summaryrefslogtreecommitdiff
path: root/shim.c
AgeCommit message (Collapse)Author
2012-10-11Split out hashingMatthew Garrett
We want to be able to generate hashes, so split out the hash generation function from the verification function
2012-10-11Add SHA1 supportMatthew Garrett
In theory vendors could blacklist binaries with SHA1, so make sure we calculate and check that hash as well.
2012-10-06Fall back to MokManager if grub failed to validateMatthew Garrett
If we can't verify grub, fall back to MokManager. This permits shipping a copy of shim and MokManager without distributing a key, letting distributions provide their own for user installation.
2012-10-02Use LibDeleteVariable in gnu-efiGary Ching-Pang Lin
2012-09-21Make sure the variables are not brokenGary Ching-Pang Lin
2012-09-21Reject the binary when there is no key in MokListGary Ching-Pang Lin
2012-09-20Check the MOK list correctlyGary Ching-Pang Lin
2012-09-19Abandon the variable, MokMgmtGary Ching-Pang Lin
2012-09-11Copy the MOK list to a RT variableGary Ching-Pang Lin
The RT variable, MokListRT, is a copy of MokList so that the runtime applications can synchronize the key list without touching the BS variable.
2012-09-11Use the machine owner keys to verify imagesGary Ching-Pang Lin
2012-09-11Always try StartImage firstGary Ching-Pang Lin
2012-09-11Only launch MokManager when necessaryGary Ching-Pang Lin
2012-09-11Retrieve attributes of variablesGary Ching-Pang Lin
We have to make sure the machine owner key is stored in a BS variable.
2012-09-07Merge branch 'master' into mok-prototype3Gary Ching-Pang Lin
Conflicts: shim.c
2012-09-07Load MokManager for MOK managementGary Ching-Pang Lin
2012-09-07Make the image loading process more genericGary Ching-Pang Lin
2012-09-06Break out of our db checking loop at the appropriate time.Peter Jones
The break in check_db_cert is at the wrong level due to a typo in indentation, and as a result only the last cert in the list can correctly match. Rectify that. Signed-off-by: Peter Jones <pjones@redhat.com>
2012-09-06Use the file size, not the image size field, for verification.Matthew Garrett
2012-09-06Allow specification of vendor_cert through a build command line option.Peter Jones
This allows you to specify the vendor_cert as a file on the command line during build.
2012-07-13Handle slightly stranger device pathsMatthew Garrett
2012-07-11Make path generation more sensibleMatthew Garrett
2012-07-11Make sure ImageBase is set appropriately in the loaded_image protocolMatthew Garrett
2012-07-05Re-add whitelisting - needed for protocol validationMatthew Garrett
2012-07-05Check whether secure boot is enabled before performing verify callMatthew Garrett
2012-07-02Fix up blacklist checkingMatthew Garrett
This was not quite as bugfree as would be hoped for.
2012-07-02Remove whitelisting - the firmware will handle it via LoadImage/StartImageMatthew Garrett
2012-07-02Fix type of buffersizeMatthew Garrett
2012-06-25Fix get_variableMatthew Garrett
2012-06-25Add black/white listingMatthew Garrett
2012-06-19Fix cert sizeMatthew Garrett
2012-06-18Uninstall protocol on exitMatthew Garrett
2012-06-18Check binary against blacklistMatthew Garrett
2012-06-18Attempt to start image using LoadImage/StartImage firstMatthew Garrett
2012-06-18Check that platform is in user mode before doing any validationMatthew Garrett
2012-06-07Minor cleanupsMatthew Garrett
2012-06-05Rename variablesMatthew Garrett
2012-06-05Install a protocol for sharing code with grubMatthew Garrett
2012-05-30Some cleanupsMatthew Garrett
2012-05-30Add image verificationMatthew Garrett
2012-05-08Fix path generationMatthew Garrett
2012-04-11Some additional paranoiaMatthew Garrett
2012-04-11Initial commitMatthew Garrett
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-23 11:44:02 +0000