| Age | Commit message (Collapse) | Author |
|---|
|
If we don't do this, an old key winds up being reused and
MokManager.efi.signed is signed with a different key than shim_cert
reflects.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This gets rid of a lot of type casting that we don't need, and helps
reduce warnings when I switch a bunch of gnu-efi stuff to taking const
arguments.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Sorry about that.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Stupid L"".
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This shouldn't be exploitable unless you've got a way to make
InstallProtocol fail and still, for example, have memory free to
actually load and run something.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Make OVERRIDE_SECURITY_POLICY a build option.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Since these are topically the same thing, they can live together.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Without this patch, on some machines we never see MokManager's UI. This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.
If you're looking for a reference, look at:
EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c
in the edk2 tree from Tiano.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
There needs to be some way to communicate to the kernel that it's a
trusted key, and since this mechanism already exists, it's by far the
easiest.
|
|
It works like this: during startup of shim, we hook into the system's
ExitBootServices() and StartImage(). If the system's StartImage() is
called, we automatically unhook, because we're chainloading to something
the system can verify.
When shim's verify is called, we record what kind of certificate the
image was verified against. If the call /succeeds/, we remove our
hooks.
If ExitBootServices() is called, we check how the bootloader verified
whatever it is loading. If it was verified by its hash, we unhook
everything and call the system's EBS(). If it was verified by
certificate, we check if it has called shim_verify(). If it has, we
unhook everything and call the system's EBS()
If the bootloader has not verified anything, and is itself verified by
a certificate, we display a security violation warning and halt the
machine.
|
|
This moves them both to be computed at runtime from a pointer+offset
rather than just a pointer, so that their real address can be entirely
derived from the section they're in.
This means you can replace the whole .vendor_cert section with a new one
with certs that don't have the same size.
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
Conflicts:
shim.c
|
|
Conflicts:
Makefile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The long double declaration will enable SSE and cause a compilation
error. Disabling everything related to floating points avoids the
error.
|
|
bio_printf() was replaced with a dummy function and this made
several openssl functions useless. This commit adds the print
functions back, so that we don't have to implement our own
ASN1 time print function.
|
|
|
|
|
|
|
|
|
|
|
|
Basically, if you don't want grub.efi, you do:
make 'DEFAULT_LOADER=\\\\grubx64.efi'
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Make it easier to change the PXE 2nd stage loader.
Conflicts:
netboot.c
|
|
|
|
- The file path from DevicePathToStr may use slash as the file
seperator. Change all slashes to backslashes to avoid the strange
bootpath.
- Remove the redundant backslashes.
- ImagePath no longer requires the leading backslash.
- Fix a memory leak
Based on the patch from Michal Marek <mmarek@suse.com>
|
|
|
|
|
|
Conflicts:
Makefile
|
|
|
|
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.
This commit implements the sha256-based crypt() hash function.
Conflicts:
Makefile
MokManager.c
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
|
|
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
|
|
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
Conflicts:
MokManager.c
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
Conflicts:
MokManager.c
|
