proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-09 01:30:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

MokManager: Lindent (and other reformats) the whole file.

Browse Source 
I'm just tired of all the little quirks.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2017-09-26 17:50:11 -04:00 committed by Peter Jones
parent c8811bfed2
commit 01b5d9c6b2
1 changed files with 248 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
MokManager.c
View File

@ -141,12 +141,12 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
void *end = Data + DataSize; void *end = Data + DataSize;
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
/* Use ptr arithmetics to ensure bounded access. Do not allow 0 /* Use ptr arithmetics to ensure bounded access. Do not allow 0
* SignatureListSize that will cause endless loop. * SignatureListSize that will cause endless loop. */
*/ if ((void *)(CertList + 1) > end
if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { || CertList->SignatureListSize == 0) {
console_notify(L"Invalid MOK detected! Ignoring MOK List."); console_notify
(L"Invalid MOK detected! Ignoring MOK List.");
return 0; return 0;
} }
@ -156,7 +156,8 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
return 0; return 0;
} }
if (!is_valid_siglist(CertList->SignatureType, CertList->SignatureSize)) { if (!is_valid_siglist
(CertList->SignatureType, CertList->SignatureSize)) {
console_errorbox(L"Invalid signature list found"); console_errorbox(L"Invalid signature list found");
return 0; return 0;
} }
@ -170,7 +171,8 @@ static UINT32 count_keys(void *Data, UINTN DataSize)
return MokNum; return MokNum;
} }
static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) { static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize)
{
MokListNode *list; MokListNode *list;
EFI_SIGNATURE_LIST *CertList = Data; EFI_SIGNATURE_LIST *CertList = Data;
EFI_SIGNATURE_DATA *Cert; EFI_SIGNATURE_DATA *Cert;
@ -179,7 +181,6 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
void *end = Data + DataSize; void *end = Data + DataSize;
list = AllocatePool(sizeof(MokListNode) * num); list = AllocatePool(sizeof(MokListNode) * num);
if (!list) { if (!list) {
console_notify(L"Unable to allocate MOK list"); console_notify(L"Unable to allocate MOK list");
return NULL; return NULL;
@ -187,7 +188,8 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) { while ((dbsize > 0) && (dbsize >= CertList->SignatureListSize)) {
/* CertList out of bounds? */ /* CertList out of bounds? */
if ((void *)(CertList + 1) > end || CertList->SignatureListSize == 0) { if ((void *)(CertList + 1) > end
|| CertList->SignatureListSize == 0) {
FreePool(list); FreePool(list);
return NULL; return NULL;
} }
@ -196,10 +198,11 @@ static MokListNode *build_mok_list(UINT32 num, void *Data, UINTN DataSize) {
in count_keys() */ in count_keys() */
Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) + Cert = (EFI_SIGNATURE_DATA *) (((UINT8 *) CertList) +
sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); sizeof(EFI_SIGNATURE_LIST) +
CertList->SignatureHeaderSize);
/* Cert out of bounds? */ /* Cert out of bounds? */
if ((void *)(Cert + 1) > end || CertList->SignatureSize <= sizeof(EFI_GUID)) { if ((void *)(Cert + 1) > end
|| CertList->SignatureSize <= sizeof(EFI_GUID)) {
FreePool(list); FreePool(list);
return NULL; return NULL;
} }
@ -385,8 +388,9 @@ static void show_x509_info (X509 *X509Cert, UINT8 *hash)
i = 0; i = 0;
extusage = X509_get_ext_d2i(X509Cert, NID_ext_key_usage, NULL, NULL); extusage = X509_get_ext_d2i(X509Cert, NID_ext_key_usage, NULL, NULL);
text = AllocateZeroPool(sizeof(CHAR16 *) * (fields*3 + sk_ASN1_OBJECT_num(extusage) + 3)); text = AllocateZeroPool(sizeof(CHAR16 *) *
(fields * 3 +
sk_ASN1_OBJECT_num(extusage) + 3));
if (extusage) { if (extusage) {
int j = 0; int j = 0;
@ -530,6 +534,7 @@ static void show_efi_hash (EFI_GUID Type, void *Mok, UINTN MokSize)
console_errorbox(L"Out of Resources"); console_errorbox(L"Out of Resources");
