diff options
Diffstat (limited to 'config/submodule/coreboot')
75 files changed, 113 insertions, 1071 deletions
diff --git a/config/submodule/coreboot/coreboot413/module.list b/config/submodule/coreboot/coreboot413/module.list deleted file mode 100644 index 08e76de0..00000000 --- a/config/submodule/coreboot/coreboot413/module.list +++ /dev/null @@ -1 +0,0 @@ -3rdparty/vboot diff --git a/config/submodule/coreboot/coreboot413/vboot/module.cfg b/config/submodule/coreboot/coreboot413/vboot/module.cfg deleted file mode 100644 index 34656ba9..00000000 --- a/config/submodule/coreboot/coreboot413/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="4c523ed10f25de872ac0513ebd6ca53d3970b9de" diff --git a/config/submodule/coreboot/default/R06_28_23.tar.gz/module.cfg b/config/submodule/coreboot/default/R06_28_23.tar.gz/module.cfg deleted file mode 100644 index 71ab78bc..00000000 --- a/config/submodule/coreboot/default/R06_28_23.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/R06_28_23.tar.gz" -subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/R06_28_23.tar.gz" -subhash="d64091202866cd306fef08bbf95b585584331704fdbe5ef0bfa99c8f9cb188e51a52880625c8d6bc971b3d251c8b13686b43a013058cadda861efe09b219c1b0" diff --git a/config/submodule/coreboot/default/acpica-unix-20241212.tar.gz/module.cfg b/config/submodule/coreboot/default/acpica-unix-20241212.tar.gz/module.cfg new file mode 100644 index 00000000..27508216 --- /dev/null +++ b/config/submodule/coreboot/default/acpica-unix-20241212.tar.gz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/acpica-unix-20241212.tar.gz" +subcurl_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/acpica-unix-20241212.tar.gz" +subhash="daa4243f927451ac18c337cf17c27849e68329b3f7eb25b8c3379fda9c6a484201b73d4ffccab89a0ae22cc5e432f141ba149015a003834b0515bdb3d4efe0a8" diff --git a/config/submodule/coreboot/default/arm-trusted-firmware/module.cfg b/config/submodule/coreboot/default/arm-trusted-firmware/module.cfg index 3fb78c02..953997c7 100644 --- a/config/submodule/coreboot/default/arm-trusted-firmware/module.cfg +++ b/config/submodule/coreboot/default/arm-trusted-firmware/module.cfg @@ -1,3 +1,5 @@ -subrepo="https://review.coreboot.org/arm-trusted-firmware.git" -subrepo_bkup="https://github.com/coreboot/arm-trusted-firmware" -subhash="23d6774ab53ded09d8065a184b4763504e9c8d9e" +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/arm-trusted-firmware.git" +subgit_bkup="https://github.com/coreboot/arm-trusted-firmware" +subhash="57ac3f74b34a3303f03deee264a1f2247c68008d" diff --git a/config/submodule/coreboot/default/binutils-2.41.tar.xz/module.cfg b/config/submodule/coreboot/default/binutils-2.41.tar.xz/module.cfg deleted file mode 100644 index eb2d01b1..00000000 --- a/config/submodule/coreboot/default/binutils-2.41.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.41.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.41.tar.xz" -subhash="5df45d0bd6ddabdce4f35878c041e46a92deef01e7dea5facc97fd65cc06b59abc6fba0eb454b68e571c7e14038dc823fe7f2263843e6e627b7444eaf0fe9374" diff --git a/config/submodule/coreboot/default/binutils-2.43.1.tar.xz/module.cfg b/config/submodule/coreboot/default/binutils-2.43.1.tar.xz/module.cfg new file mode 100644 index 00000000..de0d349c --- /dev/null +++ b/config/submodule/coreboot/default/binutils-2.43.1.tar.xz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.43.1.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.43.1.tar.xz" +subhash="20977ad17729141a2c26d358628f44a0944b84dcfefdec2ba029c2d02f40dfc41cc91c0631044560d2bd6f9a51e1f15846b4b311befbe14f1239f14ff7d57824" diff --git a/config/submodule/coreboot/default/fsp/module.cfg b/config/submodule/coreboot/default/fsp/module.cfg new file mode 100644 index 00000000..98e57efe --- /dev/null +++ b/config/submodule/coreboot/default/fsp/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/fsp.git" +subgit_bkup="https://github.com/coreboot/fsp" +subhash="86c9111639d357e0f369c14248097b119112a71c" diff --git a/config/submodule/coreboot/default/gcc-13.2.0.tar.xz/module.cfg b/config/submodule/coreboot/default/gcc-13.2.0.tar.xz/module.cfg deleted file mode 100644 index dbcc0805..00000000 --- a/config/submodule/coreboot/default/gcc-13.2.0.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.xz" -subhash="d99e4826a70db04504467e349e9fbaedaa5870766cda7c5cab50cdebedc4be755ebca5b789e1232a34a20be1a0b60097de9280efe47bdb71c73251e30b0862a2" diff --git a/config/submodule/coreboot/default/gcc-14.2.0.tar.xz/module.cfg b/config/submodule/coreboot/default/gcc-14.2.0.tar.xz/module.cfg new file mode 100644 index 00000000..e637ba03 --- /dev/null +++ b/config/submodule/coreboot/default/gcc-14.2.0.tar.xz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-14.2.0/gcc-14.2.0.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-14.2.0/gcc-14.2.0.tar.xz" +subhash="932bdef0cda94bacedf452ab17f103c0cb511ff2cec55e9112fc0328cbf1d803b42595728ea7b200e0a057c03e85626f937012e49a7515bc5dd256b2bf4bc396" diff --git a/config/submodule/coreboot/default/gmp-6.3.0.tar.xz/module.cfg b/config/submodule/coreboot/default/gmp-6.3.0.tar.xz/module.cfg index fe274faf..90466fed 100644 --- a/config/submodule/coreboot/default/gmp-6.3.0.tar.xz/module.cfg +++ b/config/submodule/coreboot/default/gmp-6.3.0.tar.xz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.3.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.3.0.tar.xz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.3.0.