diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-20 16:16:51 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-20 16:17:54 +0300 |
| commit | 08902b01500fb82ac050ec2dce9b6c4358075a17 (patch) | |
| tree | 76dad89580e2a758feb672731745c5f4c0f6ef30 /poky/meta/recipes-core | |
| parent | 754b8faf0be432fcdcacb340fe95117cac890e40 (diff) | |
| download | openbmc-08902b01500fb82ac050ec2dce9b6c4358075a17.tar.xz | |
poky: subtree update:835f7eac06..20946c63c2
Aaron Chan (1):
python3-dbus: Add native and nativesdk variants
Adrian Bunk (8):
gnome: Remove the gnome class
bind: Remove RECIPE_NO_UPDATE_REASON and follow the ESV releases
webkitgtk: Reenable on mips
mtd-utils: Upgrade to 2.1.1
Change ftp:// URIs to http(s)://
webkitgtk: Stop disabling gold on aarch64 and mips
grub/libmpc/gdb: Use GNU_MIRROR in more recipes
screen: Backport fix for an implicit function declaration
Alexander Kanavin (28):
btrfs-tools: update 5.1.1 -> 5.2.1
libmodulemd: update to 2.6.0
libwebp: upgrade 1.0.2 -> 1.0.3
createrepo-c: upgrade 0.14.2 -> 0.14.3
webkitgtk: upgrade 2.24.2 -> 2.24.3
bzip2: fix upstream version check
stress-ng: add a recipe that replaces the original stress
meson: update 0.50.1 -> 0.51.1
meson.bbclass: do not pass native compiler/linker flags via command line
meson: add a backported patch to address vala cross-compilation errors
libedit: fix upstream verison check
maintainers.inc: assign acpica to Ross
stress-ng: add a patch to remove unneeded bash dependency
elfutils: use PRIVATE_LIBS for the ptest package
apt: add a missing perl runtime dependency
attr: add a missing perl runtime dependency
ofono: correct the python3 runtime dependency
bluez5: correct the python3 runtime dependency
local.conf.sample: do not add sdl to nativesdk qemu config
maintainers.inc: give python recipes to Oleksandr Kravchuk
python-numpy: remove the python 2.x version of the recipe
python-scons: remove the python 2.x version of the recipe
python-nose: remove the python 2.x version of the recipe
lib/oeqa/utils/qemurunner.py: add runqemuparams after kvm/nographic/snapshot/slirp
mesa: enable glx-tls option in native and nativesdk builds
insane.bbclass: in file-rdeps do not look into RDEPENDS recursively
sudo: correct SRC_URI
ovmf: fix upstream version check
Andreas Obergschwandtner (1):
bzip2: set the autoconf package version to the recipe version
Anuj Mittal (11):
mpg123: upgrade 1.25.10 -> 1.25.11
libsdl: remove
pulseaudio: don't include consolekit when systemd is enabled
libsdl2: upgrade 2.0.9 -> 2.0.10
grub: upgrade 2.02 -> 2.04
patch: fix CVE-2019-13636
python: fix CVE-2018-20852
python: CVE-2019-9947 is same as CVE-2019-9740
libtasn1: upgrade 4.13 -> 4.14
pango: upgrade 1.42.4 -> 1.44.3
harfbuzz: upgrade 2.4.0 -> 2.5.3
Bartosz Golaszewski (1):
qemu: add a patch fixing the native build on newer kernels
Bedel, Alban (3):
rng-tools: start rngd early in the boot process again
kernel-uboot: remove useless special casing of arm64 Image
boost: Fix build and enable context and coroutines on aarch64
Bruce Ashfield (2):
linux-yocto/4.19: update to v4.19.61
linux-yocto-dev: bump to 5.3-rcX
Changqing Li (6):
runqemu: add lockfile for port used when slirp enabled
runqemu: fix get portlock fail for multi users
qemuboot-x86: move QB_SYSTEM_NAME to corresponding conf
genericx86-64.conf/genericx86.conf: add QB_SYSTEM_NAME
grub/grub-efi: fix conflict for aach64
go-runtime: remove conflict files from -dev packages
Chen Qi (1):
sudo: use nonarch_libdir instead of libdir for tmpfiles.d
Chin Huat Ang (1):
cve-update-db-native: fix https proxy issues
Chris Laplante via bitbake-devel (1):
bitbake: fetch2/wget: avoid 'maximum recursion depth' RuntimeErrors when handling 403 codes
Daniel Ammann (2):
image_types: Remove remnants of hdddirect
bitbake: toaster: Sync list of fs_types with oe-core
Denys Dmytriyenko (2):
wayland-protocols: upgrade 1.17 -> 1.18
weston: upgrade 6.0.0 -> 6.0.1
Diego Rondini (1):
image_types.bbclass: make gzipped images rsyncable
Dmitry Eremin-Solenikov (1):
kernel.bbclass: fix installation of modules signing certificates
Frederic Ouellet (1):
systemd: Add partial support of drop-in configuration files to systemd-systemctl-native
Hongxu Jia (1):
grub: add grub-native
Jason Wessel (6):
sqlite3: Fix zlib determinism problem
pseudo: Fix openat() with a symlink pointing to a directory
image_types_wic.bbclass: Copy the .wks and .env files to deploy image dir
wic: Add partition type for msdos partition tables
wic: Make disk partition size consistently computed
dpkg: Provide update-alternative for start-stop-daemon
Johann Fridriksson (1):
ruby: Adding zlib-native to native dependencies
Joshua Lock via Openembedded-core (3):
sstate: fix log message
classes/sstate: don't use unsigned sstate when verification enabled
classes/sstate: regenerate sstate when signing enabled
Joshua Watt (1):
bitbake: hashserv: SQL Optimizations
Kai Kang (3):
subversion: add packageconfig boost
epiphany: set imcompatible with tune mips
e2fsprogs: 1.44.5 -> 1.45.3
Khem Raj (23):
strace: Upgrade to 5.2
linux-libc-header: Fix ptrace.h and prctl.h conflict on aarch64
libnss-nis: Fix build with glibc 2.30
lttng-ust: Check for gettid libc API
ltp: Fix build with glibc 2.30
lttng-tools: Fix build with glibc 2.30
xserver-xorg: Backport patch to remove using sys/io.h
Apache-2.0-with-LLVM-exception: Add new license file
libedit: Move from meta-oe
groff: Fix math.h inclusion from system headers issue
webkitgtk: Fix compile failures with clang
glibc: Update to glibc 2.30
virglrender: Fix endianness check on musl
syslinux: Override hardcoded toolnames in Makefile
systemd-boot: Add option to specify cross objcopy and use it
mesa,llvm,meson: Update llvm to 8.0.1 plus define and use LLVM version globally
musl: Update to master tip
oeqa/buildgalculator.py: Add dependency on gtk+3
oeqa/parselogs: grep for exact errors list keywords
gcc-runtime: Move content from gcclibdir into libdir
gdb: Do not set musl specific CFLAGS
linuxloader: Add entries for riscv64
musl: Delete GLIBC_LDSO before creating symlink with lnr
Luca Boccassi (1):
python3-pygobject: remove python3-setuptools from RDEPENDS
Mads Andreasen (1):
bitbake: fetch2/npm: Use npm pack to download node modules instead of wget
Mark Hatle (2):
glibc-package.inc: Add linux-libc-headers-dev to glibc-dev
bitbake: layerindexlib: Fix parsing of recursive layer dependencies
Martin Jansa (3):
icecc.bbclass: catch subprocess.CalledProcessError
powertop: import a fix from buildroot
meson: backport fix for builds with -Werror=return-type
Ming Liu (5):
libx11-compose-data: add recipe
libxkbcommon: RDEPENDS on libx11 compose data
weston: change to use meson build system
license_image.bbclass: drop invalid comments
opensbi: handle deploy task under sstate
Naveen Saini (2):
gdk-pixbuf: enable x11 PACKAGECONFIG option
image_types_wic: add syslinux-native dependency conditional
Oleksandr Kravchuk (17):
python3-pip: update to 19.2.1
python3-git: update to 2.1.12
ethtool: update to 5.2
python3-git: update to 2.1.13
xorgproto: update to 2019.1
xserver-xorg: update to 1.20.5
ell: update to 0.21
libinput: update to 1.14.0
wpa-supplicant: update to 2.9
aspell: update to 0.60.7
linux-firmware: add PE back
xf86-input-libinput: update to 0.29.0
git: update to 2.22.1
xrandr: update to 1.5.1
python3-git: update to 3.0.0
librepo: update to 1.10.5
libevent: update to 2.1.11
Pascal Bach (2):
cmake: 3.14.5 -> 3.15.1
cmake: 3.15.1 -> 3.15.2
Paul Eggleton (2):
scripts/create-pull-request: improve handling of non-SSH remote URLs
scripts/create-pull-request: fix putting subject containing / into cover letter
Piotr Tworek (2):
pulseaudio: Backport upstream fix new alsa compatibility.
libdrm: Move amdgpu.ids file into libdrm-amdgpu package.
Randy MacLeod (1):
ptest-runner: update from 2.3.1 to 2.3.2
Rasmus Villemoes (1):
iproute2: drop pointless configure-cross.patch
Ricardo Neri (5):
ovmf: Update to version edk2-stable201905
ovmf: Set PV
ovmf: Use HOSTTOOLS' python3
ovmf: Generate test Platform key and first Key Exchange Key
runqemu: Add support to handle EnrollDefaultKeys PK/KEK1 certificate
Ricardo Ribalda Delgado (2):
packagegroup-core-base-utils: Make it machine specific
inetutils: Fix abort on invalid files
Richard Purdie (50):
package: Improve determinism
sstate: Reduce race windows
bitbake: siggen: Import unihash code from OE-Core
bitbake: cache: Add SimpleCache class
bitbake: runqueue: Improve scenequeue processing logic
bitbake: siggen: Add new unitaskhashes data variable which is cached
bitbake: siggen: Convert to use self.unitaskhashes
bitbake: runqueue: Enable dynamic task adjustment to hash equivalency
bitbake: runqueue: Improve determinism
bitbake: cooker/hashserv: Allow autostarting of a local hash server using BB_HASHSERVE
bitbake: hashserv: Turn off sqlite synchronous mode
bitbake: prserv: Use a memory journal
bitbake: hashserv: Use separate threads for answering requests and handling them
bitbake: hashserv: Switch from threads to multiprocessing
bitbake: runqueue: Clean up BB_HASHCHECK_FUNCTION API
bitbake: siggen: Clean up task reference formats
bitbake: build/utils: Drop bb.build.FuncFailed
bitbake: tests/runqueue: Add hashserv+runqueue test
bitbake: bitbake: Bump version to 1.43.1 for API changes
sanity.conf: Require bitbake 1.43.1
classes/lib: Remove bb.build.FuncFailed
sstatesig: Move unihash siggen code to bitbake
sstatesig: Add debug for incorrect hash server settings
sstatesig: Adpat to recent bitbake hash equiv runqueue changes
sstatesig: Update to handle BB_HASHSERVE
sstate/sstatesig: Update to new form of BB_HASHCHECK_FUNCTION
sstatesig: Updates to match bitbake siggen changes
gstreamer: Add fix for glibc 2.30
sstatesig: Fix leftover splitting issue from siggen change
python3-pygobject: Add missing pkgutil RDEPENDS
bitbake: runqueue: Fix corruption issue
bitbake: runqueue: Improve setscene task handling logic
bitbake: tests/runqueue: Add further hash equivalence tests
bitbake: cooker: Improve hash server startup code to avoid exit tracebacks
bitbake: runqueue: Wait for covered tasks to complete before trying setscene
bitbake: runqueue: Fix next_buildable_task performance problem
bitbake: runqueue: Improve scenequeue debugging
bitbake: runqueue: Recompute holdoff tasks from scratch
bitbake: runqueue: Fix event timing race
bitbake: runqueue: Drop debug statement causing performance issues
bitbake: runqueue: Add further debug information
bitbake: runqueue: Add missing setscene task corner case
bitbake: runqueue: Ensure we clear the stamp cache
poky: Retire opensuse 42.3 from SANITY_TESTED_DISTROS
gcc-cross-canadian: Drop obsolete shlibs exclusion
bitbake: tests/runqueue: Fix tests
bitbake: runqueue: Fix data corruption problem
bitbake: runqueue: Ensure data is handled correctly
bitbake: hashserv: Ensure we don't accumulate sockets in TIME_WAIT state
bitbake: runqueue: Ensure target_tids is filtered
Robert Yang (3):
bitbake: cooker: Cleanup the queue before call process.join()
bitbake: knotty: Fix for the Second Keyboard Interrupt
bitbake: bitbake: server/process: Handle BBHandledException to avoid unexpected exceptions
Ross Burton (23):
libidn2: remove build paths from libidn2.pc
gnutls: don't use HOSTTOOLS_DIR/bash as a shell on target
libical: upgrade to 3.0.5
perl: fix whitespace
perl: add PACKAGECONFIG for db
fortran-helloworld: neaten recipe
python3: remove empty python3-distutils-staticdev
python3: support recommends in manifest
python3: split out the Windows distutils installer stubs
insane: check if the recipe incorrectly uses DEPENDS_${PN}
libxx86misc: remove this now redundant library
xserver-xorg: clean up xorgproto dependencies
xserver-xorg: add PACKAGECONFIG for DGA
xdpyinfo: don't depend on DGA
libxx86dga: remove obsolete client libary
xserver-xorg: remove embedded build path in the source
libx11: update to 1.6.8
sanity: update for new bb.build.exec_func() behaviour
libx11-diet: remove
qemu: fix patch Upstream-Status
xserver-xorg: refresh build path removal patch
waffle: upgrade 1.5.2 -> 1.6.0
libx11: replace libtool patch with upstreamed patch
Tim Blechmann (1):
deb: allow custom dpkg command
Trevor Gamblin (2):
gzip: update ptest package dependencies
patch: fix CVE-2019-13638
Wenlin Kang (1):
db: add switch for building database verification
Will Page (1):
uboot: fixes to uboot-extlinux-config attribute values
William Bourque (1):
meta/lib/oeqa: Remove ext4 for bootimg-biosplusefi
Yi Zhao (1):
libx11-compose-data: upgrade 1.6.7 -> 1.6.8
Yuan Chao (4):
glib-2.0:upgrade 2.60.5 -> 2.60.6
nettle:upgrade 3.4.1 -> 3.5.1
python3-pbr:upgrade 5.4.1 -> 5.4.2
gpgme:upgrade 1.13.0 -> 1.13.1
Zang Ruochen (8):
msmtp: upgrade 1.8.4 -> 1.8.5
curl: upgrade 7.65.2 -> 7.65.3
iso-codes: upgrade 4.2 -> 4.3
python-scons:upgrade 3.0.5 -> 3.1.0
libgudev:upgrade 232 -> 233
libglu:upgrade 9.0.0 -> 9.0.1
man-db:upgrade 2.8.5 -> 2.8.6.1
libnewt:upgrade 0.52.20 -> 0.52.21
Zheng Ruoqin (1):
python3-mako: 1.0.14 -> 1.1.0
Zoltan Kuscsik (1):
kmscube: update to latest revision
Change-Id: I2cd1a0d59da46725b1aba5a79b63eb6121b3c79e
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core')
55 files changed, 286 insertions, 1907 deletions
diff --git a/poky/meta/recipes-core/ell/ell_0.20.bb b/poky/meta/recipes-core/ell/ell_0.21.bb index 81caa80fa..487fbccab 100644 --- a/poky/meta/recipes-core/ell/ell_0.20.bb +++ b/poky/meta/recipes-core/ell/ell_0.21.bb @@ -14,8 +14,8 @@ DEPENDS = "dbus" inherit autotools pkgconfig SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "920189f5be4ee4cd72d610baeb20da65" -SRC_URI[sha256sum] = "d4aa08915f4058ecaab509dffbe22665d71dba6fe9626caff63c0e5f4b78a394" +SRC_URI[md5sum] = "f94f8c812b0426b0c30b651fa5142dd9" +SRC_URI[sha256sum] = "a0db4e3057ba41035637354b6af2aa4c74f83509e0c3e563d682df9d72eaff17" do_configure_prepend () { mkdir -p ${S}/build-aux diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.5.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.6.bb index bcb1fdb9a..a3c5a09d4 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.5.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.6.bb @@ -21,5 +21,5 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ SRC_URI_append_class-native = " file://relocate-modules.patch" SRC_URI_append_class-target = " file://glib-meson.cross" -SRC_URI[md5sum] = "7dced27cfa79419dc6cc82c02190c457" -SRC_URI[sha256sum] = "3edf1df576ee82b2ecb8ba85c343644e48ee62e68290e71e6084b00d6ba2622e" +SRC_URI[md5sum] = "cd6865d8ce40db5e4c12b7d180953de6" +SRC_URI[sha256sum] = "ff8fab8d8deaa4fd0536c90f90d9769a09071779c7e6183907f6855645bffb6c" diff --git a/poky/meta/recipes-core/glibc/cross-localedef-native_2.29.bb b/poky/meta/recipes-core/glibc/cross-localedef-native_2.30.bb index 8bc7cd649..e4923c73d 100644 --- a/poky/meta/recipes-core/glibc/cross-localedef-native_2.29.bb +++ b/poky/meta/recipes-core/glibc/cross-localedef-native_2.30.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=cfc0ed77a9f62fa62eded042ebe31d72 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" +require glibc-version.inc + # Tell autotools that we're working in the localedef directory # AUTOTOOLS_SCRIPT_PATH = "${S}/localedef" @@ -17,15 +19,6 @@ inherit autotools FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:" -SRCBRANCH ?= "release/${PV}/master" -GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" -UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" - -PV = "2.29" - -SRCREV_glibc ?