From db7c0321e9a143f8efa5a4eefa3f1586dc8651c4 Mon Sep 17 00:00:00 2001
From: Dan Nicholson <dbn@endlessos.org>
Date: Tue, 10 Sep 2024 08:59:29 -0600
Subject: [PATCH] Drop downstream fallback patches

The issue of invalid load options after updating the ESP UUID will be
solved by updating the load options when the UUID is changed. That makes
these patches unnecessary.

https://phabricator.endlessm.com/T31604
---
 debian/changelog                              |   6 +
 ...work-around-the-issue-of-boot-option.patch | 161 ------------
 ...back-Clean-up-duplicate-boot-entries.patch | 237 ------------------
 debian/patches/series                         |   2 -
 4 files changed, 6 insertions(+), 400 deletions(-)
 delete mode 100644 debian/patches/0003-Revert-fallback-work-around-the-issue-of-boot-option.patch
 delete mode 100644 debian/patches/0004-fallback-Clean-up-duplicate-boot-entries.patch

diff --git a/debian/changelog b/debian/changelog
index 0415a15fa..ba1575eb0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+shim (15.8-1~deb12u1endless2) master; urgency=medium
+
+  * Drop downstream fallback patches (T31604)
+
+ -- Dan Nicholson <dbn@endlessos.org>  Tue, 10 Sep 2024 09:01:50 -0600
+
 shim (15.8-1~deb12u1endless1) master; urgency=medium
 
   [ Dan Nicholson ]
diff --git a/debian/patches/0003-Revert-fallback-work-around-the-issue-of-boot-option.patch b/debian/patches/0003-Revert-fallback-work-around-the-issue-of-boot-option.patch
deleted file mode 100644
index 0f179fabc..000000000
--- a/debian/patches/0003-Revert-fallback-work-around-the-issue-of-boot-option.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-From: =?utf-8?q?Jo=C3=A3o_Paulo_Rechi_Vita?= <jprvita@endlessos.org>
-Date: Mon, 5 Apr 2021 17:47:32 -0700
-Subject: Revert "fallback: work around the issue of boot option creation with
- AMI BIOS"
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 0cc030c2f2fba53b74fb09466a07b8e6297a52d3.
-
-If we consider two entries with the same label as duplicates (next
-commit) we don't need to worry about AMI's masking of boot entries.
-
-Signed-off-by: João Paulo Rechi Vita <jprvita@endlessos.org>
----
- fallback.c | 113 ++++---------------------------------------------------------
- 1 file changed, 6 insertions(+), 107 deletions(-)
-
-diff --git a/fallback.c b/fallback.c
-index 600cc7a..67a22aa 100644
---- a/fallback.c
-+++ b/fallback.c
-@@ -295,105 +295,6 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
- 	return EFI_OUT_OF_RESOURCES;
- }
- 
--/*
-- * AMI BIOS (e.g, Intel NUC5i3MYHE) may automatically hide and patch BootXXXX
-- * variables with ami_masked_device_path_guid. We can get the valid device path
-- * if just skipping it and its next end path.
-- */
--
--static EFI_GUID ami_masked_device_path_guid = {
--	0x99e275e7, 0x75a0, 0x4b37,
--	{ 0xa2, 0xe6, 0xc5, 0x38, 0x5e, 0x6c, 0x0, 0xcb }
--};
--
--static unsigned int
--calc_masked_boot_option_size(unsigned int size)
--{
--	return size + sizeof(EFI_DEVICE_PATH) +
--	       sizeof(ami_masked_device_path_guid) + sizeof(EFI_DEVICE_PATH);
--}
--
--static int
--check_masked_boot_option(CHAR8 *candidate, unsigned int candidate_size,
--			 CHAR8 *data, unsigned int data_size)
--{
--	/*
--	 * The patched BootXXXX variables contain a hardware device path and
--	 * an end path, preceding the real device path.
--	 */
--	if (calc_masked_boot_option_size(data_size) != candidate_size)
--		return 1;
--
--	CHAR8 *cursor = candidate;
--
--	/* Check whether the BootXXXX is patched */
--	cursor += sizeof(UINT32) + sizeof(UINT16);
--	cursor += StrSize((CHAR16 *)cursor);
--
--	unsigned int min_valid_size = cursor - candidate + sizeof(EFI_DEVICE_PATH);
--
--	if (candidate_size <= min_valid_size)
--		return 1;
--
--	EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)cursor;
--	unsigned int node_size = DevicePathNodeLength(dp) - sizeof(EFI_DEVICE_PATH);
--
--	min_valid_size += node_size;
--	if (candidate_size <= min_valid_size ||
--	    DevicePathType(dp) != HARDWARE_DEVICE_PATH ||
--	    DevicePathSubType(dp) != HW_VENDOR_DP ||
--	    node_size != sizeof(ami_masked_device_path_guid) ||
--	    CompareGuid((EFI_GUID *)(cursor + sizeof(EFI_DEVICE_PATH)),
--		        &ami_masked_device_path_guid))
--		return 1;
--
--	/* Check whether the patched guid is followed by an end path */
--	min_valid_size += sizeof(EFI_DEVICE_PATH);
--	if (candidate_size <= min_valid_size)
--		return 1;
--
--	dp = NextDevicePathNode(dp);
--	if (!IsDevicePathEnd(dp))
--		return 1;
--
--	/*
--	 * OK. We may really get a masked BootXXXX variable. The next
--	 * step is to test whether it is hidden.
