From 7129038312317e2bc218f94f5bb7ab525caad44f Mon Sep 17 00:00:00 2001 From: fly_fzc <2385803914@qq.com> Date: Tue, 11 Feb 2025 14:35:57 +0800 Subject: [PATCH] fix the issue that the gBS->LoadImage pointer was empty --- ...at-the-gBS-LoadImage-pointer-was-emp.patch | 39 +++++++++++++++++++ shim.spec | 6 ++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch diff --git a/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch new file mode 100644 index 0000000..2e61043 --- /dev/null +++ b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch @@ -0,0 +1,39 @@ +From 712097206702f26e96be3f7ba79eb52d00e1f658 Mon Sep 17 00:00:00 2001 +From: jinlun <869793317@qq.com> +Date: Sat, 2 Nov 2024 17:21:22 +0800 +Subject: [PATCH] Fix the issue that the gBS->LoadImage pointer was empty. + +The interface shouldn't be replaced at the shim_fini + stage When the vendor certificate doesn't exist. + +Signed-off-by: jinlun <869793317@qq.com> +Signed-off-by: xuce +--- + shim.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 547b052..aa74610 100644 +--- a/shim.c ++++ b/shim.c +@@ -1651,11 +1651,12 @@ shim_fini(void) + uninstall_shim_protocols(); + + if (secure_mode()) { +- +- /* +- * Remove our hooks from system services. +- */ +- unhook_system_services(); ++ if (vendor_authorized_size || vendor_deauthorized_size) { ++ /* ++ * Remove our hooks from system services. ++ */ ++ unhook_system_services(); ++ } + } + + unhook_exit(); +-- +2.33.0 + diff --git a/shim.spec b/shim.spec index 6d0cd36..9b02edf 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.6 -Release: 24 +Release: 25 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -88,6 +88,7 @@ Patch50: backport-CVE-2023-0465.patch Patch51: backport-CVE-2024-0727.patch Patch52: backport-Always-clear-SbatLevel-when-Secure-Boot-is-disabled.patch Patch53: backport-shim-don-t-set-second_stage-to-the-empty-string.patch +Patch54: backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch @@ -231,6 +232,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Tue Feb 11 2025 fuanan -15.6-25 +- fix the issue that the gBS->LoadImage pointer was empty. + * Tue Oct 22 2024 fuanan -15.6-24 - backport patch from upstream -- Gitee