it is set, logged as "SBAT" 23 | 24 | Note: In the past this document called out that vendor_db was logged as 25 | "db", when in fact the code didn't do that. Since changing the code 26 | risks breaking recorded logs, the documentation is update to reflect 27 | reality. vendor_dbx is in fact logged as "dbx". 28 | 29 | 30 | PCR8: 31 | - If you're using the grub2 TPM patchset we cary in Fedora, the kernel command 32 | line and all grub commands (including all of grub.cfg that gets run) are 33 | measured into PCR8. 34 | 35 | PCR9: 36 | - If you're using the grub2 TPM patchset we carry in Fedora, the kernel, 37 | initramfs, and any multiboot modules loaded are measured into PCR9. 38 | 39 | PCR14: 40 | - MokList, MokListX, and MokSBState will be extended into PCR14 if they are 41 | set. 42 | -------------------------------------------------------------------------------- /SbatLevel_Variable.txt: -------------------------------------------------------------------------------- 1 | This file is the single source for SbatLevel revocations the format 2 | follows the variable payload and should not have any leading or 3 | trailing whitespace on the same line. 4 | 5 | Short descriptions of the revocations as well as CVE assignments (when 6 | available) should be provided when an entry is added. 7 | 8 | On systems that run shim, shim will manage these revocations. Sytems 9 | that never run shim, primarily Windows, but this applies to any OS 10 | that supports UEFI Secure Boot under the UEFI CA without shim can 11 | apply SBAT based revocations by setting the following variable 12 | from code running in boot services context. 13 | 14 | Name: SbatLevel 15 | Attributes: (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) 16 | Namespace Guid: 605dab50-e046-4300-abb6-3dd810dd8b23 17 | 18 | Variable content: 19 | 20 | Initialized, no revocations: 21 | 22 | sbat,1,2021030218 23 | 24 | To Revoke GRUB2 binaries impacted by 25 | 26 | * CVE-2021-3695 27 | * CVE-2021-3696 28 | * CVE-2021-3697 29 | * CVE-2022-28733 30 | * CVE-2022-28734 31 | * CVE-2022-28735 32 | * CVE-2022-28736 33 | 34 | sbat,1,2022052400 35 | grub,2 36 | 37 | and shim binaries impacted by 38 | 39 | * CVE-2022-28737 40 | 41 | sbat,1,2022052400 42 | shim,2 43 | grub,2 44 | 45 | Shim delivered both versions of these revocations with 46 | the same 2022052400 date stamp, once as an opt-in latest 47 | revocation with shim,2 and then as an automatic revocation without 48 | shim,2 49 | 50 | 51 | To revoke GRUB2 grub binaries impacted by 52 | 53 | * CVE-2022-2601 54 | * CVE-2022-3775 55 | 56 | sbat,1,2022111500 57 | shim,2 58 | grub,3 59 | 60 | To revoke Debian's grub.3 which missed 61 | the patches: 62 | 63 | sbat,1,2023012900 64 | shim,2 65 | grub,3 66 | grub.debian,4 67 | 68 | 69 | An additonal bug was fixed in shim that was not considered exploitable, 70 | can be revoked by setting: 71 | 72 | sbat,1,2023012950 73 | shim,3 74 | grub,3 75 | grub.debian,4 76 | 77 | shim did not deliver this payload at the time 78 | 79 | 80 | To Revoke GRUB2 binaries impacted by: 81 | 82 | * CVE-2023-4692 83 | * CVE-2023-4693 84 | 85 | These CVEs are in the ntfs module and vendors that do and do not 86 | ship this module as part of their signed binary are split. 87 | 88 | sbat,1,2023091900 89 | shim,2 90 | grub,4 91 | 92 | Since not everyone has shipped updated GRUB packages, shim did not 93 | deliver this revocation at the time. 94 | 95 | To Revoke shim binaries impacted by: 96 | 97 | * CVE-2023-40547 98 | * CVE-2023-40546 99 | * CVE-2023-40548 100 | * CVE-2023-40549 101 | * CVE-2023-40550 102 | * CVE-2023-40551 103 | 104 | sbat,1,2024010900 105 | shim,4 106 | grub,3 107 | grub.debian,4 108 | 109 | 110 | Revocations for: 111 | - January 2024 shim CVEs 112 | - October 2023 grub CVEs 113 | - Debian/Ubuntu (peimage) CVE-2024-2312 114 | 115 | sbat,1,2024040900 116 | shim,4 117 | grub,4 118 | grub.peimage,2 119 | 120 | 121 | Revocations for: 122 | - February 2025 GRUB CVEs 123 | 124 | sbat,1,2025021800 125 | shim,4 126 | grub,5 127 | 128 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | - Versioned protocol: 2 | - Make shim and the bootloaders using it express how enlightened they 3 | are to one another, so we can stop earlier without tricks 4 | - Make EFI_LOADED_IMAGE_2 protocol and a LOAD_IMAGE protocol with 5 | LoadImage/CheckImage/StartImage. 6 | - Implement EFI_CERT_X509_SHA{256,384,512} revocation checks 7 | - It doesn't necessarily have to include timestamp checking support 8 | - Make the openssl code supply the Pkcs7Verify() API, and use the system 9 | one (instead) if it is available. 10 | - And make building it optional 11 | - Get meb30's multiple-certs patch merged 12 | - Hashing of option roms: 13 | - hash option roms and add them to MokListRT 14 | - probably belongs in MokManager 15 | - And some PCR? 16 | - Ability to specify second stage as a device path 17 | - including vendor path that means "parent of this image's path" 18 | - including vendor path that means "this image" 19 | - including path that's like Fv() to embed images. 20 | - Make all build options be able to be set in 'git config --local shim.OPTION' 21 | - Make the build dump those to stdout as well 22 | - make debuginfo paths configurable 23 | - make arch dependent names configurable 24 | - Make it easier to avoid CryptPem 25 | - Post process full path names out of __FILE__ / __BASE_FILE__ entries in 26 | the string table :/ 27 | - Reproducible builds: 28 | - Make build.log an artifact of building. 29 | - KEK for Mok. (koike expressed an interest in working on this.) 30 | - Reorder builds to take hashes of mm, fb and insert those in shim 31 | instead of ephemeral certs 32 | - Make an easy strip+implant tool for our embedded cert lists 33 | - Detection of fallback.efi boot loops 34 | - Some tablet devices seem to always boot the fallback path, ignoring 35 | boot variables, so we need to detect that. 36 | - fallback creates 2 variables, one volatile, one nonvolatile 37 | - if shim sees the nonvolatile variable but not the volatile one, it has 38 | been booted correctly after fallback has run, so it should remove the 39 | nonvolatile variable. 40 | - if fallback sees the nonvolatile variable, it is in a fallback boot 41 | loop, and should launch the next stage instead of rebooting. 42 | - This means the TPM extend chain on machines with broken BDS always 43 | looks like: shim -> fallback -> shim -> grub2 -> kernel, *except* on 44 | boots from removable media (i.e. install media without fallback), 45 | where it looks like shim -> grub2 -> kernel /once/. 46 | 47 | # vim:filetype=mail:tw=74 48 | -------------------------------------------------------------------------------- /cert.S: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #if defined(VENDOR_DB_FILE) && defined(VENDOR_CERT_FILE) 4 | # error both VENDOR_DB_FILE and VENDOR_CERT_FILE have been configured 5 | #elif defined(VENDOR_DB_FILE) 6 | # define vendor_authorized vendor_db 7 | # define vendor_authorized_end vendor_db_end 8 | # define vendor_authorized_size vendor_db_size 9 | # define vendor_authorized_size_end vendor_db_size_end 10 | #elif defined(VENDOR_CERT_FILE) 11 | # define vendor_authorized vendor_cert 12 | # define vendor_authorized_end vendor_cert_end 13 | # define vendor_authorized_size vendor_cert_size 14 | # define vendor_authorized_size_end vendor_cert_size_end 15 | #endif 16 | 17 | #if defined(VENDOR_DBX_FILE) 18 | # define vendor_deauthorized vendor_dbx 19 | # define vendor_deauthorized_end vendor_dbx_end 20 | # define vendor_deauthorized_size vendor_dbx_size 21 | # define vendor_deauthorized_size_end vendor_dbx_size_end 22 | #endif 23 | 24 | .globl cert_table 25 | .type cert_table, %object 26 | .size cert_table, .Lcert_table_end - cert_table 27 | .section .vendor_cert, "a", %progbits 28 | .balignl 4, 0 29 | cert_table: 30 | .4byte .Lvendor_authorized_end - vendor_authorized 31 | .4byte .Lvendor_deauthorized_end - vendor_deauthorized 32 | .4byte vendor_authorized - cert_table 33 | .4byte vendor_deauthorized - cert_table 34 | .balign 1, 0 35 | .type vendor_authorized, %object 36 | .size vendor_authorized, .Lvendor_authorized_end - vendor_authorized 37 | .section .vendor_cert, "a", %progbits 38 | vendor_authorized: 39 | #if defined(VENDOR_DB_FILE) 40 | .incbin VENDOR_DB_FILE 41 | #elif defined(VENDOR_CERT_FILE) 42 | .incbin VENDOR_CERT_FILE 43 | #endif 44 | .Lvendor_authorized_end: 45 | .balign 1, 0 46 | .type vendor_deauthorized, %object 47 | .size vendor_deauthorized, .Lvendor_deauthorized_end - vendor_deauthorized 48 | .section .vendor_cert, "a", %progbits 49 | vendor_deauthorized: 50 | #if defined(VENDOR_DBX_FILE) 51 | .incbin VENDOR_DBX_FILE 52 | #endif 53 | .Lvendor_deauthorized_end: 54 | .Lcert_table_end: 55 | .section .note.GNU-stack,"a" 56 | -------------------------------------------------------------------------------- /data/sbat.csv: -------------------------------------------------------------------------------- 1 | sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md 2 | shim,4,UEFI shim,shim,1,https://github.com/rhboot/shim 3 | -------------------------------------------------------------------------------- /dp.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * dp.c - device path helpers 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #include "shim.h" 8 | 9 | int 10 | is_removable_media_path(EFI_LOADED_IMAGE *li) 11 | { 12 | unsigned int pathlen = 0; 13 | CHAR16 *bootpath = NULL; 14 | int ret = 0; 15 | 16 | bootpath = DevicePathToStr(li->FilePath); 17 | 18 | /* Check the beginning of the string and the end, to avoid 19 | * caring about which arch this is. */ 20 | /* I really don't know why, but sometimes bootpath gives us 21 | * L"\\EFI\\BOOT\\/BOOTX64.EFI". So just handle that here... 22 | */ 23 | if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && 24 | StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15) && 25 | StrnCaseCmp(bootpath, L"EFI\\BOOT\\BOOT", 13) && 26 | StrnCaseCmp(bootpath, L"EFI\\BOOT\\/BOOT", 14)) 27 | goto error; 28 | 29 | pathlen = StrLen(bootpath); 30 | if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) 31 | goto error; 32 | 33 | ret = 1; 34 | 35 | error: 36 | if (bootpath) 37 | FreePool(bootpath); 38 | 39 | return ret; 40 | } 41 | 42 | 43 | // vim:fenc=utf-8:tw=75:noet 44 | -------------------------------------------------------------------------------- /elf_aarch64_efi.lds: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") 2 | OUTPUT_ARCH(aarch64) 3 | ENTRY(_start) 4 | SECTIONS 5 | { 6 | . = 0; 7 | ImageBase = .; 8 | .hash : { *(.hash) } /* this MUST come first! */ 9 | . = ALIGN(4096); 10 | .eh_frame : 11 | { 12 | *(.eh_frame) 13 | } 14 | . = ALIGN(4096); 15 | .text : 16 | { 17 | _text = .; 18 | *(.text) 19 | *(.text.*) 20 | *(.gnu.linkonce.t.*) 21 | _etext = .; 22 | } 23 | . = ALIGN(4096); 24 | .reloc : 25 | { 26 | *(.reloc) 27 | } 28 | . = ALIGN(4096); 29 | .note.gnu.build-id : { 30 | *(.note.gnu.build-id) 31 | } 32 | 33 | . = ALIGN(4096); 34 | .data.ident : { 35 | *(.data.ident) 36 | } 37 | . = ALIGN(4096); 38 | .sbatlevel : { 39 | *(.sbatlevel) 40 | } 41 | 42 | . = ALIGN(4096); 43 | .data : 44 | { 45 | _data = .; 46 | *(.rodata*) 47 | *(.got.plt) 48 | *(.got) 49 | *(.data*) 50 | *(.sdata) 51 | /* the EFI loader doesn't seem to like a .bss section, so we stick 52 | it all into .data: */ 53 | *(.sbss) 54 | *(.scommon) 55 | *(.dynbss) 56 | *(.bss) 57 | *(COMMON) 58 | *(.rel.local) 59 | } 60 | 61 | . = ALIGN(4096); 62 | .vendor_cert : 63 | { 64 | *(.vendor_cert) 65 | } 66 | . = ALIGN(4096); 67 | .dynamic : { *(.dynamic) } 68 | . = ALIGN(4096); 69 | .rela : 70 | { 71 | *(.rela.data*) 72 | *(.rela.got*) 73 | *(.rela.stab*) 74 | } 75 | _edata = .; 76 | _data_size = . - _data; 77 | . = ALIGN(4096); 78 | .sbat : 79 | { 80 | _sbat = .; 81 | *(.sbat) 82 | *(.sbat.*) 83 | } 84 | _esbat = .; 85 | _sbat_size = . - _sbat; 86 | 87 | . = ALIGN(4096); 88 | .dynsym : { *(.dynsym) } 89 | . = ALIGN(4096); 90 | .dynstr : { *(.dynstr) } 91 | . = ALIGN(4096); 92 | .ignored.reloc : 93 | { 94 | *(.rela.reloc) 95 | *(.eh_frame) 96 | *(.note.GNU-stack) 97 | } 98 | .comment 0 : { *(.comment) } 99 | .note.gnu.build-id : { *(.note.gnu.build-id) } 100 | } 101 | -------------------------------------------------------------------------------- /elf_arm_efi.lds: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | ENTRY(_start) 4 | SECTIONS 5 | { 6 | .text 0x0 : { 7 | _text = .; 8 | *(.text.head) 9 | *(.text) 10 | *(.text.*) 11 | *(.gnu.linkonce.t.*) 12 | _evtext = .; 13 | . = ALIGN(4096); 14 | } 15 | _etext = .; 16 | _text_size = . - _text; 17 | _text_vsize = _evtext - _text; 18 | 19 | . = ALIGN(4096); 20 | .data : 21 | { 22 | _data = .; 23 | *(.sdata) 24 | *(.data) 25 | *(.data1) 26 | *(.data.*) 27 | *(.got.plt) 28 | *(.got) 29 | 30 | *(.dynamic) 31 | 32 | /* the EFI loader doesn't seem to like a .bss section, so we stick 33 | it all into .data: */ 34 | . = ALIGN(16); 35 | _bss = .; 36 | *(.sbss) 37 | *(.scommon) 38 | *(.dynbss) 39 | *(.bss) 40 | *(COMMON) 41 | _evdata = .; 42 | . = ALIGN(4096); 43 | _bss_end = .; 44 | } 45 | _edata = .; 46 | _data_vsize = _evdata - _data; 47 | _data_size = . - _data; 48 | 49 | /* 50 | * Note that _sbat must be the beginning of the data, and _esbat must be the 51 | * end and must be before any section padding. The sbat self-check uses 52 | * _esbat to find the bounds of the data, and if the padding is included, the 53 | * CSV parser (correctly) rejects the data as having NUL values in one of the 54 | * required columns. 