summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-10-11Add missing header defineMatthew Garrett
2012-10-11Add SHA1 supportMatthew Garrett
In theory vendors could blacklist binaries with SHA1, so make sure we calculate and check that hash as well.
2012-10-11Add menu headerMatthew Garrett
Add a basic header to the menu to make it clearer what's going on. Define SHIM_VENDOR in order to override the default.
2012-10-11Clear screen on exitMatthew Garrett
2012-10-11Add timeout supportMatthew Garrett
We should time out if there aren't any keypresses at the top level menu within a reasonable timeframe.
2012-10-11Fix whitespaceMatthew Garrett
2012-10-11Remove unnecessary newlineGary Ching-Pang Lin
The newline character shouldn't be present in the menu item string
2012-10-11Pass the size of MokNew to the key enrollment functionGary Ching-Pang Lin
The size of MokNew was missing and it caused crash when enrolling new MOKs with mokutil
2012-10-10releasing version 0~20120906.bcd0a4e8-0ubuntu4Steve Langasek
2012-10-10debian/patches/shim-before-loadimage: Use direct verification firstSteve Langasek
before LoadImage. Addresses an issue where Lenovo's SecureBoot implementation pops an error message on any verification failure - avoid calling LoadImage at all unless we have to.
2012-10-09Callbacks should return INTN, not UINTNMatthew Garrett
2012-10-09Remove unused variableMatthew Garrett
2012-10-09Don't lose the last file in top-level directoriesMatthew Garrett
The filesystem callback was failing to account for the additional menu item to return to the filesystem list, and so the last file entry in the root directory would be missing from the list.
2012-10-08Fix filesystem enrollmentMatthew Garrett
We would always enrol a single key, deleting any existing keys in the database. Fix that up.
2012-10-08Add an auth argument to store_keys()Matthew Garrett
If the user is manually installing keys from a filesystem then we don't need to ask for the key password.
2012-10-08Add __attribute__ ((packed)) to MokListNode definitionMatthew Garrett
Packing this lets us use MokListNode with the binary MokList representation.
2012-10-06Disable menu freeingMatthew Garrett
This looks like it ought to work, but is currently failing. Leaking here isn't a big deal, so just disable it until I figure out what's wrong.
2012-10-06Fix menucountMatthew Garrett
Menucount wasn't being incremented for the final top level menu, so the file explorer menu item wasn't appearing.
2012-10-06Free menus and add staticsMatthew Garrett
Make sure we free menu items after exiting a menu. Also, add some missing static annotations.
2012-10-06Fix menu itemsMatthew Garrett
Only show the MOK manipulation menu item if MokNew existed
2012-10-06Always show the MokManager UIMatthew Garrett
If someone explicitly starts MokManager then we want to show the UI
2012-10-06Fall back to MokManager if grub failed to validateMatthew Garrett
If we can't verify grub, fall back to MokManager. This permits shipping a copy of shim and MokManager without distributing a key, letting distributions provide their own for user installation.
2012-10-05Add filesystem browsing and enrollmentMatthew Garrett
Add a basic menu system and file explorer. This makes it possible for the user to enrol keys from media from within shim rather than having to boot an OS first. This would permit vendors to distribute a signed shim without having to install their own keys first - the keys could be stored on the install media instead.
2012-10-05releasing version 0~20120906.bcd0a4e8-0ubuntu3Steve Langasek
2012-10-05debian/patches/second-stage-path: Chainload grubx64.efi, notSteve Langasek
grub.efi.
2012-10-04releasing version 0~20120906.bcd0a4e8-0ubuntu2Steve Langasek
2012-10-04Only build the package for amd64; we're not signing an i386 shim at thisSteve Langasek
stage so there's no point in building it.
2012-10-04debian/patches/prototypes: Include missing prototypes, and disableSteve Langasek
use of BIO_new_file.
2012-10-04Don't show the invalid key numberGary Ching-Pang Lin
2012-10-04Use the same function to get commands and passwordGary Ching-Pang Lin
2012-10-04Print the key number for the non-existent key alsoGary Ching-Pang Lin
2012-10-04releasing version 0~20120906.bcd0a4e8-0ubuntu1Steve Langasek
2012-10-04Fix the changelog, which is inaccurate now that we just include the fileSteve Langasek
2012-10-04Use a clearer name for the VENDOR_CERT_FILE.Steve Langasek
2012-10-04Pull newer upstream snapshot, which fixes verification of the signature on ↵Steve Langasek
our signed GRUB efi
2012-10-03Import upstream version 0~20120906.bcd0a4e8Steve Langasek
2012-10-03Include the Canonical Secure Boot master CA (cert.der) and include asSteve Langasek
cert.h at build time.
2012-10-02Don't print Backspace as we print nothingGary Ching-Pang Lin
2012-10-02Calculate SHA1 fingerprintGary Ching-Pang Lin
openssl shows sha1 fingerprint by default.
2012-10-02Replace functions with the ones in gnu-efiGary Ching-Pang Lin
2012-10-02Use LibDeleteVariable in gnu-efiGary Ching-Pang Lin
2012-09-27More tips for the MOK passwordGary Ching-Pang Lin
2012-09-26Filter out newline from the password arrayGary Ching-Pang Lin
2012-09-26correct wordingGary Ching-Pang Lin
2012-09-26Build debug image for all efi filesGary Ching-Pang Lin
2012-09-24Define the max length of passwordGary Ching-Pang Lin
2012-09-24Request a password to verify the key listGary Ching-Pang Lin
The password must contain 8 characters at least and 16 characters at most and will be hashed with the key list altogether. The keys in MokNew won't be allowed to be enrolled unless the user provides the correct password.
2012-09-21Erase stored keys when there is no key in the new key listGary Ching-Pang Lin
2012-09-21Make sure the variables are not brokenGary Ching-Pang Lin
2012-09-21Allow the new keys to be listed againGary Ching-Pang Lin
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-07 13:18:47 +0000