= "86013ef5cea322b8f4b9c22f230c22cce369e947" -SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" - SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \ file://0016-timezone-re-written-tzselect-as-posix-sh.patch \ diff --git a/poky/meta/recipes-core/glibc/glibc-common.inc b/poky/meta/recipes-core/glibc/glibc-common.inc index cded38459..fa46fd89f 100644 --- a/poky/meta/recipes-core/glibc/glibc-common.inc +++ b/poky/meta/recipes-core/glibc/glibc-common.inc @@ -3,10 +3,11 @@ DESCRIPTION = "The GNU C Library is used as the system C library in most systems HOMEPAGE = "http://www.gnu.org/software/libc/libc.html" SECTION = "libs" LICENSE = "GPLv2 & LGPLv2.1" -LIC_FILES_CHKSUM ?= "file://LICENSES;md5=07a394b26e0902b9ffdec03765209770 \ - file://COPYING;md5=393a5ca445f6965873eca0259a17f833 \ + +LIC_FILES_CHKSUM ?= "file://LICENSES;md5=cfc0ed77a9f62fa62eded042ebe31d72 \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ - file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff " + file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" CVE_PRODUCT = "glibc" @@ -21,4 +22,4 @@ ARM_INSTRUCTION_SET_armv6 = "arm" # COMPATIBLE_HOST_libc-musl_class-target = "null" -PV = "2.29" +PV = "2.30" diff --git a/poky/meta/recipes-core/glibc/glibc-locale_2.29.bb b/poky/meta/recipes-core/glibc/glibc-locale_2.30.bb index f7702e035..f7702e035 100644 --- a/poky/meta/recipes-core/glibc/glibc-locale_2.29.bb +++ b/poky/meta/recipes-core/glibc/glibc-locale_2.30.bb diff --git a/poky/meta/recipes-core/glibc/glibc-mtrace_2.29.bb b/poky/meta/recipes-core/glibc/glibc-mtrace_2.30.bb index 0b69bad46..0b69bad46 100644 --- a/poky/meta/recipes-core/glibc/glibc-mtrace_2.29.bb +++ b/poky/meta/recipes-core/glibc/glibc-mtrace_2.30.bb diff --git a/poky/meta/recipes-core/glibc/glibc-package.inc b/poky/meta/recipes-core/glibc/glibc-package.inc index b150a3437..f796876a8 100644 --- a/poky/meta/recipes-core/glibc/glibc-package.inc +++ b/poky/meta/recipes-core/glibc/glibc-package.inc @@ -36,6 +36,7 @@ FILES_${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o" FILES_libsotruss = "${libdir}/audit/sotruss-lib.so" FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}" FILES_${PN}-dev += "${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal" +RDEPENDS_${PN}-dev = "linux-libc-headers-dev" FILES_${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a" FILES_nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_unitdir}/system/nscd* ${sysconfdir}/tmpfiles.d/nscd.conf \ ${sysconfdir}/nscd.conf ${sysconfdir}/default/volatiles/98_nscd ${localstatedir}/db/nscd" diff --git a/poky/meta/recipes-core/glibc/glibc-scripts_2.29.bb b/poky/meta/recipes-core/glibc/glibc-scripts_2.30.bb index 5a89bd802..5a89bd802 100644 --- a/poky/meta/recipes-core/glibc/glibc-scripts_2.29.bb +++ b/poky/meta/recipes-core/glibc/glibc-scripts_2.30.bb diff --git a/poky/meta/recipes-core/glibc/glibc-version.inc b/poky/meta/recipes-core/glibc/glibc-version.inc new file mode 100644 index 000000000..c18c58339 --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc-version.inc @@ -0,0 +1,8 @@ +SRCBRANCH ?= "release/2.30/master" +PV = "2.30" +SRCREV_glibc ?= "be9a328c93834648e0bec106a1f86357d1a8c7e1" +SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" + +GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" + +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" diff --git a/poky/meta/recipes-core/glibc/glibc/0001-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch b/poky/meta/recipes-core/glibc/glibc/0001-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch index 86ad9eaf1..d86d1d8dc 100644 --- a/poky/meta/recipes-core/glibc/glibc/0001-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch +++ b/poky/meta/recipes-core/glibc/glibc/0001-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch @@ -1,7 +1,7 @@ -From 0cac7493366586e8f87e8459359c15f702ef8c81 Mon Sep 17 00:00:00 2001 +From f6984c923b41155979764bfa3f44609572be5414 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 01:48:24 +0000 -Subject: [PATCH 01/30] nativesdk-glibc: Look for host system ld.so.cache as +Subject: [PATCH 01/28] nativesdk-glibc: Look for host system ld.so.cache as well Upstream-Status: Inappropriate [embedded specific] @@ -31,10 +31,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/elf/dl-load.c b/elf/dl-load.c -index f972524421..e53c3a1b7b 100644 +index 5abeb867f1..981bd5b4af 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c -@@ -2085,6 +2085,14 @@ _dl_map_object (struct link_map *loader, const char *name, +@@ -2080,6 +2080,14 @@ _dl_map_object (struct link_map *loader, const char *name, } } @@ -49,7 +49,7 @@ index f972524421..e53c3a1b7b 100644 #ifdef USE_LDCONFIG if (fd == -1 && (__glibc_likely ((mode & __RTLD_SECURE) == 0) -@@ -2143,14 +2151,6 @@ _dl_map_object (struct link_map *loader, const char *name, +@@ -2138,14 +2146,6 @@ _dl_map_object (struct link_map *loader, const char *name, } #endif @@ -65,5 +65,5 @@ index f972524421..e53c3a1b7b 100644 if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) _dl_debug_printf ("\n"); -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch b/poky/meta/recipes-core/glibc/glibc/0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch deleted file mode 100644 index 1a343149c..000000000 --- a/poky/meta/recipes-core/glibc/glibc/0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch +++ /dev/null @@ -1,204 +0,0 @@ -From 3f635fb43389b54f682fc9ed2acc0b2aaf4a923d Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" <hjl.tools@gmail.com> -Date: Mon, 4 Feb 2019 06:31:01 -0800 -Subject: [PATCH] x86-64 memcmp: Use unsigned Jcc instructions on size [BZ - #24155] - -Since the size argument is unsigned. we should use unsigned Jcc -instructions, instead of signed, to check size. - -Tested on x86-64 and x32, with and without --disable-multi-arch. - - [BZ #24155] - CVE-2019-7309 - * NEWS: Updated for CVE-2019-7309. - * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the - upper 32 bits of RDX register for x32. Use unsigned Jcc - instructions, instead of signed. - * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2. - * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test. - -CVE: CVE-2019-7309 -Upstream-Status: Backport -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> -Signed-off-by: Alistair Francis <alistair.francis@wdc.com> ---- - sysdeps/x86_64/memcmp.S | 20 +++--- - sysdeps/x86_64/x32/Makefile | 3 +- - sysdeps/x86_64/x32/tst-size_t-memcmp-2.c | 79 ++++++++++++++++++++++++ - 5 files changed, 111 insertions(+), 10 deletions(-) - create mode 100644 sysdeps/x86_64/x32/tst-size_t-memcmp-2.c - -diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S -index 1fc487caa5..1322bb3b92 100644 ---- a/sysdeps/x86_64/memcmp.S -+++ b/sysdeps/x86_64/memcmp.S -@@ -21,14 +21,18 @@ - - .text - ENTRY (memcmp) -- test %rdx, %rdx -+#ifdef __ILP32__ -+ /* Clear the upper 32 bits. */ -+ movl %edx, %edx -+#endif -+ test %RDX_LP, %RDX_LP - jz L(finz) - cmpq $1, %rdx -- jle L(finr1b) -+ jbe L(finr1b) - subq %rdi, %rsi - movq %rdx, %r10 - cmpq $32, %r10 -- jge L(gt32) -+ jae L(gt32) - /* Handle small chunks and last block of less than 32 bytes. */ - L(small): - testq $1, %r10 -@@ -156,7 +160,7 @@ L(A32): - movq %r11, %r10 - andq $-32, %r10 - cmpq %r10, %rdi -- jge L(mt16) -+ jae L(mt16) - /* Pre-unroll to be ready for unrolled 64B loop. */ - testq $32, %rdi - jz L(A64) -@@ -178,7 +182,7 @@ L(A64): - movq %r11, %r10 - andq $-64, %r10 - cmpq %r10, %rdi -- jge L(mt32) -+ jae L(mt32) - - L(A64main): - movdqu (%rdi,%rsi), %xmm0 -@@ -216,7 +220,7 @@ L(mt32): - movq %r11, %r10 - andq $-32, %r10 - cmpq %r10, %rdi -- jge L(mt16) -+ jae L(mt16) - - L(A32main): - movdqu (%rdi,%rsi), %xmm0 -@@ -254,7 +258,7 @@ L(ATR): - movq %r11, %r10 - andq $-32, %r10 - cmpq %r10, %rdi -- jge L(mt16) -+ jae L(mt16) - testq $16, %rdi - jz L(ATR32) - -@@ -325,7 +329,7 @@ L(ATR64main): - movq %r11, %r10 - andq $-32, %r10 - cmpq %r10, %rdi -- jge L(mt16) -+ jae L(mt16) - - L(ATR32res): - movdqa (%rdi,%rsi), %xmm0 -diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile -index 1557724b0c..8748956563 100644 ---- a/sysdeps/x86_64/x32/Makefile -+++ b/sysdeps/x86_64/x32/Makefile -@@ -8,7 +8,8 @@ endif - ifeq ($(subdir),string) - tests += tst-size_t-memchr tst-size_t-memcmp tst-size_t-memcpy \ - tst-size_t-memrchr tst-size_t-memset tst-size_t-strncasecmp \ -- tst-size_t-strncmp tst-size_t-strncpy tst-size_t-strnlen -+ tst-size_t-strncmp tst-size_t-strncpy tst-size_t-strnlen \ -+ tst-size_t-memcmp-2 - endif - - ifeq ($(subdir),wcsmbs) -diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c -new file mode 100644 -index 0000000000..d8ae1a0813 ---- /dev/null -+++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c -@@ -0,0 +1,79 @@ -+/* Test memcmp with size_t in the lower 32 bits of 64-bit register. -+ Copyright (C) 2019 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ -+#define TEST_MAIN -+#ifdef WIDE -+# define TEST_NAME "wmemcmp" -+#else -+# define TEST_NAME "memcmp" -+#endif -+ -+#include "test-size_t.h" -+ -+#ifdef WIDE -+# include <inttypes.h> -+# include <wchar.h> -+ -+# define MEMCMP wmemcmp -+# define CHAR wchar_t -+#else -+# define MEMCMP memcmp -+# define CHAR char -+#endif -+ -+IMPL (MEMCMP, 1) -+ -+typedef int (*proto_t) (const CHAR *, const CHAR *, size_t); -+ -+static int -+__attribute__ ((noinline, noclone)) -+do_memcmp (parameter_t a, parameter_t b) -+{ -+ return CALL (&b, a.p, b.p, a.len); -+} -+ -+static int -+test_main (void) -+{ -+ test_init (); -+ -+ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 }; -+ parameter_t src = { { 0 }, buf2 }; -+ -+ memcpy (buf1, buf2, page_size); -+ -+ CHAR *p = (CHAR *) buf1; -+ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1; -+ -+ int ret = 0; -+ FOR_EACH_IMPL (impl, 0) -+ { -+ src.fn = impl->fn; -+ int res = do_memcmp (dest, src); -+ if (res >= 0) -+ { -+ error (0, 0, "Wrong result in function %s: %i >= 0", -+ impl->name, res); -+ ret = 1; -+ } -+ } -+ -+ return ret ? EXIT_FAILURE : EXIT_SUCCESS; -+} -+ -+#include <support/test-driver.c> --- -2.17.1 - diff --git a/poky/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/poky/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch index f663e18ed..63531082a 100644 --- a/poky/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch +++ b/poky/meta/recipes-core/glibc/glibc/0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch @@ -1,7 +1,7 @@ -From f275c04e263fc2ebf2eaad6ac1ab3c838647bb14 Mon Sep 17 00:00:00 2001 +From b91c323d809039bf9b8c445418579a8b5fe61aea Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 01:50:00 +0000 -Subject: [PATCH 02/30] nativesdk-glibc: Fix buffer overrun with a relocated +Subject: [PATCH 02/28] nativesdk-glibc: Fix buffer overrun with a relocated SDK When ld-linux-*.so.2 is relocated to a path that is longer than the @@ -22,10 +22,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> 1 file changed, 12 insertions(+) diff --git a/elf/dl-load.c b/elf/dl-load.c -index e53c3a1b7b..2bd9bc27f2 100644 +index 981bd5b4af..c7a0fa58cb 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c -@@ -1785,7 +1785,19 @@ open_path (const char *name, size_t namelen, int mode, +@@ -1780,7 +1780,19 @@ open_path (const char *name, size_t namelen, int mode, given on the command line when rtld is run directly. */ return -1; @@ -46,5 +46,5 @@ index e53c3a1b7b..2bd9bc27f2 100644 { struct r_search_path_elem *this_dir = *dirs; -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch b/poky/meta/recipes-core/glibc/glibc/0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch index fd909f644..48f5a7871 100644 --- a/poky/meta/recipes-core/glibc/glibc/0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch +++ b/poky/meta/recipes-core/glibc/glibc/0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch @@ -1,7 +1,7 @@ -From 92df5673de18779b612609afa4f687e33e5ecb6e Mon Sep 17 00:00:00 2001 +From 3aceb84e2bc0f796204fe059beede91179b1bc6e Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 01:51:38 +0000 -Subject: [PATCH 03/30] nativesdk-glibc: Raise the size of arrays containing dl +Subject: [PATCH 03/28] nativesdk-glibc: Raise the size of arrays containing dl paths This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings @@ -41,7 +41,7 @@ index d8d1e2344e..d2247bfc4f 100644 _dl_cache_libcmp (const char *p1, const char *p2) { diff --git a/elf/dl-load.c b/elf/dl-load.c -index 2bd9bc27f2..4170cc1a09 100644 +index c7a0fa58cb..4b87505d45 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -110,8 +110,8 @@ static size_t max_capstrlen attribute_relro; @@ -67,7 +67,7 @@ index 243829f5f7..0e74241703 100644 +const char __invoke_dynamic_linker__[4096] __attribute__ ((section (".interp"))) = RUNTIME_LINKER; diff --git a/elf/ldconfig.c b/elf/ldconfig.c -index 206cd51df6..2fd4fb54ae 100644 +index 3bc9e61891..6a23096435 100644 --- a/elf/ldconfig.c +++ b/elf/ldconfig.c @@ -168,6 +168,9 @@ static struct argp argp = @@ -81,10 +81,10 @@ index 206cd51df6..2fd4fb54ae 100644 a platform. */ static int diff --git a/elf/rtld.c b/elf/rtld.c -index 5d97f41b7b..26c5fef929 100644 +index c9490ff694..3962373ebb 100644 --- a/elf/rtld.c +++ b/elf/rtld.c -@@ -130,6 +130,7 @@ dso_name_valid_for_suid (const char *p) +@@ -173,6 +173,7 @@ dso_name_valid_for_suid (const char *p) } return *p != '\0'; } @@ -92,7 +92,7 @@ index 5d97f41b7b..26c5fef929 100644 /* LD_AUDIT variable contents. Must be processed before the audit_list below. */ -@@ -1001,12 +1002,12 @@ of this helper program; chances are you did not intend to run this program.\n\ +@@ -1220,13 +1221,13 @@ of this helper program; chances are you did not intend to run this program.