search

rhboot / shim

UEFI shim loader
Other
848 stars 290 forks source link

Error sensibly if VENDOR_*_FILE not provided #501

Closed k1llerk3ks closed 2 years ago

k1llerk3ks commented 2 years ago

I've tried building shim on a debianoid system, and i received the following error:

root@localhost:~/shim# make install
gcc -std=gnu11 -ggdb -ffreestanding -fmacro-prefix-map=/root/shim/= -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -Os -Wall -Wextra -Wno-missing-field-initializers  -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args  -m64 -DMDE_CPU_X64 -DPAGE_SIZE=4096 -Werror -nostdinc -I/root/shim/Cryptlib -I/root/shim/Cryptlib/Include -I/root/shim/gnu-efi/inc -I/root/shim/gnu-efi/inc/x86_64 -I/root/shim/gnu-efi/inc/protocol -I/root/shim/include -iquote /root/shim -iquote /root/shim -isystem /root/shim/include/system -isystem /usr/lib/gcc/x86_64-linux-gnu/11/include -DDEFAULT_LOADER='L"\\\\grubx64.efi"' -DDEFAULT_LOADER_CHAR='"\\\\grubx64.efi"' -DEFI_ARCH='L"x64"' -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/x64-15.6/"' -x c -c -o sbat_data.o /dev/null
objcopy --add-section .sbat=/root/shim/data/sbat.csv \
        --set-section-flags .sbat=contents,alloc,load,readonly,data \
        sbat_data.o
ld -o shimx64.so --hash-style=sysv -nostdlib -znocombreloc -T /root/shim/elf_x86_64_efi.lds -shared -Bsymbolic -Lgnu-efi/x86_64/gnuefi -Lgnu-efi/x86_64/lib -LCryptlib -LCryptlib/OpenSSL gnu-efi/x86_64/gnuefi/crt0-efi-x86_64.o --build-id=sha1  --no-undefined shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a gnu-efi/x86_64/lib/libefi.a gnu-efi/x86_64/gnuefi/libgnuefi.a -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group /usr/lib/gcc/x86_64-linux-gnu/11/libgcc.a lib/lib.a
ld: warning: sbat_var.o: missing .note.GNU-stack section implies executable stack
ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld: shim.o: in function `shim_init':
/root/shim/shim.c:1530: undefined reference to `vendor_null_size'
ld: shim.o: in function `efi_main':
/root/shim/shim.c:1661: undefined reference to `vendor_null_size'
ld: /root/shim/shim.c:1662: undefined reference to `vendor_null'
make: *** [Makefile:137: shimx64.so] Error 1

The Build then fails - maybe someone knows, what i've done wrong - or maybe this is a bug and needs to be reported this way. Thanks for your help

julian-klode commented 2 years ago

You need to define either VENDOR_DB_FILE or VENDOR_CERT_FILE, if you don't tell shim what is allowed to sign stuff, it's not going to accept stuff. I wonder if the code should #error instead of defining a non-existent null vendor.