From 2e250d30855f1b59b27b74092ea24356af951df3 Mon Sep 17 00:00:00 2001 From: xuce Date: Mon, 20 Jan 2025 11:40:31 +0800 Subject: [PATCH] fix the issue that the gBS->LoadImage pointer was empty (cherry picked from commit 59798d606a7c450a849b1a65b2161e4ef9e680db) --- ...at-the-gBS-LoadImage-pointer-was-emp.patch | 39 +++++++++++++++++++ shim.spec | 6 ++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch diff --git a/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch new file mode 100644 index 0000000..2e61043 --- /dev/null +++ b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch @@ -0,0 +1,39 @@ +From 712097206702f26e96be3f7ba79eb52d00e1f658 Mon Sep 17 00:00:00 2001 +From: jinlun <869793317@qq.com> +Date: Sat, 2 Nov 2024 17:21:22 +0800 +Subject: [PATCH] Fix the issue that the gBS->LoadImage pointer was empty. + +The interface shouldn't be replaced at the shim_fini + stage When the vendor certificate doesn't exist. + +Signed-off-by: jinlun <869793317@qq.com> +Signed-off-by: xuce +--- + shim.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 547b052..aa74610 100644 +--- a/shim.c ++++ b/shim.c +@@ -1651,11 +1651,12 @@ shim_fini(void) + uninstall_shim_protocols(); + + if (secure_mode()) { +- +- /* +- * Remove our hooks from system services. +- */ +- unhook_system_services(); ++ if (vendor_authorized_size || vendor_deauthorized_size) { ++ /* ++ * Remove our hooks from system services. ++ */ ++ unhook_system_services(); ++ } + } + + unhook_exit(); +-- +2.33.0 + diff --git a/shim.spec b/shim.spec index cbe0d92..97dedce 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.7 -Release: 15 +Release: 16 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -55,6 +55,7 @@ Patch15:backport-CVE-2024-0727.patch Patch16:backport-Always-clear-SbatLevel-when-Secure-Boot-is-disabled.patch Patch17:backport-Align-section-size-up-to-page-size-for-mem-attrs.patch Patch18:backport-shim-don-t-set-second_stage-to-the-empty-string.patch +Patch19:backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch @@ -212,6 +213,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Mon Jan 20 2025 xuce -15.7-16 +- fix the issue that the gBS->LoadImage pointer was empty. + * Tue Oct 29 2024 yanglongkang -15.7-15 - Correct the signature code. -- Gitee