\n\ --list list all dependencies and how they are resolved\n\ --verify verify that given object really is a dynamically linked\n\ object we can handle\n\ @@ -102,8 +102,9 @@ index 5d97f41b7b..26c5fef929 100644 variable LD_LIBRARY_PATH\n\ --inhibit-rpath LIST ignore RUNPATH and RPATH information in object names\n\ in LIST\n\ -- --audit LIST use objects named in LIST as auditors\n"); -+ --audit LIST use objects named in LIST as auditors\n", LD_SO_CACHE); + --audit LIST use objects named in LIST as auditors\n\ +- --preload LIST preload objects named in LIST\n"); ++ --preload LIST preload objects named in LIST\n", LD_SO_CACHE); ++_dl_skip_args; --_dl_argc; @@ -136,5 +137,5 @@ index bc8b40331d..b0fdd2144b 100644 # define add_system_dir(dir) add_dir (dir) #endif -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch b/poky/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch index d6c9aac69..a43f29434 100644 --- a/poky/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch +++ b/poky/meta/recipes-core/glibc/glibc/0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch @@ -1,7 +1,7 @@ -From ff0f4756f1a98202726c65745aca38354864e033 Mon Sep 17 00:00:00 2001 +From e41e042149eac349e09fa629fcac4c64e574322c Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 31 Dec 2015 14:35:35 -0800 -Subject: [PATCH 04/30] nativesdk-glibc: Allow 64 bit atomics for x86 +Subject: [PATCH 04/28] nativesdk-glibc: Allow 64 bit atomics for x86 The fix consist of allowing 64bit atomic ops for x86. This should be safe for i586 and newer CPUs. @@ -38,5 +38,5 @@ index aa60ca4cd6..3e42e00183 100644 # define SEG_REG "gs" # define BR_CONSTRAINT "r" -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/poky/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch index 9f9f503a1..3aad603ad 100644 --- a/poky/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch +++ b/poky/meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch @@ -1,7 +1,7 @@ -From b2ec111dc3a42d9dce71c903524724ae82ff22d8 Mon Sep 17 00:00:00 2001 +From 50ab0b0c116f4ae3d975ec1b15ed4595fd9147f6 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 3 Aug 2018 09:55:12 -0700 -Subject: [PATCH 05/30] nativesdk-glibc: Make relocatable install for locales +Subject: [PATCH 05/28] nativesdk-glibc: Make relocatable install for locales The glibc locale path is hard-coded to the install prefix, but in SDKs we need to be able to relocate the binaries. Expand the strings to 4K and put them in a @@ -66,5 +66,5 @@ index 7c1cc3eecb..53cb8bfc59 100644 /* Load the locale data for CATEGORY from the file specified by *NAME. If *NAME is "", use environment variables as specified by POSIX, and -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch b/poky/meta/recipes-core/glibc/glibc/0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch index a6dddebbc..5e1c59143 100644 --- a/poky/meta/recipes-core/glibc/glibc/0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch +++ b/poky/meta/recipes-core/glibc/glibc/0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch @@ -1,7 +1,7 @@ -From 4dc4b4f63dd79734078fa54446edb7fe2d9c74fa Mon Sep 17 00:00:00 2001 +From 7cccf5cec09f2a42cc3fe5d82ce21b7309330b33 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:01:50 +0000 -Subject: [PATCH 06/30] fsl e500/e5500/e6500/603e fsqrt implementation +Subject: [PATCH 06/28] fsl e500/e5500/e6500/603e fsqrt implementation Upstream-Status: Pending Signed-off-by: Edmar Wienskoski <edmar@freescale.com> @@ -1580,5 +1580,5 @@ index 0000000000..04ff8cc181 @@ -0,0 +1 @@ +powerpc/powerpc64/e6500/fpu -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0007-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch b/poky/meta/recipes-core/glibc/glibc/0007-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch index 17ffc6fd4..ae6fb268a 100644 --- a/poky/meta/recipes-core/glibc/glibc/0007-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch +++ b/poky/meta/recipes-core/glibc/glibc/0007-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch @@ -1,7 +1,7 @@ -From 5506296ef55a6e4916febab63805ddf2d5a5293c Mon Sep 17 00:00:00 2001 +From dc715f6c70d01e9c3b31c1825fa5bc447967c847 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:11:22 +0000 -Subject: [PATCH 07/30] readlib: Add OECORE_KNOWN_INTERPRETER_NAMES to known +Subject: [PATCH 07/28] readlib: Add OECORE_KNOWN_INTERPRETER_NAMES to known names This bolts in a hook for OE to pass its own version of interpreter @@ -29,5 +29,5 @@ index c9743e6692..6307f918fc 100644 static struct known_names known_libs[] = -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0008-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch b/poky/meta/recipes-core/glibc/glibc/0008-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch index aacc9f2e3..8bed20306 100644 --- a/poky/meta/recipes-core/glibc/glibc/0008-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch +++ b/poky/meta/recipes-core/glibc/glibc/0008-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch @@ -1,7 +1,7 @@ -From ea969d7767428d73823c91ad9955829bd66b9e58 Mon Sep 17 00:00:00 2001 +From 42a01c55786a9472934e12e0bf0c40983579b607 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:15:07 +0000 -Subject: [PATCH 08/30] ppc/sqrt: Fix undefined reference to `__sqrt_finite' +Subject: [PATCH 08/28] ppc/sqrt: Fix undefined reference to `__sqrt_finite' on ppc fixes the errors like below | ./.libs/libpulsecore-1.1.so: undefined reference to `__sqrt_finite' @@ -204,5 +204,5 @@ index 26fa067abf..9d175122a8 100644 } +strong_alias (__ieee754_sqrtf, __sqrtf_finite) -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0009-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/poky/meta/recipes-core/glibc/glibc/0009-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch index b1d441303..8a5d6d8b7 100644 --- a/poky/meta/recipes-core/glibc/glibc/0009-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch +++ b/poky/meta/recipes-core/glibc/glibc/0009-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch @@ -1,7 +1,7 @@ -From a9e6ca45cdaf13ee595089a5a580d00a95a06bf1 Mon Sep 17 00:00:00 2001 +From a0fcb9135bc8c2b9d8a161d166b6f9d56d7af245 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:16:38 +0000 -Subject: [PATCH 09/30] __ieee754_sqrt{,f} are now inline functions and call +Subject: [PATCH 09/28] __ieee754_sqrt{,f} are now inline functions and call out __slow versions Upstream-Status: Pending @@ -383,5 +383,5 @@ index 9d175122a8..10de1f0cc3 100644 + strong_alias (__ieee754_sqrtf, __sqrtf_finite) -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0010-Quote-from-bug-1443-which-explains-what-the-patch-do.patch b/poky/meta/recipes-core/glibc/glibc/0010-Quote-from-bug-1443-which-explains-what-the-patch-do.patch index 46d205808..a140a1547 100644 --- a/poky/meta/recipes-core/glibc/glibc/0010-Quote-from-bug-1443-which-explains-what-the-patch-do.patch +++ b/poky/meta/recipes-core/glibc/glibc/0010-Quote-from-bug-1443-which-explains-what-the-patch-do.patch @@ -1,7 +1,7 @@ -From 50ad00401eb16bb88c57d95bc927deeec4033e01 Mon Sep 17 00:00:00 2001 +From 9c1f2229c48c37b38628c485ef16e01f6780160c Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:20:09 +0000 -Subject: [PATCH 10/30] Quote from bug 1443 which explains what the patch does +Subject: [PATCH 10/28] Quote from bug 1443 which explains what the patch does : We build some random program and link it with -lust. When we run it, @@ -58,5 +58,5 @@ index 7a2f9d9b78..36a1dd1888 100644 case R_ARM_TLS_TPOFF32: -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0011-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch b/poky/meta/recipes-core/glibc/glibc/0011-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch index 293b72e79..cb99092ee 100644 --- a/poky/meta/recipes-core/glibc/glibc/0011-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch +++ b/poky/meta/recipes-core/glibc/glibc/0011-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch @@ -1,7 +1,7 @@ -From a29a718890a3f32e7135f6b64b1a80c74f2d1454 Mon Sep 17 00:00:00 2001 +From 171d2afb930917b0cfbe9df770774da1c92dd185 Mon Sep 17 00:00:00 2001 From: Ting Liu <b28495@freescale.com> Date: Wed, 19 Dec 2012 04:39:57 -0600 -Subject: [PATCH 11/30] eglibc: run libm-err-tab.pl with specific dirs in ${S} +Subject: [PATCH 11/28] eglibc: run libm-err-tab.pl with specific dirs in ${S} libm-err-tab.pl will parse all the files named "libm-test-ulps" in the given dir recursively. To avoid parsing the one in @@ -32,5 +32,5 @@ index 4f76ee85d2..04b8c8c320 100644 touch $@ -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0012-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/poky/meta/recipes-core/glibc/glibc/0012-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch index 6e175b64d..e233fbe54 100644 --- a/poky/meta/recipes-core/glibc/glibc/0012-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch +++ b/poky/meta/recipes-core/glibc/glibc/0012-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch @@ -1,7 +1,7 @@ -From 777da88a819738683e4389580cfbfded2a83e87e Mon Sep 17 00:00:00 2001 +From 376be7b96152ef501c8cf95ed6dc52c0318bd26a Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:24:46 +0000 -Subject: [PATCH 12/30] __ieee754_sqrt{,f} are now inline functions and call +Subject: [PATCH 12/28] __ieee754_sqrt{,f} are now inline functions and call out __slow versions Upstream-Status: Pending @@ -57,5 +57,5 @@ index 812653558f..10de1f0cc3 100644 #endif { -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0013-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch b/poky/meta/recipes-core/glibc/glibc/0013-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch index b5adecba0..9ba52e6e1 100644 --- a/poky/meta/recipes-core/glibc/glibc/0013-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch +++ b/poky/meta/recipes-core/glibc/glibc/0013-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch @@ -1,7 +1,7 @@ -From f98b1b9e6b569abd3594b4923ace0c966c9daece Mon Sep 17 00:00:00 2001 +From 1ba4e9577437632856d719cbd5d63b5a76cbb4c4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:27:10 +0000 -Subject: [PATCH 13/30] sysdeps/gnu/configure.ac: handle correctly +Subject: [PATCH 13/28] sysdeps/gnu/configure.ac: handle correctly $libc_cv_rootsbindir Upstream-Status:Pending @@ -38,5 +38,5 @@ index 634fe4de2a..3db1697f4f 100644 ;; esac -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0014-Add-unused-attribute.patch b/poky/meta/recipes-core/glibc/glibc/0014-Add-unused-attribute.patch index 1cd91475d..0a602bb38 100644 --- a/poky/meta/recipes-core/glibc/glibc/0014-Add-unused-attribute.patch +++ b/poky/meta/recipes-core/glibc/glibc/0014-Add-unused-attribute.patch @@ -1,7 +1,7 @@ -From b9cd992052550d4b2bba954099e221677a6652e7 Mon Sep 17 00:00:00 2001 +From b84999dcf642b07e6c14e6ff507be14743349949 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:28:41 +0000 -Subject: [PATCH 14/30] Add unused attribute +Subject: [PATCH 14/28] Add unused attribute Helps in avoiding gcc warning when header is is included in a source file which does not use both functions @@ -30,5 +30,5 @@ index 91e0ad3141..2e9549fe49 100644 { int slash_count = 0; -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch b/poky/meta/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch index f2e180239..dd6562a63 100644 --- a/poky/meta/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch +++ b/poky/meta/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch @@ -1,7 +1,7 @@ -From e8a88fb3bb6ffcc43871a7caf7ad9c59bd183e50 Mon Sep 17 00:00:00 2001 +From 7c57f84bef4aaffe4204a7a354411ab3ea7e5273 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:31:06 +0000 -Subject: [PATCH 15/30] 'yes' within the path sets wrong config variables +Subject: [PATCH 15/28] 'yes' within the path sets wrong config variables It seems that the 'AC_EGREP_CPP(yes...' example is quite popular but being such a short word to grep it is likely to produce @@ -259,5 +259,5 @@ index f9cba6e15d..b21f72f1e4 100644 ], libc_cv_ppc64_def_call_elf=yes, libc_cv_ppc64_def_call_elf=no)]) if test $libc_cv_ppc64_def_call_elf = no; then -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch b/poky/meta/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch index 8a9fa4916..4d1cf3197 100644 --- a/poky/meta/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch +++ b/poky/meta/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch @@ -1,7 +1,7 @@ -From 10f470476dc947d7b950d6a66f7c06f500c96c60 Mon Sep 17 00:00:00 2001 +From a74f31ea9edf105f1a6dc26497aa2a12ae736660 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:33:03 +0000 -Subject: [PATCH 16/30] timezone: re-written tzselect as posix sh +Subject: [PATCH 16/28] timezone: re-written tzselect as posix sh To avoid the bash dependency. @@ -41,5 +41,5 @@ index 18fce27e24..70745f9d36 100755 # Output one argument as-is to standard output. # Safer than 'echo', which can mishandle '\' or leading '-'. -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch b/poky/meta/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch index a27759a39..e4f8a135d 100644 --- a/poky/meta/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch +++ b/poky/meta/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch @@ -1,7 +1,7 @@ -From 809392d20fa9a9f8159242451f9969e65a658835 Mon Sep 17 00:00:00 2001 +From 95882b9864ff20e476d15c6825c83728eb99597f Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 31 Dec 2015 14:33:02 -0800 -Subject: [PATCH 17/30] Remove bash dependency for nscd init script +Subject: [PATCH 17/28] Remove bash dependency for nscd init script The nscd init script uses #! /bin/bash but only really uses one bashism (translated strings), so remove them and switch the shell to #!/bin/sh. @@ -71,5 +71,5 @@ index a882da7d8b..b02986ec15 100644 ;; esac -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch b/poky/meta/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch index f80a3ee1d..b5efc4304 100644 --- a/poky/meta/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch +++ b/poky/meta/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch @@ -1,7 +1,7 @@ -From 016d6987600d49d3f45874096e943b97d1667539 Mon Sep 17 00:00:00 2001 +From 6b603d25cc5723ba631dfc60b544774db1147d81 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:42:58 +0000 -Subject: [PATCH 18/30] eglibc: Cross building and testing instructions +Subject: [PATCH 18/28] eglibc: Cross building and testing instructions Ported from eglibc Upstream-Status: Pending @@ -615,5 +615,5 @@ index 0000000000..b67b468466 + simply place copies of these libraries in the top GLIBC build + directory. -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch b/poky/meta/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch index 603bf2188..0333db281 100644 --- a/poky/meta/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch +++ b/poky/meta/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch @@ -1,7 +1,7 @@ -From 7e4423528d362cf6268b1902a8e30d710431f333 Mon Sep 17 00:00:00 2001 +From 2864aaae984d945445f3f79869c703e0b791df88 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:49:28 +0000 -Subject: [PATCH 19/30] eglibc: Help bootstrap cross toolchain +Subject: [PATCH 19/28] eglibc: Help bootstrap cross toolchain Taken from EGLIBC, r1484 + r1525 @@ -29,7 +29,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> create mode 100644 include/stubs-bootstrap.h diff --git a/Makefile b/Makefile -index 4a014d6eff..3a1f419bc3 100644 +index 9fbf705200..64bfd455bc 100644 --- a/Makefile +++ b/Makefile @@ -70,9 +70,18 @@ subdir-dirs = include @@ -52,7 +52,7 @@ index 4a014d6eff..3a1f419bc3 100644 ifeq (yes,$(build-shared)) headers += gnu/lib-names.h endif -@@ -195,6 +204,16 @@ others: $(common-objpfx)testrun.sh +@@ -196,6 +205,16 @@ others: $(common-objpfx)testrun.sh subdir-stubs := $(foreach dir,$(subdirs),$(common-objpfx)$(dir)/stubs) @@ -69,7 +69,7 @@ index 4a014d6eff..3a1f419bc3 100644 ifndef abi-variants installed-stubs = $(inst_includedir)/gnu/stubs.h else -@@ -221,6 +240,7 @@ $(inst_includedir)/gnu/stubs.h: $(+force) +@@ -222,6 +241,7 @@ $(inst_includedir)/gnu/stubs.h: $(+force) install-others-nosubdir: $(installed-stubs) endif @@ -96,5 +96,5 @@ index 0000000000..1d2b669aff + EGLIBC subdir 'stubs' make targets, on every .o file in EGLIBC, but + an empty stubs.h like this will do fine for GCC. */ -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0020-eglibc-Clear-cache-lines-on-ppc8xx.patch b/poky/meta/recipes-core/glibc/glibc/0020-eglibc-Clear-cache-lines-on-ppc8xx.patch index 985b17b58..965ad6578 100644 --- a/poky/meta/recipes-core/glibc/glibc/0020-eglibc-Clear-cache-lines-on-ppc8xx.patch +++ b/poky/meta/recipes-core/glibc/glibc/0020-eglibc-Clear-cache-lines-on-ppc8xx.patch @@ -1,7 +1,7 @@ -From 8c4d7d70a84a69fe5e8d69539368aa11f8fe20aa Mon Sep 17 00:00:00 2001 +From e2667086bf984de4d3f1226b9467761cd5a4c39f Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 31 Dec 2015 15:15:09 -0800 -Subject: [PATCH 20/30] eglibc: Clear cache lines on ppc8xx +Subject: [PATCH 20/28] eglibc: Clear cache lines on ppc8xx 2007-06-13 Nathan Sidwell <nathan@codesourcery.com> Mark Shinwell <shinwell@codesourcery.com> @@ -79,5 +79,5 @@ index 4fd5f70700..1a21e4675c 100644 break; #ifndef SHARED -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0021-eglibc-Resolve-__fpscr_values-on-SH4.patch b/poky/meta/recipes-core/glibc/glibc/0021-eglibc-Resolve-__fpscr_values-on-SH4.patch index fb1b43b18..76551cf55 100644 --- a/poky/meta/recipes-core/glibc/glibc/0021-eglibc-Resolve-__fpscr_values-on-SH4.patch +++ b/poky/meta/recipes-core/glibc/glibc/0021-eglibc-Resolve-__fpscr_values-on-SH4.patch @@ -1,7 +1,7 @@ -From 19f041215673d4499ee9b23805d5c224c4063689 Mon Sep 17 00:00:00 2001 +From b7290e54a1bda7a0212131655bc27926fc22de22 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 