Discard load-options that start with a NUL #505
Conversation
|
I thought my fix went in in 15.5 or so to make it ignore load options when running from removable media path so I'm confused how that happens; or confused re having applied the patch |
|
While it's always possible that my ability to read m4 is failing, your changes were gated behind DISABLE_REMOVABLE_LOAD_OPTIONS being defined, and by default it's not. |
|
More generally, that kind of divergence is why I don't like having things gated by options in shim. I think there's a case to be made that the behavior of DISABLE_REMOVABLE_LOAD_OPTIONS should be the default, or at least that DISABLE_REMOVABLE_LOAD_OPTIONS should be default-on, if you'd prefer that. |
|
Ah right, sorry. We enabled that in Ubuntu and I feel like that's sensible as it avoids these issues entirely, but @vathpela had some concerns IIRC. There were a whole bunch more of these issues but we stopped debugging that after disabling it. |
|
It could be straightforward if changing UINT16 to CHAR16 although both are uint16_t : |
In 6c8d08c ("shim: Ignore UEFI LoadOptions that are just NUL characters."), a check was added to discard load options that are entirely NUL. We now see some firmwares that start LoadOptions with a NUL, and then follow it with garbage (path to directory containing loaders). Widen the check to just discard anything that starts with a NUL. Resolves: rhboot#490 Related: rhboot#95 See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
frozencemetery
force-pushed
the
why-nul
branch
from
9b2979b to
72cd577
Compare
|
That's fine, updated. |
|
Thanks for the testing. For those hitting this issue before their distros update the officially signed shim: in my opinion, it is better from a security perspective to run the older, signed shim rather than disabling secureboot to run the patched shim above from #505. (If you're able to enroll your own keys, of course you can have the best of both worlds; and if you're just testing fixes, none of this applies anyway.) |
In 6c8d08c ("shim: Ignore UEFI
LoadOptions that are just NUL characters."), a check was added to
discard load options that are entirely NUL. We now see some firmwares
that start LoadOptions with a NUL, and then follow it with garbage (path
to directory containing loaders). Widen the check to just discard
anything that starts with a NUL.
Resolves: #490
Related: #95
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005
Signed-off-by: Robbie Harwood rharwood@redhat.com