fix the issue that the gBS->LoadImage pointer was empty

backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch

@@ -0,0 +1,39 @@
+From 712097206702f26e96be3f7ba79eb52d00e1f658 Mon Sep 17 00:00:00 2001
+From: jinlun <869793317@qq.com>
+Date: Sat, 2 Nov 2024 17:21:22 +0800
+Subject: [PATCH] Fix the issue that the gBS->LoadImage pointer was empty.
+
+The interface shouldn't be replaced at the shim_fini
+ stage When the vendor certificate doesn't exist.
+
+Signed-off-by: jinlun <869793317@qq.com>
+Signed-off-by: xuce <xuce10@h-partners.com>
+---
+ shim.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 547b052..aa74610 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1651,11 +1651,12 @@ shim_fini(void)
+ 	uninstall_shim_protocols();
+ 
+ 	if (secure_mode()) {
+-
+-		/*
+-		 * Remove our hooks from system services.
+-		 */
+-		unhook_system_services();
++		if (vendor_cert_size || vendor_dbx_size) {
++			/*
++			* Remove our hooks from system services.
++			*/
++			unhook_system_services();
++		}
+ 	}
+ 
+ 	unhook_exit();
+-- 
+2.33.0
+

shim.spec

@@ -22,7 +22,7 @@
 
 Name:		shim
 Version:	15
-Release:        35
+Release:        36
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:  x86_64 aarch64
 License:	BSD
@@ -61,6 +61,7 @@ Patch26:        backport-CVE-2023-40547-avoid-incorrectly-trusting-HTTP-heade.pa
 Patch27:        backport-CVE-2023-3446.patch
 Patch28:        backport-CVE-2023-0465.patch
 Patch29:        backport-CVE-2023-2650.patch
+Patch30:        backport-Fix-the-issue-that-the-gBS-LoadImage-pointer-was-emp.patch
 
 # Feature
 Patch9000:	Feature-add-tpcm-support-with-ipmi-channel.patch
@@ -165,6 +166,9 @@ cd ..
 /usr/src/debug/%{name}-%{version}-%{release}/*
 
 %changelog
+* Tue Feb 11 2025 fuanan <fuanan3@h-partners.com> - 15-36
+- fix the issue that the gBS->LoadImage pointer was empty.
+
 * Wed Feb 28 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 15-35
 - fix CVE-2023-3446 CVE-2023-0465 CVE-2023-2650