00:55:53 +0000 -Subject: [PATCH 21/30] eglibc: Resolve __fpscr_values on SH4 +Subject: [PATCH 21/28] eglibc: Resolve __fpscr_values on SH4 2010-09-29 Nobuhiro Iwamatsu <iwamatsu@nigauri.org> Andrew Stubbs <ams@codesourcery.com> @@ -52,5 +52,5 @@ index 6ce36d6dd5..425811cc77 100644 +weak_alias (___fpscr_values, __fpscr_values) + -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0022-eglibc-Forward-port-cross-locale-generation-support.patch b/poky/meta/recipes-core/glibc/glibc/0022-eglibc-Forward-port-cross-locale-generation-support.patch index a2d35d43e..c46021a47 100644 --- a/poky/meta/recipes-core/glibc/glibc/0022-eglibc-Forward-port-cross-locale-generation-support.patch +++ b/poky/meta/recipes-core/glibc/glibc/0022-eglibc-Forward-port-cross-locale-generation-support.patch @@ -1,7 +1,7 @@ -From 1ae15f60a84f16187e06a05906f44a6658bae487 Mon Sep 17 00:00:00 2001 +From be382b4e0c6de52573f7e037f2d4ff9b1b5bbb6b Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 18 Mar 2015 01:33:49 +0000 -Subject: [PATCH 22/30] eglibc: Forward port cross locale generation support +Subject: [PATCH 22/28] eglibc: Forward port cross locale generation support Upstream-Status: Pending @@ -23,7 +23,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> create mode 100644 locale/catnames.c diff --git a/locale/Makefile b/locale/Makefile -index 764e751c36..866957fefa 100644 +index d78cf9b83a..e166f5252e 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -26,7 +26,8 @@ headers = langinfo.h locale.h bits/locale.h \ @@ -150,7 +150,7 @@ index 94c122df68..80e53e12c8 100644 return NULL; } diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c -index bb4e2c539d..9d08d422c4 100644 +index 6baab6cfb0..b12a2fceab 100644 --- a/locale/programs/ld-collate.c +++ b/locale/programs/ld-collate.c @@ -349,7 +349,7 @@ new_element (struct locale_collate_t *collate, const char *mbs, size_t mbslen, @@ -199,7 +199,7 @@ index bb4e2c539d..9d08d422c4 100644 == runp->wcnext->wcs[runp->nwcs - 1] + 1)); diff --git a/locale/programs/ld-ctype.c b/locale/programs/ld-ctype.c -index 36fd08ba80..08155a27d6 100644 +index cfc9c43fd5..6572cc199c 100644 --- a/locale/programs/ld-ctype.c +++ b/locale/programs/ld-ctype.c @@ -915,7 +915,7 @@ ctype_output (struct localedef_t *locale, const struct charmap_t *charmap, @@ -211,7 +211,7 @@ index 36fd08ba80..08155a27d6 100644 : 0); init_locale_data (&file, nelems); -@@ -1926,7 +1926,7 @@ read_translit_entry (struct linereader *ldfile, struct locale_ctype_t *ctype, +@@ -1927,7 +1927,7 @@ read_translit_entry (struct linereader *ldfile, struct locale_ctype_t *ctype, ignore = 1; else /* This value is usable. */ @@ -220,7 +220,7 @@ index 36fd08ba80..08155a27d6 100644 first = 0; } -@@ -2460,8 +2460,8 @@ with character code range values one must use the absolute ellipsis `...'")); +@@ -2461,8 +2461,8 @@ with character code range values one must use the absolute ellipsis `...'")); } handle_tok_digit: @@ -231,7 +231,7 @@ index 36fd08ba80..08155a27d6 100644 handle_digits = 1; goto read_charclass; -@@ -3901,8 +3901,7 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, +@@ -3904,8 +3904,7 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, while (idx < number) { @@ -241,7 +241,7 @@ index 36fd08ba80..08155a27d6 100644 if (res == 0) { replace = 1; -@@ -3939,11 +3938,11 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, +@@ -3942,11 +3941,11 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, for (size_t cnt = 0; cnt < number; ++cnt) { struct translit_to_t *srunp; @@ -255,7 +255,7 @@ index 36fd08ba80..08155a27d6 100644 srunp = srunp->next; } /* Plus one for the extra NUL character marking the end of -@@ -3967,18 +3966,18 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, +@@ -3970,18 +3969,18 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap, ctype->translit_from_idx[cnt] = from_len; ctype->translit_to_idx[cnt] = to_len; @@ -521,7 +521,7 @@ index c063fc097d..4e7465e55a 100644 + #endif /* locfile.h */ diff --git a/locale/setlocale.c b/locale/setlocale.c -index 9427a5ad28..8f4140d684 100644 +index 9bd35454b9..2a67dc6589 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -64,36 +64,6 @@ static char *const _nl_current_used[] = @@ -562,5 +562,5 @@ index 9427a5ad28..8f4140d684 100644 # define WEAK_POSTLOAD(postload) weak_extern (postload) #else -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0023-Define-DUMMY_LOCALE_T-if-not-defined.patch b/poky/meta/recipes-core/glibc/glibc/0023-Define-DUMMY_LOCALE_T-if-not-defined.patch index 0f7c5fdf7..17667da99 100644 --- a/poky/meta/recipes-core/glibc/glibc/0023-Define-DUMMY_LOCALE_T-if-not-defined.patch +++ b/poky/meta/recipes-core/glibc/glibc/0023-Define-DUMMY_LOCALE_T-if-not-defined.patch @@ -1,7 +1,7 @@ -From 809c79b7d554a4ec83921df9d8773c99a03dc81c Mon Sep 17 00:00:00 2001 +From afa8d6faeddeb80aca318b33edf49d9f8ce65761 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Wed, 20 Apr 2016 21:11:00 -0700 -Subject: [PATCH 23/30] Define DUMMY_LOCALE_T if not defined +Subject: [PATCH 23/28] Define DUMMY_LOCALE_T if not defined This is a hack to fix building the locale bits on an older CentOs 5.X machine @@ -28,5 +28,5 @@ index a1e6e0ec3c..7f75528eae 100644 #define PACKAGE _libc_intl_domainname #ifndef VERSION -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0024-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch b/poky/meta/recipes-core/glibc/glibc/0024-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch index c289e544e..f68e4f4fa 100644 --- a/poky/meta/recipes-core/glibc/glibc/0024-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch +++ b/poky/meta/recipes-core/glibc/glibc/0024-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch @@ -1,7 +1,7 @@ -From b2d1c9b4159bfd661a4996588d06d922491dfecb Mon Sep 17 00:00:00 2001 +From c13e18adb634a6fd59129150ab7f9468f64dc931 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 3 Aug 2018 09:42:06 -0700 -Subject: [PATCH 24/30] localedef --add-to-archive uses a hard-coded locale +Subject: [PATCH 24/28] localedef --add-to-archive uses a hard-coded locale path it doesn't exist in normal use, and there's no way to pass an @@ -80,5 +80,5 @@ index e6310b18be..f54a76eade 100644 if (readonly) { -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0025-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch b/poky/meta/recipes-core/glibc/glibc/0025-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch index 0ddd2e58b..76a9eb256 100644 --- a/poky/meta/recipes-core/glibc/glibc/0025-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch +++ b/poky/meta/recipes-core/glibc/glibc/0025-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch @@ -1,7 +1,7 @@ -From 804b05a034bfaf4e3427243e6baf736086822cd0 Mon Sep 17 00:00:00 2001 +From 7c9ebe966bb97dd14de5719905b61311211ae3c8 Mon Sep 17 00:00:00 2001 From: Mark Hatle <mark.hatle@windriver.com> Date: Thu, 18 Aug 2016 14:07:58 -0500 -Subject: [PATCH 25/30] elf/dl-deps.c: Make _dl_build_local_scope breadth first +Subject: [PATCH 25/28] elf/dl-deps.c: Make _dl_build_local_scope breadth first According to the ELF specification: @@ -52,5 +52,5 @@ index e12c353158..9234daac05 100644 } -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0028-intl-Emit-no-lines-in-bison-generated-files.patch b/poky/meta/recipes-core/glibc/glibc/0026-intl-Emit-no-lines-in-bison-generated-files.patch index 0eb006ffb..7589e11d5 100644 --- a/poky/meta/recipes-core/glibc/glibc/0028-intl-Emit-no-lines-in-bison-generated-files.patch +++ b/poky/meta/recipes-core/glibc/glibc/0026-intl-Emit-no-lines-in-bison-generated-files.patch @@ -1,7 +1,7 @@ -From 39f910a4b8195d0538425aad7f0ebdc232b7a582 Mon Sep 17 00:00:00 2001 +From aa5c758fbb7dbb026df33fc6bdc05548547bdb17 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 3 Aug 2018 09:44:00 -0700 -Subject: [PATCH 28/30] intl: Emit no lines in bison generated files +Subject: [PATCH 26/28] intl: Emit no lines in bison generated files Improve reproducibility: Do not put any #line preprocessor commands in bison generated files. @@ -30,5 +30,5 @@ index 9eea8d57e3..627dce4cf1 100644 $(inst_localedir)/locale.alias: locale.alias $(+force) $(do-install) -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0029-inject-file-assembly-directives.patch b/poky/meta/recipes-core/glibc/glibc/0027-inject-file-assembly-directives.patch index 2874fb581..dc205a833 100644 --- a/poky/meta/recipes-core/glibc/glibc/0029-inject-file-assembly-directives.patch +++ b/poky/meta/recipes-core/glibc/glibc/0027-inject-file-assembly-directives.patch @@ -1,7 +1,7 @@ -From 649bfb399265eb48a9fe8db1c2b5a31633c55152 Mon Sep 17 00:00:00 2001 +From fecd98040a2ae1bc5943a40a1623d76a696e0785 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Thu, 29 Nov 2018 17:29:35 -0800 -Subject: [PATCH 29/30] inject file assembly directives +Subject: [PATCH 27/28] inject file assembly directives Currently, non-IA builds are not reproducibile since build paths are being injected into the debug symbols. These are coming from the use of @@ -300,5 +300,5 @@ index eeb96544e3..da182b28f8 100644 + #include <brk.S> -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/0030-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch b/poky/meta/recipes-core/glibc/glibc/0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch index adc242400..6c49066fd 100644 --- a/poky/meta/recipes-core/glibc/glibc/0030-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch +++ b/poky/meta/recipes-core/glibc/glibc/0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch @@ -1,7 +1,7 @@ -From 6ddab9c8692e6a777c2e2e7a6ca26a65df7d2c5d Mon Sep 17 00:00:00 2001 +From d934788e3221c28c9a1892235cbe4cfd1b28ced0 Mon Sep 17 00:00:00 2001 From: Martin Jansa <martin.jansa@gmail.com> Date: Mon, 17 Dec 2018 21:36:18 +0000 -Subject: [PATCH 30/30] locale: prevent maybe-uninitialized errors with -Os [BZ +Subject: [PATCH 28/28] locale: prevent maybe-uninitialized errors with -Os [BZ #19444] Fixes following error when building for aarch64 with -Os: @@ -52,5 +52,5 @@ index 7ca81498b2..d608ca70bb 100644 const unsigned char *usrc; -- -2.20.1 +2.22.0 diff --git a/poky/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch b/poky/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch deleted file mode 100644 index cf3744b24..000000000 --- a/poky/meta/recipes-core/glibc/glibc/CVE-2019-9169.patch +++ /dev/null @@ -1,37 +0,0 @@ -CVE: CVE-2019-9169 -CVE: CVE-2018-20796 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@cs.ucla.edu> -Date: Mon, 21 Jan 2019 11:08:13 -0800 -Subject: [PATCH] regex: fix read overrun [BZ #24114] - -Problem found by AddressSanitizer, reported by Hongxu Chen in: -https://debbugs.gnu.org/34140 -* posix/regexec.c (proceed_next_node): -Do not read past end of input buffer. ---- - posix/regexec.c | 6 ++++-- - 2 files changed, 13 insertions(+), 3 deletions(-) - -diff --git a/posix/regexec.c b/posix/regexec.c -index 91d5a79..084b122 100644 ---- a/posix/regexec.c -+++ b/posix/regexec.c -@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs, - else if (naccepted) - { - char *buf = (char *) re_string_get_buffer (&mctx->input); -- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, -- naccepted) != 0) -+ if (mctx->input.valid_len - *pidx < naccepted -+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, -+ naccepted) -+ != 0)) - return -1; - } - } --- -2.9.3 diff --git a/poky/meta/recipes-core/glibc/glibc_2.29.bb b/poky/meta/recipes-core/glibc/glibc_2.30.bb index c6b2caad4..03add3363 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.29.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.30.bb @@ -1,21 +1,8 @@ require glibc.inc - -LIC_FILES_CHKSUM = "file://LICENSES;md5=cfc0ed77a9f62fa62eded042ebe31d72 \ - file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ - file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c" +require glibc-version.inc DEPENDS += "gperf-native bison-native make-native" -PV = "2.29" - -SRCREV ?= "86013ef5cea322b8f4b9c22f230c22cce369e947" - -SRCBRANCH ?= "release/${PV}/master" - -GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" -UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)" - NATIVESDKFIXES ?= "" NATIVESDKFIXES_class-nativesdk = "\ file://0001-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch \ @@ -25,7 +12,7 @@ NATIVESDKFIXES_class-nativesdk = "\ file://0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch \ " -SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ +SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://etc/ld.so.conf \ file://generate-supported.mk \ file://makedbs.sh \ @@ -51,13 +38,10 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \ file://0024-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \ file://0025-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \ - file://0028-intl-Emit-no-lines-in-bison-generated-files.patch \ - file://0029-inject-file-assembly-directives.patch \ - file://0030-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ - file://0001-x86-64-memcmp-Use-unsigned-Jcc-instructions-on-size-.patch \ - file://CVE-2019-9169.patch \ -" - + file://0026-intl-Emit-no-lines-in-bison-generated-files.patch \ + file://0027-inject-file-assembly-directives.patch \ + file://0028-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ + " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb index 9c083bdc9..2c427a588 100644 --- a/poky/meta/recipes-core/meta/cve-update-db-native.bb +++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb @@ -22,7 +22,7 @@ python do_populate_cve_db() { Update NVD database with json data feed """ - import sqlite3, urllib, shutil, gzip + import sqlite3, urllib, urllib.parse, shutil, gzip from datetime import date BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-" @@ -32,6 +32,16 @@ python do_populate_cve_db() { db_file = os.path.join(db_dir, 'nvdcve_1.0.db') json_tmpfile = os.path.join(db_dir, 'nvd.json.gz') proxy = d.getVar("https_proxy") + + if proxy: + # instantiate an opener but do not install it as the global + # opener unless if we're really sure it's applicable for all + # urllib requests + proxy_handler = urllib.request.ProxyHandler({'https': proxy}) + proxy_opener = urllib.request.build_opener(proxy_handler) + else: + proxy_opener = None + cve_f = open(os.path.join(d.getVar("TMPDIR"), 'cve_check'), 'a') if not os.path.isdir(db_dir): @@ -49,11 +59,17 @@ python do_populate_cve_db() { json_url = year_url + ".json.gz" # Retrieve meta last modified date - req = urllib.request.Request(meta_url) - if proxy: - req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r: - for l in r.read().decode("utf-8").splitlines(): + + response = None + + if proxy_opener: + response = proxy_opener.open(meta_url) + else: + req = urllib.request.Request(meta_url) + response = urllib.request.urlopen(req) + + if response: + for l in response.read().decode("utf-8").splitlines(): key, value = l.split(":", 1) if key == "lastModifiedDate": last_modified = value @@ -71,11 +87,14 @@ python do_populate_cve_db() { # Update db with current year json file try: - req = urllib.request.Request(json_url) - if proxy: - req.set_proxy(proxy, 'https') - with urllib.request.urlopen(req) as r: - update_db(c, gzip.decompress(r.read())) + if proxy_opener: + response = proxy_opener.open(json_url) + else: + req = urllib.request.Request(json_url) + response = urllib.request.urlopen(req) + + if response: + update_db(c, gzip.decompress(response.read()).decode('utf-8')) c.execute("insert or replace into META values (?, ?)", [year, last_modified]) except urllib.error.URLError as e: cve_f.write('Warning: CVE db update error, CVE data is outdated.