--	 */
--	UINT32 attrs = *(UINT32 *)candidate;
--#ifndef LOAD_OPTION_HIDDEN
--#  define LOAD_OPTION_HIDDEN	0x00000008
--#endif
--        if (!(attrs & LOAD_OPTION_HIDDEN))
--		return 1;
--
--	attrs &= ~LOAD_OPTION_HIDDEN;
--
--	/* Compare the field Attributes */
--	if (attrs != *(UINT32 *)data)
--		return 1;
--
--	/* Compare the field FilePathListLength */
--	data += sizeof(UINT32);
--	candidate += sizeof(UINT32);
--	if (calc_masked_boot_option_size(*(UINT16 *)data) !=
--					 *(UINT16 *)candidate)
--		return 1;
--
--	/* Compare the field Description */
--	data += sizeof(UINT16);
--	candidate += sizeof(UINT16);
--	if (CompareMem(candidate, data, cursor - candidate))
--		return 1;
--
--	/* Compare the filed FilePathList */
--	cursor = (CHAR8 *)NextDevicePathNode(dp);
--	data += sizeof(UINT16);
--	data += StrSize((CHAR16 *)data);
--
--	return CompareMem(cursor, data, candidate_size - min_valid_size);
--}
--
- EFI_STATUS
- find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
-                  CHAR16 *filename, CHAR16 *label, CHAR16 *arguments,
-@@ -425,8 +326,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
- 	if (!varname)
- 		return EFI_OUT_OF_RESOURCES;
- 
--	UINTN max_candidate_size = calc_masked_boot_option_size(size);
--	CHAR8 *candidate = AllocateZeroPool(max_candidate_size);
-+	CHAR8 *candidate = AllocateZeroPool(size);
- 	if (!candidate) {
- 		FreePool(data);
- 		return EFI_OUT_OF_RESOURCES;
-@@ -466,17 +366,16 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
- 		    !isxdigit(varname[6]) || !isxdigit(varname[7]))
- 			continue;
- 
--		UINTN candidate_size = max_candidate_size;
-+		UINTN candidate_size = size;
- 		efi_status = RT->GetVariable(varname, &GV_GUID, NULL,
- 					     &candidate_size, candidate);
- 		if (EFI_ERROR(efi_status))
- 			continue;
- 
--		if (candidate_size != size) {
--			if (check_masked_boot_option(candidate, candidate_size,
--						     data, size))
--				continue;
--		} else if (CompareMem(candidate, data, size))
-+		if (candidate_size != size)
-+			continue;
-+
-+		if (CompareMem(candidate, data, size))
- 			continue;
- 
- 		VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" "
diff --git a/debian/patches/0004-fallback-Clean-up-duplicate-boot-entries.patch b/debian/patches/0004-fallback-Clean-up-duplicate-boot-entries.patch
deleted file mode 100644
index 6e757c5d3..000000000
--- a/debian/patches/0004-fallback-Clean-up-duplicate-boot-entries.patch
+++ /dev/null
@@ -1,237 +0,0 @@
-From: =?utf-8?q?Jo=C3=A3o_Paulo_Rechi_Vita?= <jprvita@endlessos.org>
-Date: Fri, 7 Dec 2018 16:14:49 -0800
-Subject: fallback: Clean-up duplicate boot entries
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Consider all existing entries with the same label as the one we are
-trying to create as duplicates. When a duplicate is detected, add it to
-a remove list and later go over the remove list removing each boot entry
-and its occurrence in BootOrder, and finally let the rest of the logic
-work as if there was no boot entry.
-
-This change is needed for distributions that ship raw disk images
-instead of having an installer program partition the disk (ex., Endless
-OS) and generate a unique UUID for all partitions on first boot
-(otherwise every installation of the same release would have the same
-partition UUIDs). This setup relies on fallback to create a new boot
-entry pointing to the new ESP UUID on the second boot. Without this
-change, fallback will create a new boot entry with the same label
-pointing a the file path in the new ESP UUID while keeping the old entry
-that points at the non-existent UUID as a duplicate. While some firmware
-implemetations will clean-up these invalid boot entries on the next
-boot, other will just leave it around forever.