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.3.0.tar.xz" subhash="e85a0dab5195889948a3462189f0e0598d331d3457612e2d3350799dba2e244316d256f8161df5219538eb003e4b5343f989aaa00f96321559063ed8c8f29fd2" diff --git a/config/submodule/coreboot/default/intel-microcode/module.cfg b/config/submodule/coreboot/default/intel-microcode/module.cfg index 05a174b0..2af752fa 100644 --- a/config/submodule/coreboot/default/intel-microcode/module.cfg +++ b/config/submodule/coreboot/default/intel-microcode/module.cfg @@ -1,3 +1,5 @@ -subrepo="https://review.coreboot.org/intel-microcode.git" -subrepo_bkup="https://github.com/coreboot/intel-microcode" -subhash="ece0d294a29a1375397941a4e6f2f7217910bc89" +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/intel-microcode.git" +subgit_bkup="https://github.com/coreboot/intel-microcode" +subhash="8a62de41c011615d749f8e72bb906dddc72e56a8" diff --git a/config/submodule/coreboot/default/libgfxinit/module.cfg b/config/submodule/coreboot/default/libgfxinit/module.cfg index 7e2536f9..87589128 100644 --- a/config/submodule/coreboot/default/libgfxinit/module.cfg +++ b/config/submodule/coreboot/default/libgfxinit/module.cfg @@ -1,3 +1,5 @@ -subrepo="https://review.coreboot.org/libgfxinit.git" -subrepo_bkup="https://github.com/coreboot/libgfxinit" -subhash="a4be8a21b0e2c752da0042c79aae5942418f53e2" +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/libgfxinit.git" +subgit_bkup="https://github.com/coreboot/libgfxinit" +subhash="17cfc92f402493979783585b6581efbd98c0cf07" diff --git a/config/submodule/coreboot/dell/libgfxinit/patches/0001-g45-hw-gfx-gma-plls.adb-Make-reference-clock-frequen.patch b/config/submodule/coreboot/default/libgfxinit/patches/0001-g45-hw-gfx-gma-plls.adb-Make-reference-clock-frequen.patch index bb772461..2d248941 100644 --- a/config/submodule/coreboot/dell/libgfxinit/patches/0001-g45-hw-gfx-gma-plls.adb-Make-reference-clock-frequen.patch +++ b/config/submodule/coreboot/default/libgfxinit/patches/0001-g45-hw-gfx-gma-plls.adb-Make-reference-clock-frequen.patch @@ -1,7 +1,7 @@ -From 2c29f01a18d0a104bcc4f785e3901de584d02d7e Mon Sep 17 00:00:00 2001 +From ba078864500de99c26b6ea7e3fdcef19bca582a7 Mon Sep 17 00:00:00 2001 From: Nicholas Chin <nic.c3.14@gmail.com> Date: Mon, 20 May 2024 10:10:03 -0600 -Subject: [PATCH] g45/hw-gfx-gma-plls.adb: Make reference clock frequency +Subject: [PATCH 1/1] g45/hw-gfx-gma-plls.adb: Make reference clock frequency configurable Instead of assuming a 96 MHz reference clock frequency, use the value @@ -16,7 +16,7 @@ Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com> 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/g45/hw-gfx-gma-plls.adb b/common/g45/hw-gfx-gma-plls.adb -index 67242f2..1aee576 100644 +index 67242f2..5e970d7 100644 --- a/common/g45/hw-gfx-gma-plls.adb +++ b/common/g45/hw-gfx-gma-plls.adb @@ -12,6 +12,8 @@ @@ -38,5 +38,5 @@ index 67242f2..1aee576 100644 Valid => Success); else -- -2.45.1 +2.39.2 diff --git a/config/submodule/coreboot/default/libhwbase/module.cfg b/config/submodule/coreboot/default/libhwbase/module.cfg index 2937b8b7..f09b123f 100644 --- a/config/submodule/coreboot/default/libhwbase/module.cfg +++ b/config/submodule/coreboot/default/libhwbase/module.cfg @@ -1,3 +1,5 @@ -subrepo="https://review.coreboot.org/libhwbase.git" -subrepo_bkup="https://github.com/coreboot/libhwbase" +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/libhwbase.git" +subgit_bkup="https://github.com/coreboot/libhwbase" subhash="584629b9f4771b7618951cec57df2ca3af9c6981" diff --git a/config/submodule/coreboot/default/module.list b/config/submodule/coreboot/default/module.list index 85fdafa5..8c7f3d20 100644 --- a/config/submodule/coreboot/default/module.list +++ b/config/submodule/coreboot/default/module.list @@ -1,12 +1,13 @@ 3rdparty/arm-trusted-firmware +3rdparty/fsp 3rdparty/intel-microcode 3rdparty/libgfxinit 3rdparty/libhwbase 3rdparty/vboot -util/crossgcc/tarballs/binutils-2.41.tar.xz -util/crossgcc/tarballs/gcc-13.2.0.tar.xz +util/crossgcc/tarballs/binutils-2.43.1.tar.xz +util/crossgcc/tarballs/gcc-14.2.0.tar.xz util/crossgcc/tarballs/gmp-6.3.0.tar.xz util/crossgcc/tarballs/mpc-1.3.1.tar.gz util/crossgcc/tarballs/mpfr-4.2.1.tar.xz -util/crossgcc/tarballs/nasm-2.16.01.tar.bz2 -util/crossgcc/tarballs/R06_28_23.tar.gz +util/crossgcc/tarballs/nasm-2.16.03.tar.bz2 +util/crossgcc/tarballs/acpica-unix-20241212.tar.gz diff --git a/config/submodule/coreboot/default/mpc-1.3.1.tar.gz/module.cfg b/config/submodule/coreboot/default/mpc-1.3.1.tar.gz/module.cfg index f98b6444..9a1ec4cb 100644 --- a/config/submodule/coreboot/default/mpc-1.3.1.tar.gz/module.cfg +++ b/config/submodule/coreboot/default/mpc-1.3.1.tar.gz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.3.1.tar.gz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.3.1.tar.gz" subhash="4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97" diff --git a/config/submodule/coreboot/default/mpfr-4.2.1.tar.xz/module.cfg b/config/submodule/coreboot/default/mpfr-4.2.1.tar.xz/module.cfg index 3419bc30..4ff30620 100644 --- a/config/submodule/coreboot/default/mpfr-4.2.1.tar.xz/module.cfg +++ b/config/submodule/coreboot/default/mpfr-4.2.1.tar.xz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.2.1.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.2.1.tar.xz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.2.1.