sys-boot/shim: update to 15.4 Update RH EFI shim to version 15.4. New ldscript file causes internal error in gold linker so force-use bfd one. BUG=b/186856815 TEST=presubmit RELEASE_NOTE=Updated UEFI shim to 15.4. Change-Id: I05e96be88cd623576e0b4d18369724630c45ae14 Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/27580 Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com> Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com> Reviewed-by: Roy Yang <royyang@google.com>

commit: ec779e895133320d848251d4822c815aed683a9f [log] [tgz]
author: Oleksandr Tymoshenko <ovt@google.com> Thu May 13 22:52:59 2021 +0000
committer: Oleksandr Tymoshenko <ovt@google.com> Fri Jan 14 03:12:32 2022 +0000
tree: ef640985634cc46fc61d23f4e1366fc55e9db757
parent: 520a8fa5133b751d99bab96230eac8f8deb5f45e [diff]
diff --git a/project-lakitu/sys-boot/shim/Manifest b/project-lakitu/sys-boot/shim/Manifest
index 131eb9f..c788153 100644
--- a/project-lakitu/sys-boot/shim/Manifest
+++ b/project-lakitu/sys-boot/shim/Manifest

@@ -1 +1 @@
-DIST shim-15.tar.bz2 1027215 BLAKE2B 425055998fd7af4751615241a69934b023581716eeb76d01e074e159b12bf414079d450ff6c574e0c398b259563149fe8a83a43f4c5496bbfb6c3550fdb7e4b6 SHA512 f7dfac774d644111431ca56da76b5575b891b0abad970b318edaede11a0d83c869728bc39cb6af3689bdb203c6826545caf8ddd3d14228831027e334963cf957
+DIST shim-15.4.tar.bz2 1260475 BLAKE2B b3a3c43df62ccc833fc2ffcae7d913d236b18469f73fd4abcf6a64b904c3cde445592562cac387f8d960184758bcfeb7fa4b0f088caa6402e2e56fc5a460faf9 SHA512 b9712fe6964f60de251f1bff83914c4aac0f6430474c44741c059f31b72c2d5987c313cbb5e8bc07bfd04e61e6b511ea2d19a9975cde8c6127bc05f2de834526

diff --git a/project-lakitu/sys-boot/shim/files/shim-15-built-in-platform-key.patch b/project-lakitu/sys-boot/shim/files/shim-15-built-in-platform-key.patch
deleted file mode 100644
index d371bcf..0000000
--- a/project-lakitu/sys-boot/shim/files/shim-15-built-in-platform-key.patch
+++ /dev/null

