| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
It's annoying to find out we're not in SB mode over and over. Really it
is.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
It's annoying to find out we're not in SB mode over and over. Really it
is.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Woops.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Woops.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Nobody should be deploying SHA-1. No hardware deploys it, and the rate
of change on https://en.wikipedia.org/wiki/SHA-1#Attacks is wildly
uninspiring.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Nobody should be deploying SHA-1. No hardware deploys it, and the rate
of change on https://en.wikipedia.org/wiki/SHA-1#Attacks is wildly
uninspiring.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Patch from Johannes Segitz <jsegitz@suse.com>
|
|
Patch from Johannes Segitz <jsegitz@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
There are some functions that the return value and the type
didn't match.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
There are some functions that the return value and the type
didn't match.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Add SHA1 hash support and amend the code to make it easier to support
other SHA digests.
|
|
Add SHA1 hash support and amend the code to make it easier to support
other SHA digests.
|
|
match_hash() requests the number of keys in a list and it was
mistakenly replaced with the size of the Mok node. This would
made MokManager to remove the whole Mok node instead of one
hash.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
match_hash() requests the number of keys in a list and it was
mistakenly replaced with the size of the Mok node. This would
made MokManager to remove the whole Mok node instead of one
hash.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
MokSize of the hash signature list includes the owner GUID,
so we should not add the 16bytes compensation.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
MokSize of the hash signature list includes the owner GUID,
so we should not add the 16bytes compensation.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
also return to the previous entry in the list
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
also return to the previous entry in the list
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
The new blacklist, MokListX, stores the keys and hashes that are
banned.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
The new blacklist, MokListX, stores the keys and hashes that are
banned.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
When we made lib build with the correct CFLAGS, it inherited
-Werror=sign-compare, and I fixed up some parameters on
console_print_box() and console_print_box_at() to avoid sign comparison
errors.
The fixups were *completely wrong*, as some behavior relies on negative
values. So this fixes them in a completely different way, by casting
appropriately to signed types where we're doing comparisons.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
When we made lib build with the correct CFLAGS, it inherited
-Werror=sign-compare, and I fixed up some parameters on
console_print_box() and console_print_box_at() to avoid sign comparison
errors.
The fixups were *completely wrong*, as some behavior relies on negative
values. So this fixes them in a completely different way, by casting
appropriately to signed types where we're doing comparisons.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Right now applications run by shim get our wrapper for Exit(), but it
doesn't do as much cleanup as it should - shim itself also exits, but
currently is not doing all the cleanup it should be doing.
This changes it so all of shim's cleanup is also performed.
Based on a patch and lots of review from Gary Lin.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Right now applications run by shim get our wrapper for Exit(), but it
doesn't do as much cleanup as it should - shim itself also exits, but
currently is not doing all the cleanup it should be doing.
This changes it so all of shim's cleanup is also performed.
Based on a patch and lots of review from Gary Lin.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