return; return;
} }
for (i = 0; i < hash_num; i++) { for (i = 0; i < hash_num; i++) {
menu_strings[i] = PoolPrint(L"View hash %d", i); menu_strings[i] = PoolPrint(L"View hash %d", i);
} }
@ -563,15 +568,16 @@ static void show_mok_info (EFI_GUID Type, void *Mok, UINTN MokSize)
if (CompareGuid (&Type, &X509_GUID) == 0) { if (CompareGuid (&Type, &X509_GUID) == 0) {
UINT8 hash[SHA1_DIGEST_SIZE]; UINT8 hash[SHA1_DIGEST_SIZE];
X509 *X509Cert; X509 *X509Cert;
efi_status = get_sha1sum(Mok, MokSize, hash);
efi_status = get_sha1sum(Mok, MokSize, hash);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to compute MOK fingerprint"); console_notify(L"Failed to compute MOK fingerprint");
return; return;
} }
if (X509ConstructCertificate(Mok, MokSize, if (X509ConstructCertificate(Mok, MokSize,
(UINT8 **) &X509Cert) && X509Cert != NULL) { (UINT8 **) & X509Cert)
&& X509Cert != NULL) {
show_x509_info(X509Cert, hash); show_x509_info(X509Cert, hash);
X509_free(X509Cert); X509_free(X509Cert);
} else { } else {
@ -610,7 +616,6 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
} }
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (MokNum + 2)); menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (MokNum + 2));
if (!menu_strings) if (!menu_strings)
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -634,15 +639,14 @@ static EFI_STATUS list_keys (void *KeyList, UINTN KeyListSize, CHAR16 *title)
for (i = 0; menu_strings[i] != NULL; i++) for (i = 0; menu_strings[i] != NULL; i++)
FreePool(menu_strings[i]); FreePool(menu_strings[i]);
FreePool(menu_strings); FreePool(menu_strings);
FreePool(keys); FreePool(keys);
return EFI_SUCCESS; return EFI_SUCCESS;
} }
static EFI_STATUS get_line (UINT32 *length, CHAR16 *line, UINT32 line_max, UINT8 show) static EFI_STATUS get_line(UINT32 * length, CHAR16 * line, UINT32 line_max,
UINT8 show)
{ {
EFI_INPUT_KEY key; EFI_INPUT_KEY key;
EFI_STATUS status; EFI_STATUS status;
@ -697,7 +701,6 @@ static EFI_STATUS compute_pw_hash (void *Data, UINTN DataSize, UINT8 *password,
ctxsize = Sha256GetContextSize(); ctxsize = Sha256GetContextSize();
ctx = AllocatePool(ctxsize); ctx = AllocatePool(ctxsize);
if (!ctx) { if (!ctx) {
console_notify(L"Unable to allocate memory for hash context"); console_notify(L"Unable to allocate memory for hash context");
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -840,13 +843,16 @@ static EFI_STATUS match_password (PASSWORD_CRYPT *pw_crypt,
pw_ascii[i] = (char)password[i]; pw_ascii[i] = (char)password[i];
pw_ascii[pw_length] = '\0'; pw_ascii[pw_length] = '\0';
status = password_crypt(pw_ascii, pw_length, pw_crypt, hash); status = password_crypt(pw_ascii, pw_length, pw_crypt,
hash);
} else { } else {
/* /*
* For backward compatibility * For backward compatibility
*/ */
status = compute_pw_hash(Data, DataSize, (UINT8 *)password, status = compute_pw_hash(Data, DataSize,
pw_length * sizeof(CHAR16), hash); (UINT8 *) password,
pw_length * sizeof(CHAR16),
hash);
} }
if (status != EFI_SUCCESS) { if (status != EFI_SUCCESS) {
console_errorbox(L"Unable to generate password hash"); console_errorbox(L"Unable to generate password hash");
@ -956,9 +962,11 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate,
(auth_size != SHA256_DIGEST_SIZE && (auth_size != SHA256_DIGEST_SIZE &&
auth_size != PASSWORD_CRYPT_SIZE)) { auth_size != PASSWORD_CRYPT_SIZE)) {
if (MokX) if (MokX)
console_error(L"Failed to get MokXAuth", efi_status); console_error(L"Failed to get MokXAuth",
efi_status);
else else
console_error(L"Failed to get MokAuth", efi_status); console_error(L"Failed to get MokAuth",
efi_status);
return efi_status; return efi_status;
} }
@ -978,7 +986,8 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate,
efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name, efi_status = uefi_call_wrapper(RT->SetVariable, 5, db_name,
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS, |
EFI_VARIABLE_BOOTSERVICE_ACCESS,
0, NULL); 0, NULL);
} else { } else {
/* Write new MOK */ /* Write new MOK */