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.2.1.tar.xz" subhash="bc68c0d755d5446403644833ecbb07e37360beca45f474297b5d5c40926df1efc3e2067eecffdf253f946288bcca39ca89b0613f545d46a9e767d1d4cf358475" diff --git a/config/submodule/coreboot/default/nasm-2.16.01.tar.bz2/module.cfg b/config/submodule/coreboot/default/nasm-2.16.01.tar.bz2/module.cfg deleted file mode 100644 index a98cab0b..00000000 --- a/config/submodule/coreboot/default/nasm-2.16.01.tar.bz2/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.16.01.tar.bz2" -subfile_bkup="https://coreboot.org/releases/crossgcc-sources/nasm-2.16.01.tar.bz2" -subhash="daecc50d0c04cfa1e8a09bbece808548478fc03834b0c3fb06a9da56d3b51697e2d09a469cef8a4761290cdfc65e0eb46d76b6ca11dfa1dcd1051882c5e7fd88" diff --git a/config/submodule/coreboot/default/nasm-2.16.03.tar.bz2/module.cfg b/config/submodule/coreboot/default/nasm-2.16.03.tar.bz2/module.cfg new file mode 100644 index 00000000..bc486e80 --- /dev/null +++ b/config/submodule/coreboot/default/nasm-2.16.03.tar.bz2/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.nasm.us/pub/nasm/releasebuilds/2.16.03/nasm-2.16.03.tar.bz2" +subcurl_bkup="https://www.mirrorservice.org/sites/distfiles.macports.org/nasm/nasm-2.16.03.tar.bz2" +subhash="f28445d368debdf44219cc57df33800a8c0e49186cd60836d4adfec7700d53b801d34aa9fc9bfda74169843f33a1e8b465e11292582eb968bb9c3a26f54dd172" diff --git a/config/submodule/coreboot/default/vboot/module.cfg b/config/submodule/coreboot/default/vboot/module.cfg index 9a23ee96..8b4e15de 100644 --- a/config/submodule/coreboot/default/vboot/module.cfg +++ b/config/submodule/coreboot/default/vboot/module.cfg @@ -1,3 +1,5 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="3d37d2aafe1f941c532def2a1fbbb58c8dd84182" +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/vboot.git" +subgit_bkup="https://github.com/coreboot/vboot" +subhash="3f94e2c7ed58c4e67d6e7dc6052ec615dbbb9bb4" diff --git a/config/submodule/coreboot/dell/intel-microcode/module.cfg b/config/submodule/coreboot/dell/intel-microcode/module.cfg deleted file mode 100644 index 05a174b0..00000000 --- a/config/submodule/coreboot/dell/intel-microcode/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/intel-microcode.git" -subrepo_bkup="https://github.com/coreboot/intel-microcode" -subhash="ece0d294a29a1375397941a4e6f2f7217910bc89" diff --git a/config/submodule/coreboot/dell/libgfxinit/module.cfg b/config/submodule/coreboot/dell/libgfxinit/module.cfg deleted file mode 100644 index 7e2536f9..00000000 --- a/config/submodule/coreboot/dell/libgfxinit/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libgfxinit.git" -subrepo_bkup="https://github.com/coreboot/libgfxinit" -subhash="a4be8a21b0e2c752da0042c79aae5942418f53e2" diff --git a/config/submodule/coreboot/dell/libhwbase/module.cfg b/config/submodule/coreboot/dell/libhwbase/module.cfg deleted file mode 100644 index 2937b8b7..00000000 --- a/config/submodule/coreboot/dell/libhwbase/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libhwbase.git" -subrepo_bkup="https://github.com/coreboot/libhwbase" -subhash="584629b9f4771b7618951cec57df2ca3af9c6981" diff --git a/config/submodule/coreboot/dell/module.list b/config/submodule/coreboot/dell/module.list deleted file mode 100644 index 3d968b1a..00000000 --- a/config/submodule/coreboot/dell/module.list +++ /dev/null @@ -1,4 +0,0 @@ -3rdparty/intel-microcode -3rdparty/libgfxinit -3rdparty/libhwbase -3rdparty/vboot diff --git a/config/submodule/coreboot/dell/vboot/module.cfg b/config/submodule/coreboot/dell/vboot/module.cfg deleted file mode 100644 index 9a23ee96..00000000 --- a/config/submodule/coreboot/dell/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="3d37d2aafe1f941c532def2a1fbbb58c8dd84182" diff --git a/config/submodule/coreboot/dell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/dell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/dell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - diff --git a/config/submodule/coreboot/fam15h_rdimm/acpica-unix2-20190703.tar.gz/module.cfg b/config/submodule/coreboot/fam15h/acpica-unix2-20190703.tar.gz/module.cfg index e839b77e..b8365f7c 100644 --- a/config/submodule/coreboot/fam15h_rdimm/acpica-unix2-20190703.tar.gz/module.cfg +++ b/config/submodule/coreboot/fam15h/acpica-unix2-20190703.tar.gz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/acpica-unix2-20190703.tar.gz" -subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/acpica-unix2-20190703.tar.gz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/acpica-unix2-20190703.tar.gz" +subcurl_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/acpica-unix2-20190703.tar.gz" subhash="8445a6d354ce3bcbfb5159f4ec0312b1e910c0b1b2033a2300f892e4ac580abab4e3f5b4ded379f0036299359d307330511ab7053678cfd9031d7df4c365f555" diff --git a/config/submodule/coreboot/fam15h_rdimm/binutils-2.32.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/binutils-2.32.tar.xz/module.cfg index b549e139..3f03f64e 100644 --- a/config/submodule/coreboot/fam15h_rdimm/binutils-2.32.tar.xz/module.cfg +++ b/config/submodule/coreboot/fam15h/binutils-2.32.tar.xz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.32.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.32.tar.xz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.32.