| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
in 3.0k to build the netboot support.
|
|
sbsigntool instead of pesign.
|
|
|
|
|
|
This commit replaces the 2nd stage loader path with the first
argument in the Load Options and moves the rest arguments (if any)
to the Load Options for the 2nd stage loader.
For example, to make shim to load elilo.efi, just create a new
boot entry with efibootmgr:
# efibootmgr -c -L "shim elilo" -l "efi\\shim.efi" -u "elilo.efi"
|
|
This commit replaces the 2nd stage loader path with the first
argument in the Load Options and moves the rest arguments (if any)
to the Load Options for the 2nd stage loader.
For example, to make shim to load elilo.efi, just create a new
boot entry with efibootmgr:
# efibootmgr -c -L "shim elilo" -l "efi\\shim.efi" -u "elilo.efi"
|
|
secure_mode() was altered to always return true for debug purposes, and this
accidentally got committed to mainline. Fix that.
|
|
secure_mode() was altered to always return true for debug purposes, and this
accidentally got committed to mainline. Fix that.
|
|
shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.
|
|
shim needs to verify that MokManager hasn't been modified, but we want to
be able to support configurations where shim is shipped without a vendor
certificate. This patch adds support for generating a certificate at build
time, incorporating the public half into shim and signing MokManager with
the private half. It uses pesign and nss, but still requires openssl for
key generation. Anyone using sbsign will need to figure this out for
themselves.
|
|
findNetboot() would continue blindly even if no PXE-capable devices were
found. Fix that.
|
|
findNetboot() would continue blindly even if no PXE-capable devices were
found. Fix that.
|
|
This seems pretty much functionally complete, so let's call it 0.2.
|
|
This seems pretty much functionally complete, so let's call it 0.2.
|
|
Conflicts:
shim.c
|
|
Conflicts:
shim.c
|
|
|
|
|
|
Conflicts:
Makefile
shim.c
|
|
Conflicts:
Makefile
shim.c
|
|
Cert needs to be modified inside the Index loop, not outside it. This is unlikely to
ever trigger since there will typically only be one X509 certificate per
EFI_SIGNATURE_LIST, but fix it anyway.
|
|
Cert needs to be modified inside the Index loop, not outside it. This is unlikely to
ever trigger since there will typically only be one X509 certificate per
EFI_SIGNATURE_LIST, but fix it anyway.
|
|
We could potentially find a valid signature and then fail to validate it
due to not breaking out of the outer while loop.
|
|
We could potentially find a valid signature and then fail to validate it
due to not breaking out of the outer while loop.
|
|
load_image() didn't allocate PathName, don't have it free it.
|
|
load_image() didn't allocate PathName, don't have it free it.
|
|
Type-checking the UEFI calls picked up a couple of problems. Fix them up.
|
|
Type-checking the UEFI calls picked up a couple of problems. Fix them up.
|
|
Brief overview of the function and format of the various variables used
by Shim and MokManager.
|
|
Brief overview of the function and format of the various variables used
by Shim and MokManager.
|
|
|
|
|
|
|
|
|
|
The size of vendor dbx must be 0 if there is no vendor dbx provided
or the functions of db check will crash.
|
|
The size of vendor dbx must be 0 if there is no vendor dbx provided
or the functions of db check will crash.
|
|
Permit clearing of the password, and avoid a case where choosing not to set
a password would result in an error message on exit. Fix the same problem
with MokSB.
|
|
Permit clearing of the password, and avoid a case where choosing not to set
a password would result in an error message on exit. Fix the same problem
with MokSB.
|
|
The logic used in checking the signature validation password was a bit
ugly. Improve that so it behaves rather more as expected.
|
|
The logic used in checking the signature validation password was a bit
ugly. Improve that so it behaves rather more as expected.
|
