Switch to upstream gnu-efi (v4.0.4)

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "gnu-efi"]
 	path = gnu-efi
-	url = https://github.com/rhboot/gnu-efi.git
-	branch = shim-16.1
+	url = https://github.com/ncroxon/gnu-efi.git
+	branch = master

Cryptlib/Include/OpenSslSupport.h

@@ -18,9 +18,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #if defined(__x86_64__)
 /* shim.h will check if the compiler is new enough in some other CU */
 
-#if !defined(GNU_EFI_USE_EXTERNAL_STDARG)
-#define GNU_EFI_USE_EXTERNAL_STDARG
-#endif
 
 #if !defined(GNU_EFI_USE_MS_ABI)
 #define GNU_EFI_USE_MS_ABI

Cryptlib/Library/BaseLib.h

@@ -1,10 +1,6 @@
 #if defined(__x86_64__)
 /* shim.h will check if the compiler is new enough in some other CU */
 
-#if !defined(GNU_EFI_USE_EXTERNAL_STDARG)
-#define GNU_EFI_USE_EXTERNAL_STDARG
-#endif
-
 #if !defined(GNU_EFI_USE_MS_ABI)
 #define GNU_EFI_USE_MS_ABI
 #endif

Cryptlib/SysCall/BaseStrings.c

@@ -3,7 +3,7 @@
 CHAR8 *
 AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source)
 {
-	UINTN dest_len = strlen((CHAR8 *)Destination);
+	UINTN dest_len = strlen((char *)Destination);
 	UINTN i;
 
 	for (i = 0; Source[i] != '\0'; i++)
@@ -61,7 +61,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value)
 UINTN
 AsciiStrSize(const CHAR8 *string)
 {
-	return strlen(string) + 1;
+	return strlen((char *)string) + 1;
 }
 
 /* Based on AsciiStrDecimalToUintnS() in edk2

Make.defaults

@@ -160,8 +160,8 @@ endif
 LIB_GCC		= $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
 EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
 FORMAT		?= --output-target efi-app-$(ARCH)
-LOCAL_EFI_PATH	= gnu-efi/$(ARCH_GNUEFI)/gnuefi
-LIBDIR		= gnu-efi/$(ARCH_GNUEFI)/lib
+LOCAL_EFI_PATH	= $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi
+LIBDIR		= $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib
 
 MMSTEM		?= mm$(ARCH_SUFFIX)
 MMNAME		= $(MMSTEM).efi
@@ -192,7 +192,7 @@ ifneq ($(origin SBAT_AUTOMATIC_DATE), undefined)
 DEFINES		+= -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
 endif
 
-LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
+LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LIBDIR) -L$(LOCAL_EFI_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
 
 ifneq ($(DEBUG),)
 export DEBUG

Makefile

@@ -150,8 +150,8 @@ $(SHIMNAME) $(MMNAME) $(FBNAME) : | post-process-pe
 LIBS = Cryptlib/libcryptlib.a \
        Cryptlib/OpenSSL/libopenssl.a \
        lib/lib.a \
-       gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \
-       gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a
+       $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \
+       $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a
 
 $(SHIMSONAME): $(OBJS) $(LIBS)
 	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
@@ -166,15 +166,16 @@ MokManager.o: $(MOK_SOURCES)
 $(MMSONAME): $(MOK_OBJS) $(LIBS)
 	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
 
-gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG
-gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
+$(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a $(TOPDIR)/gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
 	mkdir -p gnu-efi/lib gnu-efi/gnuefi
 	$(MAKE) -C gnu-efi \
 		COMPILER="$(COMPILER)" \
 		CCC_CC="$(COMPILER)" \
 		CC="$(CC)" \
 		ARCH=$(ARCH_GNUEFI) \
+		NO_GLIBC=1 \
 		TOPDIR=$(TOPDIR)/gnu-efi \
+		VPATH=$(TOPDIR)/gnu-efi \
 		-f $(TOPDIR)/gnu-efi/Makefile \
 		lib gnuefi inc $(IGNORE_COMPILER_ERRORS)
 
@@ -358,6 +359,7 @@ clean-gnu-efi:
 			COMPILER="$(COMPILER)" \
 			ARCH=$(ARCH_GNUEFI) \
 			TOPDIR=$(TOPDIR)/gnu-efi \
+			VPATH=$(TOPDIR)/gnu-efi \
 			-f $(TOPDIR)/gnu-efi/Makefile \
 			clean ; \
 	fi

