shim.changelog


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

14
	The shim EFI binary cannot have sections whose offset is not a multiple of the
	file header offset, or else signtool.exe will generate an incorrect signature
	that cannot be verified. Currently we generate a PLT section that is
	incorrectly aligned, due to an error in rebasing OpenSSL to fix a different
	issue. This version rectifies that error, as well as adding --no-undefined to
	the final link, so that any such missing symbol will cause a build error. This
	doesn't necessarily solve the file offset problem in all cases, but it does
	solve it in all the cases we've actually seen so far.

13
	* OpenSSL reverted to 1.0.2k to make the cert chaining of existing deployments stay working
	* Better PCR usage for TPM
	* TPM documentation in README.tpm
	* More configurable build via make variables:
		ENABLE_SHIM_CERT
		ENABLE_SHIM_HASH
		ENABLE_SBSIGN
		LIBDIR
		EFIDIR
		VENDOR_CERT_FILE
		VENDOR_DB_FILE
		Better MoK documentation in MokVars.txt
		Better debuginfo generation
		Lots of minor bug fixes.

12
	* OpenSSL 1.1.0e (glin)
	* Workaround for signtool.exe bugs (pjones)
	* Bug fix for wrong options passed to second stage (jsgruber)
	* Requested that tar.gz/zip downloads not used for this version

11
	* generate_hash(): fix the regression (Lans Zhang)
	* Ignore BDS when it tells us we got our own path on the command line.
	* Support ia32
	* Handle various different load option implementation differences
	* TPM 1 and TPM 2 support.
	* Update to OpenSSL 1.0.2k
	* GCC 7 support

0.9
	Gary Ching-Pang Lin (19):
	* Add nostdinc to the CFLAGS for lib
	* Update Cryptlib and openssl
	* Make the build failed with objcopy < 2.24
	* Support MOK blacklist
	* MokManager: show the hash list properly
	* MokManager: delete the hash properly
	* MokManager: Match all hashes in the list
	* MokManager: Write the hash list properly
	* Copy the MOK blacklist to a RT variable
	* Verify the EFI images with MOK blacklist
	* Make shim to check MokXAuth for MOKX reset
	* MokManager: calculate the variable size correctly
	* MokManager: fix the hash list counting in delete
	* MokManager: Support SHA1 hash in MOK
	* MokManager: fix the return value and type
	* MokManager: Add more key list safe checks
	* MokManager: Support SHA224, SHA384, and SHA512
	* MokManager: Discard the list contains an invalid signature
	* MokManager: fix comparison between signed and unsigned integer
	
	Laszlo Ersek (1):
	* Fix length of allocated buffer for boot option comparison.
	
	Matthew Garrett (1):
	* Explicitly request sysv-style ELF hash sections
	
	Peter Jones (17):
	* Align the sections we're loading, and check for validity /after/ discarding.
	* Don't install our protocols if we're not in secure mode.
	* Make lib/ build right with the cflags it should be using...
	* Make lib/ use the right CFLAGS.
	* gcc 5.0 changes some include bits, so copy what arm does on x86.
	* Only run MokManager if asked or a security violation occurs.
	* Don't leave in_protocol==1 when shim_verify() isn't enforcing.
	* Ensure that apps launched by shim get correct BS->Exit() behavior
	* Fix console_print_box*() parameters.
	* MokManager: Nerf SHA-1 again for actual hashes and signatures.
	* Don't print anything or delay when start_image() succeeds.
	* More incorrect unsigned vs signed fixups from yours truly.
	* Add a conditional point for a debugger to attach.
	* Only be verbose the first time secure_mode() is called.
	* Make sure our build-id notes wind up at a reasonable place.
	* Improve our debuginfo path print
	* 0.9
	
	Richard W.M. Jones (1):
	* fallback: Fix comparison between signed and unsigned in debugging code.

0.8
	* Various code cleanups
	* 32-bit binary support
	* Better dhcpv4 support
	* Better device path generation in fallback.efi
	* Re-use of existing entries when possible in fallback.efi
	* Additional bounds checking of section sizes
	* Working PE base relocations
	* Avoid fallback.efi creating duplicates in BootOrder
	* Update to OpenSSL 0.9.8zb
	* ARM Aarch64 support
	* Fix buffer overrun in ipv6 option parsing (CVE-2014-3675 and CVE-2014-3676)
	* Fix out of bounds error on parsing MokNew (CVE-2014-3677)

0.7
	* Handle the SetupMode variable correctly.