From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1kooG0-0006Gi-Fq
	for mharc-grub-devel@gnu.org; Mon, 14 Dec 2020 08:51:20 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:33076)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mchang@suse.com>) id 1kooFx-0006Dk-Sa
 for grub-devel@gnu.org; Mon, 14 Dec 2020 08:51:18 -0500
Received: from de-smtp-delivery-102.mimecast.com ([51.163.158.102]:27980)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
 (Exim 4.90_1) (envelope-from <mchang@suse.com>) id 1kooFk-0002GO-Rw
 for grub-devel@gnu.org; Mon, 14 Dec 2020 08:51:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com;
 s=mimecast20200619; t=1607953860;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=EJa9GNETJlcwSnb74hZP3GDG6LNMWWAVJ/3R14U4sEg=;
 b=iKsLiVtTO73UQCe/Vs01Igd49JD2zaKrfkBaeICPi1gMADejz0fkiPc06I+JJQjPC09mtD
 zBraFGjMBWzZgN8j7+prYFnbsk73o8ZYQjdbzyrabECma2B6oni2yQTOomauadIVjzCkMK
 reCuCzn5OYcvRrEf6Xvr6gWiaL9vRNk=
Received: from EUR05-AM6-obe.outbound.protection.outlook.com
 (mail-am6eur05lp2106.outbound.protection.outlook.com [104.47.18.106])
 (Using TLS) by relay.mimecast.com with ESMTP id
 de-mta-31-iZYL9JfhMAOZfZYaNImzCA-1; Mon, 14 Dec 2020 14:50:58 +0100
X-MC-Unique: iZYL9JfhMAOZfZYaNImzCA-1
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SpkEWh17dS43KBuhwM7D7bHGVacQQZ2HtPowTXy8ExUjmD1MQBZ1ZcdRWJra/odyzUsLpAxNI1Tk5tnXDInoZTguVdNfZ+0qL7cKG3zMSUvOBN9L8yocKAfw0dNcDM2VL/3dH0fMzMTrS1d4iF771aHXhWBzrZXapH+UjA2sCB6IaoTJaX65XbdGp0vMKTmA1OuTW349tCTo8pnWlAZGOMz+Ib3udrLVzm+urJFO230QDcnNZY1ORinWqjNWBw7iUMUuurw4Tr9Mj2N00Y4c1tMvBKeobKz8OSIXjx2YzpHiNYkRs/rVHGKHdm9XOOrPEBXTFHXt1UlwM50b3wF25w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=XW1odTQEucnKfyUV+4EEo3817qZbyrmL8acv3Xz+TWQ=;
 b=Sl7crUKFcx39/d5la+mXvut01hKdohyBpvmCf1zXu8S88ivVx0AWzcwfbjobfGe/5OHQNuAwFEPBMmldvWueIdlUzj1y6ABDHHMCgmznB6WutqQ8BAN/ctBN1qbcDF274WE/Ix9naCjE93ble7J8r4lBbm2GRddyUVDCXoqafdrB5jpEVSyDWXz2cAwVCpNHbPCivjpRTcnOPgOoHnJnpf8K69N/R2+Ihztna1HGr2wLfbPqzQO8OvAly+FRmhndyGm4EtnzBHVN4SV6RLnUiRcDwbD3HmKnD9qYcNYxaxYyDMTv1GfH5dhX4um9Uc8dDKisC2JILdbTRBCckfEbTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com;
 dkim=pass header.d=suse.com; arc=none
Authentication-Results: net-space.pl; dkim=none (message not signed)
 header.d=none;net-space.pl; dmarc=none action=none header.from=suse.com;
Received: from VI1PR04MB4991.eurprd04.prod.outlook.com (2603:10a6:803:57::28)
 by VI1PR04MB5087.eurprd04.prod.outlook.com (2603:10a6:803:5d::33)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.21; Mon, 14 Dec
 2020 13:50:58 +0000
Received: from VI1PR04MB4991.eurprd04.prod.outlook.com
 ([fe80::3103:76b1:ed7f:8994]) by VI1PR04MB4991.eurprd04.prod.outlook.com
 ([fe80::3103:76b1:ed7f:8994%7]) with mapi id 15.20.3654.025; Mon, 14 Dec 2020
 13:50:57 +0000
Date: Mon, 14 Dec 2020 21:50:45 +0800
From: Michael Chang <mchang@suse.com>
To: Daniel Kiper <dkiper@net-space.pl>
CC: grub-devel@gnu.org, Javier Martinez Canillas <javierm@redhat.com>,
 Ignat Korchagin <ignat@cloudflare.com>, Peter Jones <pjones@redhat.com>,
 Marco A Benatto <mbenatto@redhat.com>, Leif Lindholm <leif@nuviainc.com>
Subject: Re: [PATCH 8/9] efi: Only register shim_lock verifier if shim_lock
 protocol is found and SB enabled
Message-ID: <20201214135045.GA22092@mercury>
References: <20201203150151.848077-1-javierm@redhat.com>
 <20201203150151.848077-9-javierm@redhat.com>
 <20201208022003.GA5427@mercury>
 <20201210165053.mj3bop5uu6pbcjlo@tomti.i.net-space.pl>
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <20201210165053.mj3bop5uu6pbcjlo@tomti.i.net-space.pl>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Originating-IP: [36.226.47.162]