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.32.tar.xz" subhash="d326408f12a03d9a61a9de56584c2af12f81c2e50d2d7e835d51565df8314df01575724afa1e43bd0db45cfc9916b41519b67dfce03232aa4978704492a6994a" diff --git a/config/submodule/coreboot/fam15h/blobs/module.cfg b/config/submodule/coreboot/fam15h/blobs/module.cfg new file mode 100644 index 00000000..3c34302c --- /dev/null +++ b/config/submodule/coreboot/fam15h/blobs/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/blobs.git" +subgit_bkup="https://github.com/coreboot/blobs" +subhash="034b27818450428f70aa9316c8bd0d65bacd8ee8" diff --git a/config/submodule/coreboot/fam15h_rdimm/gcc-8.3.0.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/gcc-8.3.0.tar.xz/module.cfg index 6ce00577..ce21c98b 100644 --- a/config/submodule/coreboot/fam15h_rdimm/gcc-8.3.0.tar.xz/module.cfg +++ b/config/submodule/coreboot/fam15h/gcc-8.3.0.tar.xz/module.cfg @@ -1,3 +1,5 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-8.3.0/gcc-8.3.0.tar.xz" subhash="1811337ae3add9680cec64968a2509d085b6dc5b6783fc1e8c295e3e47416196fd1a3ad8dfe7e10be2276b4f62c357659ce2902f239f60a8648548231b4b5802" diff --git a/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg new file mode 100644 index 00000000..a46b9b7c --- /dev/null +++ b/config/submodule/coreboot/fam15h/gmp-6.1.2.tar.xz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.1.2.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.1.2.tar.xz" +subhash="9f098281c0593b76ee174b722936952671fab1dae353ce3ed436a31fe2bc9d542eca752353f6645b7077c1f395ab4fdd355c58e08e2a801368f1375690eee2c6" diff --git a/config/submodule/coreboot/fam15h_rdimm/module.list b/config/submodule/coreboot/fam15h/module.list index 64f09aea..00befad9 100644 --- a/config/submodule/coreboot/fam15h_rdimm/module.list +++ b/config/submodule/coreboot/fam15h/module.list @@ -6,4 +6,4 @@ util/crossgcc/tarballs/gcc-8.3.0.tar.xz util/crossgcc/tarballs/gmp-6.1.2.tar.xz util/crossgcc/tarballs/mpc-1.1.0.tar.gz util/crossgcc/tarballs/mpfr-4.0.2.tar.xz -util/crossgcc/tarballs/nasm-2.14.02.tar.bz2 +util/crossgcc/tarballs/nasm-2.16.03.tar.bz2 diff --git a/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg b/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg new file mode 100644 index 00000000..13a66a87 --- /dev/null +++ b/config/submodule/coreboot/fam15h/mpc-1.1.0.tar.gz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.1.0.tar.gz" +subhash="72d657958b07c7812dc9c7cbae093118ce0e454c68a585bfb0e2fa559f1bf7c5f49b93906f580ab3f1073e5b595d23c6494d4d76b765d16dde857a18dd239628" diff --git a/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg new file mode 100644 index 00000000..f2a4f0fe --- /dev/null +++ b/config/submodule/coreboot/fam15h/mpfr-4.0.2.tar.xz/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.xz" +subcurl_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.0.2.tar.xz" +subhash="d583555d08863bf36c89b289ae26bae353d9a31f08ee3894520992d2c26e5683c4c9c193d7ad139632f71c0a476d85ea76182702a98bf08dde7b6f65a54f8b88" diff --git a/config/submodule/coreboot/fam15h/nasm-2.16.03.tar.bz2/module.cfg b/config/submodule/coreboot/fam15h/nasm-2.16.03.tar.bz2/module.cfg new file mode 100644 index 00000000..bc486e80 --- /dev/null +++ b/config/submodule/coreboot/fam15h/nasm-2.16.03.tar.bz2/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subcurl="https://www.nasm.us/pub/nasm/releasebuilds/2.16.03/nasm-2.16.03.tar.bz2" +subcurl_bkup="https://www.mirrorservice.org/sites/distfiles.macports.org/nasm/nasm-2.16.03.tar.bz2" +subhash="f28445d368debdf44219cc57df33800a8c0e49186cd60836d4adfec7700d53b801d34aa9fc9bfda74169843f33a1e8b465e11292582eb968bb9c3a26f54dd172" diff --git a/config/submodule/coreboot/fam15h/vboot/module.cfg b/config/submodule/coreboot/fam15h/vboot/module.cfg new file mode 100644 index 00000000..a3a8f21b --- /dev/null +++ b/config/submodule/coreboot/fam15h/vboot/module.cfg @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +subgit="https://review.coreboot.org/vboot.git" +subgit_bkup="https://github.com/coreboot/vboot" +subhash="ecdca931ae0637d1a9498f64862939bd5bb99e0b" diff --git a/config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/fam15h/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch index 1ac41de6..1ac41de6 100644 --- a/config/submodule/coreboot/coreboot413/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ b/config/submodule/coreboot/fam15h/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch diff --git a/config/submodule/coreboot/fam15h_rdimm/blobs/module.cfg b/config/submodule/coreboot/fam15h_rdimm/blobs/module.cfg deleted file mode 100644 index 215caf4d..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/blobs/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/blobs.git" -subrepo_bkup="https://github.com/coreboot/blobs" -subhash="034b27818450428f70aa9316c8bd0d65bacd8ee8" diff --git a/config/submodule/coreboot/fam15h_rdimm/gmp-6.1.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h_rdimm/gmp-6.1.2.tar.xz/module.cfg deleted file mode 100644 index 7caf1845..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/gmp-6.1.2.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.1.2.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.1.2.tar.xz" -subhash="9f098281c0593b76ee174b722936952671fab1dae353ce3ed436a31fe2bc9d542eca752353f6645b7077c1f395ab4fdd355c58e08e2a801368f1375690eee2c6" diff --git a/config/submodule/coreboot/fam15h_rdimm/mpc-1.1.0.tar.gz/module.cfg b/config/submodule/coreboot/fam15h_rdimm/mpc-1.1.0.tar.gz/module.cfg deleted file mode 100644 index 34e77772..