From 1508ece179267943bad5851010eba8c00570c0ed Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 17 Jan 2025 14:13:46 -0500 Subject: [PATCH] Move is_removable_media_path() to a shared location. We need to use is_removable_media_path(), and potentially other helpers, from Mok as well as shim. This moves it to a file just for Device Path utility functions to make that simpler. Signed-off-by: Peter Jones --- Makefile | 6 +++--- dp.c | 43 +++++++++++++++++++++++++++++++++++++++++++ include/dp.h | 14 ++++++++++++++ shim.c | 33 --------------------------------- shim.h | 1 + 5 files changed, 61 insertions(+), 36 deletions(-) create mode 100644 dp.c create mode 100644 include/dp.h diff --git a/Makefile b/Makefile index 3d9fd6142..833bcd2a8 100644 --- a/Makefile +++ b/Makefile @@ -38,10 +38,10 @@ CFLAGS += -DENABLE_SHIM_CERT else TARGETS += $(MMNAME) $(FBNAME) endif -OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o pe-relocate.o httpboot.o csv.o load-options.o +OBJS = shim.o globals.o mok.o netboot.o cert.o dp.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o pe-relocate.o httpboot.o csv.o load-options.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c pe-relocate.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S -MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o +ORIG_SOURCES = shim.c globals.c mok.c netboot.c dp.c replacements.c tpm.c errlog.c sbat.c pe.c pe-relocate.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S +MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o dp.o ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o ORIG_FALLBACK_SRCS = fallback.c diff --git a/dp.c b/dp.c new file mode 100644 index 000000000..3fc46f8d8 --- /dev/null +++ b/dp.c @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * dp.c - device path helpers + * Copyright Peter Jones + */ + +#include "shim.h" + +int +is_removable_media_path(EFI_LOADED_IMAGE *li) +{ + unsigned int pathlen = 0; + CHAR16 *bootpath = NULL; + int ret = 0; + + bootpath = DevicePathToStr(li->FilePath); + + /* Check the beginning of the string and the end, to avoid + * caring about which arch this is. */ + /* I really don't know why, but sometimes bootpath gives us + * L"\\EFI\\BOOT\\/BOOTX64.EFI". So just handle that here... + */ + if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && + StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15) && + StrnCaseCmp(bootpath, L"EFI\\BOOT\\BOOT", 13) && + StrnCaseCmp(bootpath, L"EFI\\BOOT\\/BOOT", 14)) + goto error; + + pathlen = StrLen(bootpath); + if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) + goto error; + + ret = 1; + +error: + if (bootpath) + FreePool(bootpath); + + return ret; +} + + +// vim:fenc=utf-8:tw=75:noet diff --git a/include/dp.h b/include/dp.h new file mode 100644 index 000000000..884c1460b --- /dev/null +++ b/include/dp.h @@ -0,0 +1,14 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * dp.h - device path helper functions + * Copyright Peter Jones + */ + +#ifndef DP_H_ +#define DP_H_ + +int +is_removable_media_path(EFI_LOADED_IMAGE *li); + +#endif /* !DP_H_ */ +// vim:fenc=utf-8:tw=75:noet diff --git a/shim.c b/shim.c index bb54993ff..c447c3d35 100644 --- a/shim.c +++ b/shim.c @@ -778,39 +778,6 @@ verify_buffer (char *data, int datasize, return verify_buffer_sbat(data, datasize, context); } -static int -is_removable_media_path(EFI_LOADED_IMAGE *li) -{ - unsigned int pathlen = 0; - CHAR16 *bootpath = NULL; - int ret = 0; - - bootpath = DevicePathToStr(li->FilePath); - - /* Check the beginning of the string and the end, to avoid - * caring about which arch this is. */ - /* I really don't know why, but sometimes bootpath gives us - * L"\\EFI\\BOOT\\/BOOTX64.EFI". So just handle that here... - */ - if (StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\BOOT", 14) && - StrnCaseCmp(bootpath, L"\\EFI\\BOOT\\/BOOT", 15) && - StrnCaseCmp(bootpath, L"EFI\\BOOT\\BOOT", 13) && - StrnCaseCmp(bootpath, L"EFI\\BOOT\\/BOOT", 14)) - goto error; - - pathlen = StrLen(bootpath); - if (pathlen < 5 || StrCaseCmp(bootpath + pathlen - 4, L".EFI")) - goto error; - - ret = 1; - -error: - if (bootpath) - FreePool(bootpath); - - return ret; -} - static int should_use_fallback(EFI_HANDLE image_handle) { diff --git a/shim.h b/shim.h index 5791a031d..c0d8aa954 100644 --- a/shim.h +++ b/shim.h @@ -163,6 +163,7 @@ #include "include/configtable.h" #include "include/console.h" #include "include/crypt_blowfish.h" +#include "include/dp.h" #include "include/efiauthenticated.h" #include "include/errors.h" #include "include/execute.h"