summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-02Fix wrong type on console_error() call.Peter Jones
Stupid L"". Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01If we fail to install our protocol, don't continue.Peter Jones
This shouldn't be exploitable unless you've got a way to make InstallProtocol fail and still, for example, have memory free to actually load and run something. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01If we fail to install our protocol, don't continue.Peter Jones
This shouldn't be exploitable unless you've got a way to make InstallProtocol fail and still, for example, have memory free to actually load and run something. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Clean up warnings.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Clean up warnings.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Conditionalize overriding the security policy.Peter Jones
Make OVERRIDE_SECURITY_POLICY a build option. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Conditionalize overriding the security policy.Peter Jones
Make OVERRIDE_SECURITY_POLICY a build option. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Merge console_control.h and console.hPeter Jones
Since these are topically the same thing, they can live together. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Merge console_control.h and console.hPeter Jones
Since these are topically the same thing, they can live together. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Make verbose stuff use console_notifyPeter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Make verbose stuff use console_notifyPeter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01MokManager needs to disable the graphics console.Peter Jones
Without this patch, on some machines we never see MokManager's UI. This protocol has never (I think?) been officially published, and yet I still have new hardware that needs it. If you're looking for a reference, look at: EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c in the edk2 tree from Tiano. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01MokManager needs to disable the graphics console.Peter Jones
Without this patch, on some machines we never see MokManager's UI. This protocol has never (I think?) been officially published, and yet I still have new hardware that needs it. If you're looking for a reference, look at: EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c in the edk2 tree from Tiano. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Include shim's vendor_cert in MokListRTPeter Jones
There needs to be some way to communicate to the kernel that it's a trusted key, and since this mechanism already exists, it's by far the easiest.
2013-10-01Include shim's vendor_cert in MokListRTPeter Jones
There needs to be some way to communicate to the kernel that it's a trusted key, and since this mechanism already exists, it's by far the easiest.
2013-10-01Harden shim against non-participating bootloaders.Peter Jones
It works like this: during startup of shim, we hook into the system's ExitBootServices() and StartImage(). If the system's StartImage() is called, we automatically unhook, because we're chainloading to something the system can verify. When shim's verify is called, we record what kind of certificate the image was verified against. If the call /succeeds/, we remove our hooks. If ExitBootServices() is called, we check how the bootloader verified whatever it is loading. If it was verified by its hash, we unhook everything and call the system's EBS(). If it was verified by certificate, we check if it has called shim_verify(). If it has, we unhook everything and call the system's EBS() If the bootloader has not verified anything, and is itself verified by a certificate, we display a security violation warning and halt the machine.
2013-10-01Harden shim against non-participating bootloaders.Peter Jones
It works like this: during startup of shim, we hook into the system's ExitBootServices() and StartImage(). If the system's StartImage() is called, we automatically unhook, because we're chainloading to something the system can verify. When shim's verify is called, we record what kind of certificate the image was verified against. If the call /succeeds/, we remove our hooks. If ExitBootServices() is called, we check how the bootloader verified whatever it is loading. If it was verified by its hash, we unhook everything and call the system's EBS(). If it was verified by certificate, we check if it has called shim_verify(). If it has, we unhook everything and call the system's EBS() If the bootloader has not verified anything, and is itself verified by a certificate, we display a security violation warning and halt the machine.
2013-10-01Make vendor_cert/vendor_dbx actually replaceable by an external tool.Peter Jones
This moves them both to be computed at runtime from a pointer+offset rather than just a pointer, so that their real address can be entirely derived from the section they're in. This means you can replace the whole .vendor_cert section with a new one with certs that don't have the same size.
2013-10-01Make vendor_cert/vendor_dbx actually replaceable by an external tool.Peter Jones
This moves them both to be computed at runtime from a pointer+offset rather than just a pointer, so that their real address can be entirely derived from the section they're in. This means you can replace the whole .vendor_cert section with a new one with certs that don't have the same size.
2013-10-01Remove TODO items fixed by merging lf_merge and lcp/lf-security-override.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-01Remove TODO items fixed by merging lf_merge and lcp/lf-security-override.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26Install fallback.efi.signed as well, to lay the groundwork for fallbackSteve Langasek
handling (wanted when we have to move a drive between machines, or when the firmware loses its marbles^W nvram).
2013-09-26Don't use LibGetVariable(), since it doesn't give us real error codes.Peter Jones
2013-09-26Don't use LibGetVariable(), since it doesn't give us real error codes.Peter Jones
2013-09-26integrate security overrideGary Ching-Pang Lin
2013-09-26integrate security overrideGary Ching-Pang Lin
2013-09-26Clean up tarballs in "make clean"Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26Clean up tarballs in "make clean"Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26Merge variable retrieving functionsGary Ching-Pang Lin
2013-09-26Merge variable retrieving functionsGary Ching-Pang Lin
2013-09-26Merge signature.h into efiauthenticated.h and guid.hGary Ching-Pang Lin
Conflicts: shim.c
2013-09-26Merge signature.h into efiauthenticated.h and guid.hGary Ching-Pang Lin
Conflicts: shim.c
2013-09-26Merge two PeImage.h into onePeter Jones
Conflicts: Makefile
2013-09-26Merge two PeImage.h into onePeter Jones
Conflicts: Makefile
2013-09-26Free unused memory spaceGary Ching-Pang Lin
2013-09-26Free unused memory spaceGary Ching-Pang Lin
2013-09-26Adjust the result of gmtime() to fit the definitionGary Ching-Pang Lin
2013-09-26Adjust the result of gmtime() to fit the definitionGary Ching-Pang Lin
2013-09-26Rand: check the status of the pseudorandom number generatorGary Ching-Pang Lin
2013-09-26Rand: check the status of the pseudorandom number generatorGary Ching-Pang Lin
2013-09-26MokManager: check the suffix of the key fileGary Ching-Pang Lin
2013-09-26MokManager: check the suffix of the key fileGary Ching-Pang Lin
2013-09-26MokManager: fetch more info from X509 nameGary Ching-Pang Lin
2013-09-26MokManager: fetch more info from X509 nameGary Ching-Pang Lin
2013-09-26MokManager: reboot the system after clearing MOK passwordGary Ching-Pang Lin
2013-09-26MokManager: reboot the system after clearing MOK passwordGary Ching-Pang Lin
2013-09-26MokManager: enhance the password prompt for SB stateGary Ching-Pang Lin
2013-09-26MokManager: enhance the password prompt for SB stateGary Ching-Pang Lin
2013-09-26MokManager: rearrange the output of MOK infoGary Ching-Pang Lin
2013-09-26MokManager: rearrange the output of MOK infoGary Ching-Pang Lin