\n\n') diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb index 039932a3b..6425b5cd3 100644 --- a/poky/meta/recipes-core/musl/musl_git.bb +++ b/poky/meta/recipes-core/musl/musl_git.bb @@ -4,7 +4,7 @@ require musl.inc inherit linuxloader -SRCREV = "0ce49d0a301b4142741b32773492af90f66ed3ca" +SRCREV = "d0b547dfb5f7678cab6bc39dd736ed6454357ca4" BASEVER = "1.1.23" @@ -63,7 +63,7 @@ do_install() { oe_runmake install DESTDIR='${D}' install -d ${D}${bindir} - rm -f ${D}${bindir}/ldd + rm -f ${D}${bindir}/ldd ${D}${GLIBC_LDSO} lnr ${D}${libdir}/libc.so ${D}${bindir}/ldd lnr ${D}${libdir}/libc.so ${D}${GLIBC_LDSO} for l in crypt dl m pthread resolv rt util xnet diff --git a/poky/meta/recipes-core/newlib/newlib.inc b/poky/meta/recipes-core/newlib/newlib.inc index 418cf0793..2f0553bd6 100644 --- a/poky/meta/recipes-core/newlib/newlib.inc +++ b/poky/meta/recipes-core/newlib/newlib.inc @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = " \ file://newlib/libc/sys/linux/linuxthreads/LICENSE;md5=73640207fbc79b198c7ffd4ad4d97aa0 \ " -SRC_URI = "ftp://sourceware.org/pub/newlib/newlib-${PV}.tar.gz" +SRC_URI = "https://sourceware.org/pub/newlib/newlib-${PV}.tar.gz" SRC_URI[md5sum] = "f84263b7d524df92a9c9fb30b79e0134" SRC_URI[sha256sum] = "fb4fa1cc21e9060719208300a61420e4089d6de6ef59cf533b57fe74801d102a" diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch deleted file mode 100644 index 342fcc623..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation" - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wstringop-truncation" in "-Wall". This warning is documented in detail -at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn for calls to bounded string manipulation functions such as strncat, -> strncpy, and stpncpy that may either truncate the copied string or leave -> the destination unchanged. - -It breaks the BaseTools build with: - -> EfiUtilityMsgs.c: In function 'PrintMessage': -> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying -> between 0 and 511 bytes from a string of length 511 -> [-Werror=stringop-truncation] -> strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The right way to fix the warning would be to implement string concat with -snprintf(). However, Microsoft does not appear to support snprintf() -before VS2015 -<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>, -so we just have to shut up the warning. The strncat() calls flagged above -are valid BTW. - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - - BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
- endif
- BUILD_LFLAGS = $(LDFLAGS)
- BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch b/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch deleted file mode 100644 index 5bb418b95..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0001-ia32-Dont-use-pie.patch +++ /dev/null @@ -1,46 +0,0 @@ -From f65e9cc025278387b494c2383c5d9ff3bed98687 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sun, 11 Jun 2017 00:47:24 -0700 -Subject: [PATCH] ia32: Dont use -pie - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - BaseTools/Conf/tools_def.template | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Conf/tools_def.template -=================================================================== ---- git.orig/BaseTools/Conf/tools_def.template -+++ git/BaseTools/Conf/tools_def.template -@@ -4336,7 +4336,7 @@ RELEASE_*_*_OBJCOPY_ADDDEBUGFLAG = - NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink=$(DEBUG_DIR)/$(MODULE_NAME).debug
-
- DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
--DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe
-+DEFINE GCC_IA32_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -m32 -malign-double -freorder-blocks -freorder-blocks-and-partition -O2 -mno-stack-arg-probe -fno-PIE -no-pie
- DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-address -mno-stack-arg-probe
- DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency
- DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie
-@@ -4369,9 +4369,9 @@ DEFINE GCC_ARM_RC_FLAGS = -I - DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
-
- DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
--DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables
-+DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
--DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-+DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
- DEFINE GCC44_IA32_X64_ASLDLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC44_IA32_X64_DLINK_FLAGS = DEF(GCC44_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC44_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
-@@ -4451,7 +4451,7 @@ DEFINE GCC48_AARCH64_ASLDLINK_FLAGS = D -
- DEFINE GCC49_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
- DEFINE GCC49_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
--DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40
-+DEFINE GCC49_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x40 -no-pie
- DEFINE GCC49_IA32_X64_ASLDLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
- DEFINE GCC49_IA32_X64_DLINK_FLAGS = DEF(GCC49_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map
- DEFINE GCC49_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch deleted file mode 100644 index a076665c3..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict" - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wrestrict" in "-Wall". This warning is documented in detail -at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn when an object referenced by a restrict-qualified parameter (or, in -> C++, a __restrict-qualified parameter) is aliased by another argument, -> or when copies between such objects overlap. - -It breaks the BaseTools build (in the Brotli compression library) with: - -> In function 'ProcessCommandsInternal', -> inlined from 'ProcessCommands' at dec/decode.c:1828:10: -> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 -> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at -> offset 16 [-Werror=restrict] -> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> In function 'ProcessCommandsInternal', -> inlined from 'SafeProcessCommands' at dec/decode.c:1833:10: -> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631 -> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at -> offset 16 [-Werror=restrict] -> memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16)); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail, -and concluded that the warning is a false positive: - -> This seems safe to me, because it's preceded by: -> -> uint8_t* copy_dst = &s->ringbuffer[pos]; -> uint8_t* copy_src = &s->ringbuffer[src_start]; -> int dst_end = pos + i; -> int src_end = src_start + i; -> if (src_end > pos && dst_end > src_start) { -> /* Regions intersect. */ -> goto CommandPostWrapCopy; -> } -> -> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then -> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i). -> -> The if seems okay: -> -> (src_start + i > pos && pos + i > src_start) -> -> which can be rewritten to: -> -> (pos < src_start + i && src_start < pos + i) -> -> Then the numbers are in one of these two orders: -> -> pos <= src_start < pos + i <= src_start + i -> src_start <= pos < src_start + i <= pos + i -> -> These two would be allowed by the "if", but they can only happen if pos -> == src_start so they degenerate to the same two orders above: -> -> pos <= src_start < src_start + i <= pos + i -> src_start <= pos < pos + i <= src_start + i -> -> So it is a false positive in GCC. - -Disable the warning for now. - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Cole Robinson <crobinso@redhat.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
- endif
- BUILD_LFLAGS = $(LDFLAGS)
- BUILD_CXXFLAGS += -Wno-unused-result
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch deleted file mode 100644 index 920723e32..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Wed, 7 Mar 2018 10:17:28 +0100 -Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx" - options on OSX - -I recently added the gcc-8 specific "-Wno-stringop-truncation" and -"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 / -clang, OSX) and otherwise (gcc, Linux / Cygwin). - -I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does -not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and -"-Wno-restrict" options, yet the build completed fine (by GCC design). - -Regarding OSX, my expectation was that - -- XCODE5 / clang would either recognize these warnings options (because - clang does recognize most -W options of gcc), - -- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags - that it didn't recognize. - -Neither is the case; the new flags have broken the BaseTools build on OSX. -Revert them (for OSX only). - -Cc: Liming Gao <liming.gao@intel.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Liming Gao <liming.gao@intel.com> -Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231 -Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> -Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/Makefiles/header.makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/BaseTools/Source/C/Makefiles/header.makefile -=================================================================== ---- git.orig/BaseTools/Source/C/Makefiles/header.makefile -+++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) - BUILD_CPPFLAGS += $(INCLUDE) -O2
- ifeq ($(DARWIN),Darwin)
- # assume clang or clang compatible flags on OS X
--BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
- else
- BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g
- endif
diff --git a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch index 65b5c16dc..070b0ac5a 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch @@ -1,6 +1,6 @@ From 2320650c6d381b914fe91b2dedaa5870279a8bcf Mon Sep 17 00:00:00 2001 From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> -Date: Sun, 27 Nov 2016 18:42:55 -0800 +Date: Fri, 26 Jul 2019 17:34:26 -0400 Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake Prepend the build flags with those of bitbake. This is to build @@ -9,31 +9,42 @@ using the bitbake native sysroot include and library directories. Signed-off-by: Ricardo Neri <ricardo.neri@linux.intel.com> Upstream-Status: Pending --- - BaseTools/Source/C/Makefiles/header.makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) + BaseTools/Source/C/Makefiles/header.makefile | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) Index: git/BaseTools/Source/C/Makefiles/header.makefile =================================================================== --- git.orig/BaseTools/Source/C/Makefiles/header.makefile +++ git/BaseTools/Source/C/Makefiles/header.makefile -@@ -44,15 +44,15 @@ ARCH_INCLUDE = -I $(MAKEROOT)/Include/AA +@@ -62,23 +62,23 @@ $(error Bad HOST_ARCH) endif
INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE)
--BUILD_CPPFLAGS = $(INCLUDE) -O2
-+BUILD_CPPFLAGS += $(INCLUDE) -O2
+-BUILD_CPPFLAGS = $(INCLUDE)
++BUILD_CPPFLAGS += $(INCLUDE)
+
+ # keep EXTRA_OPTFLAGS last
+ BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS)
+
ifeq ($(DARWIN),Darwin)
# assume clang or clang compatible flags on OS X
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g
else
--BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
-+BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g
+-BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -fwrapv \
+ -fno-delete-null-pointer-checks -Wall -Werror \
+ -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict \
+ -Wno-unused-result -nostdlib -g
endif
-BUILD_LFLAGS =
-BUILD_CXXFLAGS = -Wno-unused-result
+BUILD_LFLAGS = $(LDFLAGS)
+BUILD_CXXFLAGS += -Wno-unused-result
- ifeq ($(ARCH), IA32)
+ ifeq ($(HOST_ARCH), IA32)
#
+-- +2.20.1 + diff --git a/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch deleted file mode 100644 index 7ad7cdf0c..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch +++ /dev/null @@ -1,66 +0,0 @@ -From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek <lersek@redhat.com> -Date: Fri, 2 Mar 2018 17:11:52 +0100 -Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow" - warning with memcpy() - -gcc-8 (which is part of Fedora 28) enables the new warning -"-Wstringop-overflow" in "-Wall". This warning is documented in detail at -<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the -introduction says - -> Warn for calls to string manipulation functions such as memcpy and -> strcpy that are determined to overflow the destination buffer. - -It breaks the BaseTools build with: - -> GenVtf.c: In function 'ConvertVersionInfo': -> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length -> of the source argument [-Werror=stringop-overflow=] -> strncpy (TemStr + 4 - Length, Str, Length); -> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -> GenVtf.c:130:14: note: length computed here -> Length = strlen(Str); -> ^~~~~~~~~~~ - -It is a false positive because, while the bound equals the length of the -source argument, the destination pointer is moved back towards the -beginning of the destination buffer by the same amount (and this amount is -range-checked first, so we can't precede the start of the dest buffer). - -Replace both strncpy() calls with memcpy(). - -Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> -Cc: Cole Robinson <crobinso@redhat.com> -Cc: Liming Gao <liming.gao@intel.com> -Cc: Paolo Bonzini <pbonzini@redhat.com> -Cc: Yonghong Zhu <yonghong.zhu@intel.com> -Reported-by: Cole Robinson <crobinso@redhat.com> -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Reviewed-by: Liming Gao <liming.gao@intel.com> ---- -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Upstream-Status: Backport - BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c -index 2ae9a7be2c..0cd33e71e9 100644 ---- a/BaseTools/Source/C/GenVtf/GenVtf.c -+++ b/BaseTools/Source/C/GenVtf/GenVtf.c -@@ -129,9 +129,9 @@ Returns: - } else {
- Length = strlen(Str);
- if (Length < 4) {
-- strncpy (TemStr + 4 - Length, Str, Length);
-+ memcpy (TemStr + 4 - Length, Str, Length);
- } else {
-- strncpy (TemStr, Str + Length - 4, 4);
-+ memcpy (TemStr, Str + Length - 4, 4);
- }
-
- sscanf (