55 | */ 56 | . = ALIGN(4096); 57 | .sbat : 58 | { 59 | _sbat = .; 60 | *(.sbat) 61 | *(.sbat.*) 62 | _esbat = .; 63 | . = ALIGN(4096); 64 | _epsbat = .; 65 | } 66 | _sbat_size = _epsbat - _sbat; 67 | _sbat_vsize = _esbat - _sbat; 68 | 69 | . = ALIGN(4096); 70 | .rodata : 71 | { 72 | _rodata = .; 73 | *(.rodata*) 74 | *(.srodata) 75 | . = ALIGN(16); 76 | *(.note.gnu.build-id) 77 | . = ALIGN(4096); 78 | *(.vendor_cert) 79 | *(.data.ident) 80 | . = ALIGN(4096); 81 | } 82 | . = ALIGN(4096); 83 | .rela : 84 | { 85 | *(.rela.dyn) 86 | *(.rela.plt) 87 | *(.rela.got) 88 | *(.rela.data) 89 | *(.rela.data*) 90 | } 91 | . = ALIGN(4096); 92 | .dyn : 93 | { 94 | *(.dynsym) 95 | *(.dynstr) 96 | _evrodata = .; 97 | . = ALIGN(4096); 98 | } 99 | _erodata = .; 100 | _rodata_size = . - _rodata; 101 | _rodata_vsize = _evrodata - _rodata; 102 | _alldata_size = . - _data; 103 | 104 | /DISCARD/ : 105 | { 106 | *(.rel.reloc) 107 | *(.eh_frame) 108 | *(.note.GNU-stack) 109 | } 110 | .comment 0 : { *(.comment) } 111 | } 112 | -------------------------------------------------------------------------------- /elf_ia32_efi.lds: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386") 2 | OUTPUT_ARCH(i386) 3 | ENTRY(_start) 4 | SECTIONS 5 | { 6 | . = 0; 7 | ImageBase = .; 8 | .hash : { *(.hash) } /* this MUST come first! */ 9 | . = ALIGN(4096); 10 | .text : 11 | { 12 | _text = .; 13 | *(.text) 14 | *(.text.*) 15 | *(.gnu.linkonce.t.*) 16 | _etext = .; 17 | } 18 | . = ALIGN(4096); 19 | .reloc : 20 | { 21 | *(.reloc) 22 | } 23 | . = ALIGN(4096); 24 | .note.gnu.build-id : { 25 | *(.note.gnu.build-id) 26 | } 27 | . = ALIGN(4096); 28 | .data.ident : { 29 | *(.data.ident) 30 | } 31 | . = ALIGN(4096); 32 | .sbatlevel : { 33 | *(.sbatlevel) 34 | } 35 | 36 | . = ALIGN(4096); 37 | .data : 38 | { 39 | _data = .; 40 | *(.rodata*) 41 | *(.data) 42 | *(.data1) 43 | *(.data.*) 44 | *(.sdata) 45 | *(.got.plt) 46 | *(.got) 47 | /* the EFI loader doesn't seem to like a .bss section, so we stick 48 | it all into .data: */ 49 | *(.sbss) 50 | *(.scommon) 51 | *(.dynbss) 52 | *(.bss) 53 | *(COMMON) 54 | } 55 | 56 | . = ALIGN(4096); 57 | .vendor_cert : 58 | { 59 | *(.vendor_cert) 60 | } 61 | . = ALIGN(4096); 62 | .dynamic : { *(.dynamic) } 63 | . = ALIGN(4096); 64 | .rel : 65 | { 66 | *(.rel.data) 67 | *(.rel.data.*) 68 | *(.rel.got) 69 | *(.rel.stab) 70 | *(.data.rel.ro.local) 71 | *(.data.rel.local) 72 | *(.data.rel.ro) 73 | *(.data.rel*) 74 | } 75 | _edata = .; 76 | _data_size = . - _data; 77 | . = ALIGN(4096); 78 | .sbat : 79 | { 80 | _sbat = .; 81 | *(.sbat) 82 | *(.sbat.*) 83 | } 84 | _esbat = .; 85 | _sbat_size = . - _sbat; 86 | 87 | . = ALIGN(4096); 88 | .dynsym : { *(.dynsym) } 89 | . = ALIGN(4096); 90 | .dynstr : { *(.dynstr) } 91 | . = ALIGN(4096); 92 | /DISCARD/ : 93 | { 94 | *(.rel.reloc) 95 | *(.eh_frame) 96 | *(.note.GNU-stack) 97 | } 98 | .comment 0 : { *(.comment) } 99 | } 100 | -------------------------------------------------------------------------------- /elf_ia64_efi.lds: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf64-ia64-little") 2 | OUTPUT_ARCH(ia64) 3 | ENTRY(_start_plabel) 4 | SECTIONS 5 | { 6 | . = 0; 7 | ImageBase = .; 8 | .hash : { *(.hash) } /* this MUST come first! */ 9 | . = ALIGN(4096); 10 | .text : 11 | { 12 | _text = .; 13 | *(.text) 14 | *(.text.*) 15 | *(.gnu.linkonce.t.*) 16 | _etext = .; 17 | } 18 | . = ALIGN(4096); 19 | __gp = ALIGN (8) + 0x200000; 20 | .sdata : 21 | { 22 | _data = .; 23 | *(.got.plt) 24 | *(.got) 25 | *(.srodata) 26 | *(.sdata) 27 | *(.sbss) 28 | *(.scommon) 29 | } 30 | . = ALIGN(4096); 31 | .note.gnu.build-id : { 32 | *(.note.gnu.build-id) 33 | } 34 | .data.ident : { 35 | *(.data.ident) 36 | } 37 | . = ALIGN(4096); 38 | .sbatlevel : { 39 | *(.sbatlevel) 40 | } 41 | 42 | . = ALIGN(4096); 43 | .data : 44 | { 45 | *(.rodata*) 46 | *(.ctors) 47 | *(.data*) 48 | *(.gnu.linkonce.d*) 49 | *(.plabel) /* data whose relocs we want to ignore */ 50 | /* the EFI loader doesn't seem to like a .bss section, so we stick 51 | it all into .data: */ 52 | *(.dynbss) 53 | *(.bss) 54 | *(COMMON) 55 | } 56 | 57 | . = ALIGN(4096); 58 | .vendor_cert : 59 | { 60 | *(.vendor_cert) 61 | } 62 | . = ALIGN(4096); 63 | .dynamic : { *(.dynamic) } 64 | . = ALIGN(4096); 65 | .rela : 66 | { 67 | *(.rela.text) 68 | *(.rela.data*) 69 | *(.rela.sdata) 70 | *(.rela.got) 71 | *(.rela.gnu.linkonce.d*) 72 | *(.rela.stab) 73 | *(.rela.ctors) 74 | } 75 | _edata = .; 76 | _data_size = . - _data; 77 | . = ALIGN(4096); 78 | .sbat : 79 | { 80 | _sbat = .; 81 | *(.sbat) 82 | *(.sbat.*) 83 | } 84 | _esbat = .; 85 | _sbat_size = . - _sbat; 86 | 87 | . = ALIGN(4096); 88 | .reloc : /* This is the PECOFF .reloc section! */ 89 | { 90 | *(.reloc) 91 | } 92 | . = ALIGN(4096); 93 | .dynsym : { *(.dynsym) } 94 | . = ALIGN(4096); 95 | .dynstr : { *(.dynstr) } 96 | /DISCARD/ : 97 | { 98 | *(.rela.plabel) 99 | *(.rela.reloc) 100 | *(.IA_64.unwind*) 101 | *(.IA64.unwind*) 102 | } 103 | .note.gnu.build-id : { *(.note.gnu.build-id) } 104 | } 105 | -------------------------------------------------------------------------------- /elf_x86_64_efi.lds: -------------------------------------------------------------------------------- 1 | /* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ 2 | OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64") 3 | OUTPUT_ARCH(i386:x86-64) 4 | ENTRY(_start) 5 | SECTIONS 6 | { 7 | . = 0; 8 | ImageBase = .; 9 | .hash : { *(.hash) } /* this MUST come first! */ 10 | . = ALIGN(4096); 11 | .eh_frame : 12 | { 13 | *(.eh_frame) 14 | } 15 | . = ALIGN(4096); 16 | .text : 17 | { 18 | _text = .; 19 | *(.text) 20 | *(.text.*) 21 | *(.gnu.linkonce.t.*) 22 | _etext = .; 23 | } 24 | . = ALIGN(4096); 25 | .reloc : 26 | { 27 | *(.reloc) 28 | } 29 | . = ALIGN(4096); 30 | .note.gnu.build-id : { 31 | *(.note.gnu.build-id) 32 | } 33 | 34 | . = ALIGN(4096); 35 | .data.ident : { 36 | *(.data.ident) 37 | } 38 | . = ALIGN(4096); 39 | .sbatlevel : { 40 | *(.sbatlevel) 41 | } 42 | 43 | . = ALIGN(4096); 44 | .data : 45 | { 46 | _data = .; 47 | *(.rodata*) 48 | *(.got.plt) 49 | *(.got) 50 | *(.data*) 51 | *(.sdata) 52 | /* the EFI loader doesn't seem to like a .bss section, so we stick 53 | it all into .data: */ 54 | *(.sbss) 55 | *(.scommon) 56 | *(.dynbss) 57 | *(.bss) 58 | *(COMMON) 59 | *(.rel.local) 60 | } 61 | 62 | . = ALIGN(4096); 63 | .vendor_cert : 64 | { 65 | *(.vendor_cert) 66 | } 67 | . = ALIGN(4096); 68 | .dynamic : { *(.dynamic) } 69 | . = ALIGN(4096); 70 | .rela : 71 | { 72 | *(.rela.data*) 73 | *(.rela.got*) 74 | *(.rela.stab*) 75 | } 76 | _edata = .; 77 | _data_size = . - _data; 78 | . = ALIGN(4096); 79 | .sbat : 80 | { 81 | _sbat = .; 82 | *(.sbat) 83 | *(.sbat.*) 84 | } 85 | _esbat = .; 86 | _sbat_size = . - _sbat; 87 | 88 | . = ALIGN(4096); 89 | .dynsym : { *(.dynsym) } 90 | . = ALIGN(4096); 91 | .dynstr : { *(.dynstr) } 92 | . = ALIGN(4096); 93 | .ignored.reloc : 94 | { 95 | *(.rela.reloc) 96 | *(.eh_frame) 97 | *(.note.GNU-stack) 98 | } 99 | .comment 0 : { *(.comment) } 100 | .note.gnu.build-id : { *(.note.gnu.build-id) } 101 | } 102 | -------------------------------------------------------------------------------- /fuzz-csv.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * test-csv.c - test our csv parser 4 | */ 5 | 6 | #ifndef SHIM_UNIT_TEST 7 | #define SHIM_UNIT_TEST 8 | #endif 9 | #include "shim.h" 10 | 11 | #include 12 | 13 | int 14 | test_csv_simple_fuzz(char *random_bin, size_t random_bin_len) 15 | { 16 | list_t entry_list; 17 | size_t i; 18 | char *current, *end; 19 | list_t *pos = NULL; 20 | EFI_STATUS efi_status; 21 | 22 | INIT_LIST_HEAD(&entry_list); 23 | 24 | current = &random_bin[0]; 25 | current = current + 1 - 1; 26 | end = current + random_bin_len - 1; 27 | *end = '\0'; 28 | 29 | efi_status = parse_csv_data(current, end, 7, &entry_list); 30 | if (efi_status != EFI_SUCCESS) 31 | return 0; 32 | if (list_size(&entry_list) <= 1) 33 | goto fail; 34 | 35 | i = 0; 36 | list_for_each(pos, &entry_list) { 37 | struct csv_row *csv_row; 38 | 39 | csv_row = list_entry(pos, struct csv_row, list); 40 | i++; 41 | } 42 | 43 | free_csv_list(&entry_list); 44 | 45 | return 0; 46 | fail: 47 | free_csv_list(&entry_list); 48 | return -1; 49 | } 50 | 51 | int 52 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 53 | { 54 | int rc; 55 | uint8_t *data_copy; 56 | 57 | if (size < 1) 58 | return 0; 59 | 60 | data_copy = malloc(size); 61 | if (!data_copy) 62 | return -1; 63 | 64 | memcpy(data_copy, data, size); 65 | rc = test_csv_simple_fuzz((char *)data_copy, size); 66 | free(data_copy); 67 | 68 | return rc; // Values other than 0 and -1 are reserved for future use. 69 | } 70 | 71 | // vim:fenc=utf-8:tw=75:noet 72 | -------------------------------------------------------------------------------- /fuzz-pe-relocate.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * fuzz-pe-relocate.c - fuzz our PE relocation code. 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef SHIM_UNIT_TEST 8 | #define SHIM_UNIT_TEST 9 | #endif 10 | #include "shim.h" 11 | 12 | UINT8 mok_policy = 0; 13 | 14 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 15 | { 16 | uint8_t *data_copy; 17 | EFI_STATUS status = 0; 18 | size_t n = 0; 19 | PE_COFF_LOADER_IMAGE_CONTEXT context = { 0, }; 20 | 21 | if (size < 1) 22 | return 0; 23 | 24 | data_copy = malloc(size+1); 25 | if (!data_copy) 26 | return -1; 27 | 28 | memcpy(data_copy, data, size); 29 | data_copy[size] = 0; 30 | 31 | status = read_header(data_copy, size, &context, true); 32 | 33 | free(data_copy); 34 | 35 | return 0; 36 | } 37 | 38 | // vim:fenc=utf-8:tw=75:noet 39 | -------------------------------------------------------------------------------- /fuzz-sbat.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * fuzz-sbat-section.c - fuzz our .sbat parsing code 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef SHIM_UNIT_TEST 8 | #define SHIM_UNIT_TEST 9 | #endif 10 | #include "shim.h" 11 | 12 | #include 13 | 14 | list_t sbat_var; 15 | 16 | BOOLEAN 17 | secure_mode() { 18 | return 1; 19 | } 20 | 21 | int 22 | LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 23 | { 24 | uint8_t *data_copy; 25 | EFI_STATUS status = 0; 26 | size_t n = 0; 27 | struct sbat_section_entry **entries = NULL; 28 | 29 | if (size < 1) 30 | return 0; 31 | 32 | data_copy = malloc(size+1); 33 | if (!data_copy) 34 | return -1; 35 | 36 | memcpy(data_copy, data, size); 37 | data_copy[size] = 0; 38 | status = parse_sbat_section(data_copy, size, &n, &entries); 39 | cleanup_sbat_section_entries(n, entries); 40 | 41 | free(data_copy); 42 | 43 | return 0; 44 | } 45 | 46 | // vim:fenc=utf-8:tw=75:noet 47 | -------------------------------------------------------------------------------- /globals.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * globals.c - global shim state 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #include "shim.h" 8 | 9 | UINT32 vendor_authorized_size = 0; 10 | UINT8 *vendor_authorized = NULL; 11 | 12 | UINT32 vendor_deauthorized_size = 0; 13 | UINT8 *vendor_deauthorized = NULL; 14 | 15 | UINT32 user_cert_size; 16 | UINT8 *user_cert; 17 | 18 | #if defined(ENABLE_SHIM_CERT) 19 | UINT32 build_cert_size; 20 | UINT8 *build_cert; 21 | #endif /* defined(ENABLE_SHIM_CERT) */ 22 | 23 | /* 24 | * indicator of how an image has been verified 25 | */ 26 | verification_method_t verification_method; 27 | 28 | SHIM_IMAGE_LOADER shim_image_loader_interface; 29 | 30 | UINT8 user_insecure_mode; 31 | UINTN hsi_status = 0; 32 | UINT8 ignore_db; 33 | UINT8 trust_mok_list; 34 | UINT8 mok_policy = 0; 35 | 36 | UINT32 verbose = 0; 37 | 38 | EFI_PHYSICAL_ADDRESS mok_config_table = 0; 39 | UINTN mok_config_table_pages = 0; 40 | 41 | // vim:fenc=utf-8:tw=75:noet 42 | -------------------------------------------------------------------------------- /include/asm.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_ASM_H_ 4 | #define SHIM_ASM_H_ 5 | 6 | #define __stringify_1(x...) #x 7 | #define __stringify(x...) __stringify_1(x) 8 | 9 | static inline uint64_t read_counter(void) 10 | { 11 | uint64_t val; 12 | #if defined (__x86_64__) 13 | unsigned long low, high; 14 | __asm__ __volatile__("rdtsc" : "=a" (low), "=d" (high)); 15 | val = (low) | (high) << 32; 16 | #elif defined(__i386__) || defined(__i686__) 17 | __asm__ __volatile__("rdtsc" : "=A" (val)); 18 | #elif defined(__aarch64__) 19 | __asm__ __volatile__ ("mrs %0, pmccntr_el0" : "=r" (val)); 20 | #elif defined(__arm__) 21 | __asm__ __volatile__ ("mrc p15, 0, %0, c9, c13, 0" : "=r" (val)); 22 | #else 23 | #error unsupported arch 24 | #endif 25 | return val; 26 | } 27 | 28 | #if defined(__x86_64__) || defined(__i386__) || defined(__i686__) 29 | static inline void wait_for_debug(void) 30 | { 31 | __asm__ __volatile__("pause"); 32 | } 33 | #elif defined(__aarch64__) 34 | static inline void wait_for_debug(void) 35 | { 36 | __asm__ __volatile__("wfi"); 37 | } 38 | #else 39 | static inline void wait_for_debug(void) 40 | { 41 | uint64_t a, b; 42 | int x; 43 | extern void usleep(unsigned long usecs); 44 | 45 | a = read_counter(); 46 | for (x = 0; x < 1000; x++) { 47 | usleep(1000); 48 | b = read_counter(); 49 | if (a != b) 50 | break; 51 | } 52 | } 53 | #endif 54 | 55 | #endif /* !SHIM_ASM_H_ */ 56 | // vim:fenc=utf-8:tw=75:et 57 | -------------------------------------------------------------------------------- /include/cc.