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/mpc-1.1.0.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.1.0.tar.gz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.1.0.tar.gz" -subhash="72d657958b07c7812dc9c7cbae093118ce0e454c68a585bfb0e2fa559f1bf7c5f49b93906f580ab3f1073e5b595d23c6494d4d76b765d16dde857a18dd239628" diff --git a/config/submodule/coreboot/fam15h_rdimm/mpfr-4.0.2.tar.xz/module.cfg b/config/submodule/coreboot/fam15h_rdimm/mpfr-4.0.2.tar.xz/module.cfg deleted file mode 100644 index e33b1804..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/mpfr-4.0.2.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.0.2.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.0.2.tar.xz" -subhash="d583555d08863bf36c89b289ae26bae353d9a31f08ee3894520992d2c26e5683c4c9c193d7ad139632f71c0a476d85ea76182702a98bf08dde7b6f65a54f8b88" diff --git a/config/submodule/coreboot/fam15h_rdimm/nasm-2.14.02.tar.bz2/module.cfg b/config/submodule/coreboot/fam15h_rdimm/nasm-2.14.02.tar.bz2/module.cfg deleted file mode 100644 index fecb3cba..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/nasm-2.14.02.tar.bz2/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.14.02/nasm-2.14.02.tar.bz2" -subfile_bkup="https://coreboot.org/releases/crossgcc-sources/nasm-2.14.02.tar.bz2" -subhash="71e3d44736493b1a56d4230bc2e5519e858aaadde5d89a692f1472fad6755084460e36b42852707f4c862eff75d3f2c232aedcc4e61e9d9ffcc8c9ca6498292b" diff --git a/config/submodule/coreboot/fam15h_rdimm/vboot/module.cfg b/config/submodule/coreboot/fam15h_rdimm/vboot/module.cfg deleted file mode 100644 index 5fac75c3..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="ecdca931ae0637d1a9498f64862939bd5bb99e0b" diff --git a/config/submodule/coreboot/fam15h_rdimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/fam15h_rdimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/fam15h_rdimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - diff --git a/config/submodule/coreboot/fam15h_udimm/blobs/module.cfg b/config/submodule/coreboot/fam15h_udimm/blobs/module.cfg deleted file mode 100644 index 215caf4d..00000000 --- a/config/submodule/coreboot/fam15h_udimm/blobs/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/blobs.git" -subrepo_bkup="https://github.com/coreboot/blobs" -subhash="034b27818450428f70aa9316c8bd0d65bacd8ee8" diff --git a/config/submodule/coreboot/fam15h_udimm/module.list b/config/submodule/coreboot/fam15h_udimm/module.list deleted file mode 100644 index de2154e6..00000000 --- a/config/submodule/coreboot/fam15h_udimm/module.list +++ /dev/null @@ -1,2 +0,0 @@ -3rdparty/blobs -3rdparty/vboot diff --git a/config/submodule/coreboot/fam15h_udimm/vboot/module.cfg b/config/submodule/coreboot/fam15h_udimm/vboot/module.cfg deleted file mode 100644 index 5fac75c3..00000000 --- a/config/submodule/coreboot/fam15h_udimm/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="ecdca931ae0637d1a9498f64862939bd5bb99e0b" diff --git a/config/submodule/coreboot/fam15h_udimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/fam15h_udimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/fam15h_udimm/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - diff --git a/config/submodule/coreboot/haswell/R06_28_23.tar.gz/module.cfg b/config/submodule/coreboot/haswell/R06_28_23.tar.gz/module.cfg deleted file mode 100644 index 71ab78bc..00000000 --- a/config/submodule/coreboot/haswell/R06_28_23.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/R06_28_23.tar.gz" -subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/R06_28_23.tar.gz" -subhash="d64091202866cd306fef08bbf95b585584331704fdbe5ef0bfa99c8f9cb188e51a52880625c8d6bc971b3d251c8b13686b43a013058cadda861efe09b219c1b0" diff --git a/config/submodule/coreboot/haswell/binutils-2.42.tar.xz/module.cfg b/config/submodule/coreboot/haswell/binutils-2.42.tar.xz/module.cfg deleted file mode 100644 index 370a52ec..00000000 --- a/config/submodule/coreboot/haswell/binutils-2.42.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.42.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.42.tar.xz" -subhash="155f3ba14cd220102f4f29a4f1e5cfee3c48aa03b74603460d05afb73c70d6657a9d87eee6eb88bf13203fe6f31177a5c9addc04384e956e7da8069c8ecd20a6" diff --git a/config/submodule/coreboot/haswell/gcc-13.2.0.tar.xz/module.cfg b/config/submodule/coreboot/haswell/gcc-13.2.0.tar.xz/module.cfg deleted file mode 100644 index dbcc0805..00000000 --- a/config/submodule/coreboot/haswell/gcc-13.2.0.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.xz" -subhash="d99e4826a70db04504467e349e9fbaedaa5870766cda7c5cab50cdebedc4be755ebca5b789e1232a34a20be1a0b60097de9280efe47bdb71c73251e30b0862a2" diff --git a/config/submodule/coreboot/haswell/gmp-6.3.0.tar.xz/module.cfg b/config/submodule/coreboot/haswell/gmp-6.3.0.tar.xz/module.cfg deleted file mode 100644 index fe274faf..00000000 --- a/config/submodule/coreboot/haswell/gmp-6.3.0.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.3.