@@ -1,104 +0,0 @@
-diff --git a/mok.c b/mok.c
-index 3867521..2b081f5 100644
---- a/mok.c
-+++ b/mok.c
-@@ -79,6 +79,7 @@ struct mok_state_variable {
- #define MOK_MIRROR_DELETE_FIRST	0x02
- #define MOK_VARIABLE_MEASURE	0x04
- #define MOK_VARIABLE_LOG	0x08
-+#define MOK_USE_BUILTIN		0x10
- 
- struct mok_state_variable mok_state_variables[] = {
- 	{.name = L"MokList",
-@@ -91,7 +92,8 @@ struct mok_state_variable mok_state_variables[] = {
- 	 .addend_source = &vendor_cert,
- 	 .addend_size = &vendor_cert_size,
- 	 .flags = MOK_MIRROR_KEYDB |
--		  MOK_VARIABLE_LOG,
-+		  MOK_VARIABLE_LOG |
-+		  MOK_USE_BUILTIN,
- 	 .pcr = 14,
- 	},
- 	{.name = L"MokListX",
-@@ -130,6 +132,63 @@ struct mok_state_variable mok_state_variables[] = {
- 	{ NULL, }
- };
- 
-+
-+static EFI_STATUS builtin_one_mok_variable(struct mok_state_variable *v)
-+{
-+	EFI_STATUS efi_status = EFI_SUCCESS;
-+	void *FullData = NULL;
-+	UINTN FullDataSize = 0;
-+	uint8_t *p = NULL;
-+
-+	if ((v->flags & MOK_MIRROR_KEYDB) &&
-+	    v->addend_source && *v->addend_source &&
-+	    v->addend_size && *v->addend_size) {
-+		EFI_SIGNATURE_LIST *CertList = NULL;
-+		EFI_SIGNATURE_DATA *CertData = NULL;
-+		FullDataSize = sizeof (*CertList)
-+			     + sizeof (EFI_GUID)
-+			     + *v->addend_size;
-+		FullData = AllocatePool(FullDataSize);
-+		if (!FullData) {
-+			perror(L"Failed to allocate space for MokListRT\n");
-+			return EFI_OUT_OF_RESOURCES;
-+		}
-+		p = FullData;
-+
-+		CertList = (EFI_SIGNATURE_LIST *)p;
-+		p += sizeof (*CertList);
-+		CertData = (EFI_SIGNATURE_DATA *)p;
-+		p += sizeof (EFI_GUID);
-+
-+		CertList->SignatureType = EFI_CERT_TYPE_X509_GUID;
-+		CertList->SignatureListSize = *v->addend_size
-+					      + sizeof (*CertList)
-+					      + sizeof (*CertData)
-+					      -1;
-+		CertList->SignatureHeaderSize = 0;
-+		CertList->SignatureSize = *v->addend_size + sizeof (EFI_GUID);
-+
-+		CertData->SignatureOwner = SHIM_LOCK_GUID;
-+		CopyMem(p, *v->addend_source, *v->addend_size);
-+	} else if (v->state) {
-+		FullDataSize = sizeof (UINT8);
-+		FullData = v->state;
-+	}
-+
-+	if (FullDataSize) {
-+		efi_status = gRT->SetVariable(v->rtname, v->guid,
-+					      EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+					      EFI_VARIABLE_RUNTIME_ACCESS,
-+					      FullDataSize, FullData);
-+		if (EFI_ERROR(efi_status)) {
-+			perror(L"Failed to set %s: %r\n",
-+			       v->rtname, efi_status);
-+		}
-+	}
-+
-+	return efi_status;
-+}
-+
- static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
- {
- 	EFI_STATUS efi_status = EFI_SUCCESS;
-@@ -226,8 +285,16 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
- 		efi_status = get_variable_attr(v->name,
- 					       &v->data, &v->data_size,
- 					       *v->guid, &attrs);
--		if (efi_status == EFI_NOT_FOUND)
-+		if (efi_status == EFI_NOT_FOUND) {
-+			if (v->flags & MOK_USE_BUILTIN) {
-+				efi_status = builtin_one_mok_variable(v);
-+				if (EFI_ERROR(efi_status) &&
-+				    ret != EFI_SECURITY_VIOLATION)
-+					ret = efi_status;
-+			}
- 			continue;
-+		}
-+
- 		if (EFI_ERROR(efi_status)) {
- 			perror(L"Could not verify %s: %r\n", v->name,
- 			       efi_status);

diff --git a/project-lakitu/sys-boot/shim/files/shim-15-fix-aarch64-build.patch b/project-lakitu/sys-boot/shim/files/shim-15-fix-aarch64-build.patch
deleted file mode 100644
index 88d7c1e..0000000
--- a/project-lakitu/sys-boot/shim/files/shim-15-fix-aarch64-build.patch
+++ /dev/null

@@ -1,22 +0,0 @@
-diff --git a/Make.defaults b/Make.defaults
-index e11ab5a..ac2a25b 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -89,7 +89,7 @@ ifeq ($(ARCH),aarch64)
- 	ARCH_SUFFIX_UPPER	?= AA64
- 	FORMAT			:= -O binary
- 	SUBSYSTEM		:= 0xa
--	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
-+	override ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
- endif
- ifeq ($(ARCH),arm)
- 	CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
-@@ -98,7 +98,7 @@ ifeq ($(ARCH),arm)
- 	ARCH_SUFFIX_UPPER	?= ARM
- 	FORMAT			:= -O binary
- 	SUBSYSTEM		:= 0xa
--	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
-+	override ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
- endif
- 
- FORMAT		?= --target efi-app-$(ARCH)

diff --git a/project-lakitu/sys-boot/shim/files/shim-15-fix-vlogerror-arm64-crash.patch b/project-lakitu/sys-boot/shim/files/shim-15-fix-vlogerror-arm64-crash.patch
deleted file mode 100644
index 0e78d88..0000000
--- a/project-lakitu/sys-boot/shim/files/shim-15-fix-vlogerror-arm64-crash.patch
+++ /dev/null

