diff --git a/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch new file mode 100644 index 0000000000000000000000000000000000000000..dcc5503f2a546826dcabc3b19e4efb7b33436961 --- /dev/null +++ b/backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch @@ -0,0 +1,39 @@ +From 712097206702f26e96be3f7ba79eb52d00e1f658 Mon Sep 17 00:00:00 2001 +From: jinlun <869793317@qq.com> +Date: Sat, 2 Nov 2024 17:21:22 +0800 +Subject: [PATCH] Fix the issue that the gBS->LoadImage pointer was empty. + +The interface shouldn't be replaced at the shim_fini + stage When the vendor certificate doesn't exist. + +Signed-off-by: jinlun <869793317@qq.com> +Signed-off-by: xuce +--- + shim.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/shim.c b/shim.c +index 547b052..aa74610 100644 +--- a/shim.c ++++ b/shim.c +@@ -1651,11 +1651,12 @@ shim_fini(void) + uninstall_shim_protocols(); + + if (secure_mode()) { +- +- /* +- * Remove our hooks from system services. +- */ +- unhook_system_services(); ++ if (vendor_cert_size || vendor_dbx_size) { ++ /* ++ * Remove our hooks from system services. ++ */ ++ unhook_system_services(); ++ } + } + + unhook_exit(); +-- +2.33.0 + diff --git a/shim.spec b/shim.spec index 8967806265ac0e5791935d17725080cdebe75d7b..e585ae3d7819ddf517bba9a7353fde53812ce03f 100644 --- a/shim.spec +++ b/shim.spec @@ -22,7 +22,7 @@ Name: shim Version: 15 -Release: 35 +Release: 36 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -61,6 +61,7 @@ Patch26: backport-CVE-2023-40547-avoid-incorrectly-trusting-HTTP-heade.pa Patch27: backport-CVE-2023-3446.patch Patch28: backport-CVE-2023-0465.patch Patch29: backport-CVE-2023-2650.patch +Patch30: backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch # Feature Patch9000: Feature-add-tpcm-support-with-ipmi-channel.patch @@ -165,6 +166,9 @@ cd .. /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Tue Feb 11 2025 fuanan - 15-36 +- fix the issue that the gBS->LoadImage pointer was empty. + * Wed Feb 28 2024 zhengxiaoxiao - 15-35 - fix CVE-2023-3446 CVE-2023-0465 CVE-2023-2650