MokManager.c

@@ -89,29 +89,29 @@ static EFI_STATUS get_sha1sum(void *Data, int DataSize, UINT8 * hash)
 
 static BOOLEAN is_sha2_hash(EFI_GUID Type)
 {
-	if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0)
+	if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID))
 		return TRUE;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID))
 		return TRUE;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID))
 		return TRUE;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID))
 		return TRUE;
 
 	return FALSE;
 }
 
 static UINT32 sha_size(EFI_GUID Type)
 {
-	if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID) == 0)
+	if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID))
 		return SHA1_DIGEST_SIZE;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID))
 		return SHA224_DIGEST_LENGTH;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID))
 		return SHA256_DIGEST_SIZE;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID))
 		return SHA384_DIGEST_LENGTH;
-	else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0)
+	else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID))
 		return SHA512_DIGEST_LENGTH;
 
 	return 0;
@@ -121,7 +121,7 @@ static BOOLEAN is_valid_siglist(EFI_GUID Type, UINT32 SigSize)
 {
 	UINT32 hash_sig_size;
 
-	if (CompareGuid (&Type, &X509_GUID) == 0 && SigSize != 0)
+	if (CompareGuid (&Type, &X509_GUID) && SigSize != 0)
 		return TRUE;
 
 	if (!is_sha2_hash(Type))
@@ -206,7 +206,7 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize)
 		}
 
 		list[count].Type = CertList->SignatureType;
-		if (CompareGuid (&CertList->SignatureType, &X509_GUID) == 0) {
+		if (CompareGuid (&CertList->SignatureType, &X509_GUID)) {
 			list[count].MokSize = CertList->SignatureSize -
 			    sizeof(EFI_GUID);
 			list[count].Mok = (void *)Cert->SignatureData;
@@ -463,19 +463,19 @@ static void show_sha_digest(EFI_GUID Type, UINT8 * hash)
 	int i;
 	int length;
 
-	if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID) == 0) {
+	if (CompareGuid(&Type, &EFI_CERT_SHA1_GUID)) {
 		length = SHA1_DIGEST_SIZE;
 		text[0] = L"SHA1 hash";
-	} else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID) == 0) {
+	} else if (CompareGuid(&Type, &EFI_CERT_SHA224_GUID)) {
 		length = SHA224_DIGEST_LENGTH;
 		text[0] = L"SHA224 hash";
-	} else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID) == 0) {
+	} else if (CompareGuid(&Type, &EFI_CERT_SHA256_GUID)) {
 		length = SHA256_DIGEST_SIZE;
 		text[0] = L"SHA256 hash";
-	} else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID) == 0) {
+	} else if (CompareGuid(&Type, &EFI_CERT_SHA384_GUID)) {
 		length = SHA384_DIGEST_LENGTH;
 		text[0] = L"SHA384 hash";
-	} else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID) == 0) {
+	} else if (CompareGuid(&Type, &EFI_CERT_SHA512_GUID)) {
 		length = SHA512_DIGEST_LENGTH;
 		text[0] = L"SHA512 hash";
 	} else {
@@ -564,7 +564,7 @@ static void show_mok_info(EFI_GUID Type, void *Mok, UINTN MokSize)
 	if (!Mok || MokSize == 0)
 		return;
 
-	if (CompareGuid (&Type, &X509_GUID) == 0) {
+	if (CompareGuid (&Type, &X509_GUID)) {
 		UINT8 hash[SHA1_DIGEST_SIZE];
 		X509 *X509Cert;
 
@@ -1062,7 +1062,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
 
 		DataSize += sizeof(EFI_SIGNATURE_LIST);
 		type = list[i].Type; /* avoid -Werror=address-of-packed-member */
-		if (CompareGuid(&type, &X509_GUID) == 0)
+		if (CompareGuid(&type, &X509_GUID))
 			DataSize += sizeof(EFI_GUID);
 		DataSize += list[i].MokSize;
 	}
@@ -1093,7 +1093,7 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num,
 		CertList->SignatureType = list[i].Type;
 		CertList->SignatureHeaderSize = 0;
 
-		if (CompareGuid(&(CertList->SignatureType), &X509_GUID) == 0) {
+		if (CompareGuid(&(CertList->SignatureType), &X509_GUID)) {
 			CertList->SignatureListSize = list[i].MokSize +
 			    sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
 			CertList->SignatureSize =
@@ -1136,7 +1136,7 @@ static void delete_cert(void *key, UINT32 key_size,
 
 	for (i = 0; i < mok_num; i++) {
 		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-		if (CompareGuid(&type, &X509_GUID) != 0)
+		if (!CompareGuid(&type, &X509_GUID))
 			continue;
 
 		if (mok[i].MokSize == key_size &&
@@ -1189,7 +1189,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size,
 
 	for (i = 0; i < mok_num; i++) {
 		type = mok[i].Type; /* avoid -Werror=address-of-packed-member */
-		if ((CompareGuid(&type, &Type) != 0) ||
+		if ((!CompareGuid(&type, &Type)) ||
 		    (mok[i].MokSize < sig_size))
 			continue;
 