@ -993,8 +1002,8 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate,
return EFI_SUCCESS; return EFI_SUCCESS;
} }
static EFI_STATUS mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth, static EFI_STATUS mok_enrollment_prompt(void *MokNew, UINTN MokNewSize,
BOOLEAN MokX) int auth, BOOLEAN MokX)
{ {
EFI_STATUS efi_status; EFI_STATUS efi_status;
CHAR16 *enroll_p[] = { L"Enroll the key(s)?", NULL }; CHAR16 *enroll_p[] = { L"Enroll the key(s)?", NULL };
@ -1051,7 +1060,6 @@ static EFI_STATUS mok_reset_prompt (BOOLEAN MokX)
return EFI_ABORTED; return EFI_ABORTED;
efi_status = store_keys(NULL, 0, TRUE, MokX); efi_status = store_keys(NULL, 0, TRUE, MokX);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
console_notify(L"Failed to erase keys\n"); console_notify(L"Failed to erase keys\n");
return efi_status; return efi_status;
@ -1113,16 +1121,18 @@ static EFI_STATUS write_back_mok_list (MokListNode *list, INTN key_num,
if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) { if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) {
CertList->SignatureListSize = list[i].MokSize + CertList->SignatureListSize = list[i].MokSize +
sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID);
sizeof(EFI_GUID); CertList->SignatureSize =
CertList->SignatureSize = list[i].MokSize + sizeof(EFI_GUID); list[i].MokSize + sizeof(EFI_GUID);
CertData->SignatureOwner = SHIM_LOCK_GUID; CertData->SignatureOwner = SHIM_LOCK_GUID;
CopyMem(CertData->SignatureData, list[i].Mok, list[i].MokSize); CopyMem(CertData->SignatureData, list[i].Mok,
list[i].MokSize);
} else { } else {
CertList->SignatureListSize = list[i].MokSize + CertList->SignatureListSize = list[i].MokSize +
sizeof(EFI_SIGNATURE_LIST); sizeof(EFI_SIGNATURE_LIST);
CertList->SignatureSize = sha_size(list[i].Type) + sizeof(EFI_GUID); CertList->SignatureSize =
sha_size(list[i].Type) + sizeof(EFI_GUID);
CopyMem(CertData, list[i].Mok, list[i].MokSize); CopyMem(CertData, list[i].Mok, list[i].MokSize);
} }
@ -1208,8 +1218,7 @@ static void delete_hash_in_list (EFI_GUID Type, UINT8 *hash, UINT32 hash_size,
list_num = mok[i].MokSize / sig_size; list_num = mok[i].MokSize / sig_size;
del_ind = match_hash(hash, hash_size, 0, mok[i].Mok, del_ind = match_hash(hash, hash_size, 0, mok[i].Mok, list_num);
list_num);
while (del_ind >= 0) { while (del_ind >= 0) {
/* Remove the hash */ /* Remove the hash */
if (sig_size == mok[i].MokSize) { if (sig_size == mok[i].MokSize) {
@ -1282,9 +1291,9 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
efi_status = uefi_call_wrapper(RT->GetVariable, 5, auth_name, efi_status = uefi_call_wrapper(RT->GetVariable, 5, auth_name,
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
&attributes, &auth_size, auth); &attributes, &auth_size, auth);
if (efi_status != EFI_SUCCESS || if (efi_status != EFI_SUCCESS ||
(auth_size != SHA256_DIGEST_SIZE && auth_size != PASSWORD_CRYPT_SIZE)) { (auth_size != SHA256_DIGEST_SIZE
&& auth_size != PASSWORD_CRYPT_SIZE)) {
if (MokX) if (MokX)
console_error(L"Failed to get MokXDelAuth", efi_status); console_error(L"Failed to get MokXDelAuth", efi_status);
else else
@ -1296,7 +1305,8 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
efi_status = match_password((PASSWORD_CRYPT *) auth, NULL, 0, efi_status = match_password((PASSWORD_CRYPT *) auth, NULL, 0,
NULL, NULL); NULL, NULL);
} else { } else {
efi_status = match_password(NULL, MokDel, MokDelSize, auth, NULL); efi_status =
match_password(NULL, MokDel, MokDelSize, auth, NULL);
} }
if (efi_status != EFI_SUCCESS) if (efi_status != EFI_SUCCESS)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
@ -1321,8 +1331,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
uefi_call_wrapper(RT->SetVariable, 5, db_name, uefi_call_wrapper(RT->SetVariable, 5, db_name,
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS, EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
0, NULL);
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
} }
