| Age | Commit message (Collapse) | Author |
|---|
|
This is a backport from devel of:
commit 634fd72ac6a6c6c9010c32506d524586826a8637
Author: Peter Jones <pjones@redhat.com>
Date: Fri Nov 22 15:14:22 2019 -0500
Make httpboot.c always get built.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Some versions of gnu-efi have a typo, in which "EFI_WARN_UNKNOWN_GLYPH"
is accidentally "EFI_WARN_UNKOWN_GLYPH". Work around that, so that we
can use the not-silly one in console.c's list of error and warning
messages.
This is a backport from devel for:
commit 5f62b22ccd636d326b3229a2b196118701c6f3f7
Author: Peter Jones <pjones@redhat.com>
Date: Mon Aug 26 16:12:05 2019 -0400
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Some machines with the faulty firmware may keep booting the default boot
path instead of the boot option we create. To avoid the infinite reset
loop, this commit introduce a countdown screen before fallback resets the
system, so the user can interrupt the system reset and choose to boot
the restored boot option. The "Always continue boot" option creates a
BS+RT+NV variable, FB_NO_REBOOT, to make fallback boot the first boot
option afterward without asking. The user can revert the behavior by
removing the variable.
https://github.com/rhboot/shim/issues/128
Signed-off-by: Gary Lin <glin@suse.com>
This is a backport from devel of:
commit da6284569c4b5d60d14e6187f696f54cccb7b3d2
Author: Gary Lin <glin@suse.com>
Date: Wed May 23 18:13:05 2018 +0800
fallback: show a countdown menu before reset
Some machines with the faulty firmware may keep booting the default boot
path instead of the boot option we create. To avoid the infinite reset
loop, this commit introduce a countdown screen before fallback resets the
system, so the user can interrupt the system reset and choose to boot
the restored boot option. The "Always continue boot" option creates a
BS+RT+NV variable, FB_NO_REBOOT, to make fallback boot the first boot
option afterward without asking. The user can revert the behavior by
removing the variable.
https://github.com/rhboot/shim/issues/128
Signed-off-by: Gary Lin <glin@suse.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Move the countdown function from MokManager to console.c to make the
function public
Also make console_save_and_set_mode() and console_restore_mode() public
Signed-off-by: Gary Lin <glin@suse.com>
|
|
print_crypto_errors() will pull in the whole openssl library which
bloats the size of fallback.efi. Move the function to an independent
file (lib/print_crypto.c) to reduce the file size of fallback.efi from
1.3MB to 93KB.
Signed-off-by: Gary Lin <glin@suse.com>
|
|
The previous make target was passing all of the target's prerequisites
as boot images to sbsign, causing it to fail.
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
user wants the build to be fully reproducible, so use a fixed string.
In case of a cross build, using uname -s -m -p -i o will still report
the host's kernel architecture, which will trip some CIs like
Debian's.
This is a backport from devel of:
commit 11fd3197d21f94b491ccfc1da6d38b14060e62d7
Author: Luca Boccassi <bluca@debian.org>
Date: Fri Feb 15 21:42:10 2019 +0000
Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined
If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
user wants the build to be fully reproducible, so use a fixed string.
In case of a cross build, using uname -s -m -p -i o will still report
the host's kernel architecture, which will trip some CIs like
Debian's.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
At the time, this was explicitly contributed under the Tiano license,
even though the original code[0] is LGPLv2.1.
[0]: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The license statements in our source files were getting to be a giant
mess, and mostly they all just say the same thing. I've switched most
of it to SPDX labels, but left copyright statements in place (where they
were not obviously incorrect copy-paste jobs that I did...).
If there's some change here you don't think is valid, let me know and
we can fix it up together.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
One of the really great things about Github IMO is how
"front and center" the README file in a repository is (just
compare with Sourceforge).
Github renders it more nicely if the file is declared to be Markdown,
so let's do that. Add a bit of formatting: using code fences
for code, hyperlinks for other files etc.