-
-However, this change breaks systems where it is desirable to have more
-than one boot entry with the same label pointing at different file paths
-for some reason (ex., two installations of the same OS on different
-ESPs). I'm not sure if this is a practical real-world use-case.
-
-https://phabricator.endlessm.com/T14430
-https://phabricator.endlessm.com/T16731
-
-Signed-off-by: João Paulo Rechi Vita <jprvita@endlessos.org>
----
- fallback.c | 141 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 52 insertions(+), 89 deletions(-)
-
-diff --git a/fallback.c b/fallback.c
-index 67a22aa..0cebe84 100644
---- a/fallback.c
-+++ b/fallback.c
-@@ -296,41 +296,25 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp,
- }
- 
- EFI_STATUS
--find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
--                 CHAR16 *filename, CHAR16 *label, CHAR16 *arguments,
--                 UINT16 *optnum)
-+remove_duplicates(EFI_DEVICE_PATH *dp, CHAR16 *label, CHAR16 *arguments)
- {
- 	unsigned int label_size = StrLen(label)*2 + 2;
--	unsigned int size = sizeof(UINT32) + sizeof (UINT16) +
--		label_size + DevicePathSize(dp) +
-+	unsigned int header_size = sizeof(UINT32) + sizeof (UINT16);
-+	unsigned int size = header_size + label_size + DevicePathSize(dp) +
- 		StrLen(arguments) * 2;
- 
--	CHAR8 *data = AllocateZeroPool(size + 2);
--	if (!data)
--		return EFI_OUT_OF_RESOURCES;
--	CHAR8 *cursor = data;
--	*(UINT32 *)cursor = LOAD_OPTION_ACTIVE;
--	cursor += sizeof (UINT32);
--	*(UINT16 *)cursor = DevicePathSize(dp);
--	cursor += sizeof (UINT16);
--	StrCpy((CHAR16 *)cursor, label);
--	cursor += label_size;
--	CopyMem(cursor, dp, DevicePathSize(dp));
--	cursor += DevicePathSize(dp);
--	StrCpy((CHAR16 *)cursor, arguments);
--
- 	EFI_STATUS efi_status;
- 	EFI_GUID vendor_guid = NullGuid;
-+	UINTN rmlist_len = 0;
-+	CHAR16 **rmlist = NULL;
- 	UINTN buffer_size = 256 * sizeof(CHAR16);
- 	CHAR16 *varname = AllocateZeroPool(buffer_size);
- 	if (!varname)
- 		return EFI_OUT_OF_RESOURCES;
- 
- 	CHAR8 *candidate = AllocateZeroPool(size);
--	if (!candidate) {
--		FreePool(data);
-+	if (!candidate)
- 		return EFI_OUT_OF_RESOURCES;
--	}
- 
- 	while (1) {
- 		UINTN varname_size = buffer_size;
-@@ -358,6 +342,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
- 
- 			/* EFI_NOT_FOUND means we listed all variables */
- 			VerbosePrint(L"Checked all boot entries\n");
-+			efi_status = EFI_SUCCESS;
- 			break;
- 		}
- 
-@@ -366,35 +351,62 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
- 		    !isxdigit(varname[6]) || !isxdigit(varname[7]))
- 			continue;
- 
-+		VerbosePrint(L"Checking %s\n", varname);
-+
- 		UINTN candidate_size = size;
- 		efi_status = RT->GetVariable(varname, &GV_GUID, NULL,
- 					     &candidate_size, candidate);
- 		if (EFI_ERROR(efi_status))
- 			continue;
- 
--		if (candidate_size != size)
-+		/* Check that we won't overrun the buffer when comparing */
-+		if (candidate_size < header_size + label_size)
- 			continue;
- 
--		if (CompareMem(candidate, data, size))
-+		/* Check if the label matches the one we are looking for */
-+		CHAR8 *cursor = candidate + header_size;
-+		VerbosePrint(L"%s: \"%s\"\n", varname, cursor);
-+		if (CompareMem(cursor, label, label_size))
- 			continue;
- 
--		VerbosePrint(L"Found boot entry \"%s\" with label \"%s\" "
--			     L"for file \"%s\"\n", varname, label, filename);
-+		VerbosePrint(L"Found duplicate boot entry \"%s\" for \"%s\"\n",
-+			     varname, label);
- 
--		/* at this point, we have duplicate data. */
--		if (!first_new_option) {
--			first_new_option = DuplicateDevicePath(fulldp);
