proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-07 08:25:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add an auth argument to store_keys()

Browse Source 
If the user is manually installing keys from a filesystem then we don't need
to ask for the key password.
This commit is contained in:
Matthew Garrett 2012-10-08 21:45:38 -04:00
parent ae46cf9d05
commit 27db5b66aa
1 changed files with 43 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
MokManager.c
View File

@ -485,7 +485,7 @@ done:
return status; return status;
} }
static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize) static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize, int authenticate)
{ {
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
EFI_STATUS efi_status; EFI_STATUS efi_status;
@ -497,6 +497,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
UINT32 pw_length; UINT32 pw_length;
UINT8 fail_count = 0; UINT8 fail_count = 0;
if (authenticate) {
auth_size = SHA256_DIGEST_SIZE; auth_size = SHA256_DIGEST_SIZE;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth", efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&shim_lock_guid, &shim_lock_guid,
@ -535,6 +536,7 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
if (fail_count >= 3) if (fail_count >= 3)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
}
/* Write new MOK */ /* Write new MOK */
efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList", efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokList",
@ -550,10 +552,9 @@ static EFI_STATUS store_keys (void *MokNew, UINTN MokNewSize)
return EFI_SUCCESS; return EFI_SUCCESS;
} }
static UINTN mok_enrollment_prompt (void *MokNew, void *data2) { static UINTN mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int auth) {
CHAR16 line[1]; CHAR16 line[1];
UINT32 length; UINT32 length;
UINTN MokNewSize = (UINTN)data2;
EFI_STATUS efi_status; EFI_STATUS efi_status;
do { do {
@ -566,7 +567,7 @@ static UINTN mok_enrollment_prompt (void *MokNew, void *data2) {
get_line (&length, line, 1, 1); get_line (&length, line, 1, 1);
if (line[0] == 'Y' || line[0] == 'y') { if (line[0] == 'Y' || line[0] == 'y') {
efi_status = store_keys(MokNew, MokNewSize); efi_status = store_keys(MokNew, MokNewSize, auth);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
Print(L"Failed to enroll keys\n"); Print(L"Failed to enroll keys\n");
@ -578,6 +579,10 @@ static UINTN mok_enrollment_prompt (void *MokNew, void *data2) {
return -1; return -1;
} }
static UINTN mok_enrollment_prompt_callback (void *MokNew, void *data2) {
return mok_enrollment_prompt(MokNew, (UINTN)data2, TRUE);
}
static UINTN mok_deletion_prompt (void *MokNew, void *data2) { static UINTN mok_deletion_prompt (void *MokNew, void *data2) {
CHAR16 line[1]; CHAR16 line[1];
UINT32 length; UINT32 length;
@ -588,7 +593,7 @@ static UINTN mok_deletion_prompt (void *MokNew, void *data2) {
get_line (&length, line, 1, 1); get_line (&length, line, 1, 1);
if (line[0] == 'Y' || line[0] == 'y') { if (line[0] == 'Y' || line[0] == 'y') {
efi_status = store_keys(MokNew, sizeof(UINT32)); efi_status = store_keys(MokNew, sizeof(UINT32), TRUE);
if (efi_status != EFI_SUCCESS) { if (efi_status != EFI_SUCCESS) {
Print(L"Failed to erase keys\n"); Print(L"Failed to erase keys\n");
@ -1036,7 +1041,7 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, void *MokNew)
menu_item[1].text = StrDuplicate(L"Enroll MOK\n"); menu_item[1].text = StrDuplicate(L"Enroll MOK\n");
menu_item[1].colour = EFI_WHITE; menu_item[1].colour = EFI_WHITE;
menu_item[1].data = MokNew; menu_item[1].data = MokNew;
menu_item[1].callback = mok_enrollment_prompt; menu_item[1].callback = mok_enrollment_prompt_callback;
} }
menucount++; menucount++;
} }