@@ -1360,7 +1360,7 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
 	dprint(L"deleting certs from %a\n", MokX ? "MokListX" : "MokList");
 	for (i = 0; i < del_num; i++) {
 		type = del_key[i].Type; /* avoid -Werror=address-of-packed-member */
-		if (CompareGuid(&type, &X509_GUID) == 0) {
+		if (CompareGuid(&type, &X509_GUID)) {
 			dprint(L"deleting key %d (total %d):\n", i, mok_num);
 			dhexdumpat(del_key[i].Mok, del_key[i].MokSize, 0);
 			delete_cert(del_key[i].Mok, del_key[i].MokSize,

csv.c

@@ -63,7 +63,7 @@ parse_csv_data(char *data, char *data_end, size_t n_columns, list_t *list)
 	}
 
 	max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0);
-	if (is_utf8_bom(line, max))
+	if (is_utf8_bom((CHAR8 *)line, max))
 
 		line += UTF8_BOM_SIZE;
 

elf_aarch64_efi.lds

@@ -5,7 +5,8 @@ SECTIONS
 {
   . = 0;
   ImageBase = .;
-  .hash : { *(.hash) }	/* this MUST come first! */
+  /* this MUST come first! */
+  .hash : { *(.hash) }
   . = ALIGN(65536);
   .eh_frame :
   {
@@ -21,11 +22,6 @@ SECTIONS
    _etext = .;
   }
   . = ALIGN(65536);
-  .reloc :
-  {
-   *(.reloc)
-  }
-  . = ALIGN(65536);
   .note.gnu.build-id : {
     *(.note.gnu.build-id)
   }
@@ -57,6 +53,11 @@ SECTIONS
    *(COMMON)
    *(.rel.local)
   }
+  . = ALIGN(65536);
+  .reloc :
+  {
+   *(.reloc)
+  }
 
   . = ALIGN(65536);
   .vendor_cert :
@@ -92,9 +93,7 @@ SECTIONS
   .ignored.reloc :
   {
     *(.rela.reloc)
-    *(.eh_frame)
     *(.note.GNU-stack)
   }
   .comment 0 : { *(.comment) }
-  .note.gnu.build-id : { *(.note.gnu.build-id) }
 }

elf_arm_efi.lds

@@ -3,9 +3,10 @@ OUTPUT_ARCH(arm)
 ENTRY(_start)
 SECTIONS
 {
-  .text 0x0 : {
-    _text = .;
+  .text 0 : {
     *(.text.head)
+    . = 0x1000;
+    _text = .;
     *(.text)
     *(.text.*)
     *(.gnu.linkonce.t.*)
@@ -45,6 +46,16 @@ SECTIONS
   _edata = .;
   _data_vsize = _evdata - _data;
   _data_size = . - _data;
+  . = ALIGN(4096);
+  _reloc = .;
+  .areloc : {
+    *(.areloc)
+    _evreloc = .;
+    . = ALIGN(4096);
+    _ereloc = .;
+  } =0
+  _reloc_vsize = _evreloc - _reloc;
+  _reloc_size = _ereloc - _reloc;
 
   /*
    * Note that _sbat must be the beginning of the data, and _esbat must be the
@@ -99,7 +110,8 @@ SECTIONS
   _erodata = .;
   _rodata_size = . - _rodata;
   _rodata_vsize = _evrodata - _rodata;
-  _alldata_size = . - _data;
+  _image_end = .;
+  _alldata_size = _image_end - _data;
 
   /DISCARD/ :
   {

elf_ia32_efi.lds

@@ -5,7 +5,8 @@ SECTIONS
 {
   . = 0;
   ImageBase = .;
-  .hash : { *(.hash) }	/* this MUST come first! */
+  /* .hash and/or .gnu.hash MUST come first! */
+  .hash : { *(.hash) }
   . = ALIGN(4096);
   .text :
   {
@@ -16,11 +17,6 @@ SECTIONS
    _etext = .;
   }
   . = ALIGN(4096);
-  .reloc :
-  {
-   *(.reloc)
-  }
-  . = ALIGN(4096);
   .note.gnu.build-id : {
     *(.note.gnu.build-id)
   }
@@ -52,6 +48,11 @@ SECTIONS
    *(.bss)
    *(COMMON)
   }
+  . = ALIGN(4096);
+  .reloc :
+  {
+   *(.reloc)
+  }
 
   . = ALIGN(4096);
   .vendor_cert :