--- -2.17.0 - diff --git a/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index 3aa6cc4ac..000000000 --- a/poky/meta/recipes-core/ovmf/ovmf/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null @@ -1,1124 +0,0 @@ -From: Laszlo Ersek <lersek@redhat.com> -Date: Mon, 6 Jul 2015 20:22:02 +0200 -Subject: [PATCH] OvmfPkg: EnrollDefaultKeys: application for enrolling default - keys - -(A port of the <https://bugzilla.redhat.com/show_bug.cgi?id=1148296> patch -to Gerd's public RPMs.) - -This application is meant to be invoked by the management layer, after -booting the UEFI shell and getting a shell prompt on the serial console. -The app enrolls a number of certificates (see below), and then reports -status to the serial console as well. The expected output is "info: -success": - -> Shell> EnrollDefaultKeys.efi -> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 -> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 -> info: success -> Shell> - -In case of success, the management layer can force off or reboot the VM -(for example with the "reset -s" or "reset -c" UEFI shell commands, -respectively), and start the guest installation with SecureBoot enabled. - -PK: -- A unique, static, ad-hoc certificate whose private half has been - destroyed (more precisely, never saved) and is therefore unusable for - signing. (The command for creating this certificate is saved in the - source code.) - -KEK: -- same ad-hoc certificate as used for the PK, -- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool - package is signed (indirectly, through a chain) with this; enrolling - such a KEK should allow guests to install those updates. - -DB: -- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows - Server 2012 R2, -- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI - oproms. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek <lersek@redhat.com> -Upstream-Status: Inappropriate [not author] -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 960 ++++++++++++++++++++++++ - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 51 ++ - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + - 5 files changed, 1023 insertions(+) - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -new file mode 100644 -index 0000000..081212b ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -@@ -0,0 +1,960 @@ -+/** @file -+ Enroll default PK, KEK, DB. -+ -+ Copyright (C) 2014, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid -+#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME -+#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE -+#include <Library/BaseMemoryLib.h> // CopyGuid() -+#include <Library/DebugLib.h> // ASSERT() -+#include <Library/MemoryAllocationLib.h> // FreePool() -+#include <Library/ShellCEntryLib.h> // ShellAppMain() -+#include <Library/UefiLib.h> // AsciiPrint() -+#include <Library/UefiRuntimeServicesTableLib.h> // gRT -+ -+// -+// The example self-signed certificate below, which we'll use for both Platform -+// Key, and first Key Exchange Key, has been generated with the following -+// non-interactive openssl command. The passphrase is read from /dev/urandom, -+// and not saved, and the private key is written to /dev/null. In other words, -+// we can't sign anything else against this certificate, which is our purpose. -+// -+/* -+ openssl req \ -+ -passout file:<(head -c 16 /dev/urandom) \ -+ -x509 \ -+ -newkey rsa:2048 \ -+ -keyout /dev/null \ -+ -outform DER \ -+ -subj $( -+ printf /C=US -+ printf /ST=TestStateOrProvince -+ printf /L=TestLocality -+ printf /O=TestOrganization -+ printf /OU=TestOrganizationalUnit -+ printf /CN=TestCommonName -+ printf /emailAddress=test@example.com -+ ) \ -+ 2>/dev/null \ -+ | xxd -i -+*/ -+STATIC CONST UINT8 ExampleCert[] = { -+ 0x30, 0x82, 0x04, 0x45, 0x30, 0x82, 0x03, 0x2d, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x09, 0x00, 0xcf, 0x9f, 0x51, 0xa3, 0x07, 0xdb, 0x54, 0xa1, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, -+ 0x30, 0x81, 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, -+ 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, -+ 0x13, 0x54, 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, -+ 0x72, 0x6f, 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, -+ 0x55, 0x04, 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, -+ 0x6c, 0x69, 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x0c, 0x10, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, -+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, -+ 0x0b, 0x0c, 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, -+ 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, -+ 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, -+ 0x74, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, -+ 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, -+ 0x16, 0x10, 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, -+ 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, -+ 0x30, 0x39, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x31, 0x34, -+ 0x31, 0x31, 0x30, 0x38, 0x31, 0x33, 0x32, 0x38, 0x32, 0x32, 0x5a, 0x30, 0x81, -+ 0xb8, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, -+ 0x53, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x13, 0x54, -+ 0x65, 0x73, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x4f, 0x72, 0x50, 0x72, 0x6f, -+ 0x76, 0x69, 0x6e, 0x63, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, -+ 0x07, 0x0c, 0x0c, 0x54, 0x65, 0x73, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, -+ 0x74, 0x79, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x10, -+ 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, -+ 0x16, 0x54, 0x65, 0x73, 0x74, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, -+ 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x55, 0x6e, 0x69, 0x74, 0x31, 0x17, 0x30, -+ 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x54, 0x65, 0x73, 0x74, 0x43, -+ 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x31, 0x1f, 0x30, 0x1d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, -+ 0x74, 0x65, 0x73, 0x74, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, -+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0xf1, 0xce, -+ 0x17, 0x32, 0xac, 0xc4, 0x4b, 0xb2, 0xed, 0x84, 0x76, 0xe5, 0xd0, 0xf8, 0x21, -+ 0xac, 0x10, 0xf8, 0x18, 0x09, 0x0e, 0x07, 0x13, 0x76, 0x21, 0x5c, 0xc4, 0xcc, -+ 0xd5, 0xe6, 0x25, 0xa7, 0x26, 0x53, 0x79, 0x2f, 0x16, 0x4b, 0x85, 0xbd, 0xae, -+ 0x42, 0x64, 0x58, 0xcb, 0x5e, 0xe8, 0x6e, 0x5a, 0xd0, 0xc4, 0x0f, 0x38, 0x16, -+ 0xbe, 0xd3, 0x22, 0xa7, 0x3c, 0x9b, 0x8b, 0x5e, 0xcb, 0x62, 0x35, 0xc5, 0x9b, -+ 0xe2, 0x8e, 0x4c, 0x65, 0x57, 0x4f, 0xcb, 0x27, 0xad, 0xe7, 0x63, 0xa7, 0x77, -+ 0x2b, 0xd5, 0x02, 0x42, 0x70, 0x46, 0xac, 0xba, 0xb6, 0x60, 0x57, 0xd9, 0xce, -+ 0x31, 0xc5, 0x12, 0x03, 0x4a, 0xf7, 0x2a, 0x2b, 0x40, 0x06, 0xb4, 0xdb, 0x31, -+ 0xb7, 0x83, 0x6c, 0x67, 0x87, 0x98, 0x8b, 0xce, 0x1b, 0x30, 0x7a, 0xfa, 0x35, -+ 0x6c, 0x86, 0x20, 0x74, 0xc5, 0x7d, 0x32, 0x31, 0x18, 0xeb, 0x69, 0xf7, 0x2d, -+ 0x20, 0xc4, 0xf0, 0xd2, 0xfa, 0x67, 0x81, 0xc1, 0xbb, 0x23, 0xbb, 0x75, 0x1a, -+ 0xe4, 0xb4, 0x49, 0x99, 0xdf, 0x12, 0x4c, 0xe3, 0x6d, 0x76, 0x24, 0x85, 0x24, -+ 0xae, 0x5a, 0x9e, 0xbd, 0x54, 0x1c, 0xf9, 0x0e, 0xed, 0x96, 0xb5, 0xd8, 0xa2, -+ 0x0d, 0x2a, 0x38, 0x5d, 0x12, 0x97, 0xb0, 0x4d, 0x75, 0x85, 0x1e, 0x47, 0x6d, -+ 0xe1, 0x25, 0x59, 0xcb, 0xe9, 0x33, 0x86, 0x6a, 0xef, 0x98, 0x24, 0xa0, 0x2b, -+ 0x02, 0x7b, 0xc0, 0x9f, 0x88, 0x03, 0xb0, 0xbe, 0x22, 0x65, 0x83, 0x77, 0xb3, -+ 0x30, 0xba, 0xe0, 0x3b, 0x54, 0x31, 0x3a, 0x45, 0x81, 0x9c, 0x48, 0xaf, 0xc1, -+ 0x11, 0x5b, 0xf2, 0x3a, 0x1e, 0x33, 0x1b, 0x8f, 0x0e, 0x04, 0xa4, 0x16, 0xd4, -+ 0x6b, 0x57, 0xee, 0xe7, 0xba, 0xf5, 0xee, 0xaf, 0xe2, 0x4c, 0x50, 0xf8, 0x68, -+ 0x57, 0x88, 0xfb, 0x7f, 0xa3, 0xcf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, -+ 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, -+ 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, -+ 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, -+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x1e, 0x44, 0xe5, 0xef, 0xcd, 0x6e, -+ 0x1f, 0xdb, 0xcb, 0x4f, 0x94, 0x8f, 0xe3, 0x3b, 0x1a, 0x8c, 0xe6, 0x95, 0x29, -+ 0x61, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, -+ 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x12, 0x9c, 0x3e, 0x38, -+ 0xfc, 0x26, 0xea, 0x6d, 0xb7, 0x5c, 0x29, 0x3c, 0x76, 0x20, 0x0c, 0xb2, 0xa9, -+ 0x0f, 0xdf, 0xc0, 0x85, 0xfe, 0xeb, 0xec, 0x1d, 0x5d, 0x73, 0x84, 0xac, 0x8a, -+ 0xb4, 0x2a, 0x86, 0x38, 0x30, 0xaf, 0xd2, 0x2d, 0x2a, 0xde, 0x54, 0xc8, 0x5c, -+ 0x29, 0x90, 0x24, 0xf2, 0x39, 0xc1, 0xa5, 0x00, 0xb4, 0xb7, 0xd8, 0xdc, 0x59, -+ 0x64, 0x50, 0x62, 0x5f, 0x54, 0xf1, 0x73, 0x02, 0x4d, 0x43, 0xc5, 0xc3, 0xc4, -+ 0x0e, 0x62, 0x60, 0x8c, 0x53, 0x66, 0x57, 0x77, 0xb5, 0x81, 0xda, 0x1f, 0x81, -+ 0xda, 0xe9, 0xd6, 0x5e, 0x82, 0xce, 0xa7, 0x5c, 0xc0, 0xa6, 0xbe, 0x9c, 0x5c, -+ 0x7b, 0xa5, 0x15, 0xc8, 0xd7, 0x14, 0x53, 0xd3, 0x5c, 0x1c, 0x9f, 0x8a, 0x9f, -+ 0x66, 0x15, 0xd5, 0xd3, 0x2a, 0x27, 0x0c, 0xee, 0x9f, 0x80, 0x39, 0x88, 0x7b, -+ 0x24, 0xde, 0x0c, 0x61, 0xa3, 0x44, 0xd8, 0x8d, 0x2e, 0x79, 0xf8, 0x1e, 0x04, -+ 0x5a, 0xcb, 0xd6, 0x9c, 0xa3, 0x22, 0x8f, 0x09, 0x32, 0x1e, 0xe1, 0x65, 0x8f, -+ 0x10, 0x5f, 0xd8, 0x52, 0x56, 0xd5, 0x77, 0xac, 0x58, 0x46, 0x60, 0xba, 0x2e, -+ 0xe2, 0x3f, 0x58, 0x7d, 0x60, 0xfc, 0x31, 0x4a, 0x3a, 0xaf, 0x61, 0x55, 0x5f, -+ 0xfb, 0x68, 0x14, 0x74, 0xda, 0xdc, 0x42, 0x78, 0xcc, 0xee, 0xff, 0x5c, 0x03, -+ 0x24, 0x26, 0x2c, 0xb8, 0x3a, 0x81, 0xad, 0xdb, 0xe7, 0xed, 0xe1, 0x62, 0x84, -+ 0x07, 0x1a, 0xc8, 0xa4, 0x4e, 0xb0, 0x87, 0xf7, 0x96, 0xd8, 0x33, 0x9b, 0x0d, -+ 0xa7, 0x77, 0xae, 0x5b, 0xaf, 0xad, 0xe6, 0x5a, 0xc9, 0xfa, 0xa4, 0xe4, 0xe5, -+ 0x57, 0xbb, 0x97, 0xdd, 0x92, 0x85, 0xd8, 0x03, 0x45, 0xfe, 0xd8, 0x6b, 0xb1, -+ 0xdb, 0x85, 0x36, 0xb9, 0xd9, 0x28, 0xbf, 0x17, 0xae, 0x11, 0xde, 0x10, 0x19, -+ 0x26, 0x5b, 0xc0, 0x3d, 0xc7 -+}; -+ -+// -+// Second KEK: "Microsoft Corporation KEK CA 2011". -+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 -+// -+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. -+// -+STATIC CONST UINT8 MicrosoftKEK[] = { -+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, -+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, -+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, -+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, -+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, -+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, -+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, -+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, -+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, -+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, -+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, -+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, -+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, -+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, -+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, -+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, -+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, -+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, -+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, -+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, -+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, -+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, -+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, -+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, -+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, -+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, -+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, -+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, -+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, -+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, -+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, -+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, -+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, -+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, -+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, -+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, -+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, -+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, -+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, -+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, -+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, -+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, -+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, -+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, -+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, -+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, -+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, -+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, -+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, -+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, -+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, -+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, -+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, -+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, -+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, -+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, -+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, -+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, -+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, -+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, -+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, -+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, -+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, -+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, -+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, -+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, -+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, -+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, -+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, -+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, -+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, -+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, -+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, -+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, -+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, -+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, -+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, -+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, -+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, -+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, -+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, -+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, -+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, -+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, -+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, -+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, -+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e -+}; -+ -+// -+// First DB entry: "Microsoft Windows Production PCA 2011" -+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d -+// -+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain -+// rooted in this certificate. -+// -+STATIC CONST UINT8 