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_CC_H 4 | #define SHIM_CC_H 5 | 6 | typedef struct { 7 | uint8_t Major; 8 | uint8_t Minor; 9 | } EFI_CC_VERSION; 10 | 11 | #define EFI_CC_TYPE_NONE 0 12 | #define EFI_CC_TYPE_SEV 1 13 | #define EFI_CC_TYPE_TDX 2 14 | 15 | typedef struct { 16 | uint8_t Type; 17 | uint8_t SubType; 18 | } EFI_CC_TYPE; 19 | 20 | typedef uint32_t EFI_CC_EVENT_LOG_BITMAP; 21 | typedef uint32_t EFI_CC_EVENT_LOG_FORMAT; 22 | typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP; 23 | typedef uint32_t EFI_CC_MR_INDEX; 24 | 25 | #define TDX_MR_INDEX_MRTD 0 26 | #define TDX_MR_INDEX_RTMR0 1 27 | #define TDX_MR_INDEX_RTMR1 2 28 | #define TDX_MR_INDEX_RTMR2 3 29 | #define TDX_MR_INDEX_RTMR3 4 30 | 31 | #define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002 32 | #define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 33 | #define EFI_CC_EVENT_HEADER_VERSION 1 34 | 35 | typedef struct tdEFI_CC_EVENT_HEADER { 36 | uint32_t HeaderSize; 37 | uint16_t HeaderVersion; 38 | EFI_CC_MR_INDEX MrIndex; 39 | uint32_t EventType; 40 | } __attribute__((packed)) EFI_CC_EVENT_HEADER; 41 | 42 | typedef struct tdEFI_CC_EVENT { 43 | uint32_t Size; 44 | EFI_CC_EVENT_HEADER Header; 45 | uint8_t Event[1]; 46 | } __attribute__((packed)) EFI_CC_EVENT; 47 | 48 | typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY { 49 | uint8_t Size; 50 | EFI_CC_VERSION StructureVersion; 51 | EFI_CC_VERSION ProtocolVersion; 52 | EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; 53 | EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs; 54 | EFI_CC_TYPE CcType; 55 | } EFI_CC_BOOT_SERVICE_CAPABILITY; 56 | 57 | struct efi_cc_protocol 58 | { 59 | EFI_STATUS (EFIAPI *get_capability) ( 60 | struct efi_cc_protocol *this, 61 | EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability); 62 | EFI_STATUS (EFIAPI *get_event_log) ( 63 | struct efi_cc_protocol *this, 64 | EFI_CC_EVENT_LOG_FORMAT EventLogFormat, 65 | EFI_PHYSICAL_ADDRESS *EventLogLocation, 66 | EFI_PHYSICAL_ADDRESS *EventLogLastEntry, 67 | BOOLEAN *EventLogTruncated); 68 | EFI_STATUS (EFIAPI *hash_log_extend_event) ( 69 | struct efi_cc_protocol *this, 70 | uint64_t Flags, 71 | EFI_PHYSICAL_ADDRESS DataToHash, 72 | uint64_t DataToHashLen, 73 | EFI_CC_EVENT *EfiCcEvent); 74 | EFI_STATUS (EFIAPI *map_pcr_to_mr_index) ( 75 | struct efi_cc_protocol *this, 76 | uint32_t PcrIndex, 77 | EFI_CC_MR_INDEX *MrIndex); 78 | }; 79 | 80 | typedef struct efi_cc_protocol efi_cc_protocol_t; 81 | 82 | #define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010 83 | 84 | #endif /* SHIM_CC_H */ 85 | // vim:fenc=utf-8:tw=75 86 | -------------------------------------------------------------------------------- /include/configtable.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_CONFIGTABLE_H 4 | #define SHIM_CONFIGTABLE_H 5 | 6 | /* definitions straight from TianoCore */ 7 | 8 | typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; 9 | 10 | #define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 11 | #define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 12 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 13 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 14 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 15 | #define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 16 | #define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 17 | #define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 18 | 19 | typedef struct { 20 | /// 21 | /// Describes the action taken by the firmware regarding this image. 22 | /// 23 | EFI_IMAGE_EXECUTION_ACTION Action; 24 | /// 25 | /// Size of all of the entire structure. 26 | /// 27 | UINT32 InfoSize; 28 | /// 29 | /// If this image was a UEFI device driver (for option ROM, for example) this is the 30 | /// null-terminated, user-friendly name for the device. If the image was for an application, 31 | /// then this is the name of the application. If this cannot be determined, then a simple 32 | /// NULL character should be put in this position. 33 | /// CHAR16 Name[]; 34 | /// 35 | 36 | /// 37 | /// For device drivers, this is the device path of the device for which this device driver 38 | /// was intended. In some cases, the driver itself may be stored as part of the system 39 | /// firmware, but this field should record the device's path, not the firmware path. For 40 | /// applications, this is the device path of the application. If this cannot be determined, 41 | /// a simple end-of-path device node should be put in this position. 42 | /// EFI_DEVICE_PATH_PROTOCOL DevicePath; 43 | /// 44 | 45 | /// 46 | /// Zero or more image signatures. If the image contained no signatures, 47 | /// then this field is empty. 48 | /// 49 | ///EFI_SIGNATURE_LIST Signature; 50 | UINT8 Data[]; 51 | } EFI_IMAGE_EXECUTION_INFO; 52 | 53 | typedef struct { 54 | /// 55 | /// Number of EFI_IMAGE_EXECUTION_INFO structures. 56 | /// 57 | UINTN NumberOfImages; 58 | /// 59 | /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. 60 | /// 61 | EFI_IMAGE_EXECUTION_INFO InformationInfo[]; 62 | } EFI_IMAGE_EXECUTION_INFO_TABLE; 63 | 64 | void * 65 | configtable_get_table(EFI_GUID *guid); 66 | EFI_IMAGE_EXECUTION_INFO_TABLE * 67 | configtable_get_image_table(void); 68 | EFI_IMAGE_EXECUTION_INFO * 69 | configtable_find_image(const EFI_DEVICE_PATH *DevicePath); 70 | int 71 | configtable_image_is_forbidden(const EFI_DEVICE_PATH *DevicePath); 72 | 73 | #endif /* SHIM_CONFIGTABLE_H */ 74 | -------------------------------------------------------------------------------- /include/coverity.mk: -------------------------------------------------------------------------------- 1 | COV_EMAIL=$(call get-config,coverity.email) 2 | COV_TOKEN=$(call get-config,coverity.token) 3 | COV_URL=$(call get-config,coverity.url) 4 | COV_FILE=$(NAME)-coverity-$(VERSION)-$(COMMIT_ID).tar.bz2 5 | 6 | include $(TOPDIR)/Make.rules 7 | 8 | define prop 9 | $(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") 10 | endef 11 | 12 | PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR CC COMPILER CROSS_COMPILE 13 | 14 | MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) 15 | 16 | cov-clean : 17 | @rm -vf $(NAME)-coverity-*.tar.* 18 | @if [ -d cov-int ]; then rm -rf cov-int && echo "removed 'cov-int'"; fi 19 | 20 | cov-file : | $(COV_FILE) 21 | 22 | $(COV_FILE) : | cov-int 23 | tar caf $@ cov-int 24 | 25 | cov-upload : | cov-file 26 | @if [ -n "$(COV_URL)" ] && \ 27 | [ -n "$(COV_TOKEN)" ] && \ 28 | [ -n "$(COV_EMAIL)" ] ; \ 29 | then \ 30 | echo curl --form token=$(COV_TOKEN) --form email="$(COV_EMAIL)" --form file=@"$(COV_FILE)" --form version=$(VERSION).1 --form description="$(COMMIT_ID)" "$(COV_URL)" ; \ 31 | curl --form token=$(COV_TOKEN) --form email="$(COV_EMAIL)" --form file=@"$(COV_FILE)" --form version=$(VERSION).1 --form description="$(COMMIT_ID)" "$(COV_URL)" ; \ 32 | else \ 33 | echo Coverity output is in $(COV_FILE) ; \ 34 | fi 35 | 36 | cov-build-unchecked-cryptlib : | clean-cryptlib-objs 37 | cov-build-unchecked-cryptlib : Cryptlib/libcryptlib.a 38 | 39 | cov-build-unchecked-openssl : | clean-openssl-objs 40 | cov-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a 41 | 42 | cov-build-all : CCACHE_DISABLE=1 43 | cov-build-all : | clean clean-shim-objs clean-cryptlib-objs clean-openssl-objs 44 | +cov-build --dir cov-int $(MAKE) $(MAKEARGS) CCACHE_DISABLE=1 all 45 | 46 | coverity-no-openssl : | cov-test 47 | coverity-no-openssl : clean-shim-objs clean-cryptlib-objs cov-build-unchecked-openssl cov-build-all cov-file cov-upload 48 | 49 | coverity-no-cryptlib : | cov-test 50 | coverity-no-cryptlib : clean-shim-objs cov-build-unchecked-openssl cov-build-unchecked-cryptlib cov-build-all cov-file cov-upload 51 | 52 | coverity : | cov-test 53 | coverity : coverity-no-openssl cov-file cov-upload 54 | 55 | coverity-all : | cov-test 56 | coverity-all : clean cov-build-all cov-file cov-upload 57 | 58 | clean : | cov-clean 59 | 60 | COV_BUILD ?= $(shell x=$$(which --skip-alias --skip-functions cov-build 2>/dev/null) ; [ -n "$$x" ] && echo "$$x") 61 | 62 | cov-test : ; $(if $(findstring /,$(COV_BUILD)),,$(error cov-build not found)) 63 | 64 | .PHONY : coverity cov-upload cov-clean cov-file cov-test 65 | -------------------------------------------------------------------------------- /include/crypt_blowfish.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * The crypt_blowfish homepage is: 4 | * 5 | * http://www.openwall.com/crypt/ 6 | * 7 | * This code comes from John the Ripper password cracker, with reentrant 8 | * and crypt(3) interfaces added, but optimizations specific to password 9 | * cracking removed. 10 | * 11 | * Written by Solar Designer in 2000-2011. 12 | * No copyright is claimed, and the software is hereby placed in the public 13 | * domain. In case this attempt to disclaim copyright and place the software 14 | * in the public domain is deemed null and void, then the software is 15 | * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the 16 | * general public under the following terms: 17 | * 18 | * Redistribution and use in source and binary forms, with or without 19 | * modification, are permitted. 20 | * 21 | * There's ABSOLUTELY NO WARRANTY, express or implied. 22 | * 23 | * See crypt_blowfish.c for more information. 24 | */ 25 | 26 | #ifndef SHIM_CRYPT_BLOWFISH_H 27 | #define SHIM_CRYPT_BLOWFISH_H 28 | 29 | char *crypt_blowfish_rn(const char *key, const char *setting, 30 | char *output, int size); 31 | 32 | #endif /* SHIM_CRYPT_BLOWFISH_H */ 33 | -------------------------------------------------------------------------------- /include/dp.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * dp.h - device path helper functions 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef DP_H_ 8 | #define DP_H_ 9 | 10 | int 11 | is_removable_media_path(EFI_LOADED_IMAGE *li); 12 | 13 | #endif /* !DP_H_ */ 14 | // vim:fenc=utf-8:tw=75:noet 15 | -------------------------------------------------------------------------------- /include/endian.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * endian.h - bswap decls that can't go in compiler.h 4 | * Copyright Peter Jones 5 | */ 6 | #ifdef SHIM_UNIT_TEST 7 | #include_next 8 | #endif 9 | #ifndef SHIM_ENDIAN_H_ 10 | #define SHIM_ENDIAN_H_ 11 | 12 | #include 13 | 14 | #include "system/builtins_begin_.h" 15 | mkbi1_(uint16_t, bswap16, uint16_t, x) 16 | mkbi1_(uint32_t, bswap32, uint32_t, x) 17 | mkbi1_(uint64_t, bswap64, uint64_t, x) 18 | #include "system/builtins_end_.h" 19 | 20 | #endif /* !SHIM_ENDIAN_H_ */ 21 | // vim:fenc=utf-8:tw=75:noet 22 | -------------------------------------------------------------------------------- /include/errlog.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * errlog.h - error logging utilities 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef ERRLOG_H_ 8 | #define ERRLOG_H_ 9 | 10 | extern EFI_STATUS EFIAPI LogError_(const char *file, int line, const char *func, 11 | const CHAR16 *fmt, ...); 12 | extern EFI_STATUS EFIAPI VLogError(const char *file, int line, const char *func, 13 | const CHAR16 *fmt, ms_va_list args); 14 | extern VOID LogHexdump_(const char *file, int line, const char *func, 15 | const void *data, size_t sz); 16 | extern VOID PrintErrors(VOID); 17 | extern VOID ClearErrors(VOID); 18 | extern void save_logs(void); 19 | extern UINTN EFIAPI log_debug_print(const CHAR16 *fmt, ...); 20 | 21 | #endif /* !ERRLOG_H_ */ 22 | // vim:fenc=utf-8:tw=75:noet 23 | -------------------------------------------------------------------------------- /include/errors.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_ERRORS_H 4 | #define SHIM_ERRORS_H 5 | 6 | #ifndef EFI_INCOMPATIBLE_VERSION 7 | #define EFI_INCOMPATIBLE_VERSION EFIERR(25) 8 | #endif 9 | #ifndef EFI_SECURITY_VIOLATION 10 | #define EFI_SECURITY_VIOLATION EFIERR(26) 11 | #endif 12 | #ifndef EFI_HTTP_ERROR 13 | #define EFI_HTTP_ERROR EFIERR(35) 14 | #endif 15 | 16 | #endif /* SHIM_ERRORS_H */ 17 | -------------------------------------------------------------------------------- /include/execute.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_LIB_EXECUTE_H 4 | #define SHIM_LIB_EXECUTE_H 5 | 6 | EFI_STATUS 7 | generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, 8 | EFI_DEVICE_PATH **path, CHAR16 **PathName); 9 | EFI_STATUS 10 | execute(EFI_HANDLE image, CHAR16 *name); 11 | 12 | #endif /* SHIM_LIB_EXECUTE_H */ 13 | -------------------------------------------------------------------------------- /include/fanalyzer.mk: -------------------------------------------------------------------------------- 1 | GCC_BINARY ?