Skip to content

Releases: rhboot/shim

shim 15.8

23 Jan 19:01
@vathpela vathpela
15.8
5914984
Compare
Choose a tag to compare
shim 15.8 Latest
Latest

What's New

* Various CVE fixes:
  CVE-2023-40546 mok: fix LogError() invocation
  CVE-2023-40547 - avoid incorrectly trusting HTTP headers
  CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
  CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
  CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
  CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries

What's Changed

New Contributors

Full Changelog: 15.7...15.8

Contributors

bluca, nicholasbishop, and 6 other contributors
Assets 4
Loading

shim 15.7

16 Nov 21:44
@vathpela vathpela
15.7
This tag was signed with the committer’s verified signature.
frozencemetery Robbie Harwood
GPG key ID: 2532F9176A95A442
Learn about vigilant mode.
1149161
Compare
Choose a tag to compare
shim 15.7

What's Changed

New Contributors

Full Changelog: 15.6...15.7

Contributors

baloo, chrisccoulson, and 7 other contributors
Assets 3
Loading

shim-15.6

07 Jun 18:35
@vathpela vathpela
15.6
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
505cdb6
Compare
Choose a tag to compare
shim-15.6
  • What's Changed
  • New Contributors

Contributors

chrisccoulson, joeyli, and 6 other contributors
Assets 3
Loading

shim 15.6 rc1

23 May 20:57
@vathpela vathpela
15.6-rc1
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
98cda24
Compare
Choose a tag to compare
shim 15.6 rc1 Pre-release
Pre-release

What's Changed

New Contributors

Full Changelog: 15.5...15.6-rc1

Contributors

chrisccoulson, joeyli, and 6 other contributors
Assets 3
Loading

15.5

15 Feb 18:22
@frozencemetery frozencemetery
15.5
This tag was signed with the committer’s verified signature.
frozencemetery Robbie Harwood
GPG key ID: 2532F9176A95A442
Learn about vigilant mode.
f2c598b
Compare
Choose a tag to compare
15.5

What's Changed

  • Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
  • mok: allocate MOK config table as BootServicesData by @lcp in #361
  • Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
  • Relax the check for import_mok_state() by @lcp in #372
  • SBAT.md: trivial changes by @hallyn in #389
  • shim: another attempt to fix load options handling by @chrisccoulson in #379
  • Add tests for our load options parsing. by @vathpela in #390
  • arm/aa64: fix the size of .rela* sections by @lcp in #383
  • mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
  • mok: relax the maximum variable size check by @lcp in #369
  • Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
  • fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
  • httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
  • Fallback allocation errors by @vathpela in #402
  • shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
  • str: remove duplicate parameter check by @xypron in #408
  • fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
  • Test mok mirror by @vathpela in #394
  • Modify sbat.md to help with readability. by @eshiman in #398
  • csv: detect end of csv file correctly by @xypron in #404
  • Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
  • tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
  • pe: simplify generate_hash() by @xypron in #411
  • Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
  • Fallback to default loader if parsed one does not exist by @julian-klode in #393
  • fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
  • Better console checks by @vathpela in #416
  • docs: update SBAT UEFI variable name by @nicholasbishop in #421
  • Don't parse load options if invoked from removable media path by @julian-klode in #399
  • fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
  • shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
  • Shim 15.5 coverity by @vathpela in #439
  • Allocate mokvar table in runtime memory. by @vathpela in #447
  • Remove post-process-pe on 'make clean' by @vathpela in #448
  • pe: missing perror argument by @xypron in #443

New Contributors

Full Changelog: 15.4...15.5

Contributors

xnox, lcp, and 15 other contributors
Assets 3
Loading

shim 15.5 release candidate 2

10 Dec 22:23
@vathpela vathpela
15.5-rc2
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
d0df930
Compare
Choose a tag to compare
shim 15.5 release candidate 2 Pre-release
Pre-release

What's Changed

  • Don't parse load options if invoked from removable media path by @julian-klode in #399
  • fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
  • shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
  • Shim 15.5 coverity by @vathpela in #439

