summaryrefslogtreecommitdiff
path: root/shim.c
AgeCommit message (Collapse)Author
2012-10-23Clean up checks for MokManager entryMatthew Garrett
Add a helper function and tidy up the calls for getting into MokManager
2012-10-23Support a vendor-specific DBX list.Peter Jones
In some rare corner cases, it's useful to add a blacklist of things that were allowed by a copy of shim that was never signed by the UEFI signing service. In these cases it's okay for them to go into a local dbx, rather than taking up precious flash. Signed-off-by: Peter Jones <pjones@redhat.com>
2012-10-18Add MOK password authMatthew Garrett
Add support for setting an MOK password. The OS passes down a password hash. MokManager then presents an option for setting a password. Selecting it prompts the user for the same password again. If they match, the hash is enrolled into a boot services variable and MokManager will prompt for the password whenever it's started.
2012-10-18Skip signature checking if insecureMatthew Garrett
If we're configured to run untrusted code, print a message and skip the validation checks.
2012-10-18Add support for disabling signature verificationMatthew Garrett
Provide a mechanism for a physically present end user to disable signature verification. This is handled by the OS passing down a variable that contains a UINT32 and a SHA256 hash. If this variable is present, MokManager prompts the user to choose whether to enable or disable signature validation (depending on the value of the UINT32). They are then asked to type the passphrase that matches the hash. This then saves a boot services variable which is checked by shim, and if set will skip verification of signatures.
2012-10-12Add draft version of Neil's netboot codeMatthew Garrett
2012-10-12Remove LoadImage/StartImage supportMatthew Garrett
Some systems will show an error dialog if LoadImage() returned EFI_ACCESS_DENIED, which then requires physical user interaction to skip. Let's just remove the LoadImage/StartImage code, since the built-in code is theoretically equivalent.
2012-10-12Switch to using db format for MokList and MokNewMatthew Garrett
Using the same format as the UEFI key databases makes it easier for the kernel to parse and extract keys from MOK, and also permits MOK to contain multiple key or hash types. Additionally, add support for enrolling hashes.
2012-10-11Split out hashingMatthew Garrett
We want to be able to generate hashes, so split out the hash generation function from the verification function
2012-10-11Add SHA1 supportMatthew Garrett
In theory vendors could blacklist binaries with SHA1, so make sure we calculate and check that hash as well.
2012-10-06Fall back to MokManager if grub failed to validateMatthew Garrett
If we can't verify grub, fall back to MokManager. This permits shipping a copy of shim and MokManager without distributing a key, letting distributions provide their own for user installation.
2012-10-02Use LibDeleteVariable in gnu-efiGary Ching-Pang Lin
2012-09-21Make sure the variables are not brokenGary Ching-Pang Lin
2012-09-21Reject the binary when there is no key in MokListGary Ching-Pang Lin
2012-09-20Check the MOK list correctlyGary Ching-Pang Lin
2012-09-19Abandon the variable, MokMgmtGary Ching-Pang Lin
2012-09-11Copy the MOK list to a RT variableGary Ching-Pang Lin
The RT variable, MokListRT, is a copy of MokList so that the runtime applications can synchronize the key list without touching the BS variable.
2012-09-11Use the machine owner keys to verify imagesGary Ching-Pang Lin
2012-09-11Always try StartImage firstGary Ching-Pang Lin
2012-09-11Only launch MokManager when necessaryGary Ching-Pang Lin
2012-09-11Retrieve attributes of variablesGary Ching-Pang Lin
We have to make sure the machine owner key is stored in a BS variable.
2012-09-07Merge branch 'master' into mok-prototype3Gary Ching-Pang Lin
Conflicts: shim.c
2012-09-07Load MokManager for MOK managementGary Ching-Pang Lin
2012-09-07Make the image loading process more genericGary Ching-Pang Lin
2012-09-06Break out of our db checking loop at the appropriate time.Peter Jones
The break in check_db_cert is at the wrong level due to a typo in indentation, and as a result only the last cert in the list can correctly match. Rectify that. Signed-off-by: Peter Jones <pjones@redhat.com>
2012-09-06Use the file size, not the image size field, for verification.Matthew Garrett
2012-09-06Allow specification of vendor_cert through a build command line option.Peter Jones
This allows you to specify the vendor_cert as a file on the command line during build.
2012-07-13Handle slightly stranger device pathsMatthew Garrett
2012-07-11Make path generation more sensibleMatthew Garrett
2012-07-11Make sure ImageBase is set appropriately in the loaded_image protocolMatthew Garrett
2012-07-05Re-add whitelisting - needed for protocol validationMatthew Garrett
2012-07-05Check whether secure boot is enabled before performing verify callMatthew Garrett
2012-07-02Fix up blacklist checkingMatthew Garrett
This was not quite as bugfree as would be hoped for.
2012-07-02Remove whitelisting - the firmware will handle it via LoadImage/StartImageMatthew Garrett
2012-07-02Fix type of buffersizeMatthew Garrett
2012-06-25Fix get_variableMatthew Garrett
2012-06-25Add black/white listingMatthew Garrett
2012-06-19Fix cert sizeMatthew Garrett
2012-06-18Uninstall protocol on exitMatthew Garrett
2012-06-18Check binary against blacklistMatthew Garrett
2012-06-18Attempt to start image using LoadImage/StartImage firstMatthew Garrett
2012-06-18Check that platform is in user mode before doing any validationMatthew Garrett
2012-06-07Minor cleanupsMatthew Garrett
2012-06-05Rename variablesMatthew Garrett
2012-06-05Install a protocol for sharing code with grubMatthew Garrett
2012-05-30Some cleanupsMatthew Garrett
2012-05-30Add image verificationMatthew Garrett
2012-05-08Fix path generationMatthew Garrett
2012-04-11Some additional paranoiaMatthew Garrett
2012-04-11Initial commitMatthew Garrett
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-26 05:32:22 +0000