efi-boot-shim.git/Makefile, branch 0.5 (mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=0.5 2013-10-04T21:04:21+00:00 Bump version to 0.5 2013-10-04T21:04:21+00:00 Peter Jones pjones@redhat.com 2013-10-04T21:04:12+00:00 urn:sha1:baebb090ea1f65c205ac1fe2b83b42bb979a4907 Signed-off-by: Peter Jones <pjones@redhat.com> Add ident-like blobs to shim.efi for version checking. 2013-10-03T15:11:09+00:00 Peter Jones pjones@redhat.com 2013-10-03T15:01:36+00:00 urn:sha1:fc986307fb200fdf493b9dd083ad39ae3561b0c9 I feel dirty. Remove "shim.cer" on "make clean". 2013-10-02T14:48:41+00:00 Peter Jones pjones@redhat.com 2013-10-02T14:48:41+00:00 urn:sha1:91c5a05037598425757b3a9ab76619ff2f48fc20 If we don't do this, an old key winds up being reused and MokManager.efi.signed is signed with a different key than shim_cert reflects. Signed-off-by: Peter Jones <pjones@redhat.com> Conditionalize overriding the security policy. 2013-10-01T18:03:16+00:00 Peter Jones pjones@redhat.com 2013-10-01T17:55:27+00:00 urn:sha1:f330528786fb02f1771c76818ffc8f1793f5d2f7 Make OVERRIDE_SECURITY_POLICY a build option. Signed-off-by: Peter Jones <pjones@redhat.com> Merge console_control.h and console.h 2013-10-01T18:03:16+00:00 Peter Jones pjones@redhat.com 2013-10-01T17:43:25+00:00 urn:sha1:4537217422a4e1bf145e135d89284cf7887ad826 Since these are topically the same thing, they can live together. Signed-off-by: Peter Jones <pjones@redhat.com> Make verbose stuff use console_notify 2013-10-01T18:03:16+00:00 Peter Jones pjones@redhat.com 2013-09-27T15:32:49+00:00 urn:sha1:09a37bbc69f6c5d6c1d081f4f938f34cff412c4f Signed-off-by: Peter Jones <pjones@redhat.com> Harden shim against non-participating bootloaders. 2013-10-01T18:03:16+00:00 Peter Jones pjones@redhat.com 2013-09-09T16:37:50+00:00 urn:sha1:39df41ceb5a793f7db9233a2741d30c55b6a8861 It works like this: during startup of shim, we hook into the system's ExitBootServices() and StartImage(). If the system's StartImage() is called, we automatically unhook, because we're chainloading to something the system can verify. When shim's verify is called, we record what kind of certificate the image was verified against. If the call /succeeds/, we remove our hooks. If ExitBootServices() is called, we check how the bootloader verified whatever it is loading. If it was verified by its hash, we unhook everything and call the system's EBS(). If it was verified by certificate, we check if it has called shim_verify(). If it has, we unhook everything and call the system's EBS() If the bootloader has not verified anything, and is itself verified by a certificate, we display a security violation warning and halt the machine. Make vendor_cert/vendor_dbx actually replaceable by an external tool. 2013-10-01T18:03:16+00:00 Peter Jones pjones@redhat.com 2013-09-09T18:43:04+00:00 urn:sha1:02388bcd58e73effdc828e8df9bbf5553c594835 This moves them both to be computed at runtime from a pointer+offset rather than just a pointer, so that their real address can be entirely derived from the section they're in. This means you can replace the whole .vendor_cert section with a new one with certs that don't have the same size. Clean up tarballs in "make clean" 2013-09-26T15:58:02+00:00 Peter Jones pjones@redhat.com 2013-09-26T15:01:42+00:00 urn:sha1:9197943206cb47ce2c5d4479a7e43552b1a428b3 Signed-off-by: Peter Jones <pjones@redhat.com> Merge signature.h into efiauthenticated.h and guid.h 2013-09-26T15:58:02+00:00 Gary Ching-Pang Lin glin@suse.com 2013-07-04T09:41:51+00:00 urn:sha1:79424b09ca1db2878cd67a59e30ff0849c058f1d Conflicts: shim.c