diff --git a/backport-fix-bug-when-the-vendor-certificate-doesn-t-exist.patch b/backport-fix-bug-when-the-vendor-certificate-doesn-t-exist.patch new file mode 100644 index 0000000000000000000000000000000000000000..01993c3fd3871c12c99da3e315145cb2882dc100 --- /dev/null +++ b/backport-fix-bug-when-the-vendor-certificate-doesn-t-exist.patch @@ -0,0 +1,35 @@ +From 43ca88358cee262ace2f8dded260d24f982c8720 Mon Sep 17 00:00:00 2001 +From: xuce +Date: Mon, 25 Nov 2024 21:47:43 +0800 +Subject: [PATCH] fix bug when the vendor certificate doesn't exist + +Signed-off-by: xuce +--- + shim.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 547b052..18493db 100644 +--- a/shim.c ++++ b/shim.c +@@ -1651,11 +1651,12 @@ shim_fini(void) + uninstall_shim_protocols(); + + if (secure_mode()) { +- +- /* +- * Remove our hooks from system services. +- */ +- unhook_system_services(); ++ if (vendor_authorized_size || vendor_deauthorized_size){ ++ /* ++ * Remove our hooks from system services. ++ */ ++ unhook_system_services(); ++ } + } + + unhook_exit(); +-- +2.33.0 + diff --git a/shim.spec b/shim.spec index cbe0d92b2530d09b3491095f6979e1f209968885..f4145fb8aac0e16a4a0f70d2190f9213e5f86da6 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.7 -Release: 15 +Release: 16 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -55,6 +55,7 @@ Patch15:backport-CVE-2024-0727.patch Patch16:backport-Always-clear-SbatLevel-when-Secure-Boot-is-disabled.patch Patch17:backport-Align-section-size-up-to-page-size-for-mem-attrs.patch Patch18:backport-shim-don-t-set-second_stage-to-the-empty-string.patch +Patch19:backport-fix-bug-when-the-vendor-certificate-doesn-t-exist.patch # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch @@ -212,6 +213,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Mon Nov 25 2024 xuce -15.7-16 +- fix bug when the vendor certificate doesn't exist + * Tue Oct 29 2024 yanglongkang -15.7-15 - Correct the signature code.