@ -1344,8 +1353,7 @@ static EFI_STATUS delete_keys (void *MokDel, UINTN MokDelSize, BOOLEAN MokX)
uefi_call_wrapper(RT->SetVariable, 5, db_name, uefi_call_wrapper(RT->SetVariable, 5, db_name,
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_NON_VOLATILE |
EFI_VARIABLE_BOOTSERVICE_ACCESS, EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
0, NULL);
efi_status = EFI_ABORTED; efi_status = EFI_ABORTED;
goto error; goto error;
} }
@ -1392,7 +1400,8 @@ error:
return efi_status; return efi_status;
} }
static EFI_STATUS mok_deletion_prompt (void *MokDel, UINTN MokDelSize, BOOLEAN MokX) static EFI_STATUS mok_deletion_prompt(void *MokDel, UINTN MokDelSize,
BOOLEAN MokX)
{ {
EFI_STATUS efi_status; EFI_STATUS efi_status;
CHAR16 *delete_p[] = { L"Delete the key(s)?", NULL }; CHAR16 *delete_p[] = { L"Delete the key(s)?", NULL };
@ -1458,7 +1467,8 @@ static CHAR16 get_password_charater (CHAR16 *prompt)
return character; return character;
} }
static EFI_STATUS mok_sb_prompt (void *MokSB, UINTN MokSBSize) { static EFI_STATUS mok_sb_prompt(void *MokSB, UINTN MokSBSize)
{
EFI_STATUS efi_status; EFI_STATUS efi_status;
SIMPLE_TEXT_OUTPUT_MODE SavedMode; SIMPLE_TEXT_OUTPUT_MODE SavedMode;
MokSBvar *var = MokSB; MokSBvar *var = MokSB;
@ -1579,7 +1589,8 @@ static EFI_STATUS mok_sb_prompt (void *MokSB, UINTN MokSBSize) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
static EFI_STATUS mok_db_prompt (void *MokDB, UINTN MokDBSize) { static EFI_STATUS mok_db_prompt(void *MokDB, UINTN MokDBSize)
{
EFI_STATUS efi_status; EFI_STATUS efi_status;
SIMPLE_TEXT_OUTPUT_MODE SavedMode; SIMPLE_TEXT_OUTPUT_MODE SavedMode;
MokDBvar *var = MokDB; MokDBvar *var = MokDB;
@ -1700,7 +1711,8 @@ static EFI_STATUS mok_db_prompt (void *MokDB, UINTN MokDBSize) {
return EFI_SUCCESS; return EFI_SUCCESS;
} }
static EFI_STATUS mok_pw_prompt (void *MokPW, UINTN MokPWSize) { static EFI_STATUS mok_pw_prompt(void *MokPW, UINTN MokPWSize)
{
EFI_STATUS efi_status; EFI_STATUS efi_status;
UINT8 hash[PASSWORD_CRYPT_SIZE]; UINT8 hash[PASSWORD_CRYPT_SIZE];
UINT8 clear = 0; UINT8 clear = 0;
@ -1731,8 +1743,7 @@ static EFI_STATUS mok_pw_prompt (void *MokPW, UINTN MokPWSize) {
uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore", uefi_call_wrapper(RT->SetVariable, 5, L"MokPWStore",
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
EFI_VARIABLE_NON_VOLATILE EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS, | EFI_VARIABLE_BOOTSERVICE_ACCESS, 0, NULL);
0, NULL);
goto mokpw_done; goto mokpw_done;
} }
@ -1910,7 +1921,6 @@ static EFI_STATUS mok_hash_enroll(void)
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ); efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
console_error(L"Unable to open file", efi_status); console_error(L"Unable to open file", efi_status);
return efi_status; return efi_status;
@ -1918,16 +1928,16 @@ static EFI_STATUS mok_hash_enroll(void)
simple_file_read_all(file, &filesize, &data); simple_file_read_all(file, &filesize, &data);
simple_file_close(file); simple_file_close(file);
if (!filesize) { if (!filesize) {
console_error(L"Unable to read file", efi_status); console_error(L"Unable to read file", efi_status);
return EFI_BAD_BUFFER_SIZE; return EFI_BAD_BUFFER_SIZE;
} }
efi_status = enroll_file(data, filesize, TRUE); efi_status = enroll_file(data, filesize, TRUE);
if (efi_status != EFI_SUCCESS) if (efi_status != EFI_SUCCESS)
console_error(L"Hash failed (did you select a valid EFI binary?)", efi_status); console_error(
L"Hash failed (did you select a valid EFI binary?)",
efi_status);
FreePool(data); FreePool(data);
@ -1996,7 +2006,6 @@ static EFI_STATUS mok_key_enroll(void)
} }
efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ); efi_status = simple_file_open(im, file_name, &file, EFI_FILE_MODE_READ);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
console_error(L"Unable to open file", efi_status); console_error(L"Unable to open file", efi_status);
return efi_status; return efi_status;
@ -2004,7 +2013,6 @@ static EFI_STATUS mok_key_enroll(void)