Full Changelog: 15.5-rc1...15.5-rc2

Contributors

martinezjavier, vathpela, and 2 other contributors
Assets 3
Loading

shim 15.5 release candidate 1

12 Oct 14:54
@vathpela vathpela
15.5-rc1
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
01ae161
Compare
Choose a tag to compare
shim 15.5 release candidate 1 Pre-release
Pre-release

What's Changed

  • Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
  • mok: allocate MOK config table as BootServicesData by @lcp in #361
  • Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
  • Relax the check for import_mok_state() by @lcp in #372
  • SBAT.md: trivial changes by @hallyn in #389
  • shim: another attempt to fix load options handling by @chrisccoulson in #379
  • Add tests for our load options parsing. by @vathpela in #390
  • arm/aa64: fix the size of .rela* sections by @lcp in #383
  • mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
  • mok: relax the maximum variable size check by @lcp in #369
  • Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
  • fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
  • httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
  • Fallback allocation errors by @vathpela in #402
  • shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
  • str: remove duplicate parameter check by @xypron in #408
  • fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
  • Test mok mirror by @vathpela in #394
  • Modify sbat.md to help with readability. by @eshiman in #398
  • csv: detect end of csv file correctly by @xypron in #404
  • Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
  • tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
  • pe: simplify generate_hash() by @xypron in #411
  • Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
  • Fallback to default loader if parsed one does not exist by @julian-klode in #393
  • fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
  • Better console checks by @vathpela in #416
  • docs: update SBAT UEFI variable name by @nicholasbishop in #421

New Contributors

Full Changelog: 15.4...15.5-rc1

As usual, please use the tarball attached below.

Contributors

xnox, lcp, and 14 other contributors
Assets 3
Loading

shim-15.4

30 Mar 21:07
@vathpela vathpela
15.4
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
20e4d94
Compare
Choose a tag to compare
shim-15.4

This is a critical bugfix release. Don't use 15.3, as the SBAT self-check is
broken.

As usual, please use the shim-15.4.tar.bz2 tarball, rather than the other two archives github automatically produces.

Many thanks to all who helped out, including but not limited to these
contributions:

Chris Co (1):
      Makefile: sort vendor sbats to remove duplicates

Jan Setje-Eilers (3):
      Move the check for the SBAT variable properties to its own function.
      Fix SBAT variable content validation.
      Change SBAT variable name to SbatLevel

Peter Jones (13):
      CI: don't use 'make -s'; it's more trouble than help.
      arm/aa64: Swizzle some sections to make old sbsign happier.
      Make building outside of the top directory work.
      make: make 'make install-as-data' install BOOT*.CSV
      make: Fix search paths for vendor sbat.*.csv files
      test_parse_sbat_section_too_many_elem(): free section entries
      parse_sbat_var_data()/cleanup_sbat_var(): fix free logic
      test_verify_sbat_null_sbat_section(): call cleanup_sbat_var()
      Fix openssl's 'make clean'
      sbat: add more dprint()
      arm/aa64 targets: put .rel* and .dyn* in .rodata
      Fix an off-by-one on the sbat self-check.
      Update version to 15.4
Assets 3
Loading

shim 15.3

23 Mar 18:43
@vathpela vathpela
15.3
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
630b8de
Compare
Choose a tag to compare
shim 15.3

Some highlights:

  • Support for revocations via the ".sbat" section and SBAT EFI variable
  • A new unit test framework and a bunch of unit tests
  • No external gnu-efi dependency
  • Better CI (with more yet needed)

As usual, please use the shim-15.3.tar.bz2 tarball, rather than the other two archives github automatically produces.

Many thanks to all who helped out, including but not limited to these
contributions:

Alex Burmashev (4):
      strndupa: allocate len + 1, so that \0 is not lost
      add list_empty to linked list primitives
      pe.c: parse SBAT variable and perform basic verification
      Fix compilation for older gcc

Chris Co (2):
      sbat: add minor fixes to parse_sbat
      Add initial sbat unit testing code

Chris Coulson (8):
      Fix sbsign command usage
      Rename check_{white,black}list to check_{allow,deny}list
      build: Pass the correct paths to sbsign
      Include missing .text sections in PE/COFF binary
      sbat: Don't assume VirtualSize == SizeOfRawData
      Ensure that MOK variable mirroring creates well formed ESLs
      Avoid creating unnecessary mirrored MOK variables
      Fix boot failures due to variable size constraints

Colin Walters (1):
      Convert README -> README.md

Dimitri John Ledkov (2):
      Add testsuite to the github pull request workflow.
      Drop comments, and make push workflow use same matrix as
    pullrequest.

