14 The shim EFI binary cannot have sections whose offset is not a multiple of the file header offset, or else signtool.exe will generate an incorrect signature that cannot be verified. Currently we generate a PLT section that is incorrectly aligned, due to an error in rebasing OpenSSL to fix a different issue. This version rectifies that error, as well as adding --no-undefined to the final link, so that any such missing symbol will cause a build error. This doesn't necessarily solve the file offset problem in all cases, but it does solve it in all the cases we've actually seen so far. 13 * OpenSSL reverted to 1.0.2k to make the cert chaining of existing deployments stay working * Better PCR usage for TPM * TPM documentation in README.tpm * More configurable build via make variables: ENABLE_SHIM_CERT ENABLE_SHIM_HASH ENABLE_SBSIGN LIBDIR EFIDIR VENDOR_CERT_FILE VENDOR_DB_FILE Better MoK documentation in MokVars.txt Better debuginfo generation Lots of minor bug fixes. 12 * OpenSSL 1.1.0e (glin) * Workaround for signtool.exe bugs (pjones) * Bug fix for wrong options passed to second stage (jsgruber) * Requested that tar.gz/zip downloads not used for this version 11 * generate_hash(): fix the regression (Lans Zhang) * Ignore BDS when it tells us we got our own path on the command line. * Support ia32 * Handle various different load option implementation differences * TPM 1 and TPM 2 support. * Update to OpenSSL 1.0.2k * GCC 7 support 0.9 Gary Ching-Pang Lin (19): * Add nostdinc to the CFLAGS for lib * Update Cryptlib and openssl * Make the build failed with objcopy < 2.24 * Support MOK blacklist * MokManager: show the hash list properly * MokManager: delete the hash properly * MokManager: Match all hashes in the list * MokManager: Write the hash list properly * Copy the MOK blacklist to a RT variable * Verify the EFI images with MOK blacklist * Make shim to check MokXAuth for MOKX reset * MokManager: calculate the variable size correctly * MokManager: fix the hash list counting in delete * MokManager: Support SHA1 hash in MOK * MokManager: fix the return value and type * MokManager: Add more key list safe checks * MokManager: Support SHA224, SHA384, and SHA512 * MokManager: Discard the list contains an invalid signature * MokManager: fix comparison between signed and unsigned integer Laszlo Ersek (1): * Fix length of allocated buffer for boot option comparison. Matthew Garrett (1): * Explicitly request sysv-style ELF hash sections Peter Jones (17): * Align the sections we're loading, and check for validity /after/ discarding. * Don't install our protocols if we're not in secure mode. * Make lib/ build right with the cflags it should be using... * Make lib/ use the right CFLAGS. * gcc 5.0 changes some include bits, so copy what arm does on x86. * Only run MokManager if asked or a security violation occurs. * Don't leave in_protocol==1 when shim_verify() isn't enforcing. * Ensure that apps launched by shim get correct BS->Exit() behavior * Fix console_print_box*() parameters. * MokManager: Nerf SHA-1 again for actual hashes and signatures. * Don't print anything or delay when start_image() succeeds. * More incorrect unsigned vs signed fixups from yours truly. * Add a conditional point for a debugger to attach. * Only be verbose the first time secure_mode() is called. * Make sure our build-id notes wind up at a reasonable place. * Improve our debuginfo path print * 0.9 Richard W.M. Jones (1): * fallback: Fix comparison between signed and unsigned in debugging code. 0.8 * Various code cleanups * 32-bit binary support * Better dhcpv4 support * Better device path generation in fallback.efi * Re-use of existing entries when possible in fallback.efi * Additional bounds checking of section sizes * Working PE base relocations * Avoid fallback.efi creating duplicates in BootOrder * Update to OpenSSL 0.9.8zb * ARM Aarch64 support * Fix buffer overrun in ipv6 option parsing (CVE-2014-3675 and CVE-2014-3676) * Fix out of bounds error on parsing MokNew (CVE-2014-3677) 0.7 * Handle the SetupMode variable correctly.