| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit 21e40f0174814b3d91836e38c7cf95c8f2f1f3a4.
In principle I like the idea of what's going on here, but
generate_hash() really does need to have the expected result.
|
|
This adds additional bounds-checking on the section sizes. Also adds
-Wsign-compare to the Makefile and replaces some signed variables with
unsigned counteparts for robustness.
Signed-off-by: Kees Cook <kees@ubuntu.com>
|
|
Provide a mechanism for a physically present end user to disable the use
of db when doing signature verification. This is handled by the OS passing
down a variable that contains a UINT32 and a SHA256 hash. If this variable
is present, MokManager prompts the user to choose whether to enable or
disable the use of db for verification purposes (depending on the value of
the UINT32). They are then asked to type the passphrase that matches the
hash. This then saves a boot services variable which is checked by shim,
and if set will cause shim to not use db for verification purposes. If
db is to be ignored, shim will export a runtime variable called
'MokIgnoreDB' for the OS to query at runtime.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
|
|
Since these are topically the same thing, they can live together.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Without this patch, on some machines we never see MokManager's UI. This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.
If you're looking for a reference, look at:
EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c
in the edk2 tree from Tiano.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
|
|
|
Conflicts:
shim.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.
This commit implements the sha256-based crypt() hash function.
Conflicts:
Makefile
MokManager.c
|
|
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
Conflicts:
MokManager.c
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
Conflicts:
MokManager.c
|
|
Without this patch, on some machines we never see MokManager's UI. This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.
If you're looking for a reference, look at:
EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c
in the edk2 tree from Tiano.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Since Pause() doesn't clear the key from the input queue, the next
ReadKeyStroke reads the queued key instead of the new one. If the
user presses "Enter", MokManager exits directly without showing
the menu again.
|
|
|
|
|
|
|
|
|
|
|
|
Type-checking the UEFI calls picked up a couple of problems. Fix them up.
|
|
Permit clearing of the password, and avoid a case where choosing not to set
a password would result in an error message on exit. Fix the same problem
with MokSB.
|
|
The logic used in checking the signature validation password was a bit
ugly. Improve that so it behaves rather more as expected.
|
|
Another case where we were drawing text over existing text.
|
|
This was hardcoded, rather than being based on the actual password length,
resulting in incorrect hashes being generated.
|
|
Update this to match the new mokutil behaviour
|
|
A cut and paste error meant that attempts to delete MokList were instead
appending a zero-length addition.
|
|
The pointer to the certificate needs to be incremented by the size of the
entire certificate, not just the certificate data.
|
|
We were drawing prompts on top of existing text, which was less than
ideal.
|
|
There's no point in printing the SHA1 of a SHA256...
|
|
Reduce menu redrawing by only redrawing the invalidated section of the menu
during the timeout countdown.
|
|
Add support for setting an MOK password. The OS passes down a password hash.
MokManager then presents an option for setting a password. Selecting it
prompts the user for the same password again. If they match, the hash is
enrolled into a boot services variable and MokManager will prompt for the
password whenever it's started.
|
|
If a callback returns any kind of failure, wait for a keypress in order to
give the user an opportunity to read any failure messages.
|
|
Provide a mechanism for a physically present end user to disable signature
verification. This is handled by the OS passing down a variable that
contains a UINT32 and a SHA256 hash. If this variable is present, MokManager
prompts the user to choose whether to enable or disable signature validation
(depending on the value of the UINT32). They are then asked to type the
passphrase that matches the hash. This then saves a boot services variable
which is checked by shim, and if set will skip verification of signatures.
|
|
Provide a little more contextual information when people are in shim
menus.
|
|
The size of the DevPath string array was not sufficient to append
the volume label. This patch extends the size for the label and
re-enables the menu freeing.
|
|
Using the same format as the UEFI key databases makes it easier for the
kernel to parse and extract keys from MOK, and also permits MOK to contain
multiple key or hash types. Additionally, add support for enrolling hashes.
|
|
Add a basic header to the menu to make it clearer what's going on.
Define SHIM_VENDOR in order to override the default.
|
|
|
|
We should time out if there aren't any keypresses at the top level menu
within a reasonable timeframe.
|
|
|