= $(shell x=$$(which --skip-alias --skip-functions gcc 2>/dev/null) ; [ -n "$$x" ] && echo "$$x") 2 | 3 | fanalyzer-test : ; $(if $(findstring /,$(GCC_BINARY)),,$(error gcc not found)) 4 | 5 | define prop 6 | $(if $(findstring undefined,$(origin $(1))),,$(eval export $(1))) 7 | endef 8 | 9 | PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR CC COMPILER CROSS_COMPILE DASHJ 10 | 11 | MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) 12 | 13 | fanalyzer : | fanalyzer-test 14 | fanalyzer : fanalyzer-no-openssl 15 | 16 | fanalyzer-build-unchecked-cryptlib : Cryptlib/libcryptlib.a 17 | 18 | fanalyzer-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a 19 | 20 | fanalyzer-build-all : COMPILER=gcc 21 | fanalyzer-build-all : CCACHE_DISABLE=1 22 | fanalyzer-build-all : FEATUREFLAGS+=-fanalyzer 23 | fanalyzer-build-all : WERRFLAGS=-Werror=analyzer-null-dereference 24 | fanalyzer-build-all : IGNORE_COMPILER_ERRORS= || : 25 | fanalyzer-build-all : all 26 | 27 | fanalyzer-no-openssl : | fanalyzer-test 28 | fanalyzer-no-openssl : clean-shim-objs clean-cryptlib-objs fanalyzer-build-unchecked-openssl fanalyzer-build-all 29 | 30 | fanalyzer-no-cryptlib : | fanalyzer-test 31 | fanalyzer-no-cryptlib : clean-shim-objs fanalyzer-build-unchecked-openssl fanalyzer-build-unchecked-cryptlib fanalyzer-build-all 32 | 33 | fanalyzer-all : | fanalyzer-test 34 | fanalyzer-all : clean fanalyzer-build-all 35 | 36 | .PHONY : fanalyzer fanalyzer-build fanalyzer-all fanalyzer-build-all fanalyzer-clean 37 | -------------------------------------------------------------------------------- /include/fuzz.mk: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: BSD-2-Clause-Patent 2 | # 3 | # fuzz.mk - makefile to fuzz local test programs 4 | # 5 | 6 | .SUFFIXES: 7 | 8 | include Make.defaults 9 | 10 | CC = clang 11 | VALGRIND ?= 12 | DEBUG_PRINTS ?= 0 13 | OPTIMIZATIONS ?= -Og -ggdb 14 | FUZZ_ARGS ?= 15 | CFLAGS = $(OPTIMIZATIONS) -std=gnu11 \ 16 | -isystem $(TOPDIR)/include/system \ 17 | $(EFI_INCLUDES) \ 18 | -Iinclude -iquote . \ 19 | -isystem /usr/include \ 20 | -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \ 21 | $(ARCH_CFLAGS) \ 22 | -fsanitize=fuzzer,address \ 23 | -fshort-wchar \ 24 | -fno-builtin \ 25 | -rdynamic \ 26 | -fno-inline \ 27 | -fno-eliminate-unused-debug-types \ 28 | -fno-eliminate-unused-debug-symbols \ 29 | -gpubnames \ 30 | -grecord-gcc-switches \ 31 | $(if $(findstring clang,$(CC)),-Wno-unknown-warning-option) \ 32 | $(DEFAULT_WARNFLAGS) \ 33 | -Wsign-compare \ 34 | -Wno-deprecated-declarations \ 35 | $(if $(findstring gcc,$(CC)),-Wno-unused-but-set-variable) \ 36 | -Wno-unused-but-set-variable \ 37 | -Wno-unused-variable \ 38 | -Wno-pointer-sign \ 39 | $(DEFAULT_WERRFLAGS) \ 40 | -Werror=nonnull \ 41 | $(shell $(CC) -Werror=nonnull-compare -E -x c /dev/null >/dev/null 2>&1 && echo -Werror=nonnull-compare) \ 42 | $(ARCH_DEFINES) \ 43 | -DEFI_FUNCTION_WRAPPER \ 44 | -DGNU_EFI_USE_MS_ABI -DPAGE_SIZE=4096 \ 45 | -DSHIM_UNIT_TEST \ 46 | -DSHIM_ENABLE_LIBFUZZER \ 47 | "-DDEFAULT_DEBUG_PRINT_STATE=$(DEBUG_PRINTS)" 48 | 49 | # On some systems (e.g. Arch Linux), limits.h is in the "include-fixed" instead 50 | # of the "include" directory 51 | CFLAGS += -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include-fixed) 52 | 53 | # And on Debian also check the multi-arch include path 54 | CFLAGS += -isystem /usr/include/$(shell $(CC) $(ARCH_CFLAGS) -print-multiarch) 55 | 56 | libefi-test.a : 57 | $(MAKE) -C gnu-efi \ 58 | COMPILER="$(COMPILER)" \ 59 | CC="$(CC)" \ 60 | ARCH=$(ARCH_GNUEFI) \ 61 | TOPDIR=$(TOPDIR)/gnu-efi \ 62 | -f $(TOPDIR)/gnu-efi/Makefile \ 63 | clean lib 64 | mv gnu-efi/$(ARCH)/lib/libefi.a $@ 65 | $(MAKE) -C gnu-efi \ 66 | COMPILER="$(COMPILER)" \ 67 | ARCH=$(ARCH_GNUEFI) \ 68 | TOPDIR=$(TOPDIR)/gnu-efi \ 69 | -f $(TOPDIR)/gnu-efi/Makefile \ 70 | clean 71 | 72 | fuzz-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c 73 | fuzz-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID 74 | 75 | fuzzers := $(patsubst %.c,%,$(wildcard fuzz-*.c)) 76 | 77 | $(fuzzers) :: fuzz-% : | libefi-test.a 78 | 79 | $(fuzzers) :: fuzz-% : test.c fuzz-%.c $(fuzz-%_FILES) 80 | $(CC) $(CFLAGS) -o $@ $(sort $^ $(wildcard $*.c) $(fuzz-$*_FILES)) libefi-test.a -lefivar 81 | $(VALGRIND) ./$@ -max_len=4096 -jobs=24 $(FUZZ_ARGS) 82 | 83 | fuzz : $(fuzzers) 84 | $(MAKE) -f include/fuzz.mk fuzz-clean 85 | 86 | fuzz-clean : 87 | @rm -vf random.bin libefi-test.a 88 | @rm -vf vgcore.* fuzz*.log 89 | 90 | clean : fuzz-clean 91 | 92 | all : fuzz-clean fuzz 93 | 94 | .PHONY: $(fuzzers) all fuzz clean 95 | .SECONDARY: random.bin 96 | 97 | # vim:ft=make 98 | -------------------------------------------------------------------------------- /include/guid.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_GUID_H 4 | #define SHIM_GUID_H 5 | 6 | #define LGUID_FMT L"%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx" 7 | #define GUID_FMT "%08x-%04hx-%04hx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx" 8 | 9 | #define GUID_ARGS(guid) \ 10 | ((EFI_GUID)guid).Data1, ((EFI_GUID)guid).Data2, ((EFI_GUID)guid).Data3, \ 11 | ((EFI_GUID)guid).Data4[1], ((EFI_GUID)guid).Data4[0], \ 12 | ((EFI_GUID)guid).Data4[2], ((EFI_GUID)guid).Data4[3], \ 13 | ((EFI_GUID)guid).Data4[4], ((EFI_GUID)guid).Data4[5], \ 14 | ((EFI_GUID)guid).Data4[6], ((EFI_GUID)guid).Data4[7] 15 | 16 | extern EFI_GUID BDS_GUID; 17 | extern EFI_GUID GV_GUID; 18 | extern EFI_GUID SIG_DB; 19 | extern EFI_GUID X509_GUID; 20 | extern EFI_GUID RSA2048_GUID; 21 | extern EFI_GUID PKCS7_GUID; 22 | extern EFI_GUID IMAGE_PROTOCOL; 23 | extern EFI_GUID EFI_FILE_INFO_GUID; 24 | extern EFI_GUID EFI_FILE_SYSTEM_INFO_GUID; 25 | extern EFI_GUID EFI_CERT_RSA2048_GUID; 26 | extern EFI_GUID EFI_CERT_SHA1_GUID; 27 | extern EFI_GUID EFI_CERT_SHA256_GUID; 28 | extern EFI_GUID EFI_CERT_SHA224_GUID; 29 | extern EFI_GUID EFI_CERT_SHA384_GUID; 30 | extern EFI_GUID EFI_CERT_SHA512_GUID; 31 | extern EFI_GUID EFI_CERT_TYPE_PKCS7_GUID; 32 | extern EFI_GUID EFI_CERT_TYPE_RSA2048_SHA256_GUID; 33 | extern EFI_GUID EFI_CERT_TYPE_X509_GUID; 34 | extern EFI_GUID EFI_CONSOLE_CONTROL_GUID; 35 | extern EFI_GUID EFI_HTTP_BINDING_GUID; 36 | extern EFI_GUID EFI_HTTP_PROTOCOL_GUID; 37 | extern EFI_GUID EFI_IP4_CONFIG2_GUID; 38 | extern EFI_GUID EFI_IP6_CONFIG_GUID; 39 | extern EFI_GUID EFI_LOADED_IMAGE_GUID; 40 | extern EFI_GUID EFI_TPM_GUID; 41 | extern EFI_GUID EFI_TPM2_GUID; 42 | extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID; 43 | extern EFI_GUID EFI_SECURE_BOOT_DB_GUID; 44 | extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID; 45 | extern EFI_GUID SECURITY_PROTOCOL_GUID; 46 | extern EFI_GUID SECURITY2_PROTOCOL_GUID; 47 | extern EFI_GUID EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; 48 | extern EFI_GUID SHIM_LOCK_GUID; 49 | extern EFI_GUID SHIM_IMAGE_LOADER_GUID; 50 | extern EFI_GUID SHIM_LOADED_IMAGE_GUID; 51 | extern EFI_GUID MOK_VARIABLE_STORE; 52 | extern EFI_GUID SECUREBOOT_EFI_NAMESPACE_GUID; 53 | 54 | #endif /* SHIM_GUID_H */ 55 | -------------------------------------------------------------------------------- /include/httpboot.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * Copyright 2015 SUSE LINUX GmbH 4 | * 5 | * Significant portions of this code are derived from Tianocore 6 | * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel 7 | * Corporation. 8 | */ 9 | 10 | #ifndef SHIM_HTTPBOOT_H 11 | #define SHIM_HTTPBOOT_H 12 | 13 | extern BOOLEAN find_httpboot(EFI_HANDLE device); 14 | extern EFI_STATUS httpboot_fetch_buffer(EFI_HANDLE image, VOID **buffer, 15 | UINT64 *buf_size, CHAR8 *name); 16 | 17 | #endif /* SHIM_HTTPBOOT_H */ 18 | -------------------------------------------------------------------------------- /include/list.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * list.h - simple list primitives 4 | */ 5 | 6 | #ifndef LIST_H_ 7 | #define LIST_H_ 8 | 9 | #define container_of(ptr, type, member) \ 10 | ({ \ 11 | void *__mptr = (void *)(ptr); \ 12 | ((type *)(__mptr - offsetof(type, member))); \ 13 | }) 14 | 15 | struct list_head { 16 | struct list_head *next; 17 | struct list_head *prev; 18 | }; 19 | 20 | typedef struct list_head list_t; 21 | 22 | #define LIST_HEAD_INIT(name) \ 23 | { \ 24 | .next = &(name), .prev = &(name) \ 25 | } 26 | 27 | #define LIST_HEAD(name) struct list_head name = LIST_HEAD_INIT(name) 28 | 29 | #define INIT_LIST_HEAD(ptr) \ 30 | ({ \ 31 | (ptr)->next = (ptr); \ 32 | (ptr)->prev = (ptr); \ 33 | }) 34 | 35 | static inline int 36 | list_empty(const struct list_head *head) 37 | { 38 | return head->next == head; 39 | } 40 | 41 | static inline void 42 | __list_add(struct list_head *new, struct list_head *prev, 43 | struct list_head *next) 44 | { 45 | next->prev = new; 46 | new->next = next; 47 | new->prev = prev; 48 | prev->next = new; 49 | } 50 | 51 | static inline void 52 | list_add(struct list_head *new, struct list_head *head) 53 | { 54 | __list_add(new, head, head->next); 55 | } 56 | 57 | static inline void 58 | list_add_tail(struct list_head *new, struct list_head *head) 59 | { 60 | __list_add(new, head->prev, head); 61 | } 62 | 63 | static inline void 64 | __list_del(struct list_head *prev, struct list_head *next) 65 | { 66 | next->prev = prev; 67 | prev->next = next; 68 | } 69 | 70 | static inline void 71 | __list_del_entry(struct list_head *entry) 72 | { 73 | __list_del(entry->prev, entry->next); 74 | } 75 | 76 | static inline void 77 | list_del(struct list_head *entry) 78 | { 79 | __list_del_entry(entry); 80 | entry->next = NULL; 81 | entry->prev = NULL; 82 | } 83 | 84 | #define list_entry(ptr, type, member) container_of(ptr, type, member) 85 | 86 | #define list_first_entry(ptr, type, member) \ 87 | list_entry((ptr)->next, type, member) 88 | 89 | #define list_last_entry(ptr, type, member) list_entry((ptr)->prev, type, member) 90 | 91 | #define list_for_each(pos, head) \ 92 | for (pos = (head)->next; pos != (head); pos = pos->next) 93 | 94 | #define list_for_each_safe(pos, n, head) \ 95 | for (pos = (head)->next, n = pos->next; pos != (head); \ 96 | pos = n, n = pos->next) 97 | 98 | #define list_for_each_prev(pos, head) \ 99 | for (pos = (head)->prev; pos != (head); pos = pos->prev) 100 | 101 | #define list_for_each_prev_safe(pos, n, head) \ 102 | for (pos = (head)->prev, n = pos->prev; pos != (head); \ 103 | pos = n, n = pos->prev) 104 | 105 | static inline size_t 106 | list_size(struct list_head *entry) 107 | { 108 | list_t *pos; 109 | size_t i = 0; 110 | list_for_each(pos, entry) { 111 | i++; 112 | } 113 | return i; 114 | } 115 | 116 | #endif /* !LIST_H_ */ 117 | // vim:fenc=utf-8:tw=75:noet 118 | -------------------------------------------------------------------------------- /include/load-options.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * load-options.h - all the stuff we need to parse the load options 4 | */ 5 | 6 | #ifndef SHIM_ARGV_H_ 7 | #define SHIM_ARGV_H_ 8 | 9 | EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li, 10 | CHAR16 *ImagePath, 11 | CHAR16 **PathName); 12 | 13 | EFI_STATUS parse_load_options(EFI_LOADED_IMAGE *li); 14 | 15 | extern CHAR16 *second_stage; 16 | extern CHAR16 *optional_second_stage; 17 | extern void *load_options; 18 | extern UINT32 load_options_size; 19 | 20 | #endif /* !SHIM_ARGV_H_ */ 21 | // vim:fenc=utf-8:tw=75:noet 22 | -------------------------------------------------------------------------------- /include/loader-proto.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | /* 4 | * Copyright Red Hat, Inc 5 | * Copyright Peter Jones 6 | */ 7 | #ifndef SHIM_REPLACEMENTS_H 8 | #define SHIM_REPLACEMENTS_H 9 | 10 | extern EFI_SYSTEM_TABLE *get_active_systab(void); 11 | 12 | typedef enum { 13 | VERIFIED_BY_NOTHING, 14 | VERIFIED_BY_CERT, 15 | VERIFIED_BY_HASH 16 | } verification_method_t; 17 | 18 | extern verification_method_t verification_method; 19 | 20 | extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); 21 | extern void unhook_system_services(void); 22 | 23 | extern void hook_exit(EFI_SYSTEM_TABLE *local_systab); 24 | extern void unhook_exit(void); 25 | 26 | typedef struct _SHIM_IMAGE_LOADER { 27 | EFI_IMAGE_LOAD LoadImage; 28 | EFI_IMAGE_START StartImage; 29 | EFI_EXIT Exit; 30 | EFI_IMAGE_UNLOAD UnloadImage; 31 | } SHIM_IMAGE_LOADER; 32 | 33 | extern SHIM_IMAGE_LOADER shim_image_loader_interface; 34 | extern void init_image_loader(void); 35 | 36 | #endif /* SHIM_REPLACEMENTS_H */ 37 | -------------------------------------------------------------------------------- /include/memattrs.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * memattrs.h - EFI and DXE memory attribute helpers 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef SHIM_MEMATTRS_H_ 8 | #define SHIM_MEMATTRS_H_ 9 | 10 | extern EFI_STATUS get_mem_attrs (uintptr_t addr, size_t size, uint64_t *attrs); 11 | extern EFI_STATUS update_mem_attrs(uintptr_t addr, uint64_t size, 12 | uint64_t set_attrs, uint64_t clear_attrs); 13 | 14 | extern void get_hsi_mem_info(void); 15 | extern char *decode_hsi_bits(UINTN hsi); 16 | 17 | #endif /* !SHIM_MEMATTRS_H_ */ 18 | // vim:fenc=utf-8:tw=75:noet 19 | -------------------------------------------------------------------------------- /include/netboot.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_NETBOOT_H 4 | #define SHIM_NETBOOT_H 5 | 6 | #define SUPPRESS_NETBOOT_OPEN_FAILURE_NOISE 1 7 | 8 | extern BOOLEAN findNetboot(EFI_HANDLE image_handle); 9 | 10 | extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle, CHAR8 *name); 11 | 12 | extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, 13 | UINT64 *bufsiz, int flags); 14 | 15 | #endif /* SHIM_NETBOOT_H */ 16 | -------------------------------------------------------------------------------- /include/passwordcrypt.