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.3.0.tar.xz" -subhash="e85a0dab5195889948a3462189f0e0598d331d3457612e2d3350799dba2e244316d256f8161df5219538eb003e4b5343f989aaa00f96321559063ed8c8f29fd2" diff --git a/config/submodule/coreboot/haswell/intel-microcode/module.cfg b/config/submodule/coreboot/haswell/intel-microcode/module.cfg deleted file mode 100644 index 90f7d273..00000000 --- a/config/submodule/coreboot/haswell/intel-microcode/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/intel-microcode.git" -subrepo_bkup="https://github.com/coreboot/intel-microcode" -subhash="41af34500598418150aa298bb04e7edacc547897" diff --git a/config/submodule/coreboot/haswell/libgfxinit/module.cfg b/config/submodule/coreboot/haswell/libgfxinit/module.cfg deleted file mode 100644 index 7e2536f9..00000000 --- a/config/submodule/coreboot/haswell/libgfxinit/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libgfxinit.git" -subrepo_bkup="https://github.com/coreboot/libgfxinit" -subhash="a4be8a21b0e2c752da0042c79aae5942418f53e2" diff --git a/config/submodule/coreboot/haswell/libhwbase/module.cfg b/config/submodule/coreboot/haswell/libhwbase/module.cfg deleted file mode 100644 index 2937b8b7..00000000 --- a/config/submodule/coreboot/haswell/libhwbase/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libhwbase.git" -subrepo_bkup="https://github.com/coreboot/libhwbase" -subhash="584629b9f4771b7618951cec57df2ca3af9c6981" diff --git a/config/submodule/coreboot/haswell/module.list b/config/submodule/coreboot/haswell/module.list deleted file mode 100644 index 80e2cede..00000000 --- a/config/submodule/coreboot/haswell/module.list +++ /dev/null @@ -1,11 +0,0 @@ -3rdparty/intel-microcode -3rdparty/libgfxinit -3rdparty/libhwbase -3rdparty/vboot -util/crossgcc/tarballs/binutils-2.42.tar.xz -util/crossgcc/tarballs/gcc-13.2.0.tar.xz -util/crossgcc/tarballs/gmp-6.3.0.tar.xz -util/crossgcc/tarballs/mpc-1.3.1.tar.gz -util/crossgcc/tarballs/mpfr-4.2.1.tar.xz -util/crossgcc/tarballs/nasm-2.16.01.tar.bz2 -util/crossgcc/tarballs/R06_28_23.tar.gz diff --git a/config/submodule/coreboot/haswell/mpc-1.3.1.tar.gz/module.cfg b/config/submodule/coreboot/haswell/mpc-1.3.1.tar.gz/module.cfg deleted file mode 100644 index f98b6444..00000000 --- a/config/submodule/coreboot/haswell/mpc-1.3.1.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.3.1.tar.gz" -subhash="4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97" diff --git a/config/submodule/coreboot/haswell/mpfr-4.2.1.tar.xz/module.cfg b/config/submodule/coreboot/haswell/mpfr-4.2.1.tar.xz/module.cfg deleted file mode 100644 index 3419bc30..00000000 --- a/config/submodule/coreboot/haswell/mpfr-4.2.1.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.2.1.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.2.1.tar.xz" -subhash="bc68c0d755d5446403644833ecbb07e37360beca45f474297b5d5c40926df1efc3e2067eecffdf253f946288bcca39ca89b0613f545d46a9e767d1d4cf358475" diff --git a/config/submodule/coreboot/haswell/nasm-2.16.01.tar.bz2/module.cfg b/config/submodule/coreboot/haswell/nasm-2.16.01.tar.bz2/module.cfg deleted file mode 100644 index a98cab0b..00000000 --- a/config/submodule/coreboot/haswell/nasm-2.16.01.tar.bz2/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/nasm-2.16.01.tar.bz2" -subfile_bkup="https://coreboot.org/releases/crossgcc-sources/nasm-2.16.01.tar.bz2" -subhash="daecc50d0c04cfa1e8a09bbece808548478fc03834b0c3fb06a9da56d3b51697e2d09a469cef8a4761290cdfc65e0eb46d76b6ca11dfa1dcd1051882c5e7fd88" diff --git a/config/submodule/coreboot/haswell/vboot/module.cfg b/config/submodule/coreboot/haswell/vboot/module.cfg deleted file mode 100644 index 5ef2153c..00000000 --- a/config/submodule/coreboot/haswell/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="09fcd2184f9c714829503e84b8a7dfe7f2584e00" diff --git a/config/submodule/coreboot/haswell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/haswell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/haswell/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - diff --git a/config/submodule/coreboot/i945/R10_20_22.tar.gz/module.cfg b/config/submodule/coreboot/i945/R10_20_22.tar.gz/module.cfg deleted file mode 100644 index 3957836f..00000000 --- a/config/submodule/coreboot/i945/R10_20_22.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/libreboot.org/release/misc/acpica/R10_20_22.tar.gz" -subfile_bkup="https://mirror.math.princeton.edu/pub/libreboot/misc/acpica/R10_20_22.tar.gz" -subhash="2ea1892383dfeae4b0fa089bb68aa397af644775496ce2a2f8f6ac7ebbb13de499c00ddb2608f427354f8e6f6e6d26cdeb162a7061458f8e6181fb2633e7c43e" diff --git a/config/submodule/coreboot/i945/binutils-2.37.tar.xz/module.cfg b/config/submodule/coreboot/i945/binutils-2.37.tar.xz/module.cfg deleted file mode 100644 index c0565a0d..00000000 --- a/config/submodule/coreboot/i945/binutils-2.37.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/binutils/binutils-2.37.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/binutils/binutils-2.37.tar.xz" -subhash="5c11aeef6935860a6819ed3a3c93371f052e52b4bdc5033da36037c1544d013b7f12cb8d561ec954fe7469a68f1b66f1a3cd53d5a3af7293635a90d69edd15e7" diff --git a/config/submodule/coreboot/i945/gcc-11.2.0.tar.xz/module.cfg b/config/submodule/coreboot/i945/gcc-11.2.0.tar.xz/module.cfg deleted file mode 100644 index fb925dc8..00000000 --- a/config/submodule/coreboot/i945/gcc-11.2.0.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz" -subhash="d53a0a966230895c54f01aea38696f818817b505f1e2bfa65e508753fcd01b2aedb4a61434f41f3a2ddbbd9f41384b96153c684ded3f0fa97c82758d9de5c7cf" diff --git a/config/submodule/coreboot/i945/gmp-6.2.1.tar.xz/module.cfg b/config/submodule/coreboot/i945/gmp-6.2.1.tar.xz/module.cfg deleted file mode 100644 index 2b15cd44..00000000 --- a/config/submodule/coreboot/i945/gmp-6.2.1.