| Age | Commit message (Collapse) | Author |
|---|
|
read_header would fail if the binary was unsigned, even if we weren't then
going to verify the signature. Move that check to the verify function
instead.
|
|
read_header would fail if the binary was unsigned, even if we weren't then
going to verify the signature. Move that check to the verify function
instead.
|
|
Fixes for some small bugs noticed during review
|
|
Fixes for some small bugs noticed during review
|
|
Another case where we were drawing text over existing text.
|
|
Another case where we were drawing text over existing text.
|
|
|
|
|
|
This was hardcoded, rather than being based on the actual password length,
resulting in incorrect hashes being generated.
|
|
This was hardcoded, rather than being based on the actual password length,
resulting in incorrect hashes being generated.
|
|
Update this to match the new mokutil behaviour
|
|
Update this to match the new mokutil behaviour
|
|
A cut and paste error meant that attempts to delete MokList were instead
appending a zero-length addition.
|
|
A cut and paste error meant that attempts to delete MokList were instead
appending a zero-length addition.
|
|
Add a helper function and tidy up the calls for getting into MokManager
|
|
Add a helper function and tidy up the calls for getting into MokManager
|
|
The pointer to the certificate needs to be incremented by the size of the
entire certificate, not just the certificate data.
|
|
The pointer to the certificate needs to be incremented by the size of the
entire certificate, not just the certificate data.
|
|
In some rare corner cases, it's useful to add a blacklist of things that
were allowed by a copy of shim that was never signed by the UEFI signing
service. In these cases it's okay for them to go into a local dbx,
rather than taking up precious flash.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
In some rare corner cases, it's useful to add a blacklist of things that
were allowed by a copy of shim that was never signed by the UEFI signing
service. In these cases it's okay for them to go into a local dbx,
rather than taking up precious flash.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
We were drawing prompts on top of existing text, which was less than
ideal.
|
|
We were drawing prompts on top of existing text, which was less than
ideal.
|
|
There's no point in printing the SHA1 of a SHA256...
|
|
There's no point in printing the SHA1 of a SHA256...
|
|
Reduce menu redrawing by only redrawing the invalidated section of the menu
during the timeout countdown.
|
|
Reduce menu redrawing by only redrawing the invalidated section of the menu
during the timeout countdown.
|
|
Add support for setting an MOK password. The OS passes down a password hash.
MokManager then presents an option for setting a password. Selecting it
prompts the user for the same password again. If they match, the hash is
enrolled into a boot services variable and MokManager will prompt for the
password whenever it's started.
|
|
Add support for setting an MOK password. The OS passes down a password hash.
MokManager then presents an option for setting a password. Selecting it
prompts the user for the same password again. If they match, the hash is
enrolled into a boot services variable and MokManager will prompt for the
password whenever it's started.
|
|
If a callback returns any kind of failure, wait for a keypress in order to
give the user an opportunity to read any failure messages.
|
|
If a callback returns any kind of failure, wait for a keypress in order to
give the user an opportunity to read any failure messages.
|
|
If we're configured to run untrusted code, print a message and skip the
validation checks.
|
|
If we're configured to run untrusted code, print a message and skip the
validation checks.
|
|
Provide a mechanism for a physically present end user to disable signature
verification. This is handled by the OS passing down a variable that
contains a UINT32 and a SHA256 hash. If this variable is present, MokManager
prompts the user to choose whether to enable or disable signature validation
(depending on the value of the UINT32). They are then asked to type the
passphrase that matches the hash. This then saves a boot services variable
which is checked by shim, and if set will skip verification of signatures.
|
|
Provide a mechanism for a physically present end user to disable signature
verification. This is handled by the OS passing down a variable that
contains a UINT32 and a SHA256 hash. If this variable is present, MokManager
prompts the user to choose whether to enable or disable signature validation
(depending on the value of the UINT32). They are then asked to type the
passphrase that matches the hash. This then saves a boot services variable
which is checked by shim, and if set will skip verification of signatures.
|
|
Provide a little more contextual information when people are in shim
menus.
|
|
Provide a little more contextual information when people are in shim
menus.
|
|
|
|
|
|
The size of the DevPath string array was not sufficient to append
the volume label. This patch extends the size for the label and
re-enables the menu freeing.
|
|
The size of the DevPath string array was not sufficient to append
the volume label. This patch extends the size for the label and
re-enables the menu freeing.
|
|
Some systems will show an error dialog if LoadImage() returned
EFI_ACCESS_DENIED, which then requires physical user interaction to skip.
Let's just remove the LoadImage/StartImage code, since the built-in code
is theoretically equivalent.
|
|
Some systems will show an error dialog if LoadImage() returned
EFI_ACCESS_DENIED, which then requires physical user interaction to skip.
Let's just remove the LoadImage/StartImage code, since the built-in code
is theoretically equivalent.
|
|
Using the same format as the UEFI key databases makes it easier for the
kernel to parse and extract keys from MOK, and also permits MOK to contain
multiple key or hash types. Additionally, add support for enrolling hashes.
|
|
Using the same format as the UEFI key databases makes it easier for the
kernel to parse and extract keys from MOK, and also permits MOK to contain
multiple key or hash types. Additionally, add support for enrolling hashes.
|
|
We want to be able to generate hashes, so split out the hash generation
function from the verification function
|
|
We want to be able to generate hashes, so split out the hash generation
function from the verification function
|
|
|
|
|
|
In theory vendors could blacklist binaries with SHA1, so make sure we
calculate and check that hash as well.
|
|
In theory vendors could blacklist binaries with SHA1, so make sure we
calculate and check that hash as well.
|