I also added a title block from the Fedora package `Summary`
since while I know in theory shim is independent of bootloaders,
let's say what the 95% case is here.
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This adds stuff that only ever gets made as an artifact of building
(though build*/ generally doesn't, as of this commit.)
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This had gotten weird in a couple of ways. Easy to fix.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This is a backport from devel for:
commit 852091d63f73011742c61c976e40f35edd74d598
Author: Nicholas Bishop <nicholasbishop@gmail.com>
Date: Thu May 17 19:28:53 2018 -0400
Fix typo
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
This was previously on devel as:
commit 2e29c0358888412e9addfb016cc72f6e89ffb536
Author: Peter Jones <pjones@redhat.com>
Date: Mon Jun 29 14:06:34 2020 -0400
Add .cer/.crt/.esl to .gitignore
But .cer and .crt were added independently in another commit since then.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
*.hash should be ignored by git status if ENABLE_SHIM_HASH is
configured.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
|
|
builds'
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Sometimes we're loading structures that are parsed in string-like ways,
but can't necessarily be trusted to be zero-terminated. Solve that by
making sure we always have enough aligned, trailing zero bytes to always
have at least one NUL character, no matter which character type is being
parsed.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This adds basic linked list structures, initializers, and iterators.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Add a file that contains example workflows for SBAT and better illustrate
what type of content is expected to be present in both the .sbat section
and the SBAT authenticated EFI variable.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
SBAT is a new Generation Number Based Revocation meant to replace the DBX
Revocation List Files mechanism. It is more flexible and allow to revoke
sets of binaries, instead of having to list all of them as with the DBX.
Metadata that includes the vendor, product family, product, component,
version and generation are added to artifacts in a .sbat section. This
is protected by the digital signature and so it cannot be tampered.
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Right now we allocate the PE file's contents in RW memory, but hopefully
that won't always be the case. Our SBAT parsing, however, very much
expects to be able to edit it. We also don't actually know that shim's
.sbat section is loaded r/w, so we can't necessarily write there.
This patch copies the SBAT data to its own buffer, plus one NUL byte at
the end, so we can always be sure that will work.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Parse the SBAT [0] Version-Based Revocation Metadata that's contained in a
.sbat data section of the loaded PE binary. This information is used along
with data in a SBAT variable to determine if a EFI binary has been revoked.
[0]: https://github.com/rhboot/shim/blob/sbat/SBAT.md
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Unfortunately GNU-EFI doesn't currently implement ascii versions of
strchr() or strchrnul(), and we kind of need them, so add an
implementation here for now.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
In cases where we accept vendor shim binaries with additional patches,
it may become necessary to identify those builds with additional SBAT
data. When we consider such patches, we should be proactive in asking
vendors to include that data in the .sbat sections of their trusted EFI
binaries.
This patch adds any data in data/sbat.*.csv (after a quick sanitizing
pass) after data/sbat.csv in the .sbat section, so that no changes to
the upstream data/sbat.csv are ever required.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
The Secure Boot Advanced Targeting (SBAT) [0] is a Generation Number Based
Revocation mechanism that is meant to replace the DBX revocation file list.
Binaries must contain a .sbat data section that has a set entries, each of
them consisting of UTF-8 strings as comma separated values. Allow to embed
this information into the fwupd EFI binary at build time.
The SBAT metadata must contain at least two entries. One that defines the
SBAT version used and another one that defines the component generation.
This patch adds a sbat.csv that contains these two entries and downstream
users can override if additional entries are needed due changes that make
them diverge from upstream code and potentially add other vulnerabilities.
The same SBAT metadata is added to the fallback and MOK manager binaries
because these are built from the same shim source. These need to have SBAT
metadata as well to be booted if a .sbat section is mandatory.
[0]: https://github.com/rhboot/shim/blob/sbat/SBAT.md
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
This adds the "sbat" branch to the list of branches where a build is
done if a PR is submitted against that branch.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
