diff options
author | Leah Rowe <leah@libreboot.org> | 2024-10-28 01:36:50 +0000 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2024-10-28 05:03:17 +0000 |
commit | 97054498e9460b1cbc5800817fc0c9d64458536a (patch) | |
tree | e7ee47a2e64f339036785f69f8675f132a4a3fb5 /config/submodule/coreboot | |
parent | f3170fb06ebe5de0fc715dee429d07f44211b052 (diff) |
NEW MAINBOARD: Dell OptiPlex 780 MT
Thanks go to Lorenzo Aloe and Nicholas Chin for working on
and testing this code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'config/submodule/coreboot')
13 files changed, 222 insertions, 0 deletions
diff --git a/config/submodule/coreboot/next/acpica-unix-20230628.tar.gz/module.cfg b/config/submodule/coreboot/next/acpica-unix-20230628.tar.gz/module.cfg new file mode 100644 index 00000000..6dde459a --- /dev/null +++ b/config/submodule/coreboot/next/acpica-unix-20230628.tar.gz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/acpica-unix-20230628.tar.gz" +subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/acpica-unix-20230628.tar.gz" +subhash="d726e69ebd8b8110690e3aff8d1919b43b0a2185efdeb9131ea8d89d321ca3a318a89c721ea740ae366f31ed3d1c11c2906f8807ee8a190e6f67fe5b2023cea4" diff --git a/config/submodule/coreboot/next/binutils-2.43.1.tar.xz/module.cfg b/config/submodule/coreboot/next/binutils-2.43.1.tar.xz/module.cfg new file mode 100644 index 00000000..f3e372a4 --- /dev/null +++ b/config/submodule/coreboot/next/binutils-2.43.1.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.43.1.tar.xz" +subfile_bkup="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.43.1.tar.xz" +subhash="20977ad17729141a2c26d358628f44a0944b84dcfefdec2ba029c2d02f40dfc41cc91c0631044560d2bd6f9a51e1f15846b4b311befbe14f1239f14ff7d57824" diff --git a/config/submodule/coreboot/next/gcc-14.2.0.tar.xz/module.cfg b/config/submodule/coreboot/next/gcc-14.2.0.tar.xz/module.cfg new file mode 100644 index 00000000..9a4892f5 --- /dev/null +++ b/config/submodule/coreboot/next/gcc-14.2.0.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-14.2.0/gcc-14.2.0.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-14.2.0/gcc-14.2.0.tar.xz" +subhash="932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396" diff --git a/config/submodule/coreboot/next/gmp-6.3.0.tar.xz/module.cfg b/config/submodule/coreboot/next/gmp-6.3.0.tar.xz/module.cfg new file mode 100644 index 00000000..fe274faf --- /dev/null +++ b/config/submodule/coreboot/next/gmp-6.3.0.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.3.0.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.3.0.tar.xz" +subhash="e85a0dab5195889948a3462189f0e0598d331d3457612e2d3350799dba2e244316d256f8161df5219538eb003e4b5343f989aaa00f96321559063ed8c8f29fd2" diff --git a/config/submodule/coreboot/next/intel-microcode/module.cfg b/config/submodule/coreboot/next/intel-microcode/module.cfg new file mode 100644 index 00000000..cb6c6d46 --- /dev/null +++ b/config/submodule/coreboot/next/intel-microcode/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/intel-microcode.git" +subrepo_bkup="https://github.com/coreboot/intel-microcode" +subhash="fbfe741896c55b36fcbf0560a68be96286103556" diff --git a/config/submodule/coreboot/next/libgfxinit/module.cfg b/config/submodule/coreboot/next/libgfxinit/module.cfg new file mode 100644 index 00000000..1ba41724 --- /dev/null +++ b/config/submodule/coreboot/next/libgfxinit/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/libgfxinit.git" +subrepo_bkup="https://github.com/coreboot/libgfxinit" +subhash="17cfc92f402493979783585b6581efbd98c0cf07" diff --git a/config/submodule/coreboot/next/libhwbase/module.cfg b/config/submodule/coreboot/next/libhwbase/module.cfg new file mode 100644 index 00000000..2937b8b7 --- /dev/null +++ b/config/submodule/coreboot/next/libhwbase/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/libhwbase.git" +subrepo_bkup="https://github.com/coreboot/libhwbase" +subhash="584629b9f4771b7618951cec57df2ca3af9c6981" diff --git a/config/submodule/coreboot/next/module.list b/config/submodule/coreboot/next/module.list new file mode 100644 index 00000000..8c520e04 --- /dev/null +++ b/config/submodule/coreboot/next/module.list @@ -0,0 +1,11 @@ +3rdparty/intel-microcode +3rdparty/libgfxinit +3rdparty/libhwbase +3rdparty/vboot +util/crossgcc/tarballs/binutils-2.43.1.tar.xz +util/crossgcc/tarballs/gcc-14.2.0.tar.xz +util/crossgcc/tarballs/gmp-6.3.0.tar.xz +util/crossgcc/tarballs/mpc-1.3.1.tar.gz +util/crossgcc/tarballs/mpfr-4.2.1.tar.xz +util/crossgcc/tarballs/nasm-2.16.03.tar.bz2 +util/crossgcc/tarballs/acpica-unix-20230628.tar.gz diff --git a/config/submodule/coreboot/next/mpc-1.3.1.tar.gz/module.cfg b/config/submodule/coreboot/next/mpc-1.3.1.tar.gz/module.cfg new file mode 100644 index 00000000..f98b6444 --- /dev/null +++ b/config/submodule/coreboot/next/mpc-1.3.1.tar.gz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.3.1.tar.gz" +subhash="4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97" diff --git a/config/submodule/coreboot/next/mpfr-4.2.1.tar.xz/module.cfg b/config/submodule/coreboot/next/mpfr-4.2.1.tar.xz/module.cfg new file mode 100644 index 00000000..3419bc30 --- /dev/null +++ b/config/submodule/coreboot/next/mpfr-4.2.1.tar.xz/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.2.1.tar.xz" +subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.2.1.tar.xz" +subhash="bc68c0d755d5446403644833ecbb07e37360beca45f474297b5d5c40926df1efc3e2067eecffdf253f946288bcca39ca89b0613f545d46a9e767d1d4cf358475" diff --git a/config/submodule/coreboot/next/nasm-2.16.03.tar.bz2/module.cfg b/config/submodule/coreboot/next/nasm-2.16.03.tar.bz2/module.cfg new file mode 100644 index 00000000..c98cc71f --- /dev/null +++ b/config/submodule/coreboot/next/nasm-2.16.03.tar.bz2/module.cfg @@ -0,0 +1,3 @@ +subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.16.03/nasm-2.16.03.tar.bz2" +subfile_bkup="https://www.mirrorservice.org/sites/distfiles.macports.org/nasm/nasm-2.16.03.tar.bz2" +subhash="f28445d368debdf44219cc57df33800a8c0e49186cd60836d4adfec7700d53b801d34aa9fc9bfda74169843f33a1e8b465e11292582eb968bb9c3a26f54dd172" diff --git a/config/submodule/coreboot/next/vboot/module.cfg b/config/submodule/coreboot/next/vboot/module.cfg new file mode 100644 index 00000000..917d23fa --- /dev/null +++ b/config/submodule/coreboot/next/vboot/module.cfg @@ -0,0 +1,3 @@ +subrepo="https://review.coreboot.org/vboot.git" +subrepo_bkup="https://github.com/coreboot/vboot" +subhash="f1f70f46dc5482bb7c654e53ed58d4001e386df2" diff --git a/config/submodule/coreboot/next/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/next/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch new file mode 100644 index 00000000..1ac41de6 --- /dev/null +++ b/config/submodule/coreboot/next/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch @@ -0,0 +1,178 @@ +From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 +From: "Luke T. Shumaker" <lukeshu@lukeshu.com> +Date: Thu, 30 May 2024 14:08:33 -0600 +Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on + vmlinuz_header_{offset,size} + +The check on vmlinuz_header_offset and vmlinuz_header_size is obviously +wrong: + + if (!vmlinuz_header_size || + kpart_data + vmlinuz_header_offset + vmlinuz_header_size > + kpart_data) { + return 1; + } + +`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, +unless something has overflowed! And `vmlinuz_header_offset` hasn't even +been set yet (besides being initialized to zero)! + +GCC will deduce that if the check didn't cause the function to bail, then +vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range +[2GiB,4GiB). + +On platforms where size_t is 32-bits, this is *especially* broken. +memcpy's size argument must be in the range [0,2GiB). Because GCC has +proved that vmlinuz_header_size is higher than that, it will fail to +compile: + + host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] + +So, fix the check. + +I can now say that what I suspect the original author meant to write would +be the following patch, if `vmlinuz_header_offset` were already set: + + -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data + +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size + +This hypothesis is supported by `now` not getting incremented by +`kblob_size` the way it is for the keyblock and preamble sizes. + +However, we can also see that even this "corrected" bounds check is +insufficient: it does not detect the vmlinuz_header overflowing into +kblob_data. + +OK, so