summaryrefslogtreecommitdiff
path: root/shim.c
AgeCommit message (Expand)Author
2015-04-13Align the sections we're loading, and check for validity /after/ discarding.Peter Jones
2014-10-02Don't verify images with the empty build keyGary Ching-Pang Lin
2014-10-02Don't append an empty cert list to MokListRT if vendor_cert_size is 0.Peter Jones
2014-09-30Actually find the relocations correctly and process them that way.Peter Jones
2014-09-21Fix our "in_protocol" printing.Peter Jones
2014-09-21Don't call AuthenticodeVerify if vendor_cert_size is 0.Peter Jones
2014-09-21Validate computed hash bases/hash sizes more thoroughly.Peter Jones
2014-09-21Make 64-on-32 maybe work on x86_64.Peter Jones
2014-09-19Actually refer to the base relocation table of our loaded image.Peter Jones
2014-08-27Make sure we don't try to load a binary from a different arch.Peter Jones
2014-08-27Handle empty .reloc section in PE/COFF loaderArd Biesheuvel
2014-06-25Simplify the checking of SB and DB statesGary Ching-Pang Lin
2014-06-25Make sure we default to assuming we're locked down.Peter Jones
2014-06-25Check the secure variables with the lib functionsGary Ching-Pang Lin
2014-06-25Explain the logic in secure_mode() better.Peter Jones
2014-06-25Free the string from DevicePathToStrGary Ching-Pang Lin
2014-06-25Silence the functions of shim protocolGary Ching-Pang Lin
2014-06-25No newline for console_notifyGary Ching-Pang Lin
2014-06-25Remove grubpath in generate_path()Gary Ching-Pang Lin
2014-06-25Check the first 4 bytes of the certificateGary Ching-Pang Lin
2014-06-25Fetch the netboot image from the same deviceGary Ching-Pang Lin
2014-04-11Get rid of SectionCache in generate_hash(), it is unused.Peter Jones
2014-04-11Kees' patch missed the offset adjustment to PEHdr.Peter Jones
2014-04-11additional bounds-checking on section sizesKees Cook
2014-02-14Allow fallback to use the system's LoadImage/StartImage .Peter Jones
2013-11-19Don't hook system services if shim has no built-in keysMatthew Garrett
2013-11-19Clarify meaning of insecure_modeMatthew Garrett
2013-11-12shim: improve error messagesAndrew Boie
2013-11-12shim.c: Add support for hashing/relocation of 32-bit binariesMohanraj S
2013-11-12fix verify_mok()Andrew Boie
2013-11-06Fix check logic for SetupMode variable.Peter Jones
2013-10-30Don't free GetVariable() return data without checking the status code.Peter Jones
2013-10-28We should be checking both mok and the system's SB settingsPeter Jones
2013-10-23Revert "additional bounds-checking on section sizes"Peter Jones
2013-10-22Don't reject all binaries without a certificate database.Peter Jones
2013-10-22additional bounds-checking on section sizesKees Cook
2013-10-04Unhook system services as we exit.Peter Jones
2013-10-04Try to actually make debug printing look reasonable.Peter Jones
2013-10-04Do more strict checking on PE Headers.Peter Jones
2013-10-03Improve PE image bounds checking.Peter Jones
2013-10-03Add ident-like blobs to shim.efi for version checking.Peter Jones
2013-10-02Add support for disabling db for verificationJosh Boyer
2013-10-02Fix wrong type on console_error() call.Peter Jones
2013-10-01If we fail to install our protocol, don't continue.Peter Jones
2013-10-01Conditionalize overriding the security policy.Peter Jones
2013-10-01Merge console_control.h and console.hPeter Jones
2013-10-01Make verbose stuff use console_notifyPeter Jones
2013-10-01Include shim's vendor_cert in MokListRTPeter Jones
2013-10-01Harden shim against non-participating bootloaders.Peter Jones
2013-10-01Make vendor_cert/vendor_dbx actually replaceable by an external tool.Peter Jones
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-23 22:19:46 +0000