Gary Lin (9):
      src/netboot.c: remove the execute bit
      lib: move print_crypto_errors() out of console.c
      console: Move the countdown function to console.c
      fallback: show a countdown menu before reset
      sbat: fix the gcc warnings
      sbat: fix the residual "resource section" for SBAT
      Restore loaded image of shim at Exit()
      Set the section flags for .sbat
      arm and aarch64: include the aligned part in SizeOfRawData of sbat

Hai Huang (1):
      Fix EV_EFI_VARIABLE_AUTHORITY event in eventlog

Jan Setje-Eilers (8):
      Add Secure Boot Advanced Targeting (SBAT) specification document
      Add --set-section-alignment '.sbat=512' to objcopy command line
      Drop --set-section-alignment from Makefile since linker ALIGN(4096)
        already enforces the alignment, clarify that objcopy only needs to
        do the alignment in the SBAT spec.
      If the SBAT UEFI variable is not set, initialize it as a
    bootservices variable.

Javier Martinez Canillas (10):
      Add a .sbat section to EFI binaries
      Add a function to parse the SBAT metadata from the .sbat section
      sbat: remove unused buffer parameter in parse_sbat() function
      sbat: use correct type for parse_sbat_var() return value
      Don't re-parse the SBAT EFI variable for each binary we load.
      sbat: include NULL terminator when calculating buffer end in
    parse_sbat()
      shim: initialize OpenSSL after parsing SBAT data
      sbat: make shim to parse it's own .sbat section on init
      shim: Fix a NULL pointer dereference caused by start not being set
      shim: Use the default loader if an EFI_LOAD_OPTION can't be parsed

Jia Zhang (1):
      Ignore *.hash

João Paulo Rechi Vita (8):
      fallback: Store label size instead of calculating on every use
      fallback: Consider all Boot* vars when checking for duplicates
      fallback: Only use VerbosePrint for debug messages
      fallback: Be silent by default
      fallback: Print original BootOrder value in verbose mode
      fallback: Wait before chainloading in verbose mode
      fallback: Make verbose mode's wait time configurable
      fallback: Allow defining FALLBACK_VERBOSE at build time

Lisa White (1):
      Fix typo in a comment

Luca Boccassi (1):
      Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined

Mathieu Trudel-Lapierre (1):
      Add mm/fb hashing to TODO, put that and related things under
        'Reproducible builds'

Matthew Garrett (1):
      build: Import gnu-efi as a submodule and build against it

Nicholas Bishop (1):
      BUILDING: Fix a typo

Paul Menzel (1):
      README: Remove superfluous *and*

Paul Moore (7):
      shim: compile time option to bypass the ExitBootServices() check
      build: add some basic $EFI_PATH checking
      SBAT: fix some typos in the SBAT docs
      SBAT: update the raw Markdown to look less terrible
      openssl: fix various build errors and warnings
      shim: attempt to improve the argument handling
      build: load local build configuration from Make.local if present