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_PASSWORDCRYPT_H 4 | #define SHIM_PASSWORDCRYPT_H 5 | 6 | enum HashMethod { 7 | TRADITIONAL_DES = 0, 8 | EXTEND_BSDI_DES, 9 | MD5_BASED, 10 | SHA256_BASED, 11 | SHA512_BASED, 12 | BLOWFISH_BASED 13 | }; 14 | 15 | typedef struct { 16 | UINT16 method; 17 | UINT64 iter_count; 18 | UINT16 salt_size; 19 | UINT8 salt[32]; 20 | UINT8 hash[128]; 21 | } __attribute__ ((packed)) PASSWORD_CRYPT; 22 | 23 | #define PASSWORD_CRYPT_SIZE sizeof(PASSWORD_CRYPT) 24 | 25 | EFI_STATUS password_crypt (const char *password, UINT32 pw_length, 26 | const PASSWORD_CRYPT *pw_hash, UINT8 *hash); 27 | UINT16 get_hash_size (const UINT16 method); 28 | 29 | #endif /* SHIM_PASSWORDCRYPT_H */ 30 | -------------------------------------------------------------------------------- /include/pe.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * pe.h - helper functions for pe binaries. 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef PE_H_ 8 | #define PE_H_ 9 | 10 | void * 11 | ImageAddress (void *image, uint64_t size, uint64_t address); 12 | 13 | EFI_STATUS 14 | read_header(void *data, unsigned int datasize, 15 | PE_COFF_LOADER_IMAGE_CONTEXT *context, 16 | bool check_secdir); 17 | 18 | EFI_STATUS verify_image(void *data, unsigned int datasize, 19 | EFI_LOADED_IMAGE *li, 20 | PE_COFF_LOADER_IMAGE_CONTEXT *context); 21 | 22 | EFI_STATUS 23 | verify_sbat_section(char *SBATBase, size_t SBATSize); 24 | 25 | EFI_STATUS 26 | get_section_vma (UINTN section_num, 27 | char *buffer, size_t bufsz UNUSED, 28 | PE_COFF_LOADER_IMAGE_CONTEXT *context, 29 | char **basep, size_t *sizep, 30 | EFI_IMAGE_SECTION_HEADER **sectionp); 31 | 32 | EFI_STATUS 33 | get_section_vma_by_name (char *name, size_t namesz, 34 | char *buffer, size_t bufsz, 35 | PE_COFF_LOADER_IMAGE_CONTEXT *context, 36 | char **basep, size_t *sizep, 37 | EFI_IMAGE_SECTION_HEADER **sectionp); 38 | 39 | EFI_STATUS 40 | handle_image (void *data, unsigned int datasize, 41 | EFI_LOADED_IMAGE *li, 42 | EFI_IMAGE_ENTRY_POINT *entry_point, 43 | EFI_PHYSICAL_ADDRESS *alloc_address, 44 | UINTN *alloc_pages); 45 | 46 | EFI_STATUS 47 | generate_hash (char *data, unsigned int datasize, 48 | PE_COFF_LOADER_IMAGE_CONTEXT *context, 49 | UINT8 *sha256hash, UINT8 *sha1hash); 50 | 51 | EFI_STATUS 52 | relocate_coff (PE_COFF_LOADER_IMAGE_CONTEXT *context, 53 | EFI_IMAGE_SECTION_HEADER *Section, 54 | void *orig, void *data); 55 | 56 | void 57 | get_shim_nx_capability(EFI_HANDLE image_handle); 58 | 59 | #endif /* !PE_H_ */ 60 | // vim:fenc=utf-8:tw=75:noet 61 | -------------------------------------------------------------------------------- /include/sbat_var_defs.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SBAT_VAR_DEFS_H_ 4 | #define SBAT_VAR_DEFS_H_ 5 | 6 | #define QUOTEVAL(s) QUOTE(s) 7 | #define QUOTE(s) #s 8 | 9 | /* 10 | * SbatLevel Epoch and SHIM_DEVEL definitions are here 11 | * Actual revocations are now soley defined in 12 | * SbatLevel_Variable.txt 13 | */ 14 | #define SBAT_VAR_SIG "sbat," 15 | #define SBAT_VAR_VERSION "1," 16 | #define SBAT_VAR_ORIGINAL_DATE "2021030218" 17 | #define SBAT_VAR_ORIGINAL \ 18 | SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" 19 | 20 | #if defined(ENABLE_SHIM_DEVEL) 21 | #define SBAT_VAR_AUTOMATIC_DATE "2021030218" 22 | #define SBAT_VAR_AUTOMATIC \ 23 | SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_AUTOMATIC_DATE "\n" 24 | 25 | #define SBAT_VAR_LATEST_DATE "2022050100" 26 | #define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" 27 | 28 | #define SBAT_VAR_LATEST \ 29 | SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \ 30 | SBAT_VAR_LATEST_REVOCATIONS 31 | #endif /* ENABLE_SHIM_DEVEL */ 32 | 33 | #endif /* !SBAT_VAR_DEFS_H_ */ 34 | -------------------------------------------------------------------------------- /include/scan-build.mk: -------------------------------------------------------------------------------- 1 | SCAN_BUILD ?= $(shell x=$$(which --skip-alias --skip-functions scan-build 2>/dev/null) ; [ -n "$$x" ] && echo "$$x") 2 | 3 | scan-test : ; $(if $(findstring /,$(SCAN_BUILD)),,$(error scan-build not found)) 4 | 5 | define prop 6 | $(if $(findstring undefined,$(origin $(1))),,$(1)="$($1)") 7 | endef 8 | 9 | PROPOGATE_MAKE_FLAGS = ARCH ARCH_SUFFIX COLOR CC COMPILER CROSS_COMPILE DASHJ 10 | 11 | MAKEARGS = $(foreach x,$(PROPOGATE_MAKE_FLAGS),$(call prop,$(x))) 12 | 13 | scan-clean : 14 | @if [[ -d scan-results ]]; then rm -rf scan-results && echo "removed 'scan-results'"; fi 15 | 16 | scan : | scan-test 17 | scan : clean-shim-objs clean-cryptlib-objs scan-build-no-openssl 18 | 19 | scan-build-unchecked-cryptlib : Cryptlib/libcryptlib.a 20 | 21 | scan-build-unchecked-openssl : Cryptlib/OpenSSL/libopenssl.a 22 | 23 | scan-build-all : CCACHE_DISABLE=1 24 | scan-build-all : COMPILER=clang 25 | scan-build-all : IGNORE_COMPILER_ERRORS=" || :" 26 | scan-build-all : | scan-test 27 | scan-build-all : 28 | +scan-build -o scan-results make $(MAKEARGS) $(DASHJ) CCACHE_DISABLE=1 all 29 | 30 | scan-build-no-openssl : | scan-test 31 | scan-build-no-openssl : clean-shim-objs clean-cryptlib-objs scan-build-unchecked-openssl scan-build-all 32 | 33 | scan-build-no-cryptlib : | scan-test 34 | scan-build-no-cryptlib : clean-shim-objs scan-build-unchecked-cryptlib scan-build-unchecked-openssl scan-build-all 35 | 36 | scan-all : | scan-test 37 | scan-all : clean scan-build-all 38 | 39 | .PHONY : scan-build scan-clean 40 | -------------------------------------------------------------------------------- /include/security_policy.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_SECURITY_POLICY_H 4 | #define SHIM_SECURITY_POLICY_H 5 | 6 | #if defined(OVERRIDE_SECURITY_POLICY) 7 | typedef EFI_STATUS (*SecurityHook) (void *data, UINT32 len); 8 | 9 | EFI_STATUS 10 | security_policy_install(SecurityHook authentication); 11 | EFI_STATUS 12 | security_policy_uninstall(void); 13 | void 14 | security_protocol_set_hashes(unsigned char *esl, int len); 15 | #endif /* OVERRIDE_SECURITY_POLICY */ 16 | 17 | #endif /* SHIM_SECURITY_POLICY_H */ 18 | -------------------------------------------------------------------------------- /include/shell.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_SHELL_H 4 | #define SHIM_SHELL_H 5 | 6 | EFI_STATUS 7 | argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV); 8 | 9 | #endif /* SHIM_SHELL_H */ 10 | -------------------------------------------------------------------------------- /include/simple_file.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_SIMPLE_FILE_H 4 | #define SHIM_SIMPLE_FILE_H 5 | 6 | EFI_STATUS 7 | simple_file_open (EFI_HANDLE image, CHAR16 *name, EFI_FILE **file, UINT64 mode); 8 | EFI_STATUS 9 | simple_file_open_by_handle(EFI_HANDLE device, CHAR16 *name, EFI_FILE **file, UINT64 mode); 10 | EFI_STATUS 11 | simple_file_read_all(EFI_FILE *file, UINTN *size, void **buffer); 12 | EFI_STATUS 13 | simple_file_write_all(EFI_FILE *file, UINTN size, void *buffer); 14 | EFI_STATUS 15 | simple_dir_read_all(EFI_HANDLE image, CHAR16 *name, EFI_FILE_INFO **Entries, 16 | int *count); 17 | EFI_STATUS 18 | simple_dir_filter(EFI_HANDLE image, CHAR16 *name, CHAR16 *filter, 19 | CHAR16 ***result, int *count, EFI_FILE_INFO **entries); 20 | void 21 | simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, 22 | CHAR16 *filter, CHAR16 **result); 23 | EFI_STATUS 24 | simple_volume_selector(CHAR16 **title, CHAR16 **selected, EFI_HANDLE *h); 25 | 26 | #endif /* SHIM_SIMPLE_FILE_H */ 27 | -------------------------------------------------------------------------------- /include/ssp.h: -------------------------------------------------------------------------------- 1 | #ifndef SSP_H_ 2 | #define SSP_H_ 3 | 4 | #define SSPVER_VAR_NAME L"SkuSiPolicyVersion" 5 | #define SSPSIG_VAR_NAME L"SkuSiPolicyUpdateSigners" 6 | #define SSP_VAR_ATTRS UEFI_VAR_NV_BS 7 | 8 | #define SSPVER_SIZE 8 9 | #define SSPSIG_SIZE 131 10 | 11 | EFI_STATUS set_ssp_uefi_variable_internal(void); 12 | EFI_STATUS set_ssp_uefi_variable(uint8_t*, uint8_t*, uint8_t*, uint8_t*); 13 | 14 | #endif /* !SSP_H_ */ 15 | -------------------------------------------------------------------------------- /include/ssp_var_defs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * variable definitions to enable bootmgr self revocation 3 | */ 4 | #ifndef SSP_VAR_DEFS_H_ 5 | #define SSP_VAR_DEFS_H_ 6 | 7 | uint8_t SkuSiPolicyVersion[] = { 0x2,0x0,0x0,0x0,0x0,0x0,0x2,0x0 }; 8 | uint8_t SkuSiPolicyUpdateSigners[] = { 9 | 0x01,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 10 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00, 11 | 0x0b,0x00,0x00,0x00,0xd0,0x91,0x73,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00, 12 | 0x00,0x00,0x00,0x00,0x54,0xa6,0x78,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00, 13 | 0x00,0x00,0x00,0x00,0x5c,0xa6,0x78,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00, 14 | 0x00,0x00,0x00,0x00,0x64,0xa6,0x78,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 15 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 16 | 0x00,0x00,0x00,0x00,0x0a,0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x0a,0x03,0x06,0x00, 17 | 0x00,0x00,0x00 }; 18 | 19 | #endif /* !SSP_VAR_DEFS_H_ */ 20 | -------------------------------------------------------------------------------- /include/system/alloca.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | #ifdef SHIM_UNIT_TEST 3 | #include_next 4 | #else 5 | #ifndef _ALLOCA_H 6 | #define _ALLOCA_H 7 | 8 | #include 9 | mkbi1_(void *, alloca, size_t, size) 10 | #define alloca_with_align(size, alignment) __builtin_alloca_with_align(size, alignment) 11 | #define alloca_with_align_and_max(size, alignment, max) __builtin_alloca_with_align_and_max(size, alignment, max) 12 | #include 13 | 14 | #endif /* !_ALLOCA_H */ 15 | #endif 16 | // vim:fenc=utf-8:tw=75:noet 17 | -------------------------------------------------------------------------------- /include/system/builtins_begin_.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /** 3 | * macros to build function declarations with the same types as builtins 4 | * that we apparently really cannot depend on. 5 | */ 6 | 7 | /* 8 | * Clang's __builtin_whatever and __typeof__ are broken thusly: 9 | * In file included from MokManager.c:2: 10 | * In file included from shim.h:47: 11 | * include/system/string.h:29:1: error: builtin functions must be directly called 12 | * mkbi1_(long int, ffsl, long int, x) 13 | * ^ 14 | */ 15 | #if defined(__clang__) 16 | 17 | #ifndef mkbi1_ 18 | #define mkbi1_(rtype, x, typea, a) rtype x(typea a); 19 | #endif 20 | 21 | #ifndef mkbi2_ 22 | #define mkbi2_(rtype, x, typea, a, typeb, b) rtype x(typea a, typeb b); 23 | #endif 24 | 25 | #ifndef mkbi3_ 26 | #define mkbi3_(rtype, x, typea, a, typeb, b, typec, c) rtype x(typea a, typeb b, typec c); 27 | #endif 28 | 29 | #ifndef mkdepbi1_ 30 | #define mkdepbi1_(rtype, x, typea, a) rtype x(typea a); 31 | #endif 32 | 33 | #ifndef mkdepbi2_ 34 | #define mkdepbi2_(rtype, x, typea, a, typeb, b) rtype x(typea a, typeb b); 35 | #endif 36 | 37 | #else /* !__clang__ */ 38 | 39 | #ifndef mkbi_cat_ 40 | #define mkbi_cat_(a, b) a##b 41 | #endif 42 | 43 | #ifndef mkbi1_ 44 | #define mkbi1_(rtype, x, typea, a) __typeof__(mkbi_cat_(__builtin_, x)) x; 45 | #endif 46 | 47 | #ifndef mkbi2_ 48 | #define mkbi2_(rtype, x, typea, a, typeb, b) __typeof__(mkbi_cat_(__builtin_, x)) x; 49 | #endif 50 | 51 | #ifndef mkbi3_ 52 | #define mkbi3_(rtype, x, typea, a, typeb, b, typec, c) __typeof__(mkbi_cat_(__builtin_, x)) x; 53 | #endif 54 | 55 | #ifndef mkdepbi1_ 56 | #define mkdepbi1_(rtype, x, typea, a) __typeof__(mkbi_cat_(__builtin_, x)) x; 57 | #endif 58 | 59 | #ifndef mkdepbi2_ 60 | #define mkdepbi2_(rtype, x, typea, a, typeb, b) __typeof__(mkbi_cat_(__builtin_, x)) x; 61 | #endif 62 | 63 | #endif /* !__clang__ */ 64 | 65 | // vim:fenc=utf-8:tw=75:noet 66 | -------------------------------------------------------------------------------- /include/system/builtins_end_.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifdef mkbi1_ 4 | #undef mkbi1_ 5 | #endif 6 | 7 | #ifdef mkbi2_ 8 | #undef mkbi2_ 9 | #endif 10 | 11 | #ifdef mkbi3_ 12 | #undef mkbi3_ 13 | #endif 14 | 15 | #ifdef mkdepbi1_ 16 | #undef mkdepbi1_ 17 | #endif 18 | 19 | #ifdef mkdepbi2_ 20 | #undef mkdepbi2_ 21 | #endif 22 | 23 | #ifdef mkbi_cat_ 24 | #undef mkbi_cat_ 25 | #endif 26 | 27 | // vim:fenc=utf-8:tw=75:noet 28 | -------------------------------------------------------------------------------- /include/system/ctype.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * ctype.h - standard ctype functions 4 | */ 5 | #ifdef SHIM_UNIT_TEST 6 | #include_next 7 | #else 8 | #ifndef _CTYPE_H 9 | #define _CTYPE_H 10 | 11 | #define isprint(c) ((c) >= 0x20 && (c) <= 0x7e) 12 | 13 | /* Determines if a particular character is a decimal-digit character */ 14 | static inline __attribute__((__unused__)) int 15 | isdigit(int c) 16 | { 17 | // 18 | // ::= [0-9] 19 | // 20 | return (('0' <= (c)) && ((c) <= '9')); 21 | } 22 | 23 | /* Determine if an integer represents character that is a hex digit */ 24 | static inline __attribute__((__unused__)) int 25 | isxdigit(int c) 26 | { 27 | // 28 | // ::= [0-9] | [a-f] | [A-F] 29 | // 30 | return ((('0' <= (c)) && ((c) <= '9')) || 31 | (('a' <= (c)) && ((c) <= 'f')) || 32 | (('A' <= (c)) && ((c) <= 'F'))); 33 | } 34 | 35 | /* Determines if a particular character represents a space character */ 36 | static inline __attribute__((__unused__)) int 37 | isspace(int c) 38 | { 39 | // 40 | // ::= [ ] 41 | // 42 | return ((c) == ' '); 43 | } 44 | 45 | /* Determine if a particular character is an alphanumeric character */ 46 | static inline __attribute__((__unused__)) int 47 | isalnum(int c) 48 | { 49 | // 50 | // ::= [0-9] | [a-z] | [A-Z] 51 | // 52 | return ((('0' <= (c)) && ((c) <= '9')) || 53 | (('a' <= (c)) && ((c) <= 'z')) || 54 | (('A' <= (c)) && ((c) <= 'Z'))); 55 | } 56 | 57 | /* Determines if a particular character is in upper case */ 58 | static inline __attribute__((__unused__)) int 59 | isupper(int c) 60 | { 61 | // 62 | // := [A-Z] 63 | // 64 | return (('A' <= (c)) && ((c) <= 'Z')); 65 | } 66 | 67 | /* Convert character to lowercase */ 68 | static inline __attribute__((__unused__)) int 69 | tolower(int c) 70 | { 71 | if (('A' <= (c)) && ((c) <= 'Z')) { 72 | return (c - ('A' - 'a')); 73 | } 74 | return (c); 75 | } 76 | 77 | static inline __attribute__((__unused__)) int 78 | toupper(int c) 79 | { 80 | return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); 81 | } 82 | 83 | #endif /* !