shim

Merge ~xnox/shim:post-15.4-bugfixes into ~ubuntu-core-dev/shim/+git/shim:master

  1. Git
  2. lp:~xnox/shim
  3. post-15.4-bugfixes
  4. Merge into master
Proposed by Dimitri John Ledkov
Status: Merged
Merged at revision: 5c90709563f68c6ebc624402c1062e3fb2da031e
Proposed branch: ~xnox/shim:post-15.4-bugfixes
Merge into: ~ubuntu-core-dev/shim/+git/shim:master
Diff against target: 113 lines (+82/-0)
4 files modified
debian/changelog (+5/-0)
debian/patches/361.patch (+38/-0)
debian/patches/362.patch (+37/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Julian Andres Klode Approve
Review via email: mp+401454@code.launchpad.net

Commit message

Add two more cherrypicks from upstream.

To post a comment you must log in.
Revision history for this message
Julian Andres Klode (juliank) wrote :

I approve of these changes

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index f403ee7..d1fa4fa 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,7 +1,12 @@
6 shim (15.4-0ubuntu2) UNRELEASED; urgency=medium
7
8+ [ Balint Reczey ]
9 * Fix boot on EFI 1.10 machines, for example on some MacBooks (LP: #1925010)
10
11+ [ Dimitri John Ledkov ]
12+ * Fix kernel warning when allocating MOK table (LP: #1925139)
13+ * Fix booting with shim SBState disabled (LP: #1925140)
14+
15 -- Balint Reczey <rbalint@ubuntu.com> Mon, 19 Apr 2021 15:52:50 +0200
16
17 shim (15.4-0ubuntu1) hirsute; urgency=medium
18diff --git a/debian/patches/361.patch b/debian/patches/361.patch
19new file mode 100644
20index 0000000..766e9a4
21--- /dev/null
22+++ b/debian/patches/361.patch
23@@ -0,0 +1,38 @@
24+From 33ca95024aa7e33218da5882d30b3ec690a11046 Mon Sep 17 00:00:00 2001
25+From: Gary Lin <glin@suse.com>
26+Date: Thu, 8 Apr 2021 16:23:03 +0800
27+Subject: [PATCH] mok: allocate MOK config table as BootServicesData
28+
29+Linux kernel is picky when reserving the memory for x86 and it only
30+expects BootServicesData:
31+
32+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/platform/efi/quirks.c?h=v5.11#n254
33+
34+Otherwise, the following error would show during system boot:
35+
36+Apr 07 12:31:56.743925 localhost kernel: efi: Failed to lookup EFI memory descriptor for 0x000000003dcf8000
37+
38+Although BootServicesData would be reclaimed after ExitBootService(),
39+linux kernel reserves MOK config table when it detects the existence of
40+the table, so it's fine to allocate the table as BootServicesData.
41+
42+Signed-off-by: Gary Lin <glin@suse.com>
43+Origin: https://patch-diff.githubusercontent.com/raw/rhboot/shim/pull/361.patch
44+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925139
45+---
46+ mok.c | 2 +-
47+ 1 file changed, 1 insertion(+), 1 deletion(-)
48+
49+diff --git a/mok.c b/mok.c
50+index 5ad9072be..fc1ee04da 100644
51+--- a/mok.c
52++++ b/mok.c
53+@@ -1002,7 +1002,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
54+ npages = ALIGN_VALUE(config_sz, PAGE_SIZE) >> EFI_PAGE_SHIFT;
55+ config_table = NULL;
56+ efi_status = gBS->AllocatePages(AllocateAnyPages,
57+- EfiRuntimeServicesData,
58++ EfiBootServicesData,
59+ npages,
60+ (EFI_PHYSICAL_ADDRESS *)&config_table);
61+ if (EFI_ERROR(efi_status) || !config_table) {
62diff --git a/debian/patches/362.patch b/debian/patches/362.patch
63new file mode 100644
64index 0000000..488b14b
65--- /dev/null
66+++ b/debian/patches/362.patch
67@@ -0,0 +1,37 @@
68+From 975c2feaa47dc3b8d42d2995e09b5026ce66d7af Mon Sep 17 00:00:00 2001
69+From: Adam Williamson <awilliam@redhat.com>
70+Date: Thu, 8 Apr 2021 22:39:02 -0700
71+Subject: [PATCH] Don't set user_insecure_mode and ignore_db in
72+ import_one_mok_state
73+
74+This seems completely incorrect and unnecessary, unless I'm
75+missing something. We already set them both to 0 at the start of
76+`import_mok_state`, which is the only thing that uses
77+`import_one_mok_state`, so it's unnecessary. It's incorrect
78+because it means those variables will be set to 0 even when they
79+should be set to 1 - even if they are momentarily set to 1 when
80+`import_one_mok_state` is called on the relevant variable, they
81+immediately get set back to 0 when it's called on the *next*
82+variable.
83+
84+Signed-off-by: Adam Williamson <awilliam@redhat.com>
85+Origin: https://patch-diff.githubusercontent.com/raw/rhboot/shim/pull/361.patch
86+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1925140
87+---
88+ mok.c | 3 ---
89+ 1 file changed, 3 deletions(-)
90+
91+diff --git a/mok.c b/mok.c
92+index 5ad9072be..9e37d6ab5 100644
93+--- a/mok.c
94++++ b/mok.c
95+@@ -888,9 +888,6 @@ EFI_STATUS import_one_mok_state(struct mok_state_variable *v,
96+ EFI_STATUS ret = EFI_SUCCESS;
97+ EFI_STATUS efi_status;
98+
99+- user_insecure_mode = 0;
100+- ignore_db = 0;
101+-
102+ UINT32 attrs = 0;
103+ BOOLEAN delete = FALSE;
104+
105diff --git a/debian/patches/series b/debian/patches/series
106index 17e624f..ab362be 100644
107--- a/debian/patches/series
108+++ b/debian/patches/series
109@@ -1,2 +1,4 @@
110 359.patch
111+361.patch
112+362.patch
113 364.patch

Subscribers

People subscribed via source and target branches