let's describe the fix: + +Have a `*vmlinuz_header` pointer instead of a +`uint64_t vmlinuz_header_offset`, to be more similar to all the other +regions. With this change, the correct check becomes a simple + + vmlinuz_header + vmlinuz_header_size > kblob_data + +While we're at it, make some changes that could have helped avoid this in +the first place: + + - Add comments. + - Calculate the vmlinuz_header offset right away, instead of waiting. + - Go ahead and increment `now` by `kblob_size`, to increase regularity. + +Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 +--- + host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- + 1 file changed, 51 insertions(+), 21 deletions(-) + +diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c +index 4ccfcf33..d2c09443 100644 +--- a/host/lib/extract_vmlinuz.c ++++ b/host/lib/extract_vmlinuz.c +@@ -15,16 +15,44 @@ + + int ExtractVmlinuz(void *kpart_data, size_t kpart_size, + void **vmlinuz_out, size_t *vmlinuz_size) { ++ // We're going to be extracting `vmlinuz_header` and ++ // `kblob_data`, and returning the concatenation of them. ++ // ++ // kpart_data = +-[kpart_size]------------------------------------+ ++ // | | ++ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | ++ // | | struct vb2_keyblock keyblock | | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // preamble = | +-[preamble->preamble_size]-------------------+ | ++ // | | struct vb2_kernel_preamble preamble | | ++ // | | char [] ...data... | | ++ // | | char [] vmlinuz_header | | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | ++ // | | char [] ...data... | | ++ // | +---------------------------------------------+ | ++ // | | ++ // +-------------------------------------------------+ ++ + size_t now = 0; ++ // The 3 sections of kpart_data. ++ struct vb2_keyblock *keyblock = NULL; + struct vb2_kernel_preamble *preamble = NULL; + uint8_t *kblob_data = NULL; + uint32_t kblob_size = 0; ++ // vmlinuz_header ++ uint8_t *vmlinuz_header = NULL; + uint32_t vmlinuz_header_size = 0; +- uint64_t vmlinuz_header_address = 0; +- uint64_t vmlinuz_header_offset = 0; ++ // The concatenated result. + void *vmlinuz = NULL; + +- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; ++ // Isolate the 3 sections of kpart_data. ++ ++ keyblock = (struct vb2_keyblock *)kpart_data; + now += keyblock->keyblock_size; + if (now > kpart_size) + return 1; +@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, + + kblob_data = kpart_data + now; + kblob_size = preamble->body_signature.data_size; +- +- if (!kblob_data || (now + kblob_size) > kpart_size) ++ now += kblob_size; ++ if (now > kpart_size) + return 1; + ++ // Find `vmlinuz_header` within `preamble`. ++ + if (preamble->header_version_minor > 0) { +- vmlinuz_header_address = preamble->vmlinuz_header_address; ++ // calculate the vmlinuz_header offset from ++ // the beginning of the kpart_data. The kblob doesn't ++ // include the body_load_offset, but does include ++ // the keyblock and preamble sections. ++ size_t vmlinuz_header_offset = ++ preamble->vmlinuz_header_address - ++ preamble->body_load_address + ++ keyblock->keyblock_size + ++ preamble->preamble_size; ++ ++ vmlinuz_header = kpart_data + vmlinuz_header_offset; + vmlinuz_header_size = preamble->vmlinuz_header_size; + } + +- if (!vmlinuz_header_size || +- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > +- kpart_data) { ++ if (!vmlinuz_header || ++ !vmlinuz_header_size || ++ vmlinuz_header + vmlinuz_header_size > kblob_data) { + return 1; + } + +- // calculate the vmlinuz_header offset from +- // the beginning of the kpart_data. The kblob doesn't +- // include the body_load_offset, but does include +- // the keyblock and preamble sections. +- vmlinuz_header_offset = vmlinuz_header_address - +- preamble->body_load_address + +- keyblock->keyblock_size + +- preamble->preamble_size; ++ // Concatenate and return. + + vmlinuz = malloc(vmlinuz_header_size + kblob_size); + if (vmlinuz == NULL) + return 1; +- +- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, +- vmlinuz_header_size); +- ++ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); + memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); + + *vmlinuz_out = vmlinuz; +-- +2.45.1 + |