_CTYPE_H */ 84 | #endif /* !SHIM_UNIT_TEST */ 85 | // vim:fenc=utf-8:tw=75:noet 86 | -------------------------------------------------------------------------------- /include/system/efistdarg.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * efistdarg.h - AAAARGGGG 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef SHIM_UNIT_TEST 8 | #ifndef _EFISTDARG_H_ 9 | #define _EFISTDARG_H_ 10 | 11 | #ifndef GNU_EFI_USE_EXTERNAL_STDARG 12 | #define GNU_EFI_USE_EXTERNAL_STDARG 13 | #endif 14 | 15 | #include 16 | 17 | #endif /* !_EFISTDARG_H_ */ 18 | #endif 19 | // vim:fenc=utf-8:tw=75:noet 20 | -------------------------------------------------------------------------------- /include/system/inttypes.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | #ifdef SHIM_UNIT_TEST 3 | #include_next 4 | #else 5 | #ifndef _INTTYPES_H 6 | #define _INTTYPES_H 7 | 8 | #include 9 | #include 10 | 11 | #endif /* !INTTYPES_H_ */ 12 | #endif 13 | // vim:fenc=utf-8:tw=75:noet 14 | -------------------------------------------------------------------------------- /include/system/stdarg.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * stdarg.h - try to make consistent va_* handling for EFI 4 | */ 5 | #ifndef _STDARG_H 6 | 7 | /* 8 | * clang doesn't know about __builtin_sysv_va_list, apparently. 9 | */ 10 | #ifdef __clang__ 11 | #pragma GCC diagnostic push 12 | #pragma GCC diagnostic warning "-Wcpp" 13 | typedef __builtin_va_list __builtin_sysv_va_list; 14 | #warning clang builds may not work at all for anything other than scan-build 15 | #pragma GCC diagnostic pop 16 | #endif 17 | 18 | #ifndef GNU_EFI_USE_EXTERNAL_STDARG 19 | #define GNU_EFI_USE_EXTERNAL_STDARG 20 | #endif 21 | 22 | #ifdef SHIM_UNIT_TEST 23 | #include_next 24 | #endif 25 | 26 | #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ 27 | defined(__i486__) || defined(__i686__) || defined(__COVERITY__) 28 | 29 | typedef __builtin_va_list ms_va_list; 30 | typedef __builtin_va_list __builtin_ms_va_list; 31 | #define ms_va_copy(dest, start) __builtin_va_copy(dest, start) 32 | #define ms_va_start(marker, arg) __builtin_va_start(marker, arg) 33 | #define ms_va_arg(marker, type) __builtin_va_arg(marker, type) 34 | #define ms_va_end(marker) __builtin_va_end(marker) 35 | 36 | typedef __builtin_va_list sysv_va_list; 37 | #define sysv_va_copy(dest, start) __builtin_va_copy(dest, start) 38 | #define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) 39 | #define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) 40 | #define sysv_va_end(marker) __builtin_va_end(marker) 41 | /* 42 | * OpenSSL's X509ConstructCertificateStack needs this. 43 | */ 44 | typedef __builtin_va_list VA_LIST; 45 | #define VA_COPY(dest, start) __builtin_va_copy(dest, start) 46 | #define VA_START(marker, arg) __builtin_va_start(marker, arg) 47 | #define VA_END(marker) __builtin_va_end(marker) 48 | #define VA_ARG(marker, type) __builtin_va_arg(marker, type) 49 | 50 | #elif defined(__x86_64__) 51 | 52 | typedef __builtin_ms_va_list ms_va_list; 53 | #define ms_va_copy(dest, start) __builtin_ms_va_copy(dest, start) 54 | #define ms_va_start(marker, arg) __builtin_ms_va_start(marker, arg) 55 | #define ms_va_arg(marker, type) __builtin_va_arg(marker, type) 56 | #define ms_va_end(marker) __builtin_ms_va_end(marker) 57 | typedef __builtin_sysv_va_list sysv_va_list; 58 | #define sysv_va_copy(dest, start) __builtin_sysv_va_copy(dest, start) 59 | #define sysv_va_start(marker, arg) __builtin_sysv_va_start(marker, arg) 60 | #define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) 61 | #define sysv_va_end(marker) __builtin_sysv_va_end(marker) 62 | /* 63 | * OpenSSL's X509ConstructCertificateStack needs this. 64 | */ 65 | typedef __builtin_ms_va_list VA_LIST; 66 | #define VA_COPY(dest, start) __builtin_ms_va_copy(dest, start) 67 | #define VA_START(marker, arg) __builtin_ms_va_start(marker, arg) 68 | #define VA_END(marker) __builtin_ms_va_end(marker) 69 | #define VA_ARG(marker, type) __builtin_va_arg(marker, type) 70 | 71 | #else 72 | #error what arch is this 73 | #endif 74 | 75 | #ifndef _STDARG_H 76 | #define _STDARG_H 77 | #endif /* !_STDARG_H #2 */ 78 | 79 | #endif /* !_STDARG_H */ 80 | // vim:fenc=utf-8:tw=75:noet 81 | -------------------------------------------------------------------------------- /include/system/stdio.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * stdio.h - sigh 4 | */ 5 | #ifdef SHIM_UNIT_TEST 6 | #include_next 7 | #else 8 | #ifndef _STDIO_H 9 | #define _STDIO_H 10 | 11 | #endif /* !_STDIO_H */ 12 | #endif 13 | // vim:fenc=utf-8:tw=75:noet 14 | -------------------------------------------------------------------------------- /include/system/stdlib.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | #ifdef SHIM_UNIT_TEST 3 | #include_next 4 | #else 5 | #ifndef _STDLIB_H 6 | #define _STDLIB_H 7 | 8 | /* 9 | * I don't know why, but openssl expects to get size_t from stdlib.h 10 | * instead of stddef.h, so... whatever. 11 | */ 12 | #include 13 | 14 | static inline void abort(void) { } 15 | 16 | #include 17 | mkbi1_(int, abs, int, j) 18 | mkbi1_(long int, labs, long int, j) 19 | mkbi1_(long long int, llabs, long long int, j) 20 | 21 | #ifdef _INTTYPES_H 22 | mkbi1_(intmax_t, imaxabs, intmax_t, j) 23 | #endif /* _INTTYPES_H */ 24 | #include 25 | 26 | #endif /* !_STDLIB_H */ 27 | #endif 28 | // vim:fenc=utf-8:tw=75:noet 29 | -------------------------------------------------------------------------------- /include/system/strings.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | #ifdef SHIM_UNIT_TEST 3 | #include_next 4 | #else 5 | #ifndef _STRINGS_H 6 | #define _STRINGS_H 7 | 8 | #include 9 | mkbi1_(int, ffs, int, x) 10 | mkbi1_(int, clz, int, x) 11 | mkbi1_(int, ctz, int, x) 12 | mkbi1_(int, clrsb, int, x) 13 | mkbi1_(int, popcount, int, x) 14 | mkbi1_(int, parity, int, x) 15 | #include 16 | 17 | #endif /* !_STRINGS_H */ 18 | #endif 19 | // vim:fenc=utf-8:tw=75:noet 20 | -------------------------------------------------------------------------------- /include/ucs2.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * ucs2.h - UCS-2 string functions 4 | * Copyright Red Hat, Inc 5 | * Copyright Peter Jones 6 | */ 7 | 8 | #ifndef SHIM_UCS2_H 9 | #define SHIM_UCS2_H 10 | 11 | #include 12 | 13 | static inline INTN 14 | __attribute__((unused)) 15 | StrCaseCmp(CHAR16 *s0, CHAR16 *s1) 16 | { 17 | CHAR16 c0, c1; 18 | while (1) { 19 | if (*s0 == L'\0' || *s1 == L'\0') 20 | return *s1 - *s0; 21 | c0 = (*s0 >= L'a' && *s0 <= L'z') ? *s0 - 32 : *s0; 22 | c1 = (*s1 >= L'a' && *s1 <= L'z') ? *s1 - 32 : *s1; 23 | if (c0 != c1) 24 | return c1 - c0; 25 | s0++; 26 | s1++; 27 | } 28 | return 0; 29 | } 30 | 31 | static inline INTN 32 | __attribute__((unused)) 33 | StrnCaseCmp(CHAR16 *s0, CHAR16 *s1, int n) 34 | { 35 | CHAR16 c0, c1; 36 | int x = 0; 37 | while (n > x++) { 38 | if (*s0 == L'\0' || *s1 == L'\0') 39 | return *s1 - *s0; 40 | c0 = (*s0 >= L'a' && *s0 <= L'z') ? *s0 - 32 : *s0; 41 | c1 = (*s1 >= L'a' && *s1 <= L'z') ? *s1 - 32 : *s1; 42 | if (c0 != c1) 43 | return c1 - c0; 44 | s0++; 45 | s1++; 46 | } 47 | return 0; 48 | } 49 | 50 | static inline UINTN 51 | __attribute__((unused)) 52 | StrCSpn(const CHAR16 *s, const CHAR16 *reject) 53 | { 54 | UINTN ret; 55 | 56 | for (ret = 0; s[ret] != L'\0'; ret++) { 57 | int i; 58 | for (i = 0; reject[i] != L'\0'; i++) { 59 | if (reject[i] == s[ret]) 60 | return ret; 61 | } 62 | } 63 | return ret; 64 | } 65 | 66 | #endif /* SHIM_UCS2_H */ 67 | -------------------------------------------------------------------------------- /include/utils.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | #ifndef UTILS_H_ 3 | #define UTILS_H_ 4 | 5 | EFI_STATUS get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize); 6 | EFI_STATUS 7 | read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs); 8 | 9 | #endif /* UTILS_H_ */ 10 | -------------------------------------------------------------------------------- /include/wincert.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef SHIM_WINCERT_H 4 | #define SHIM_WINCERT_H 5 | 6 | /// 7 | /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. 8 | /// 9 | typedef struct { 10 | /// 11 | /// The length of the entire certificate, 12 | /// including the length of the header, in bytes. 13 | /// 14 | UINT32 dwLength; 15 | /// 16 | /// The revision level of the WIN_CERTIFICATE 17 | /// structure. The current revision level is 0x0200. 18 | /// 19 | UINT16 wRevision; 20 | /// 21 | /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI 22 | /// certificate types. The UEFI specification reserves the range of 23 | /// certificate type values from 0x0EF0 to 0x0EFF. 24 | /// 25 | UINT16 wCertificateType; 26 | /// 27 | /// The following is the actual certificate. The format of 28 | /// the certificate depends on wCertificateType. 29 | /// 30 | /// UINT8 bCertificate[ANYSIZE_ARRAY]; 31 | /// 32 | } WIN_CERTIFICATE; 33 | 34 | #endif /* SHIM_WINCERT_H */ 35 | -------------------------------------------------------------------------------- /lib/Makefile: -------------------------------------------------------------------------------- 1 | TARGET = lib.a 2 | 3 | LIBFILES_UNSORTED := $(patsubst %.c,%.o,$(subst $(TOPDIR)/lib/,,$(wildcard $(TOPDIR)/lib/*.c))) 4 | LIBFILES := $(sort $(LIBFILES_UNSORTED)) 5 | 6 | CRYPTDIR = $(TOPDIR)/Cryptlib 7 | 8 | INCLUDES = $(EFI_INCLUDES) \ 9 | -I$(TOPDIR)/include \ 10 | -I$(CRYPTDIR)/Include/openssl/ \ 11 | -I$(CRYPTDIR)/Include/ \ 12 | -I$(CRYPTDIR) \ 13 | -I$(TOPDIR) \ 14 | -isystem $(TOPDIR)/include/system \ 15 | -isystem $(shell $(CC) -print-file-name=include) 16 | 17 | CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) 18 | 19 | ifeq ($(ARCH),x86_64) 20 | FEATUREFLAGS += -m64 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) 21 | DEFINES += -DMDE_CPU_X64 22 | endif 23 | ifeq ($(ARCH),ia32) 24 | FEATUREFLAGS += -m32 -mno-mmx -mno-sse -mno-red-zone -nostdinc $(CLANG_BUGS) 25 | DEFINES += -DMDE_CPU_IA32 26 | endif 27 | ifeq ($(ARCH),aarch64) 28 | DEFINES += -DMDE_CPU_AARCH64 29 | endif 30 | ifeq ($(ARCH),arm) 31 | DEFINES += -DMDE_CPU_ARM 32 | endif 33 | 34 | LDFLAGS = -nostdlib -znocombreloc 35 | 36 | 37 | CFLAGS = $(FEATUREFLAGS) \ 38 | $(OPTIMIZATIONS) \ 39 | $(WARNFLAGS) \ 40 | $(WERRFLAGS) \ 41 | $(INCLUDES) \ 42 | $(DEFINES) 43 | 44 | ifneq ($(origin ENABLE_SHIM_DEVEL),undefined) 45 | CFLAGS += -DENABLE_SHIM_DEVEL 46 | endif 47 | 48 | lib.a: $(LIBFILES) 49 | $(AR) rcs lib.a $(LIBFILES) 50 | 51 | all: $(TARGET) 52 | 53 | clean: 54 | rm -f lib.a 55 | rm -f $(LIBFILES) 56 | 57 | -------------------------------------------------------------------------------- /lib/execute.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * Copyright 2012 4 | * Code Copyright 2012 Red Hat, Inc 5 | */ 6 | #include "shim.h" 7 | 8 | EFI_STATUS 9 | generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 **PathName) 10 | { 11 | unsigned int pathlen; 12 | EFI_STATUS efi_status = EFI_SUCCESS; 13 | CHAR16 *devpathstr = DevicePathToStr(li->FilePath), 14 | *found = NULL; 15 | unsigned int i; 16 | 17 | for (i = 0; i < StrLen(devpathstr); i++) { 18 | if (devpathstr[i] == '/') 19 | devpathstr[i] = '\\'; 20 | if (devpathstr[i] == '\\') 21 | found = &devpathstr[i]; 22 | } 23 | if (!found) { 24 | pathlen = 0; 25 | } else { 26 | while (*(found - 1) == '\\') 27 | --found; 28 | *found = '\0'; 29 | pathlen = StrLen(devpathstr); 30 | } 31 | 32 | if (name[0] != '\\') 33 | pathlen++; 34 | 35 | *PathName = AllocatePool((pathlen + 1 + StrLen(name))*sizeof(CHAR16)); 36 | 37 | if (!*PathName) { 38 | console_print(L"Failed to allocate path buffer\n"); 39 | efi_status = EFI_OUT_OF_RESOURCES; 40 | goto error; 41 | } 42 | 43 | StrCpy(*PathName, devpathstr); 44 | 45 | if (name[0] != '\\') 46 | StrCat(*PathName, L"\\"); 47 | StrCat(*PathName, name); 48 | 49 | *path = FileDevicePath(li->DeviceHandle, *PathName); 50 | 51 | error: 52 | FreePool(devpathstr); 53 | 54 | return efi_status; 55 | } 56 | 57 | EFI_STATUS 58 | execute(EFI_HANDLE image, CHAR16 *name) 59 | { 60 | EFI_STATUS efi_status; 61 | EFI_HANDLE h; 62 | EFI_LOADED_IMAGE *li; 63 | EFI_DEVICE_PATH *devpath; 64 | CHAR16 *PathName; 65 | 66 | efi_status = BS->HandleProtocol(image, &IMAGE_PROTOCOL, 67 | (void **) &li); 68 | if (EFI_ERROR(efi_status)) 69 | return efi_status; 70 | 71 | efi_status = generate_path(name, li, &devpath, &PathName); 72 | if (EFI_ERROR(efi_status)) 73 | return efi_status; 74 | 75 | efi_status = BS->LoadImage(FALSE, image, devpath, NULL, 0, &h); 76 | if (EFI_ERROR(efi_status)) 77 | goto out; 78 | 79 | efi_status = BS->StartImage(h, NULL, NULL); 80 | BS->UnloadImage(h); 81 | 82 | out: 83 | FreePool(PathName); 84 | FreePool(devpath); 85 | return efi_status; 86 | } 87 | -------------------------------------------------------------------------------- /lib/print_crypto.