simple_file_read_all(file, &filesize, &data); simple_file_read_all(file, &filesize, &data);
simple_file_close(file); simple_file_close(file);
if (!filesize) { if (!filesize) {
console_error(L"Unable to read file", efi_status); console_error(L"Unable to read file", efi_status);
return EFI_BAD_BUFFER_SIZE; return EFI_BAD_BUFFER_SIZE;
@ -2030,7 +2038,6 @@ static BOOLEAN verify_pw(BOOLEAN *protected)
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokPWStore", efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokPWStore",
&SHIM_LOCK_GUID, &attributes, &size, &SHIM_LOCK_GUID, &attributes, &size,
pwhash); pwhash);
/* /*
* If anything can attack the password it could just set it to a * If anything can attack the password it could just set it to a
* known value, so there's no safety advantage in failing to validate * known value, so there's no safety advantage in failing to validate
@ -2093,9 +2100,11 @@ static int draw_countdown()
PrintAt((cols - StrLen(message)) / 2, rows / 2, message); PrintAt((cols - StrLen(message)) / 2, rows / 2, message);
while (1) { while (1) {
if (timeout > 1) if (timeout > 1)
PrintAt(2, rows - 3, L"Booting in %d seconds ", timeout); PrintAt(2, rows - 3, L"Booting in %d seconds ",
timeout);
else if (timeout) else if (timeout)
PrintAt(2, rows - 3, L"Booting in %d second ", timeout); PrintAt(2, rows - 3, L"Booting in %d second ",
timeout);
status = WaitForSingleEvent(ST->ConIn->WaitForKey, wait); status = WaitForSingleEvent(ST->ConIn->WaitForKey, wait);
@ -2179,17 +2188,19 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth", efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
&attributes, &auth_size, auth); &attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) && if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) (auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1; MokAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth", efi_status = uefi_call_wrapper(RT->GetVariable, 5,
L"MokDelAuth",
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
&attributes, &auth_size, auth); &attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) && if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) (auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1; MokDelAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth", efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth",
@ -2197,15 +2208,18 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
&attributes, &auth_size, auth); &attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) && if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) (auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1; MokXAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth", efi_status = uefi_call_wrapper(RT->GetVariable, 5,
L"MokXDelAuth",
&SHIM_LOCK_GUID, &SHIM_LOCK_GUID,
&attributes, &auth_size, auth); &attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) && if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE)) (auth_size == SHA256_DIGEST_SIZE ||
auth_size == PASSWORD_CRYPT_SIZE))
MokXDelAuth = 1; MokXDelAuth = 1;
if (MokNew || MokAuth) if (MokNew || MokAuth)
@ -2229,13 +2243,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
if (MokDB) if (MokDB)
menucount++; menucount++;
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1)); menu_strings = AllocateZeroPool(sizeof(CHAR16 *) *
(menucount + 1));
if (!menu_strings) if (!menu_strings)
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount); menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount);
if (!menu_item) { if (!menu_item) {
FreePool(menu_strings); FreePool(menu_strings);
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
@ -2322,12 +2335,14 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
efi_status = mok_reset_prompt(FALSE); efi_status = mok_reset_prompt(FALSE);
break; break;
case MOK_ENROLL_MOK: case MOK_ENROLL_MOK:
efi_status = mok_enrollment_prompt(MokNew, MokNewSize, TRUE, FALSE); efi_status = mok_enrollment_prompt(MokNew, MokNewSize,
TRUE, FALSE);