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/gmp/gmp-6.2.1.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/gmp/gmp-6.2.1.tar.xz" -subhash="c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84" diff --git a/config/submodule/coreboot/i945/intel-microcode/module.cfg b/config/submodule/coreboot/i945/intel-microcode/module.cfg deleted file mode 100644 index 6edc2d9f..00000000 --- a/config/submodule/coreboot/i945/intel-microcode/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/intel-microcode.git" -subrepo_bkup="https://github.com/coreboot/intel-microcode" -subhash="262f0c97f2fbc3839a59523cc6c6bcf500e2850b" diff --git a/config/submodule/coreboot/i945/libgfxinit/module.cfg b/config/submodule/coreboot/i945/libgfxinit/module.cfg deleted file mode 100644 index 50153822..00000000 --- a/config/submodule/coreboot/i945/libgfxinit/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libgfxinit.git" -subrepo_bkup="https://github.com/coreboot/libgfxinit" -subhash="066e52eeaa329d782ccee96265a6a351fc395bf1" diff --git a/config/submodule/coreboot/i945/libhwbase/module.cfg b/config/submodule/coreboot/i945/libhwbase/module.cfg deleted file mode 100644 index cd975dcb..00000000 --- a/config/submodule/coreboot/i945/libhwbase/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/libhwbase.git" -subrepo_bkup="https://github.com/coreboot/libhwbase" -subhash="8be5a82b85ceb3ee8a1c4fbf36c75a4bfbda8900" diff --git a/config/submodule/coreboot/i945/module.list b/config/submodule/coreboot/i945/module.list deleted file mode 100644 index 9440e333..00000000 --- a/config/submodule/coreboot/i945/module.list +++ /dev/null @@ -1,11 +0,0 @@ -3rdparty/intel-microcode -3rdparty/libgfxinit -3rdparty/libhwbase -3rdparty/vboot -util/crossgcc/tarballs/binutils-2.37.tar.xz -util/crossgcc/tarballs/gcc-11.2.0.tar.xz -util/crossgcc/tarballs/gmp-6.2.1.tar.xz -util/crossgcc/tarballs/mpc-1.3.1.tar.gz -util/crossgcc/tarballs/mpfr-4.2.0.tar.xz -util/crossgcc/tarballs/nasm-2.15.05.tar.bz2 -util/crossgcc/tarballs/R10_20_22.tar.gz diff --git a/config/submodule/coreboot/i945/mpc-1.3.1.tar.gz/module.cfg b/config/submodule/coreboot/i945/mpc-1.3.1.tar.gz/module.cfg deleted file mode 100644 index f98b6444..00000000 --- a/config/submodule/coreboot/i945/mpc-1.3.1.tar.gz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpc/mpc-1.3.1.tar.gz" -subhash="4bab4ef6076f8c5dfdc99d810b51108ced61ea2942ba0c1c932d624360a5473df20d32b300fc76f2ba4aa2a97e1f275c9fd494a1ba9f07c4cb2ad7ceaeb1ae97" diff --git a/config/submodule/coreboot/i945/mpfr-4.2.0.tar.xz/module.cfg b/config/submodule/coreboot/i945/mpfr-4.2.0.tar.xz/module.cfg deleted file mode 100644 index 618fb3b2..00000000 --- a/config/submodule/coreboot/i945/mpfr-4.2.0.tar.xz/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.mirrorservice.org/sites/ftp.gnu.org/gnu/mpfr/mpfr-4.2.0.tar.xz" -subfile_bkup="https://ftp.nluug.nl/pub/gnu/mpfr/mpfr-4.2.0.tar.xz" -subhash="58e843125884ca58837ae5159cd4092af09e8f21931a2efd19c15de057c9d1dc0753ae95c592e2ce59a727fbc491af776db8b00a055320413cdcf2033b90505c" diff --git a/config/submodule/coreboot/i945/nasm-2.15.05.tar.bz2/module.cfg b/config/submodule/coreboot/i945/nasm-2.15.05.tar.bz2/module.cfg deleted file mode 100644 index f60eb55b..00000000 --- a/config/submodule/coreboot/i945/nasm-2.15.05.tar.bz2/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subfile="https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/nasm-2.15.05.tar.bz2" -subfile_bkup="https://coreboot.org/releases/crossgcc-sources/nasm-2.15.05.tar.bz2" -subhash="e608222eea4970249f0ee1638207b3368fb43b87117cfdb2788b2c7fd6e221f567ee8dd9b910f9e0c4837dc4866606cd9baf5c3266b81188037059b79635ea79" diff --git a/config/submodule/coreboot/i945/vboot/module.cfg b/config/submodule/coreboot/i945/vboot/module.cfg deleted file mode 100644 index 352e4222..00000000 --- a/config/submodule/coreboot/i945/vboot/module.cfg +++ /dev/null @@ -1,3 +0,0 @@ -subrepo="https://review.coreboot.org/vboot.git" -subrepo_bkup="https://github.com/coreboot/vboot" -subhash="5b8596cefd1a61252501943f2534323708338732" diff --git a/config/submodule/coreboot/i945/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch b/config/submodule/coreboot/i945/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch deleted file mode 100644 index 1ac41de6..00000000 --- a/config/submodule/coreboot/i945/vboot/patches/0001-extract_vmlinuz.c-Fix-the-bounds-check-on-vmlinuz_he.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 195f61375aeec9eec16604ec59f6eda2e6058cc1 Mon Sep 17 00:00:00 2001 -From: "Luke T. Shumaker" <lukeshu@lukeshu.com> -Date: Thu, 30 May 2024 14:08:33 -0600 -Subject: [PATCH 1/1] extract_vmlinuz.c: Fix the bounds check on - vmlinuz_header_{offset,size} - -The check on vmlinuz_header_offset and vmlinuz_header_size is obviously -wrong: - - if (!vmlinuz_header_size || - kpart_data + vmlinuz_header_offset + vmlinuz_header_size > - kpart_data) { - return 1; - } - -`kpart_data + some_unsigned_values` can obviously never be `> kpart_data`, -unless something has overflowed! And `vmlinuz_header_offset` hasn't even -been set yet (besides being initialized to zero)! - -GCC will deduce that if the check didn't cause the function to bail, then -vmlinuz_header_size (a uint32_t) must be "negative"; that is: in the