| Age | Commit message (Collapse) | Author |
|---|
|
In theory vendors could blacklist binaries with SHA1, so make sure we
calculate and check that hash as well.
|
|
Add a basic header to the menu to make it clearer what's going on.
Define SHIM_VENDOR in order to override the default.
|
|
Add a basic header to the menu to make it clearer what's going on.
Define SHIM_VENDOR in order to override the default.
|
|
|
|
|
|
We should time out if there aren't any keypresses at the top level menu
within a reasonable timeframe.
|
|
We should time out if there aren't any keypresses at the top level menu
within a reasonable timeframe.
|
|
|
|
|
|
The newline character shouldn't be present in the menu item string
|
|
The newline character shouldn't be present in the menu item string
|
|
The size of MokNew was missing and it caused crash when enrolling new MOKs
with mokutil
|
|
The size of MokNew was missing and it caused crash when enrolling new MOKs
with mokutil
|
|
|
|
before LoadImage. Addresses an issue where Lenovo's SecureBoot
implementation pops an error message on any verification failure - avoid
calling LoadImage at all unless we have to.
|
|
|
|
|
|
|
|
|
|
The filesystem callback was failing to account for the additional menu
item to return to the filesystem list, and so the last file entry in the
root directory would be missing from the list.
|
|
The filesystem callback was failing to account for the additional menu
item to return to the filesystem list, and so the last file entry in the
root directory would be missing from the list.
|
|
We would always enrol a single key, deleting any existing keys in the
database. Fix that up.
|
|
We would always enrol a single key, deleting any existing keys in the
database. Fix that up.
|
|
If the user is manually installing keys from a filesystem then we don't need
to ask for the key password.
|
|
If the user is manually installing keys from a filesystem then we don't need
to ask for the key password.
|
|
Packing this lets us use MokListNode with the binary MokList representation.
|
|
Packing this lets us use MokListNode with the binary MokList representation.
|
|
This looks like it ought to work, but is currently failing. Leaking here
isn't a big deal, so just disable it until I figure out what's wrong.
|
|
This looks like it ought to work, but is currently failing. Leaking here
isn't a big deal, so just disable it until I figure out what's wrong.
|
|
Menucount wasn't being incremented for the final top level menu, so
the file explorer menu item wasn't appearing.
|
|
Menucount wasn't being incremented for the final top level menu, so
the file explorer menu item wasn't appearing.
|
|
Make sure we free menu items after exiting a menu. Also, add some missing
static annotations.
|
|
Make sure we free menu items after exiting a menu. Also, add some missing
static annotations.
|
|
Only show the MOK manipulation menu item if MokNew existed
|
|
Only show the MOK manipulation menu item if MokNew existed
|
|
If someone explicitly starts MokManager then we want to show the UI
|
|
If someone explicitly starts MokManager then we want to show the UI
|
|
If we can't verify grub, fall back to MokManager. This permits shipping a
copy of shim and MokManager without distributing a key, letting
distributions provide their own for user installation.
|
|
If we can't verify grub, fall back to MokManager. This permits shipping a
copy of shim and MokManager without distributing a key, letting
distributions provide their own for user installation.
|
|
Add a basic menu system and file explorer. This makes it possible for the
user to enrol keys from media from within shim rather than having to boot
an OS first. This would permit vendors to distribute a signed shim without
having to install their own keys first - the keys could be stored on the
install media instead.
|
|
Add a basic menu system and file explorer. This makes it possible for the
user to enrol keys from media from within shim rather than having to boot
an OS first. This would permit vendors to distribute a signed shim without
having to install their own keys first - the keys could be stored on the
install media instead.
|
|
|
|
grub.efi.
|
|
|
|
stage so there's no point in building it.
|
|
use of BIO_new_file.
|
|
|
|
|
|
|
|
|
