Hello community, here is the log from the commit of package ovmf for openSUSE:Factory checked in at 2017-09-04 12:28:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ovmf (Old) and /work/SRC/openSUSE:Factory/.ovmf.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf" Mon Sep 4 12:28:30 2017 rev:16 rq:519253 version:2017+git1502826981.a136bc3ccf Changes: -------- --- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2017-08-22 11:05:20.536595743 +0200 +++ /work/SRC/openSUSE:Factory/.ovmf.new/ovmf.changes 2017-09-04 12:28:32.833106144 +0200 @@ -1,0 +2,6 @@ +Mon Aug 28 08:54:14 UTC 2017 - [email protected] + +- Update ovmf-embed-default-keys.patch to handle the empty + certificate files correctly + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ovmf-embed-default-keys.patch ++++++ --- /var/tmp/diff_new_pack.jQ0PSf/_old 2017-09-04 12:28:34.928811497 +0200 +++ /var/tmp/diff_new_pack.jQ0PSf/_new 2017-09-04 12:28:34.936810372 +0200 @@ -1,7 +1,7 @@ -From 6bf96df236dbe46c1e4591b6a59553928bfd603c Mon Sep 17 00:00:00 2001 +From b967e8dc2bea98736d8544d9ee2565f71ac06d08 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <[email protected]> Date: Fri, 10 May 2013 10:27:51 +0800 -Subject: [PATCH 1/2] Add a stub to allow keys to be embedded at build time +Subject: [PATCH 1/3] Add a stub to allow keys to be embedded at build time Signed-off-by: Gary Ching-Pang Lin <[email protected]> --- @@ -18,7 +18,7 @@ create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_PK.h diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -index c4fbb64..9e12588 100644 +index 792a1232ae..f5f954e534 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -23,6 +23,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -223,7 +223,7 @@ // Reserve runtime buffer for public key database. The size excludes variable header and name size. // diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -index 572ba4e..1a46019 100644 +index 572ba4e120..1a46019a5f 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -33,6 +33,10 @@ [Sources] @@ -239,7 +239,7 @@ MdePkg/MdePkg.dec diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DB.h b/SecurityPkg/Library/AuthVariableLib/Default_DB.h new file mode 100644 -index 0000000..4d13894 +index 0000000000..4d13894216 --- /dev/null +++ b/SecurityPkg/Library/AuthVariableLib/Default_DB.h @@ -0,0 +1,2 @@ @@ -247,7 +247,7 @@ +unsigned int Default_DB_len = 0; diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DBX.h b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h new file mode 100644 -index 0000000..5fd3cdc +index 0000000000..5fd3cdc0f4 --- /dev/null +++ b/SecurityPkg/Library/AuthVariableLib/Default_DBX.h @@ -0,0 +1,2 @@ @@ -255,7 +255,7 @@ +unsigned int Default_DBX_len = 0; diff --git a/SecurityPkg/Library/AuthVariableLib/Default_KEK.h b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h new file mode 100644 -index 0000000..80883de +index 0000000000..80883de1ae --- /dev/null +++ b/SecurityPkg/Library/AuthVariableLib/Default_KEK.h @@ -0,0 +1,2 @@ @@ -263,20 +263,20 @@ +unsigned int Default_KEK_len = 0; diff --git a/SecurityPkg/Library/AuthVariableLib/Default_PK.h b/SecurityPkg/Library/AuthVariableLib/Default_PK.h new file mode 100644 -index 0000000..23b90e4 +index 0000000000..23b90e45f0 --- /dev/null +++ b/SecurityPkg/Library/AuthVariableLib/Default_PK.h @@ -0,0 +1,2 @@ +unsigned char *Default_PK = NULL; +unsigned int Default_PK_len = 0; -- -2.8.1 +2.14.1 -From a627dbe16f6ebe1a1f294c82c30f7ad9745baf04 Mon Sep 17 00:00:00 2001 +From 5e76fc193363471e9720005bdb8e4c62fb15de6b Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Tue, 15 Dec 2015 16:54:54 +0800 -Subject: [PATCH 2/2] Add DB_EX to include one more DB cert +Subject: [PATCH 2/3] Add DB_EX to include one more DB cert Signed-off-by: Gary Lin <[email protected]> --- @@ -286,7 +286,7 @@ create mode 100644 SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c -index 9e12588..523b0e4 100644 +index f5f954e534..803b77d178 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -26,6 +26,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -353,12 +353,88 @@ FreePool(SignatureGUID); diff --git a/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h b/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h new file mode 100644 -index 0000000..001f125 +index 0000000000..001f125065 --- /dev/null +++ b/SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h @@ -0,0 +1,2 @@ +unsigned char *Default_DB_EX = NULL; +unsigned int Default_DB_EX_len = 0; -- -2.8.1 +2.14.1 + + +From 72543f45511d32c784be63145ff6e9d8697d22c5 Mon Sep 17 00:00:00 2001 +From: Gary Lin <[email protected]> +Date: Mon, 28 Aug 2017 16:18:00 +0800 +Subject: [PATCH 3/3] Check the length of the certificate instead of the + pointer + +Since "xxd -i" may produce a valid pointer for an empty file, it's safer +to check the length of the certificate instead of the pointer. + +Signed-off-by: Gary Lin <[email protected]> +--- + SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +index 803b77d178..9a4a7eda7b 100644 +--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c ++++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +@@ -180,7 +180,7 @@ AuthVariableLibInitialize ( + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + + // PK +- if (Default_PK == NULL) ++ if (Default_PK_len == 0) + goto SKIP_KEYS; + + Status = AuthServiceInternalFindVariable ( +@@ -227,7 +227,7 @@ AuthVariableLibInitialize ( + } + + // KEK +- if (Default_KEK == NULL) ++ if (Default_KEK_len == 0) + goto SKIP_KEYS; + + Status = AuthServiceInternalFindVariable ( +@@ -274,7 +274,7 @@ AuthVariableLibInitialize ( + } + + // DB +- if (Default_DB == NULL) ++ if (Default_DB_len == 0) + goto SKIP_KEYS; + + Status = AuthServiceInternalFindVariable ( +@@ -293,7 +293,7 @@ AuthVariableLibInitialize ( + } + + SigSize_1 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_len; +- if (Default_DB_EX != NULL) { ++ if (Default_DB_EX_len != 0) { + SigSize_2 = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + Default_DB_EX_len; + } + Data = AllocateZeroPool (SigSize_1 + SigSize_2); +@@ -311,7 +311,7 @@ AuthVariableLibInitialize ( + CopyGuid (&SigCertData->SignatureOwner, SignatureGUID); + CopyMem ((UINT8* ) (SigCertData->SignatureData), Default_DB, Default_DB_len); + +- if (Default_DB_EX != NULL) { ++ if (Default_DB_EX_len != 0) { + SigCert = (EFI_SIGNATURE_LIST*) (Data + SigSize_1); + SigCert->SignatureListSize = (UINT32) SigSize_2; + SigCert->SignatureHeaderSize = 0; +@@ -339,7 +339,7 @@ AuthVariableLibInitialize ( + } + + // DBX +- if (Default_DBX == NULL) ++ if (Default_DBX_len == 0) + goto SKIP_KEYS; + + Status = AuthServiceInternalFindVariable ( +-- +2.14.1