--			first_new_option_args = StrDuplicate(arguments);
--			first_new_option_size = StrLen(arguments) * sizeof (CHAR16);
--		}
--
--		*optnum = xtoi(varname + 4);
--		FreePool(candidate);
--		FreePool(data);
--		return EFI_SUCCESS;
-+		/* add duplicate entry to rmlist */
-+		rmlist = ReallocatePool(rmlist, rmlist_len * sizeof(CHAR16 *),
-+					(rmlist_len+1) * sizeof(CHAR16 *));
-+		if (!rmlist)
-+			return EFI_OUT_OF_RESOURCES;
-+		rmlist[rmlist_len] = AllocateZeroPool(varname_size);
-+		CopyMem(rmlist[rmlist_len], varname, varname_size);
-+		rmlist_len++;
- 	}
-+
-+	/* remove all entries in rmlist */
-+	while (rmlist_len) {
-+		rmlist_len--;
-+		VerbosePrint(L"Removing \"%s\"\n", rmlist[rmlist_len]);
-+		if (!EFI_ERROR(LibDeleteVariable(rmlist[rmlist_len], &GV_GUID))) {
-+			int i, newnbootorder = 0;
-+			int bootnum = xtoi(rmlist[rmlist_len] + 4);
-+
-+			CHAR16 *newbootorder = NULL;
-+			newbootorder = AllocateZeroPool(sizeof (CHAR16) * nbootorder);
-+			if (!newbootorder)
-+				return EFI_OUT_OF_RESOURCES;
-+
-+			for (i = 0; i < nbootorder; i++)
-+				if (bootorder[i] != bootnum)
-+					newbootorder[newnbootorder++] = bootorder[i];
-+
-+			FreePool(bootorder);
-+			bootorder = newbootorder;
-+			nbootorder = newnbootorder;
-+		}
-+		FreePool(rmlist[rmlist_len]);
-+	}
-+
- 	FreePool(candidate);
--	FreePool(data);
- 	FreePool(varname);
- 	return efi_status;
- }
-@@ -508,57 +520,8 @@ add_to_boot_list(CHAR16 *dirname, CHAR16 *filename, CHAR16 *label, CHAR16 *argum
- 		FreePool(dps);
- 	}
- 
--	UINT16 option;
--	efi_status = find_boot_option(dp, full_device_path, fullpath, label,
--				      arguments, &option);
--	if (EFI_ERROR(efi_status)) {
--		add_boot_option(dp, full_device_path, fullpath, label,
--				arguments);
--		goto done;
--	}
--
--	UINT16 bootnum;
--	CHAR16 *newbootorder;
--	/* Search for the option in the current bootorder */
--	for (bootnum = 0; bootnum < nbootorder; bootnum++)
--		if (bootorder[bootnum] == option)
--			break;
--	if (bootnum == nbootorder) {
--		/* Option not found, prepend option and copy the rest */
--		newbootorder = AllocateZeroPool(sizeof(CHAR16)
--						* (nbootorder + 1));
--		if (!newbootorder) {
--			efi_status = EFI_OUT_OF_RESOURCES;
--			goto done;
--		}
--		newbootorder[0] = option;
--		CopyMem(newbootorder + 1, bootorder,
--			sizeof(CHAR16) * nbootorder);
--		FreePool(bootorder);
--		bootorder = newbootorder;
--		nbootorder += 1;
--	} else {
--		/* Option found, put first and slice the rest */
--		newbootorder = AllocateZeroPool(
--			sizeof(CHAR16) * nbootorder);
--		if (!newbootorder) {
--			efi_status = EFI_OUT_OF_RESOURCES;
--			goto done;
--		}
--		newbootorder[0] = option;
--		CopyMem(newbootorder + 1, bootorder,
--			sizeof(CHAR16) * bootnum);
--		CopyMem(newbootorder + 1 + bootnum,
--			bootorder + bootnum + 1,
--			sizeof(CHAR16) * (nbootorder - bootnum - 1));
--		FreePool(bootorder);
--		bootorder = newbootorder;
--	}
--	VerbosePrint(L"New nbootorder: %d\nBootOrder: ",
--		      nbootorder);
--	for (int i = 0 ; i < nbootorder ; i++)
--		VerbosePrintUnprefixed(L"%04x ", bootorder[i]);
--	VerbosePrintUnprefixed(L"\n");
-+	remove_duplicates(dp, label, arguments);
-+	add_boot_option(dp, full_device_path, fullpath, label, arguments);
- 
- done:
- 	if (full_device_path)
diff --git a/debian/patches/series b/debian/patches/series
index 6f9fc99f1..01fd29872 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,2 @@
 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
-0003-Revert-fallback-work-around-the-issue-of-boot-option.patch
-0004-fallback-Clean-up-duplicate-boot-entries.patch