@@ -1,63 +0,0 @@
-From 344a8364cb05cdaafc43231d0f73d5217c4e118c Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 12 Feb 2019 18:04:49 -0500
-Subject: [PATCH] VLogError(): Avoid NULL pointer dereferences in (V)Sprint
- calls
-
-VLogError() calculates the size of format strings by using calls to
-SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
-Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
-of "0" is special-cased to mean "there is no limit". So, we end up
-writing our string to address 0x0. This was discovered because it
-causes a crash on ARM where, unlike x86, it does not necessarily
-have memory mapped at 0x0.
-
-Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
-handles the size calculation and allocation for us.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
-Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
-[dannf: commit message ]
-Signed-off-by: dann frazier <dann.frazier@canonical.com>
-Upstream-commit-id: 20e731f423a
----
- errlog.c | 15 +++------------
- 1 file changed, 3 insertions(+), 12 deletions(-)
-
-diff --git a/errlog.c b/errlog.c
-index 18be4822..eebb266d 100644
---- a/errlog.c
-+++ b/errlog.c
-@@ -14,29 +14,20 @@ EFI_STATUS
- VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
- {
- 	va_list args2;
--	UINTN size = 0, size2;
- 	CHAR16 **newerrs;
- 
--	size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
--	va_copy(args2, args);
--	size2 = VSPrint(NULL, 0, fmt, args2);
--	va_end(args2);
--
- 	newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
- 				       (nerrs + 3) * sizeof(*errs));
- 	if (!newerrs)
- 		return EFI_OUT_OF_RESOURCES;
- 
--	newerrs[nerrs] = AllocatePool(size*2+2);
-+	newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
- 	if (!newerrs[nerrs])
- 		return EFI_OUT_OF_RESOURCES;
--	newerrs[nerrs+1] = AllocatePool(size2*2+2);
-+	va_copy(args2, args);
-+	newerrs[nerrs+1] = VPoolPrint(fmt, args2);
- 	if (!newerrs[nerrs+1])
- 		return EFI_OUT_OF_RESOURCES;
--
--	SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
--	va_copy(args2, args);
--	VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
- 	va_end(args2);
- 
- 	nerrs += 2;

diff --git a/project-lakitu/sys-boot/shim/files/shim-15.4-fix-gcc-host-leak.patch b/project-lakitu/sys-boot/shim/files/shim-15.4-fix-gcc-host-leak.patch
new file mode 100644
index 0000000..7655c9f
--- /dev/null
+++ b/project-lakitu/sys-boot/shim/files/shim-15.4-fix-gcc-host-leak.patch

@@ -0,0 +1,11 @@
+--- a/gnu-efi/Make.defaults	2021-04-09 17:35:17.978394775 +0000
++++ b/gnu-efi/Make.defaults	2021-04-09 17:35:25.311076592 +0000
+@@ -67,7 +67,7 @@
+ # Compilation tools
+ COMPILER     ?= gcc
+ ARCHIVER     ?= gcc-ar
+-HOSTCC       := $(COMPILER)
++HOSTCC       := $(BUILD_CC)
+ CC           := $(CROSS_COMPILE)$(COMPILER)
+ AS           := $(CROSS_COMPILE)as
+ LD           := $(CROSS_COMPILE)ld

diff --git a/project-lakitu/sys-boot/shim/files/shim-15.4-force-ld.bfd.patch b/project-lakitu/sys-boot/shim/files/shim-15.4-force-ld.bfd.patch
new file mode 100644
index 0000000..a7f4aa3
--- /dev/null
+++ b/project-lakitu/sys-boot/shim/files/shim-15.4-force-ld.bfd.patch