MicrosoftPCA[] = { -+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, -+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, -+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, -+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, -+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, -+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, -+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, -+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, -+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, -+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, -+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, -+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, -+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, -+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, -+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, -+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, -+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, -+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, -+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, -+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, -+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, -+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, -+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, -+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, -+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, -+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, -+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, -+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, -+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, -+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, -+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, -+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, -+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, -+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, -+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, -+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, -+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, -+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, -+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, -+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, -+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, -+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, -+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, -+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, -+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, -+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, -+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, -+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, -+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, -+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, -+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, -+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, -+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, -+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, -+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, -+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, -+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, -+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, -+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, -+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, -+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, -+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, -+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, -+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, -+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, -+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, -+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, -+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, -+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, -+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, -+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, -+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, -+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, -+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, -+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, -+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, -+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, -+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, -+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, -+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, -+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, -+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, -+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, -+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, -+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, -+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, -+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, -+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, -+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, -+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, -+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, -+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, -+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, -+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, -+ 0x62, 0x1c, 0x59, 0x7e -+}; -+ -+// -+// Second DB entry: "Microsoft Corporation UEFI CA 2011" -+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 -+// -+// To verify the "shim" binary and PCI expansion ROMs with. -+// -+STATIC CONST UINT8 MicrosoftUefiCA[] = { -+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, -+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, -+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, -+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, -+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, -+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, -+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, -+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, -+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, -+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, -+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, -+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, -+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, -+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, -+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, -+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, -+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, -+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, -+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, -+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, -+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, -+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, -+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, -+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, -+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, -+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, -+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, -+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, -+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, -+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, -+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, -+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, -+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, -+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, -+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, -+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, -+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, -+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, -+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, -+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, -+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, -+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, -+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, -+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, -+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, -+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, -+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, -+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, -+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, -+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, -+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, -+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, -+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, -+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, -+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, -+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, -+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, -+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, -+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, -+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, -+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, -+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, -+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, -+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, -+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, -+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, -+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, -+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, -+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, -+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, -+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, -+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, -+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, -+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, -+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, -+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, -+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, -+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, -+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, -+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, -+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, -+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, -+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, -+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, -+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 -+}; -+ -+// -+// The most important thing about the variable payload is that it is a list of -+// lists, where the element size of any given *inner* list is constant. -+// -+// Since X509 certificates vary in size, each of our *inner* lists will contain -+// one element only (one X.509 certificate). This is explicitly mentioned in -+// the UEFI specification, in "28.4.1 Signature Database", in a Note. -+// -+// The list structure looks as follows: -+// -+// struct EFI_VARIABLE_AUTHENTICATION_2 { | -+// struct EFI_TIME { | -+// UINT16 Year; | -+// UINT8 Month; | -+// UINT8 Day; | -+// UINT8 Hour; | -+// UINT8 Minute; | -+// UINT8 Second; | -+// UINT8 Pad1; | -+// UINT32 Nanosecond; | -+// INT16 TimeZone; | -+// UINT8 Daylight; | -+// UINT8 Pad2; | -+// } TimeStamp; | -+// | -+// struct WIN_CERTIFICATE_UEFI_GUID { | | -+// struct WIN_CERTIFICATE { | | -+// UINT32 dwLength; ----------------------------------------+ | -+// UINT16 wRevision; | | -+// UINT16 wCertificateType; | | -+// } Hdr; | +- DataSize -+// | | -+// EFI_GUID CertType; | | -+// UINT8 CertData[1] = { <--- "struct hack" | | -+// struct EFI_SIGNATURE_LIST { | | | -+// EFI_GUID SignatureType; | | | -+// UINT32 SignatureListSize; -------------------------+ | | -+// UINT32 SignatureHeaderSize; | | | -+// UINT32 SignatureSize; ---------------------------+ | | | -+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -+// v | | | -+// struct EFI_SIGNATURE_DATA { | | | | -+// EFI_GUID SignatureOwner; | | | | -+// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -+// X.509 payload | | | | -+// } | | | | -+// } Signatures[]; | | | -+// } SigLists[]; | | -+// }; | | -+// } AuthInfo; | | -+// }; | -+// -+// Given that the "struct hack" invokes undefined behavior (which is why C99 -+// introduced the flexible array member), and because subtracting those pesky -+// sizes of 1 is annoying, and because the format is fully specified in the -+// UEFI specification, we'll introduce two matching convenience structures that -+// are customized for our X.509 purposes. -+// -+#pragma pack(1) -+typedef struct { -+ EFI_TIME TimeStamp; -+ -+ // -+ // dwLength covers data below -+ // -+ UINT32 dwLength; -+ UINT16 wRevision; -+ UINT16 wCertificateType; -+ EFI_GUID CertType; -+} SINGLE_HEADER; -+ -+typedef struct { -+ // -+ // SignatureListSize covers data below -+ // -+ EFI_GUID SignatureType; -+ UINT32 SignatureListSize; -+ UINT32 SignatureHeaderSize; // constant 0 -+ UINT32 SignatureSize; -+ -+ // -+ // SignatureSize covers data below -+ // -+ EFI_GUID SignatureOwner; -+ -+ // -+ // X.509 certificate follows -+ // -+} REPEATING_HEADER; -+#pragma pack() -+ -+/** -+ Enroll a set of DER-formatted X.509 certificates in a global variable, -+ overwriting it. -+ -+ The variable will be rewritten with NV+BS+RT+AT attributes. -+ -+ @param[in] VariableName The name of the variable to overwrite. -+ -+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to -+ overwrite. -+ -+ @param[in] ... A list of -+ -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ IN CONST EFI_GUID *OwnerGuid -+ -+ triplets. If the first component of a triplet is -+ NULL, then the other two components are not -+ accessed, and processing is terminated. The list of -+ X.509 certificates is enrolled in the variable -+ specified, overwriting it. The OwnerGuid component -+ identifies the agent installing the certificate. -+ -+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert -+ value is NULL), or one of the CertSize values -+ is 0, or one of the CertSize values would -+ overflow the accumulated UINT32 data size. -+ -+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable -+ payload. -+ -+ @retval EFI_SUCCESS Enrollment successful; the variable has been -+ overwritten (or created). -+ -+ @return Error codes from gRT->GetTime() and -+ gRT->SetVariable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+EnrollListOfX509Certs ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ ... -+ ) -+{ -+ UINTN DataSize; -+ SINGLE_HEADER *SingleHeader; -+ REPEATING_HEADER *RepeatingHeader; -+ VA_LIST Marker; -+ CONST UINT8 *Cert; -+ EFI_STATUS Status = EFI_SUCCESS; -+ UINT8 *Data; -+ UINT8 *Position; -+ -+ // -+ // compute total size first, for UINT32 range check, and allocation -+ // -+ DataSize = sizeof *SingleHeader; -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ (VOID)VA_ARG (Marker, CONST EFI_GUID *); -+ -+ if (CertSize == 0 || -+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || -+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { -+ Status = EFI_INVALID_PARAMETER; -+ break; -+ } -+ DataSize += sizeof *RepeatingHeader + CertSize; -+ } -+ VA_END (Marker); -+ -+ if (DataSize == sizeof *SingleHeader) { -+ Status = EFI_INVALID_PARAMETER; -+ } -+ if (EFI_ERROR (Status)) { -+ goto Out; -+ } -+ -+ Data = AllocatePool (DataSize); -+ if (Data == NULL) { -+ Status = EFI_OUT_OF_RESOURCES; -+ goto Out; -+ } -+ -+ Position = Data; -+ -+ SingleHeader = (SINGLE_HEADER *)Position; -+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); -+ if (EFI_ERROR (Status)) { -+ goto FreeData; -+ } -+ SingleHeader->TimeStamp.Pad1 = 0; -+ SingleHeader->TimeStamp.Nanosecond = 0; -+ SingleHeader->TimeStamp.TimeZone = 0; -+ SingleHeader->TimeStamp.Daylight = 0; -+ SingleHeader->TimeStamp.Pad2 = 0; -+#if 0 -+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; -+#else -+ // -+ // This looks like a bug in edk2. According to the UEFI specification, -+ // dwLength is "The length of the entire certificate, including the length of -+ // the header, in bytes". That shouldn't stop right after CertType -- it -+ // should include everything below it. -+ // -+ SingleHeader->dwLength = sizeof *SingleHeader -+ - sizeof SingleHeader->TimeStamp; -+#endif -+ SingleHeader->wRevision = 0x0200; -+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; -+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); -+ Position += sizeof *SingleHeader; -+ -+ VA_START (Marker, VendorGuid); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ CONST EFI_GUID *OwnerGuid; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); -+ -+ RepeatingHeader = (REPEATING_HEADER *)Position; -+ CopyGuid (&RepeatingHeader->SignatureType, &gEfiCertX509Guid); -+ RepeatingHeader->SignatureListSize = sizeof *RepeatingHeader + CertSize; -+ RepeatingHeader->SignatureHeaderSize = 0; -+ RepeatingHeader->SignatureSize = -+ sizeof RepeatingHeader->SignatureOwner + CertSize; -+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); -+ Position += sizeof *RepeatingHeader; -+ -+ CopyMem (Position, Cert, CertSize); -+ Position += CertSize; -+ } -+ VA_END (Marker); -+ -+ ASSERT (Data + DataSize == Position); -+ -+ Status = gRT->SetVariable (VariableName, VendorGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), -+ DataSize, Data); -+ -+FreeData: -+ FreePool (Data); -+ -+Out: -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, -+ VendorGuid, Status); -+ } -+ return Status; -+} -+ -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetExact ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ OUT VOID *Data, -+ IN UINTN DataSize, -+ IN BOOLEAN AllowMissing -+ ) -+{ -+ UINTN Size; -+ EFI_STATUS Status; -+ -+ Size = DataSize; -+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); -+ if (EFI_ERROR (Status)) { -+ if (Status == EFI_NOT_FOUND && AllowMissing) { -+ ZeroMem (Data, DataSize); -+ return EFI_SUCCESS; -+ } -+ -+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, -+ VendorGuid, Status); -+ return Status; -+ } -+ -+ if (Size != DataSize) { -+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " -+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); -+ return EFI_PROTOCOL_ERROR; -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+typedef struct { -+ UINT8 SetupMode; -+ UINT8 SecureBoot; -+ UINT8 SecureBootEnable; -+ UINT8 CustomMode; -+ UINT8 VendorKeys; -+} SETTINGS; -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetSettings ( -+ OUT SETTINGS *Settings -+ ) -+{ -+ EFI_STATUS Status; -+ -+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, -+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, -+ sizeof Settings->SecureBootEnable, TRUE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); -+ return Status; -+} -+ -+STATIC -+VOID -+EFIAPI -+PrintSettings ( -+ IN CONST SETTINGS *Settings -+ ) -+{ -+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " -+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, -+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); -+} -+ -+ -+INTN -+EFIAPI -+ShellAppMain ( -+ IN UINTN Argc, -+ IN CHAR16 **Argv -+ ) -+{ -+ EFI_STATUS Status; -+ SETTINGS Settings; -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 1) { -+ AsciiPrint ("error: already in User Mode\n"); -+ return 1; -+ } -+ -+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { -+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS), -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_IMAGE_SECURITY_DATABASE, -+ &gEfiImageSecurityDatabaseGuid, -+ MicrosoftPCA, sizeof MicrosoftPCA, &gEfiCallerIdGuid, -+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_KEY_EXCHANGE_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiCallerIdGuid, -+ MicrosoftKEK, sizeof MicrosoftKEK, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfX509Certs ( -+ EFI_PLATFORM_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ ExampleCert, sizeof ExampleCert, &gEfiGlobalVariableGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || -+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || -+ Settings.VendorKeys != 0) { -+ AsciiPrint ("error: unexpected\n"); -+ return 1; -+ } -+ -+ AsciiPrint ("info: success\n"); -+ return 0; -+} -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -new file mode 100644 -index 0000000..ac919bb ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -@@ -0,0 +1,51 @@ -+## @file -+# Enroll default PK, KEK, DB. -+# -+# Copyright (C) 2014, Red Hat, Inc. -+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license. -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+## -+ -+[Defines] -+ INF_VERSION = 0x00010006 -+ BASE_NAME = EnrollDefaultKeys -+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A -+ MODULE_TYPE = UEFI_APPLICATION -+ VERSION_STRING = 0.1 -+ ENTRY_POINT = ShellCEntryLib -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ EnrollDefaultKeys.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ SecurityPkg/SecurityPkg.dec -+ ShellPkg/ShellPkg.dec -+ -+[Guids] -+ gEfiCertPkcs7Guid -+ gEfiCertX509Guid -+ gEfiCustomModeEnableGuid -+ gEfiGlobalVariableGuid -+ gEfiImageSecurityDatabaseGuid -+ gEfiSecureBootEnableDisableGuid -+ -+[LibraryClasses] -+ BaseMemoryLib -+ DebugLib -+ MemoryAllocationLib -+ ShellCEntryLib -+ UefiLib -+ UefiRuntimeServicesTableLib -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index fa9661c..e2e6ba3 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -764,6 +764,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 667584a..a0ae1aa 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -773,6 +773,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 5ae8469..87cee52 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -771,6 +771,10 @@ -
- !if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ <LibraryClasses> -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif
-
- OvmfPkg/PlatformDxe/Platform.inf
diff --git a/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch index 25e5b58e7..1b65348e8 100644 --- a/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch +++ b/poky/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch @@ -9,12 +9,26 @@ Index: git/BaseTools/Conf/tools_def.template =================================================================== --- git.orig/BaseTools/Conf/tools_def.template +++ git/BaseTools/Conf/tools_def.template -@@ -4368,7 +4368,7 @@ DEFINE GCC_IPF_RC_FLAGS = -I +@@ -1736,10 +1736,10 @@ DEFINE GCC_X64_RC_FLAGS = -I binary -O elf64-x86-64 -B i386 DEFINE GCC_ARM_RC_FLAGS = -I binary -O elf32-littlearm -B arm --rename-section .data=.hii
DEFINE GCC_AARCH64_RC_FLAGS = -I binary -O elf64-littleaarch64 -B aarch64 --rename-section .data=.hii
--DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
-+DEFINE GCC44_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
- DEFINE GCC44_IA32_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie
- DEFINE GCC44_X64_CC_FLAGS = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables
- DEFINE GCC44_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie
+-DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
++DEFINE GCC48_ALL_CC_FLAGS = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
+ DEFINE GCC48_IA32_X64_DLINK_COMMON = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
+-DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address
+-DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address
++DEFINE GCC48_IA32_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -D EFI32 -fno-asynchronous-unwind-tables -Wno-address
++DEFINE GCC48_X64_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) -m64 "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address
+ DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
+ DEFINE GCC48_IA32_X64_DLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
+ DEFINE GCC48_IA32_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
+@@ -1748,7 +1748,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF + DEFINE GCC48_ASM_FLAGS = DEF(GCC_ASM_FLAGS)
+ DEFINE GCC48_ARM_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
+ DEFINE GCC48_AARCH64_ASM_FLAGS = $(ARCHASM_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
+-DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -fstack-protector -mword-relocations
++DEFINE GCC48_ARM_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -mword-relocations
+ DEFINE GCC48_ARM_CC_XIPFLAGS = DEF(GCC_ARM_CC_XIPFLAGS)
+ DEFINE GCC48_AARCH64_CC_FLAGS = $(ARCHCC_FLAGS) $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS)
+ DEFINE GCC48_AARCH64_CC_XIPFLAGS = DEF(GCC_AARCH64_CC_XIPFLAGS)
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb index 71828d8d8..b569b593f 100644 --- a/poky/meta/recipes-core/ovmf/ovmf_git.bb +++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb @@ -4,7 +4,7 @@ Virtual Machines. OVMF contains sample UEFI firmware for QEMU and KVM" HOMEPAGE = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF" LICENSE = "BSD" LICENSE_class-target = "${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'BSD & OpenSSL', 'BSD', d)}" -LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3496" +LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=06357ddc23f46577c2aeaeaf7b776d65" # Enabling Secure Boot adds a dependency on OpenSSL and implies # compiling OVMF twice, so it is disabled by default. Distros @@ -12,30 +12,16 @@ LIC_FILES_CHKSUM = "file://OvmfPkg/License.txt;md5=343dc88e82ff33d042074f62050c3 PACKAGECONFIG ??= "" PACKAGECONFIG[secureboot] = ",,," -SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \ - file://0001-ia32-Dont-use-pie.patch \ +SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=git \ file://0002-ovmf-update-path-to-native-BaseTools.patch \ file://0003-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch \ file://0004-ovmf-enable-long-path-file.patch \ - file://VfrCompile-increase-path-length-limit.patch \ file://no-stack-protector-all-archs.patch \ - file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \ - file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \ - file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \ - file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \ " -UPSTREAM_VERSION_UNKNOWN = "1" -OPENSSL_RELEASE = "openssl-1.1.0e" - -SRC_URI_append_class-target = " \ - ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'http://www.openssl.org/source/${OPENSSL_RELEASE}.tar.gz;name=openssl;subdir=${S}/CryptoPkg/Library/OpensslLib', '', d)} \ - file://0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch \ -" - -SRCREV="ec4910cd3336565fdb61dafdd9ec4ae7a6160ba3" -SRC_URI[openssl.md5sum] = "51c42d152122e474754aea96f66928c6" -SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c" +PV = "edk2-stable201905" +SRCREV="20d2e5a125e34fc8501026613a71549b2a1a3e54" +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" inherit deploy @@ -44,7 +30,7 @@ PARALLEL_MAKE = "" S = "${WORKDIR}/git" DEPENDS_class-native="util-linux-native iasl-native" -DEPENDS_class-target="ovmf-native" +DEPENDS_class-target="ovmf-native bc-native" DEPENDS_append = " nasm-native" @@ -61,6 +47,8 @@ COMPATIBLE_HOST='(i.86|x86_64).*' OVMF_SECURE_BOOT_EXTRA_FLAGS ??= "" OVMF_SECURE_BOOT_FLAGS = "-DSECURE_BOOT_ENABLE=TRUE ${OVMF_SECURE_BOOT_EXTRA_FLAGS}" +export PYTHON_COMMAND = "${HOSTTOOLS_DIR}/python3" + do_patch[postfuncs] += "fix_basetools_location" fix_basetools_location () { } @@ -191,12 +179,9 @@ do_compile_class-target() { ln ${build_dir}/${OVMF_ARCH}/Shell.efi ${WORKDIR}/ovmf/ if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then - # See CryptoPkg/Library/OpensslLib/Patch-HOWTO.txt and - # https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/ for - # building with Secure Boot enabled. + # Repeat build with the Secure Boot flags. bbnote "Building with Secure Boot." rm -rf ${S}/Build/Ovmf$OVMF_DIR_SUFFIX - ln -sf ${OPENSSL_RELEASE} ${S}/CryptoPkg/Library/OpensslLib/openssl ${S}/OvmfPkg/build.sh $PARALLEL_JOBS -a $OVMF_ARCH -b RELEASE -t ${FIXED_GCCVER} ${OVMF_SECURE_BOOT_FLAGS} ln ${build_dir}/FV/OVMF.fd ${WORKDIR}/ovmf/ovmf.secboot.fd ln ${build_dir}/FV/OVMF_CODE.fd ${WORKDIR}/ovmf/ovmf.secboot.code.fd @@ -233,6 +218,7 @@ FILES_ovmf-shell-efi = " \ DEPLOYDEP = "" DEPLOYDEP_class-target = "qemu-system-native:do_populate_sysroot" +DEPLOYDEP_class-target += " ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'openssl-native:do_populate_sysroot', '', d)}" do_deploy[depends] += "${DEPLOYDEP}" do_deploy() { @@ -248,6 +234,13 @@ do_deploy_class-target() { ; do qemu-img convert -f raw -O qcow2 ${WORKDIR}/ovmf/$i.fd ${DEPLOYDIR}/$i.qcow2 done + + if ${@bb.utils.contains('PACKAGECONFIG', 'secureboot', 'true', 'false', d)}; then + # Create a test Platform Key and first Key Exchange Key to use with EnrollDefaultKeys + openssl req -new -x509 -newkey rsa:2048 -keyout ${DEPLOYDIR}/OvmfPkKek1.key \ + -out ${DEPLOYDIR}/OvmfPkKek1.crt -nodes -days 20 -subj "/CN=OVMFSecBootTest" + openssl x509 -in ${DEPLOYDIR}/OvmfPkKek1.crt -out ${DEPLOYDIR}/OvmfPkKek1.pem -outform PEM + fi } addtask do_deploy after do_compile before do_build diff --git a/poky/meta/recipes-core/systemd/systemd-boot_242.bb b/poky/meta/recipes-core/systemd/systemd-boot_242.bb index 56e68a3d4..56a25c35b 100644 --- a/poky/meta/recipes-core/systemd/systemd-boot_242.bb +++ b/poky/meta/recipes-core/systemd/systemd-boot_242.bb @@ -8,6 +8,7 @@ DEPENDS = "intltool-native libcap util-linux gnu-efi gperf-native" SRC_URI += "file://0001-Revert-meson-use-an-array-option-for-efi-cc.patch \ file://0001-Revert-meson-print-EFI-CC-configuration-nicely.patch \ file://0001-Fix-to-run-efi_cc-and-efi_ld-correctly-when-cross-co.patch \ + file://0001-meson-Add-Defi-objcopy-option-to-specify-objcopy.patch \ " inherit meson pkgconfig gettext @@ -22,6 +23,7 @@ EXTRA_OEMESON += "-Defi=true \ -Dman=false \ -Defi-cc='${EFI_CC}' \ -Defi-ld='${LD}' \ + -Defi-objcopy='${OBJCOPY}' \ " # install to the image as boot*.efi if its the EFI_PROVIDER, diff --git a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl index 8d7b3ba32..8837f54e1 100755 --- a/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl +++ b/poky/meta/recipes-core/systemd/systemd-systemctl/systemctl @@ -28,6 +28,10 @@ class SystemdFile(): def __init__(self, root, path): self.sections = dict() self._parse(root, path) + dirname = os.path.basename(path.name) + ".d" + for location in locations: + for path2 in sorted((root / location / "system" / dirname).glob("*.conf")): + self._parse(root, path2) def _parse(self, root, path): """Parse a systemd syntax configuration file @@ -56,8 +60,11 @@ class SystemdFile(): line = line.rstrip("\n") m = section_re.match(line) if m: - section = dict() - self.sections[m.group('section')] = section + if m.group('section') not in self.sections: + section = dict() + self.sections[m.group('section')] = section + else: + section = self.sections[m.group('section')] continue while line.endswith("\\"): diff --git a/poky/meta/recipes-core/systemd/systemd/0001-meson-Add-Defi-objcopy-option-to-specify-objcopy.patch b/poky/meta/recipes-core/systemd/systemd/0001-meson-Add-Defi-objcopy-option-to-specify-objcopy.patch new file mode 100644 index 000000000..7d764b411 --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/0001-meson-Add-Defi-objcopy-option-to-specify-objcopy.patch @@ -0,0 +1,48 @@ +From 3f37ad5e083dcad51c21c1050b2829b70d240b52 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 6 Aug 2019 03:10:20 +0000 +Subject: [PATCH] meson: Add -Defi-objcopy option to specify objcopy + +This helps in cross compiling for x86 target on a aarch64 host e.g. +Fixes +TOPDIR/build/tmp/hosttools/objcopy:src/boot/efi/systemd_boot.so: Invalid bfd target + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + meson_options.txt | 2 ++ + src/boot/efi/meson.build | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/meson_options.txt b/meson_options.txt +index d4ec37dda2..dc1c96e112 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -296,6 +296,8 @@ option('efi-cc', type : 'array', + description : 'the compiler to use for EFI modules') + option('efi-ld', type : 'string', + description : 'the linker to use for EFI modules') ++option('efi-objcopy', type : 'string', ++ description : 'the objcopy to use for EFI') + option('efi-libdir', type : 'string', + description : 'path to the EFI lib directory') + option('efi-ldsdir', type : 'string', +diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build +index 0ae3191635..5a7137bc84 100644 +--- a/src/boot/efi/meson.build ++++ b/src/boot/efi/meson.build +@@ -88,7 +88,10 @@ if have_gnu_efi + output : 'efi_config.h', + configuration : efi_conf) + +- objcopy = find_program('objcopy') ++ objcopy = get_option('efi-objcopy') ++ if objcopy == '' ++ objcopy = find_program('objcopy', required: true) ++ endif + + efi_ldsdir = get_option('efi-ldsdir') + arch_lds = 'elf_@0@_efi.lds'.format(gnu_efi_path_arch) +-- +2.17.1 + |