Add ident-like blobs to shim.efi for version checking.

I feel dirty.
rhboot · Oct 3, 2013 · fc98630 · fc98630
1 parent d83213c
commit fc98630
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,4 @@ shim_cert.h
 *.srl
 *.srl.old
 *.tar.*
+version.c
diff --git a/Makefile b/Makefile
@@ -40,9 +40,9 @@ LDFLAGS		= -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH
 VERSION		= 0.4
 
 TARGET	= shim.efi MokManager.efi.signed fallback.efi.signed
-OBJS	= shim.o netboot.o cert.o replacements.o
+OBJS	= shim.o netboot.o cert.o replacements.o version.o
 KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
-SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h
+SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
 MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
 MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
 FALLBACK_OBJS = fallback.o
@@ -61,6 +61,12 @@ shim_cert.h: shim.cer
 	hexdump -v -e '1/1 "0x%02x, "' $< >> $@
 	echo "};" >> $@
 
+version.c : version.c.in
+	sed	-e "s,@@VERSION@@,$(VERSION)," \
+		-e "s,@@UNAME@@,$(shell uname -a)," \
+		-e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
+		< version.c.in > version.c
+
 certdb/secmod.db: shim.crt
 	-mkdir certdb
 	certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
@@ -115,7 +121,7 @@ clean:
 	$(MAKE) -C Cryptlib/OpenSSL clean
 	$(MAKE) -C lib clean
 	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
-	rm -f *.debug *.so *.efi *.tar.*
+	rm -f *.debug *.so *.efi *.tar.* version.c
 
 GITTAG = $(VERSION)
 
@@ -125,6 +131,7 @@ test-archive:
 	@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
 	@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
 	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
+	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
 	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
 	@rm -rf /tmp/shim-$(VERSION)
 	@echo "The archive is in shim-$(VERSION).tar.bz2"
@@ -135,6 +142,7 @@ archive:
 	@mkdir -p /tmp/shim-$(VERSION)-tmp
 	@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
 	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
+	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
 	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
 	@rm -rf /tmp/shim-$(VERSION)
 	@echo "The archive is in shim-$(VERSION).tar.bz2"
diff --git a/include/console.h b/include/console.h
@@ -20,6 +20,8 @@ console_alertbox(CHAR16 **title);
 void
 console_notify(CHAR16 *string);
 void
+console_notify_ascii(CHAR8 *string);
+void
 console_reset(void);
 #define NOSEL 0x7fffffff
 

diff --git a/lib/console.c b/lib/console.c
@@ -312,6 +312,20 @@ console_notify(CHAR16 *string)
 	console_alertbox(str_arr);
 }
 
+void
+console_notify_ascii(CHAR8 *string)
+{
+	CHAR16 *str = AllocateZeroPool((strlena(string) + 1) * 2);
+	int i, j;
+
+	if (!str)
+		return;
+
+	for (i = 0, j = 1; string[i] != '\0'; i++, j+=2)
+		str[j] = string[i];
+	console_notify(str);
+}
+
 #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0]))
 
 /* Copy of gnu-efi-3.0 with the added secure boot strings */

diff --git a/shim.c b/shim.c
@@ -48,6 +48,7 @@
 #include "efiauthenticated.h"
 #include "security_policy.h"
 #include "console.h"
+#include "version.h"
 
 #define FALLBACK L"\\fallback.efi"
 #define MOK_MANAGER L"\\MokManager.efi"
@@ -1668,6 +1669,9 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab)
 	if (!EFI_ERROR(efi_status))
 		verbose = verbose_check;
 
+	if (verbose)
+		console_notify_ascii(shim_version);
+
 	/* Set the second stage loader */
 	set_second_stage (image_handle);
 

diff --git a/version.c.in b/version.c.in
@@ -0,0 +1,8 @@
+
+#include "version.h"
+
+CHAR8 shim_version[] = 
+	"UEFI SHIM\n"
+	"$Version: @@VERSION@@ $\n"
+	"$BuildMachine: @@UNAME@@ $\n"
+	"$Commit: @@COMMIT@@ $\n";
diff --git a/version.h b/version.h
@@ -0,0 +1,8 @@
+#ifndef _SHIM_VERSION_H
+#define _SHIM_VERSION_H 1
+
+#include <efi.h>
+
+extern CHAR8 shim_version[];
+
+#endif /* SHIM_VERSION_H */