@@ -0,0 +1,13 @@
+diff --git a/Make.defaults b/Make.defaults
+index a775083e..d569476f 100644
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -6,7 +6,7 @@
+ COMPILER	?= gcc
+ CC		= $(CROSS_COMPILE)$(COMPILER)
+ HOSTCC		= $(COMPILER)
+-LD		= $(CROSS_COMPILE)ld
++LD		= $(CROSS_COMPILE)ld.bfd
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
+ DOS2UNIX	?= dos2unix
+ D2UFLAGS	?= -r -l -F -f -n

diff --git a/project-lakitu/sys-boot/shim/shim-15-r3.ebuild b/project-lakitu/sys-boot/shim/shim-15-r3.ebuild
deleted file mode 120000
index aa8fc90..0000000
--- a/project-lakitu/sys-boot/shim/shim-15-r3.ebuild
+++ /dev/null

@@ -1 +0,0 @@
-shim-15.ebuild
\ No newline at end of file

diff --git a/project-lakitu/sys-boot/shim/shim-15.4-r1.ebuild b/project-lakitu/sys-boot/shim/shim-15.4-r1.ebuild
new file mode 120000
index 0000000..f3ba15b
--- /dev/null
+++ b/project-lakitu/sys-boot/shim/shim-15.4-r1.ebuild

@@ -0,0 +1 @@
+shim-15.4.ebuild
\ No newline at end of file

diff --git a/project-lakitu/sys-boot/shim/shim-15.ebuild b/project-lakitu/sys-boot/shim/shim-15.4.ebuild
similarity index 75%
rename from project-lakitu/sys-boot/shim/shim-15.ebuild
rename to project-lakitu/sys-boot/shim/shim-15.4.ebuild
index 133959a..c62dd81 100644
--- a/project-lakitu/sys-boot/shim/shim-15.ebuild
+++ b/project-lakitu/sys-boot/shim/shim-15.4.ebuild

@@ -17,13 +17,10 @@
 
 RDEPEND=""
 DEPEND="dev-libs/openssl
-	sys-boot/gnu-efi
 	platform-key? ( sys-boot/platform-key )
 	"
 IUSE="platform-key"
 
-S="${WORKDIR}/${P}"
-
 shim_arch() {
 	case ${ARCH} in
 	amd64) echo "x86_64";;
@@ -41,28 +38,21 @@
 }
 
 src_prepare() {
-	cros_use_gcc
-	epatch "${FILESDIR}"/${PN}-15-fix-aarch64-build.patch
-	epatch "${FILESDIR}"/${PN}-15-fix-vlogerror-arm64-crash.patch
-	epatch "${FILESDIR}"/${PN}-15-built-in-platform-key.patch
+	epatch "${FILESDIR}"/${P}-fix-gcc-host-leak.patch
+	epatch "${FILESDIR}"/${P}-force-ld.bfd.patch
 	default
 }
 
 src_compile() {
 	local extra_opts=()
 
-	if tc-ld-is-gold; then
-		extra_opts+=( ARCH_LDFLAGS="--no-experimental-use-relr" )
-	fi
-
 	if use platform-key; then
 		extra_opts+=( VENDOR_CERT_FILE="${ROOT}/build/share/platform-key/signing_key.cer" )
 	fi
 
 	emake ARCH="$(shim_arch)" \
 		CROSS_COMPILE="${CHOST}-" \
-		EFI_INCLUDE="${ROOT}/usr/include/efi" \
-		EFI_PATH="${ROOT}/usr/$(get_libdir)" \
+		COMMITID="${GIT_COMMIT_ID}" \
 		DEFAULT_LOADER="\\\\\\\\grub-lakitu.efi" \
 		"${extra_opts[@]}" \
 		$(shim_binary)
commit	ec779e895133320d848251d4822c815aed683a9f	[log] [tgz]
author	Oleksandr Tymoshenko <ovt@google.com>	Thu May 13 22:52:59 2021 +0000
committer	Oleksandr Tymoshenko <ovt@google.com>	Fri Jan 14 03:12:32 2022 +0000
tree	ef640985634cc46fc61d23f4e1366fc55e9db757
parent	520a8fa5133b751d99bab96230eac8f8deb5f45e [diff]