if (efi_status == EFI_SUCCESS) if (efi_status == EFI_SUCCESS)
MokNew = NULL; MokNew = NULL;
break; break;
case MOK_DELETE_MOK: case MOK_DELETE_MOK:
efi_status = mok_deletion_prompt(MokDel, MokDelSize, FALSE); efi_status = mok_deletion_prompt(MokDel, MokDelSize,
FALSE);
if (efi_status == EFI_SUCCESS) if (efi_status == EFI_SUCCESS)
MokDel = NULL; MokDel = NULL;
break; break;
@ -2335,12 +2350,14 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
efi_status = mok_reset_prompt(TRUE); efi_status = mok_reset_prompt(TRUE);
break; break;
case MOK_ENROLL_MOKX: case MOK_ENROLL_MOKX:
efi_status = mok_enrollment_prompt(MokXNew, MokXNewSize, TRUE, TRUE); efi_status = mok_enrollment_prompt(MokXNew, MokXNewSize,
TRUE, TRUE);
if (efi_status == EFI_SUCCESS) if (efi_status == EFI_SUCCESS)
MokXNew = NULL; MokXNew = NULL;
break; break;
case MOK_DELETE_MOKX: case MOK_DELETE_MOKX:
efi_status = mok_deletion_prompt(MokXDel, MokXDelSize, TRUE); efi_status = mok_deletion_prompt(MokXDel, MokXDelSize,
TRUE);
if (efi_status == EFI_SUCCESS) if (efi_status == EFI_SUCCESS)
MokXDel = NULL; MokXDel = NULL;
break; break;
@ -2400,7 +2417,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokNew", (UINT8 **)&MokNew, &MokNewSize, status = get_variable(L"MokNew", (UINT8 **)&MokNew, &MokNewSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokNew", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokNew", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokNew"); console_notify(L"Failed to delete MokNew");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {
@ -2410,7 +2428,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokDel", (UINT8 **)&MokDel, &MokDelSize, status = get_variable(L"MokDel", (UINT8 **)&MokDel, &MokDelSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokDel", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokDel", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokDel"); console_notify(L"Failed to delete MokDel");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {
@ -2420,7 +2439,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokSB", (UINT8 **)&MokSB, &MokSBSize, status = get_variable(L"MokSB", (UINT8 **)&MokSB, &MokSBSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokSB", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokSB", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokSB"); console_notify(L"Failed to delete MokSB");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {
@ -2430,7 +2450,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokPW", (UINT8 **)&MokPW, &MokPWSize, status = get_variable(L"MokPW", (UINT8 **)&MokPW, &MokPWSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokPW", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokPW", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokPW"); console_notify(L"Failed to delete MokPW");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {
@ -2450,7 +2471,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokXNew", (UINT8 **)&MokXNew, &MokXNewSize, status = get_variable(L"MokXNew", (UINT8 **)&MokXNew, &MokXNewSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokXNew", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokXNew", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokXNew"); console_notify(L"Failed to delete MokXNew");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {
@ -2460,7 +2482,8 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
status = get_variable(L"MokXDel", (UINT8 **)&MokXDel, &MokXDelSize, status = get_variable(L"MokXDel", (UINT8 **)&MokXDel, &MokXDelSize,
SHIM_LOCK_GUID); SHIM_LOCK_GUID);
if (status == EFI_SUCCESS) { if (status == EFI_SUCCESS) {
if (LibDeleteVariable(L"MokXDel", &SHIM_LOCK_GUID) != EFI_SUCCESS) { if (LibDeleteVariable(L"MokXDel", &SHIM_LOCK_GUID) !=
EFI_SUCCESS) {
console_notify(L"Failed to delete MokXDel"); console_notify(L"Failed to delete MokXDel");
} }
} else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) { } else if (EFI_ERROR(status) && status != EFI_NOT_FOUND) {