Peter Jones (119):
      Use github actions for CI builds
      Split up push and PR CI/CD and build all patches in series on PRs
      Try to kick the github PR workflow...
      Add a .clang-format file.
      Always use lower case for our local include file names.
      Work around some clang-format oddnesses
      Renaming PeImage.h to pe.h wasn't actually a good idea.
      Fix pe.h -> peimage.h in /both/ places.
      github workflows: Unify the x86 pull request build rules steps
      github workflows: add the sbat branch to one PR builds run for
      efi bins: add an easy way for vendors to add .sbat data
      Remove my .syntastic_c_config, it doesn't belong in the repo.
      includes: add strchra() and strchrnula() impls
      Move a bunch of PE-related stuff out of shim.c
      Refactor some PE handling code
      Add some more PE helpers we need for SBAT
      Add the beginning of .sbat parsing stuff
      SBAT: parse a copy of the table that's got a NUL at the end
      Add an example SBAT workflow document
      Add some linked list primitives.
      get_variable: always allocate a NUL character at the end.
      add an ascii strndup() implementation.
      sbat: make the includes work like everything else.
      We're not using travis-build.sh any more.
      Try to make coverity.mk work without cov-build installed.
      Try to make scan-build.mk work without scan-build installed.
      Add some more TODOs for shim 16
      Add another unfortunate TODO entry.
      Add some *more* TODO tasks.
      Add fallback boot loop detection to TODO
      Also ignore .sw?
      Add screen logs to .gitignore
      Add .cer/.crt/.esl to .gitignore
      BUILDING: fix missing DISABLE_EBS_PROTECTION section
      Re-alphabetize .gitignore.
      .gitignore: add build dirs and shim_cert.h
      .gitignore: ignore .gdbinit
      Fix up a bunch of our license statements and add SPDX most places
      SPDX: Clarify the attribution for crypt_blowfish
      SPDX: Clarify the attribution for James's lib/ code
      Make sure MIN() and MAX() are always defined.
      console: Fix a typo in the EFI warning list in gnu-efi
      Fix a bunch of trivial trailing whitespace issues.
      Make httpboot.c always get built.
      Make the variable name and pointer const in all of our efi vars
    functions
      Add ENABLE_SHIM_DEVEL config to change what our debug variable
    name is
      Use gcc -Os instead of -O0.
      sbat: clang-format the whole thing.
      SBAT: make the variable be CSV in our spec.
      SBAT: Fix all the docs examples to start with version 1
      Fix an off by one in strnlena()
      shim: use an enum for efi_main's error messages.
      sbat: drop the struct sbat and just use two variables instead
      parse_sbat: handle the realloc failure leak and batch allocations.
      pe.c: move sbat verification to its own function.
      sbat: Fix two NULL derefs found with "gcc -fanalyzer"
      tpm: minor cleanup: use EV_IPL not 0xd
      Document struct mok_state_variable better.
      SBAT: mirror SBAT to SbatRT and extend to PCR7 + log
      Move the coverity and scan-build makefiles out of the top directory
      Make 'make fanalyzer' targets
      compiler.h: fix a typo and add some more function attribute macros
      Fix all the places we need UNUSED on arguments.
      Tidy up our string primitives...
      Add a list_size() primitive
      Move is_utf8_bom() to str.h
      includes: include all gnu-efi includes at one place.
      Fix our debuginfo paths hopefully
      Add a stand-alone CSV parser.
      SBAT: make our sbat section parser use the csv parser
      SBAT: make our SBAT variable parser use the CSV parser
      make 'make test' able to run unit test harnesses
      Add a tester for our string functions.
      Add test cases for our CSV parser.
      Fix-up and enable a bunch of .sbat section parsing tests.
      Make verify_sbat() more testable
      Fix two errant 'shim,0' outdated sbat cases.
      Add get_variable_size()/set_variable()del_variable() wrappers.
      CI: try to update submodules
      CI: show our compilation when it fails
      Re-organize a bunch of CFLAGS-related makefile bits
      Minor OpenSSL fixes
      static analysis: make our build targets work better
      More minor makefile cleanups
      Switch to using -std=gnu11
      Don't use WCHAR even when we're assigning wide string literals
      Cryptlib: make some Str*() args const.
      Restructure our includes.
      Fix Cryptlib'...
Read more
Assets 3
Loading

shim 15

10 Apr 15:04
@vathpela vathpela
15
This tag was signed with the committer’s verified signature. The key has expired.
vathpela Peter Jones
GPG key ID: EED266B70F4FEF10
Expired
Learn about vigilant mode.
51413d1
Compare
Choose a tag to compare
shim 15
  • better checking for bad linker output
  • flicker-free console if there's no error output
  • improved http boot support
  • better protocol re-installation
  • dhcp proxy support
  • tpm measurement even when verification is disabled
  • REQUIRE_TPM build flag
  • more reproducable builds
  • measurement of everything verified through shim_verify()
  • coverity and scan-build checker make targets
  • misc cleanups
  • currently we don't support multiple certificates in our local
    certificate databases, but pjones was wrong about why, and it's not
    Michael Brown's fault at all. Please disregard the statement in
    commit cdbfb5a
Assets 3
Loading