X-ClientProxiedBy: HK2P15301CA0013.APCP153.PROD.OUTLOOK.COM
 (2603:1096:202:1::23) To VI1PR04MB4991.eurprd04.prod.outlook.com
 (2603:10a6:803:57::28)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from mercury (36.226.47.162) by
 HK2P15301CA0013.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::23) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3700.2 via Frontend Transport; Mon, 14 Dec 2020 13:50:55 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4d4c5726-07df-4ae6-fb35-08d8a03748d3
X-MS-TrafficTypeDiagnostic: VI1PR04MB5087:
X-Microsoft-Antispam-PRVS: <VI1PR04MB50873D51AF1C158C8BF9415BABC70@VI1PR04MB5087.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 5Ix+KdWUkFyP358fvbPvtUEpKM24sXwjgr4zR1xyiTTdrDrBPcXL2KLDI3uYUZbPqbW1bYma7m0gIpntORSrFrbbdzmRBFigY/Fy/Pndkr1rLmhGZHCeCw8qcDFCZOADwQf7dVx1crQ3A/QjI8yO+Wpp5xyZWsS5Ym1RGWx2UisMf7kGioyK7vsY0WiucawnZGlHxujGF3D/0PQyaPOvCh9dn6q6BaqUKmTkWWd+knHfO3O+0FY8nNvtHYBrOFFXjihu4XBH2uEQY+zyF257Rhg1gvw+byKqlKU8AsUaqkh+47nlLJzNJw5qJ3DOYcL/KMpFDOwUG3CQU7yQqm9BB35MBKuLdB8MLuuzqE3aRbXmyaQhQTCU3oSWs3ge2qXx6Rrxh5k1hlADuZjNv8ZShQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:VI1PR04MB4991.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(136003)(396003)(376002)(39860400002)(366004)(346002)(33656002)(66476007)(16526019)(66946007)(66556008)(6496006)(33716001)(186003)(6916009)(956004)(83380400001)(1076003)(966005)(9686003)(6666004)(52116002)(55016002)(4326008)(86362001)(478600001)(9576002)(8936002)(5660300002)(54906003)(316002)(26005)(2906002)(8676002);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?EOQmDEB8PwcqHGqNm8KfKSuVaRqSJOw03w55Y+qoxXYIWGqkIOrPGAzOoiw9?=
 =?us-ascii?Q?HSaOUV4toZsE8XguqJkdwvqoVp6u8l8ID1K3FREQuhcMQOLdqlx7JLhrwce8?=
 =?us-ascii?Q?2hP8zzEmUJsTNFVA4aMNmn/f1+suC1zyiZdJaPkm235XcPtOmta4xyyTAZWG?=
 =?us-ascii?Q?wnGAF7tsH9FDn31or39Ru2lvql2unK8LTsVjjlChwnn6jnRcjIW3LVxRwV+w?=
 =?us-ascii?Q?np6ktPrnLToPaz0FZauqXvpI4uqzSCj/Ekc2piZrxX0O81PtiC911cSde27a?=
 =?us-ascii?Q?HmCQa6e/rj7O4tr91d2/TeuI5t3n8JX8zzWxc5f6lXWKrMoozjUO1fyFdGkN?=
 =?us-ascii?Q?yI3dYYlgMdR0m5E2G7ufoMjXMZOohfXYkVRQw/QeYwgvnN7K8iD6M+uoGtqu?=
 =?us-ascii?Q?4xmdL+28lYJ14zCJSWWVWkPc+NsLIBRAYrL4tNivok30q2QeyZJde7lLy3dS?=
 =?us-ascii?Q?b5+Yyr81xEcEIrdQasvmkTpD0shnb+jnDGb4UClU2A1Zc6cta83yCJcn2TQb?=
 =?us-ascii?Q?Yfd2coDxTYYUbXIMTLxv4K1qQx+uiIZVXAUdm99+0inZZtSVlE61UPm4oDUU?=
 =?us-ascii?Q?yd2ZAEUm1k77yaSRnOQVttnzXUApt2N78nYvBs9ZmFBaOyYp86GBCFUbAM0S?=
 =?us-ascii?Q?hneARGetHgY+TyKtsim1vL4NQoRV4ValgDpsZgbVviI8yOf4IJACiJDoaJWe?=
 =?us-ascii?Q?ogAa+wyVJC1tfPD8U/7Fzk8Qlw3+EYHTPUQlT5iaIqOQ9xbmtl/u66lQoED9?=
 =?us-ascii?Q?bIOLHDRLXD1hNanXS63zKNQoIu+Oj1M+AGxgs4XtegmSTY713sg7416OLB5l?=
 =?us-ascii?Q?0CkFJ1W4scFSp51pG0utB/wE6BjMMvASC3aMmO/ipkOe7IBxFXJkJCYRswjo?=
 =?us-ascii?Q?M7nouJU5iYVsJVT7V75f0NFLmnj8oVetfdaF0LgQ1waXtEyZ6sGxeKioL7o+?=
 =?us-ascii?Q?TDiTMtM/hj7mna8Wqx5wnRm0WMCMrvpl/eUVSmhfpCj289qpmcZLB4kU8HPS?=
 =?us-ascii?Q?T+hx?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB4991.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2020 13:50:57.6533 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d4c5726-07df-4ae6-fb35-08d8a03748d3
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: YC4Y5aWRnxC2s0UftUygFZpbUuFt9CAFnkjR8PLF/qwdHLtuKDkjH2UVRpqscQ+0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB5087
Received-SPF: pass client-ip=51.163.158.102; envelope-from=mchang@suse.com;
 helo=de-smtp-delivery-102.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2020 13:51:18 -0000