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * Copyright 2019 SUSE LLC 4 | */ 5 | #include "shim.h" 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | static int 13 | print_errors_cb(const char *str, size_t len, void *u UNUSED) 14 | { 15 | console_print(L"%a", str); 16 | 17 | return len; 18 | } 19 | 20 | EFI_STATUS 21 | print_crypto_errors(EFI_STATUS efi_status, 22 | char *file, const char *func, int line) 23 | { 24 | if (!(verbose && EFI_ERROR(efi_status))) 25 | return efi_status; 26 | 27 | console_print(L"SSL Error: %a:%d %a(): %r\n", file, line, func, 28 | efi_status); 29 | ERR_print_errors_cb(print_errors_cb, NULL); 30 | 31 | return efi_status; 32 | } 33 | -------------------------------------------------------------------------------- /lib/shell.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * Copyright 2012 4 | * 5 | * misc shell helper functions 6 | */ 7 | #include "shim.h" 8 | 9 | EFI_STATUS 10 | argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV) 11 | { 12 | unsigned int i, count = 1; 13 | EFI_STATUS efi_status; 14 | EFI_LOADED_IMAGE *info; 15 | CHAR16 *start; 16 | 17 | *argc = 0; 18 | 19 | efi_status = BS->HandleProtocol(image, &LoadedImageProtocol, 20 | (VOID **) &info); 21 | if (EFI_ERROR(efi_status)) { 22 | console_print(L"Failed to get arguments\n"); 23 | return efi_status; 24 | } 25 | 26 | for (i = 0; i < info->LoadOptionsSize; i += 2) { 27 | CHAR16 *c = (CHAR16 *)(info->LoadOptions + i); 28 | if (*c == L' ' && *(c+1) != '\0') { 29 | (*argc)++; 30 | } 31 | } 32 | 33 | /* we counted spaces, so add one for initial */ 34 | (*argc)++; 35 | 36 | *ARGV = AllocatePool(*argc * sizeof(**ARGV)); 37 | if (!*ARGV) { 38 | return EFI_OUT_OF_RESOURCES; 39 | } 40 | (*ARGV)[0] = (CHAR16 *)info->LoadOptions; 41 | for (i = 0; i < info->LoadOptionsSize; i += 2) { 42 | CHAR16 *c = (CHAR16 *)(info->LoadOptions + i); 43 | if (*c == L' ') { 44 | *c = L'\0'; 45 | if (*(c + 1) == '\0') 46 | /* strip trailing space */ 47 | break; 48 | start = c + 1; 49 | (*ARGV)[count++] = start; 50 | } 51 | } 52 | 53 | return EFI_SUCCESS; 54 | } 55 | 56 | -------------------------------------------------------------------------------- /make-archive: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | set -o pipefail 4 | set -x 5 | 6 | usage() { 7 | status="${1}" 8 | if [ "${status}" -eq 0 ] ; then 9 | out=/dev/stdout 10 | else 11 | out=/dev/stderr 12 | fi 13 | { 14 | echo "usage: make-archive [--origin ORIGIN] \\" 15 | echo " [--test VERSION [GNUEFI_GIT_TAG]" 16 | echo " |--release VERSION SHIM_GIT_TAG GNUEFI_GIT_TAG]" 17 | } >>"${out}" 18 | exit "${status}" 19 | } 20 | 21 | main() { 22 | VERSION="" 23 | SHIM_GIT_TAG="" 24 | GNUEFI_GIT_TAG="" 25 | ORIGIN="origin" 26 | while [ $# -ne 0 ] ; do 27 | case "$1" in 28 | --help|--usage|-h|"-?") 29 | usage 0 30 | ;; 31 | --origin) 32 | if [ $# -lt 2 ] ; then 33 | echo "error: missing origin" >>/dev/stderr 34 | usage 1 35 | fi 36 | ORIGIN="${2}" 37 | shift 38 | ;; 39 | --test) 40 | if [ $# -lt 2 ] ; then 41 | echo "error: missing version" >>/dev/stderr 42 | usage 1 43 | fi 44 | VERSION="${2}" 45 | if [ $# -gt 2 ] ; then 46 | GNUEFI_GIT_TAG="${3}" 47 | shift 48 | fi 49 | shift 50 | ;; 51 | --release) 52 | if [ $# -lt 2 ] ; then 53 | echo "error: missing version" >>/dev/stderr 54 | usage 1 55 | fi 56 | if [ $# -lt 3 ] ; then 57 | echo "error: missing shim git tag" >>/dev/stderr 58 | usage 1 59 | fi 60 | if [ $# -lt 4 ] ; then 61 | echo "error: missing gnuefi git tag" >>/dev/stderr 62 | usage 1 63 | fi 64 | VERSION="${2}" 65 | SHIM_GIT_TAG="${3}" 66 | GNUEFI_GIT_TAG="${4}" 67 | shift 68 | shift 69 | shift 70 | ;; 71 | *) 72 | echo unknown argument "\"$1\"" >>/dev/stderr 73 | usage 1 74 | ;; 75 | esac 76 | shift 77 | done 78 | 79 | ARCHIVE_DIR="$(mktemp -d)" 80 | rm -rf "${ARCHIVE_DIR}/shim-${VERSION}" "${ARCHIVE_DIR}/shim-${VERSION}" 81 | mkdir -p "${ARCHIVE_DIR}/shim-${VERSION}/gnu-efi" 82 | cd gnu-efi || exit 1 83 | git fetch 84 | if [ "x" = "x${GNUEFI_GIT_TAG}" ] ; then 85 | git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}/gnu-efi" ; tar x ) 86 | else 87 | git archive --format=tar "${GNUEFI_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}/gnu-efi" ; tar x ) 88 | fi 89 | cd .. 90 | if [ "x" = "x${SHIM_GIT_TAG}" ] ; then 91 | git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x ) 92 | TIMESTAMP=0 93 | else 94 | # ORIGIN doesn't yet have this tag 95 | git archive --format=tar "${SHIM_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x ) 96 | TIMESTAMP=$(git log -1 --pretty=%ct "${SHIM_GIT_TAG}") 97 | fi 98 | git log -1 --pretty=format:%H > "${ARCHIVE_DIR}/shim-${VERSION}/commit" 99 | DIR="$PWD" 100 | cd "${ARCHIVE_DIR}" 101 | tar -c --sort=name --mtime="@${TIMESTAMP}" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}" 102 | rm -rf "${ARCHIVE_DIR}" 103 | echo "The archive is in shim-${VERSION}.tar.bz2" 104 | exit 0 105 | } 106 | 107 | main "${@}" 108 | -------------------------------------------------------------------------------- /sbat_var.S: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #include "include/sbat_var_defs.h" 4 | #include "generated_sbat_var_defs.h" 5 | 6 | .section .sbatlevel, "a", %progbits 7 | .balignl 4, 0 8 | .4byte 0 /* format version for external parsers */ 9 | .globl sbat_var_payload_header 10 | .type sbat_var_payload_header, %object 11 | .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header 12 | sbat_var_payload_header: 13 | .4byte .Lsbat_var_automatic - sbat_var_payload_header 14 | .4byte .Lsbat_var_latest - sbat_var_payload_header 15 | .Lsbat_var_payload_header_end: 16 | .balign 1, 0 17 | .Lsbat_var_automatic: 18 | .ascii SBAT_VAR_AUTOMATIC 19 | .byte 0 20 | .balign 1, 0 21 | .Lsbat_var_latest: 22 | .ascii SBAT_VAR_LATEST 23 | .byte 0 24 | .section .note.GNU-stack,"a" 25 | -------------------------------------------------------------------------------- /test-data/.gitignore: -------------------------------------------------------------------------------- 1 | !/*.efi 2 | -------------------------------------------------------------------------------- /test-data/efivars-0/AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226 -------------------------------------------------------------------------------- /test-data/efivars-0/AMD_RAID-fe26a894-d199-47d4-8afa-070e3d54ba86: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-0/AMITCGPPIVAR-a8a2093b-fefa-43c1-8e62-ce526847265e: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-0/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-0/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f -------------------------------------------------------------------------------- /test-data/efivars-0/dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-0/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f -------------------------------------------------------------------------------- /test-data/efivars-0/dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-0/dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AMD_PBS_SETUP-a339d746-f678-49b3-9fc7-54ce0f9df226 -------------------------------------------------------------------------------- /test-data/efivars-1/AMD_RAID-fe26a894-d199-47d4-8afa-070e3d54ba86: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AMITCGPPIVAR-a8a2093b-fefa-43c1-8e62-ce526847265e: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AMITSESetup-c811fa38-42c8-4579-a9bb-60e94eddfb34: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AOD_SETUP-5ed15dc0-edef-4161-9151-6014c4cc630c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AOD_SETUP-5ed15dc0-edef-4161-9151-6014c4cc630c -------------------------------------------------------------------------------- /test-data/efivars-1/AmdAcpiVar-79941ecd-ed36-49d0-8124-e4c31ac75cd4: -------------------------------------------------------------------------------- 1 |   -------------------------------------------------------------------------------- /test-data/efivars-1/AmdSetup-3a997502-647a-4c82-998e-52ef9486a247: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AmdSetup-3a997502-647a-4c82-998e-52ef9486a247 -------------------------------------------------------------------------------- /test-data/efivars-1/AmiHardwareSignatureSetupUpdateCountVar-81c76078-bfde-4368-9790-570914c01a65: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/ApSyncFlagNv-ad3f6761-f0a3-46c8-a4cb-19b70ffdb305: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ApSyncFlagNv-ad3f6761-f0a3-46c8-a4cb-19b70ffdb305 -------------------------------------------------------------------------------- /test-data/efivars-1/AsbkpInfo-cb825795-feb1-4c0b-894f-cc70f8064395: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AsbkpInfo-cb825795-feb1-4c0b-894f-cc70f8064395 -------------------------------------------------------------------------------- /test-data/efivars-1/AsusExtFancard-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AsusFanSetupFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AsusHwmSetupOneof-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AsusNodePsu-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AsusQFanSetupData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AsusQFanSetupData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 -------------------------------------------------------------------------------- /test-data/efivars-1/AsusRomLayout-7186d975-2dba-4413-81a8-9f1538faef5e: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AsusRomLayout-7186d975-2dba-4413-81a8-9f1538faef5e -------------------------------------------------------------------------------- /test-data/efivars-1/AsusSetupDataBackup-1111b056-c5e9-40ca-aba3-ec172533d814: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/AutoDetectData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/AutoDetectData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 -------------------------------------------------------------------------------- /test-data/efivars-1/BiosEventLog-4034591c-48ea-4cdc-864f-e7cb61cfd0f2: -------------------------------------------------------------------------------- 1 | [2021/06/08 21:20:53]AMD CPU fTPM [Disable]->[Enable]Above 4G Decoding [Disabled]->[Enabled]Re-Size BAR Support [Disabled]->[Auto]SR-IOV Support [Disabled]->[Enabled]BME DMA Mitigation [Disabled]->[Enabled]Legacy USB Support [Enabled]->[Disabled]Hot Plug [Disabled]->[Enabled]Restore AC Power Loss [Power Off]->[Last State]Setup Mode [EZ Mode]->[Advanced Mode]IOMMU [Auto]->[Enabled]Data Link Feature Exchange [Auto]->[Enabled ] -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/BootFromUSB-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/CMOSfailflag-c89dc9c7-5105-472c-a743-b1621e142b41: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 | ' -------------------------------------------------------------------------------- /test-data/efivars-1/DefaultBootOrder-45cf35f6-0d6e-4d04-856a-0370a5b16f53: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/DeploymentModeNv-97e8965f-c761-4f48-b6e4-9ffa9cb2a2d6: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/DownCoreStatus-29749bad-401b-4f6d-b124-cece8c590c48: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/EnWpData-cbab171f-f356-4009-baaa-6628353a0a29: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/EnWpData-cbab171f-f356-4009-baaa-6628353a0a29 -------------------------------------------------------------------------------- /test-data/efivars-1/ErrOut-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/ErrOut-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/FPLayoutOrder-4db88a62-6721-47a0-9082-280b00323594: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/FTMActiveFlag-4034591c-48ea-4cdc-864f-e7cb61cfd0f2: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/FastBootOption-b540a530-6978-4da7-91cb-7207d764d262: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/FastBootOption-b540a530-6978-4da7-91cb-7207d764d262 -------------------------------------------------------------------------------- /test-data/efivars-1/FirstBootFlag-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/HddSmartInfo-a6f44860-b2e8-4fda-bd45-78368994b6ae: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/HiiDB-1b838190-4625-4ead-abc9-cd5e6af18fe0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/HiiDB-1b838190-4625-4ead-abc9-cd5e6af18fe0 -------------------------------------------------------------------------------- /test-data/efivars-1/HwErrRecSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_ATPSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_DriverSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_RvkSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_SiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_SkuSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Kernel_WinSiStatus-77fa9abd-0359-4d32-bd60-28f4e78f784b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/LastBoot-b540a530-6978-4da7-91cb-7207d764d262: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/MaximumTableSize-4b3082a3-80c6-4d7e-9cd0-583917265df1: -------------------------------------------------------------------------------- 1 | Z -------------------------------------------------------------------------------- /test-data/efivars-1/MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/MokList-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/MokList-605dab50-e046-4300-abb6-3dd810dd8b23 -------------------------------------------------------------------------------- /test-data/efivars-1/MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23 -------------------------------------------------------------------------------- /test-data/efivars-1/MokListX-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/MokListX-605dab50-e046-4300-abb6-3dd810dd8b23 -------------------------------------------------------------------------------- /test-data/efivars-1/MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/MokListXRT-605dab50-e046-4300-abb6-3dd810dd8b23 -------------------------------------------------------------------------------- /test-data/efivars-1/MonotonicCounter-01368881-c4ad-4b1d-b631-d57a8ec8db6b: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/MyFav-4034591c-48ea-4cdc-864f-e7cb61cfd0f2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/MyFav-4034591c-48ea-4cdc-864f-e7cb61cfd0f2 -------------------------------------------------------------------------------- /test-data/efivars-1/NVRAM_Verify-15a9dd61-e4f8-4a99-80db-353b13d76490: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/NVRAM_Verify-15a9dd61-e4f8-4a99-80db-353b13d76490 -------------------------------------------------------------------------------- /test-data/efivars-1/NetworkStackVar-d1405d16-7afc-4695-bb12-41459d3695a2: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/NvHdd0-e57abcbd-9456-4639-8f65-06aab41d840f: -------------------------------------------------------------------------------- 1 | SATA6G_1(Gray) -------------------------------------------------------------------------------- /test-data/efivars-1/NvHdd8-e57abcbd-9456-4639-8f65-06aab41d840f: -------------------------------------------------------------------------------- 1 | M.2_3(Gray) -------------------------------------------------------------------------------- /test-data/efivars-1/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/PCI_COMMON-aca9f304-21e2-4852-9875-7ff4881d67a5: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/PcieSataModVar-5e9a565f-cdc0-413b-ad13-1fe8713ffdcd: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 | en-US -------------------------------------------------------------------------------- /test-data/efivars-1/PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 | en-US;fr-FR;zh-cht;zh-chs;ja-JP;de-DE;es-ES;ru-RU;ko-KR -------------------------------------------------------------------------------- /test-data/efivars-1/PreVgaInfo-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/PreVgaInfo-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 -------------------------------------------------------------------------------- /test-data/efivars-1/RsdpAddr-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/RsdpAddr-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 -------------------------------------------------------------------------------- /test-data/efivars-1/SIDSUPPORT-7d3dceee-cbce-4ea7-8709-6e552f1edbde: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/SbatLevel-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- 1 | sbat,1,2021030218 2 | -------------------------------------------------------------------------------- /test-data/efivars-1/SbatLevelRT-605dab50-e046-4300-abb6-3dd810dd8b23: -------------------------------------------------------------------------------- 1 | sbat,1,2021030218 2 | -------------------------------------------------------------------------------- /test-data/efivars-1/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/SecureBootSetup-7b59104a-c00d-4158-87ff-f04d6396a915: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/Setup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/Setup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9 -------------------------------------------------------------------------------- /test-data/efivars-1/SetupLedData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/SmbiosEntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/SmbiosEntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1 -------------------------------------------------------------------------------- /test-data/efivars-1/SmbiosScratchBuffer-4b3082a3-80c6-4d7e-9cd0-583917265df1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/SmbiosScratchBuffer-4b3082a3-80c6-4d7e-9cd0-583917265df1 -------------------------------------------------------------------------------- /test-data/efivars-1/SmbiosV3EntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/SmbiosV3EntryPointTable-4b3082a3-80c6-4d7e-9cd0-583917265df1 -------------------------------------------------------------------------------- /test-data/efivars-1/StdDefaults-4599d26f-1a11-49b8-b91f-858745cff824: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/StdDefaults-4599d26f-1a11-49b8-b91f-858745cff824 -------------------------------------------------------------------------------- /test-data/efivars-1/TPMPERBIOSFLAGS-7d3dceee-cbce-4ea7-8709-6e552f1edbde: -------------------------------------------------------------------------------- 1 | x -------------------------------------------------------------------------------- /test-data/efivars-1/Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/TotalNumberOfRootBridges-fb5703f5-f8a7-f401-18b4-3f108deb2612: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/TpmServFlags-7d3dceee-cbce-4ea7-8709-6e552f1edbde: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/TpmServFlags-7d3dceee-cbce-4ea7-8709-6e552f1edbde -------------------------------------------------------------------------------- /test-data/efivars-1/UsbSupport-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/VARSTORE_OCMR_SETTINGS_NAME-c05fba7d-7a92-49e0-bcee-233b14dca803: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/VARSTORE_OCMR_SETTINGS_NAME-c05fba7d-7a92-49e0-bcee-233b14dca803 -------------------------------------------------------------------------------- /test-data/efivars-1/VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/WpBufAddr-cba83c4a-a5fc-48a8-b3a6-d33636166544: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/WpBufAddr-cba83c4a-a5fc-48a8-b3a6-d33636166544 -------------------------------------------------------------------------------- /test-data/efivars-1/WriteOnceStatus-4b3082a3-80c6-4d7e-9cd0-583917265df1: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /test-data/efivars-1/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f -------------------------------------------------------------------------------- /test-data/efivars-1/dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/efivars-1/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f -------------------------------------------------------------------------------- /test-data/efivars-1/dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/efivars-1/dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c -------------------------------------------------------------------------------- /test-data/grubx64.0.76.el7.1.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/grubx64.0.76.el7.1.efi -------------------------------------------------------------------------------- /test-data/grubx64.0.76.el7.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/grubx64.0.76.el7.efi -------------------------------------------------------------------------------- /test-data/grubx64.0.80.el7.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rhboot/shim/d16a5a636a3d6d6a4e0250b924a12c726ba07f17/test-data/grubx64.0.80.el7.efi -------------------------------------------------------------------------------- /test-pe-relocate.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * test-pe-reloc.c - attempt to test relocate_coff() 4 | * Copyright Peter Jones 5 | */ 6 | 7 | #ifndef SHIM_UNIT_TEST 8 | #define SHIM_UNIT_TEST 9 | #endif 10 | #include "shim.h" 11 | 12 | static int 13 | test_image_address(void) 14 | { 15 | char image[4]; 16 | void *ret; 17 | 18 | assert_equal_return(ImageAddress(image, sizeof(image), 0), &image[0], -1, "got %p expected %p\n"); 19 | assert_equal_return(ImageAddress(image, sizeof(image), 4), NULL, -1, "got %p expected %p\n"); 20 | assert_equal_return(ImageAddress((void *)1, 2, 3), NULL, -1, "got %p expected %p\n"); 21 | assert_equal_return(ImageAddress((void *)-1ull, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n"); 22 | assert_equal_return(ImageAddress((void *)0, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n"); 23 | assert_equal_return(ImageAddress((void *)1, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n"); 24 | assert_equal_return(ImageAddress((void *)2, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n"); 25 | assert_equal_return(ImageAddress((void *)3, UINT64_MAX, UINT64_MAX), NULL, -1, "got %p expected %p\n"); 26 | 27 | return 0; 28 | } 29 | 30 | int 31 | main(void) 32 | { 33 | int status = 0; 34 | test(test_image_address); 35 | 36 | return status; 37 | } 38 | 39 | // vim:fenc=utf-8:tw=75:noet 40 | -------------------------------------------------------------------------------- /test-pe-util.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | /* 3 | * test-pe-util.c - test PE utilities 4 | */ 5 | 6 | #ifndef SHIM_UNIT_TEST 7 | #define SHIM_UNIT_TEST 8 | #endif 9 | #include "shim.h" 10 | 11 | static int 12 | test_is_page_aligned(void) 13 | { 14 | assert_true_return(IS_PAGE_ALIGNED(0), -1, "\n"); 15 | assert_false_return(IS_PAGE_ALIGNED(1), -1, "\n"); 16 | assert_false_return(IS_PAGE_ALIGNED(4095), -1, "\n"); 17 | assert_true_return(IS_PAGE_ALIGNED(4096), -1, "\n"); 18 | assert_false_return(IS_PAGE_ALIGNED(4097), -1, "\n"); 19 | 20 | return 0; 21 | } 22 | 23 | int 24 | main(void) 25 | { 26 | int status = 0; 27 | test(test_is_page_aligned); 28 | 29 | return status; 30 | } 31 | -------------------------------------------------------------------------------- /utils.c: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #include "shim.h" 4 | 5 | EFI_STATUS 6 | get_file_size(EFI_FILE_HANDLE fh, UINTN *retsize) 7 | { 8 | EFI_STATUS efi_status; 9 | void *buffer = NULL; 10 | UINTN bs = 0; 11 | 12 | /* The API here is "Call it once with bs=0, it fills in bs, 13 | * then allocate a buffer and ask again to get it filled. */ 14 | efi_status = fh->GetInfo(fh, &EFI_FILE_INFO_GUID, &bs, NULL); 15 | if (EFI_ERROR(efi_status) && efi_status != EFI_BUFFER_TOO_SMALL) 16 | return efi_status; 17 | if (bs == 0) 18 | return EFI_SUCCESS; 19 | 20 | buffer = AllocateZeroPool(bs); 21 | if (!buffer) { 22 | console_print(L"Could not allocate memory\n"); 23 | return EFI_OUT_OF_RESOURCES; 24 | } 25 | efi_status = fh->GetInfo(fh, &EFI_FILE_INFO_GUID, &bs, buffer); 26 | /* This checks *either* the error from the first GetInfo, if it isn't 27 | * the EFI_BUFFER_TOO_SMALL we're expecting, or the second GetInfo 28 | * call in *any* case. */ 29 | if (EFI_ERROR(efi_status)) { 30 | console_print(L"Could not get file info: %r\n", efi_status); 31 | if (buffer) 32 | FreePool(buffer); 33 | return efi_status; 34 | } 35 | EFI_FILE_INFO *fi = buffer; 36 | *retsize = fi->FileSize; 37 | FreePool(buffer); 38 | return EFI_SUCCESS; 39 | } 40 | 41 | EFI_STATUS 42 | read_file(EFI_FILE_HANDLE fh, CHAR16 *fullpath, CHAR16 **buffer, UINT64 *bs) 43 | { 44 | EFI_FILE_HANDLE fh2; 45 | EFI_STATUS efi_status; 46 | 47 | efi_status = fh->Open(fh, &fh2, fullpath, EFI_FILE_READ_ONLY, 0); 48 | if (EFI_ERROR(efi_status)) { 49 | console_print(L"Couldn't open \"%s\": %r\n", fullpath, efi_status); 50 | return efi_status; 51 | } 52 | 53 | UINTN len = 0; 54 | CHAR16 *b = NULL; 55 | efi_status = get_file_size(fh2, &len); 56 | if (EFI_ERROR(efi_status)) { 57 | console_print(L"Could not get file size for \"%s\": %r\n", 58 | fullpath, efi_status); 59 | fh2->Close(fh2); 60 | return efi_status; 61 | } 62 | 63 | if (len > 1024 * PAGE_SIZE) { 64 | fh2->Close(fh2); 65 | return EFI_BAD_BUFFER_SIZE; 66 | } 67 | 68 | b = AllocateZeroPool(len + 2); 69 | if (!b) { 70 | console_print(L"Could not allocate memory\n"); 71 | fh2->Close(fh2); 72 | return EFI_OUT_OF_RESOURCES; 73 | } 74 | 75 | efi_status = fh->Read(fh, &len, b); 76 | if (EFI_ERROR(efi_status)) { 77 | FreePool(b); 78 | fh2->Close(fh2); 79 | console_print(L"Could not read file: %r\n", efi_status); 80 | return efi_status; 81 | } 82 | *buffer = b; 83 | *bs = len; 84 | fh2->Close(fh2); 85 | return EFI_SUCCESS; 86 | } 87 | -------------------------------------------------------------------------------- /version.c.in: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #include 4 | 5 | #include "version.h" 6 | 7 | CHAR8 shim_version[] __attribute__((section (".data.ident"))) = 8 | "UEFI SHIM\n" 9 | "$Version: @@VERSION@@ $\n" 10 | "$BuildMachine: @@UNAME@@ $\n" 11 | "$Commit: @@COMMIT@@ $\n"; 12 | -------------------------------------------------------------------------------- /version.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent 2 | 3 | #ifndef _SHIM_VERSION_H 4 | #define _SHIM_VERSION_H 1 5 | 6 | extern CHAR8 shim_version[]; 7 | 8 | #endif /* SHIM_VERSION_H */ 9 | --------------------------------------------------------------------------------