range -[2GiB,4GiB). - -On platforms where size_t is 32-bits, this is *especially* broken. -memcpy's size argument must be in the range [0,2GiB). Because GCC has -proved that vmlinuz_header_size is higher than that, it will fail to -compile: - - host/lib/extract_vmlinuz.c:67:9: error: 'memcpy' specified bound between 2147483648 and 4294967295 exceeds maximum object size 2147483647 [-Werror=stringop-overflow=] - -So, fix the check. - -I can now say that what I suspect the original author meant to write would -be the following patch, if `vmlinuz_header_offset` were already set: - - -kpart_data + vmlinuz_header_offset + vmlinuz_header_size > kpart_data - +now + vmlinuz_header_offset + vmlinuz_header_size > kpart_size - -This hypothesis is supported by `now` not getting incremented by -`kblob_size` the way it is for the keyblock and preamble sizes. - -However, we can also see that even this "corrected" bounds check is -insufficient: it does not detect the vmlinuz_header overflowing into -kblob_data. - -OK, so let's describe the fix: - -Have a `*vmlinuz_header` pointer instead of a -`uint64_t vmlinuz_header_offset`, to be more similar to all the other -regions. With this change, the correct check becomes a simple - - vmlinuz_header + vmlinuz_header_size > kblob_data - -While we're at it, make some changes that could have helped avoid this in -the first place: - - - Add comments. - - Calculate the vmlinuz_header offset right away, instead of waiting. - - Go ahead and increment `now` by `kblob_size`, to increase regularity. - -Change-Id: I5c03e49070b6dd2e04459566ef7dd129d27736e4 ---- - host/lib/extract_vmlinuz.c | 72 +++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 21 deletions(-) - -diff --git a/host/lib/extract_vmlinuz.c b/host/lib/extract_vmlinuz.c -index 4ccfcf33..d2c09443 100644 ---- a/host/lib/extract_vmlinuz.c -+++ b/host/lib/extract_vmlinuz.c -@@ -15,16 +15,44 @@ - - int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - void **vmlinuz_out, size_t *vmlinuz_size) { -+ // We're going to be extracting `vmlinuz_header` and -+ // `kblob_data`, and returning the concatenation of them. -+ // -+ // kpart_data = +-[kpart_size]------------------------------------+ -+ // | | -+ // keyblock = | +-[keyblock->keyblock_size]-------------------+ | -+ // | | struct vb2_keyblock keyblock | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // preamble = | +-[preamble->preamble_size]-------------------+ | -+ // | | struct vb2_kernel_preamble preamble | | -+ // | | char [] ...data... | | -+ // | | char [] vmlinuz_header | | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // kblob_data= | +-[preamble->body_signature.data_size]--------+ | -+ // | | char [] ...data... | | -+ // | +---------------------------------------------+ | -+ // | | -+ // +-------------------------------------------------+ -+ - size_t now = 0; -+ // The 3 sections of kpart_data. -+ struct vb2_keyblock *keyblock = NULL; - struct vb2_kernel_preamble *preamble = NULL; - uint8_t *kblob_data = NULL; - uint32_t kblob_size = 0; -+ // vmlinuz_header -+ uint8_t *vmlinuz_header = NULL; - uint32_t vmlinuz_header_size = 0; -- uint64_t vmlinuz_header_address = 0; -- uint64_t vmlinuz_header_offset = 0; -+ // The concatenated result. - void *vmlinuz = NULL; - -- struct vb2_keyblock *keyblock = (struct vb2_keyblock *)kpart_data; -+ // Isolate the 3 sections of kpart_data. -+ -+ keyblock = (struct vb2_keyblock *)kpart_data; - now += keyblock->keyblock_size; - if (now > kpart_size) - return 1; -@@ -36,37 +64,39 @@ int ExtractVmlinuz(void *kpart_data, size_t kpart_size, - - kblob_data = kpart_data + now; - kblob_size = preamble->body_signature.data_size; -- -- if (!kblob_data || (now + kblob_size) > kpart_size) -+ now += kblob_size; -+ if (now > kpart_size) - return 1; - -+ // Find `vmlinuz_header` within `preamble`. -+ - if (preamble->header_version_minor > 0) { -- vmlinuz_header_address = preamble->vmlinuz_header_address; -+ // calculate the vmlinuz_header offset from -+ // the beginning of the kpart_data. The kblob doesn't -+ // include the body_load_offset, but does include -+ // the keyblock and preamble sections. -+ size_t vmlinuz_header_offset = -+ preamble->vmlinuz_header_address - -+ preamble->body_load_address + -+ keyblock->keyblock_size + -+ preamble->preamble_size; -+ -+ vmlinuz_header = kpart_data + vmlinuz_header_offset; - vmlinuz_header_size = preamble->vmlinuz_header_size; - } - -- if (!vmlinuz_header_size || -- kpart_data + vmlinuz_header_offset + vmlinuz_header_size > -- kpart_data) { -+ if (!vmlinuz_header || -+ !vmlinuz_header_size || -+ vmlinuz_header + vmlinuz_header_size > kblob_data) { - return 1; - } - -- // calculate the vmlinuz_header offset from -- // the beginning of the kpart_data. The kblob doesn't -- // include the body_load_offset, but does include -- // the keyblock and preamble sections. -- vmlinuz_header_offset = vmlinuz_header_address - -- preamble->body_load_address + -- keyblock->keyblock_size + -- preamble->preamble_size; -+ // Concatenate and return. - - vmlinuz = malloc(vmlinuz_header_size + kblob_size); - if (vmlinuz == NULL) - return 1; -- -- memcpy(vmlinuz, kpart_data + vmlinuz_header_offset, -- vmlinuz_header_size); -- -+ memcpy(vmlinuz, vmlinuz_header, vmlinuz_header_size); - memcpy(vmlinuz + vmlinuz_header_size, kblob_data, kblob_size); - - *vmlinuz_out = vmlinuz; --- -2.45.1 - |