On Thu, Dec 10, 2020 at 05:50:53PM +0100, Daniel Kiper wrote:
> On Tue, Dec 08, 2020 at 10:20:03AM +0800, Michael Chang via Grub-devel wr=
ote:
> > On Thu, Dec 03, 2020 at 04:01:49PM +0100, Javier Martinez Canillas wrot=
e:
> > > The shim_lock module registers a verifier to call shim's verify, but =
the
> > > handler is registered even when the shim_lock protocol was not instal=
led.
> > >
> > > This doesn't cause a NULL pointer dereference in shim_lock_write() be=
cause
> > > the shim_lock_init() function just returns GRUB_ERR_NONE if sl isn't =
set.
> > >
> > > But in that case there's no point to even register the shim_lock veri=
fier
> > > since won't do anything. Additionally, it is only useful when Secure =
Boot
> > > is enabled.
> > >
> > > Finally, don't assume that the shim_lock protocol will always be pres=
ent
> > > when the shim_lock_write() function is called, and check for it on ev=
ery
> > > call to this function.
> > >
> > > Reported-by: Michael Chang <mchang@suse.com>
> >
> > To complete the information here, this fixed the problem I tried to
> > solve before, but in a more elegant way. :)
> >
> > https://www.mail-archive.com/grub-devel@gnu.org/msg30738.html
> >
> > Thank you to work on the patch.
>=20
> You are welcome!
>=20
> May I add your Tested-by do this patch?

Sure you can. I have verified that it solved the problem, despite for
the unexpected build error.

../../grub-core/commands/efi/shim_lock.c:121:21: error: implicit declaratio=
n of function =E2=80=98grub_efi_get_secureboot=E2=80=99; did you mean =E2=
=80=98grub_efi_get_device_path=E2=80=99? [-Werror=3Dimplicit-function-decla=
ration]
  121 |   if (sl =3D=3D NULL || grub_efi_get_secureboot () !=3D GRUB_EFI_SE=
CUREBOOT_MODE_ENABLED)

FWIW, the trivial patch I use to get around above build error is
included.

diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/sh=
im_lock.c
index 5259b27e8..b0c3cc178 100644
--- a/grub-core/commands/efi/shim_lock.c
+++ b/grub-core/commands/efi/shim_lock.c
@@ -24,6 +24,7 @@
 #include <grub/file.h>
 #include <grub/misc.h>
 #include <grub/verify.h>
+#include <grub/efi/sb.h>

 GRUB_MOD_LICENSE ("GPLv3+");

Thanks,
Michael

>=20
> Daniel
>=20