proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-27 11:03:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New upstream version 12+1502324945.478f9bb

Browse Source
This commit is contained in:
Mathieu Trudel-Lapierre 2017-08-09 20:39:01 -04:00
parent 25f7fd1fb3
commit ac05ece820
2 changed files with 169 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

333
MokManager.c
View File

@ -1058,14 +1058,12 @@ static EFI_STATUS mok_enrollment_prompt (void *MokNew, UINTN MokNewSize, int aut
LibDeleteVariable(L"MokNew", &shim_lock_guid); LibDeleteVariable(L"MokNew", &shim_lock_guid);
LibDeleteVariable(L"MokAuth", &shim_lock_guid); LibDeleteVariable(L"MokAuth", &shim_lock_guid);
} }
if (MokNew)
FreePool (MokNew);
return EFI_SUCCESS;
} }
return EFI_UNSUPPORTED; if (MokNew)
FreePool (MokNew);
return EFI_SUCCESS;
} }
static EFI_STATUS mok_reset_prompt (BOOLEAN MokX) static EFI_STATUS mok_reset_prompt (BOOLEAN MokX)
@ -2184,17 +2182,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
void *MokPW, UINTN MokPWSize, void *MokPW, UINTN MokPWSize,
void *MokDB, UINTN MokDBSize, void *MokDB, UINTN MokDBSize,
void *MokXNew, UINTN MokXNewSize, void *MokXNew, UINTN MokXNewSize,
void *MokXDel, UINTN MokXDelSize, void *MokXDel, UINTN MokXDelSize)
int mok_changed)
{ {
CHAR16 **menu_strings; CHAR16 **menu_strings;
mok_menu_item *menu_item; mok_menu_item *menu_item;
int choice = 0; int choice = 0;
UINT32 MokAuth = 0; int mok_changed = 0;
UINT32 MokDelAuth = 0;
UINT32 MokXAuth = 0;
UINT32 MokXDelAuth = 0;
UINTN menucount = 3, i = 0;
EFI_STATUS efi_status; EFI_STATUS efi_status;
EFI_GUID shim_lock_guid = SHIM_LOCK_GUID; EFI_GUID shim_lock_guid = SHIM_LOCK_GUID;
UINT8 auth[PASSWORD_CRYPT_SIZE]; UINT8 auth[PASSWORD_CRYPT_SIZE];
@ -2206,147 +2199,151 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
if (verify_pw(&protected) == FALSE) if (verify_pw(&protected) == FALSE)
return EFI_ACCESS_DENIED; return EFI_ACCESS_DENIED;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXDelAuth = 1;
if (MokNew || MokAuth)
menucount++;
if (MokDel || MokDelAuth)
menucount++;
if (MokXNew || MokXAuth)
menucount++;
if (MokXDel || MokXDelAuth)
menucount++;
if (MokSB)
menucount++;
if (MokPW)
menucount++;
if (MokDB)
menucount++;
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1));
if (!menu_strings)
return EFI_OUT_OF_RESOURCES;
menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount);
if (!menu_item) {
FreePool(menu_strings);
return EFI_OUT_OF_RESOURCES;
}
if (mok_changed) {
menu_strings[i] = L"Reboot";
console_notify(L"The system must be rebooted for your changes to take effect");
} else {
menu_strings[i] = L"Continue boot";
}
menu_item[i] = MOK_BOOT;
i++;
if (MokNew || MokAuth) {
if (!MokNew) {
menu_strings[i] = L"Reset MOK";
menu_item[i] = MOK_RESET_MOK;
} else {
menu_strings[i] = L"Enroll MOK";
menu_item[i] = MOK_ENROLL_MOK;
}
i++;
}
if (MokDel || MokDelAuth) {
menu_strings[i] = L"Delete MOK";
menu_item[i] = MOK_DELETE_MOK;
i++;
}
if (MokXNew || MokXAuth) {
if (!MokXNew) {
menu_strings[i] = L"Reset MOKX";
menu_item[i] = MOK_RESET_MOKX;
} else {
menu_strings[i] = L"Enroll MOKX";
menu_item[i] = MOK_ENROLL_MOKX;
}
i++;
}
if (MokXDel || MokXDelAuth) {
menu_strings[i] = L"Delete MOKX";
menu_item[i] = MOK_DELETE_MOKX;
i++;
}
if (MokSB) {
menu_strings[i] = L"Change Secure Boot state";
menu_item[i] = MOK_CHANGE_SB;
i++;
}
if (MokPW) {
menu_strings[i] = L"Set MOK password";
menu_item[i] = MOK_SET_PW;
i++;
}
if (MokDB) {
menu_strings[i] = L"Change DB state";
menu_item[i] = MOK_CHANGE_DB;
i++;
}
menu_strings[i] = L"Enroll key from disk";
menu_item[i] = MOK_KEY_ENROLL;
i++;
menu_strings[i] = L"Enroll hash from disk";
menu_item[i] = MOK_HASH_ENROLL;
i++;
menu_strings[i] = NULL;
if (protected == FALSE && draw_countdown() == 0) if (protected == FALSE && draw_countdown() == 0)
goto out; goto out;
while (choice >= 0) { while (choice >= 0) {
UINTN menucount = 3, i = 0;
UINT32 MokAuth = 0;
UINT32 MokDelAuth = 0;
UINT32 MokXAuth = 0;
UINT32 MokXDelAuth = 0;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokDelAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXAuth = 1;
efi_status = uefi_call_wrapper(RT->GetVariable, 5, L"MokXDelAuth",
&shim_lock_guid,
&attributes, &auth_size, auth);
if ((efi_status == EFI_SUCCESS) &&
(auth_size == SHA256_DIGEST_SIZE || auth_size == PASSWORD_CRYPT_SIZE))
MokXDelAuth = 1;
if (MokNew || MokAuth)
menucount++;
if (MokDel || MokDelAuth)
menucount++;
if (MokXNew || MokXAuth)
menucount++;
if (MokXDel || MokXDelAuth)
menucount++;
if (MokSB)
menucount++;
if (MokPW)
menucount++;
if (MokDB)
menucount++;
menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1));
if (!menu_strings)
return EFI_OUT_OF_RESOURCES;
menu_item = AllocateZeroPool(sizeof(mok_menu_item) * menucount);
if (!menu_item) {
FreePool(menu_strings);
return EFI_OUT_OF_RESOURCES;
}
if (mok_changed)
menu_strings[i] = L"Reboot";
else
menu_strings[i] = L"Continue boot";
menu_item[i] = MOK_BOOT;
i++;
if (MokNew || MokAuth) {
if (!MokNew) {
menu_strings[i] = L"Reset MOK";
menu_item[i] = MOK_RESET_MOK;
} else {
menu_strings[i] = L"Enroll MOK";
menu_item[i] = MOK_ENROLL_MOK;
}
i++;
}
if (MokDel || MokDelAuth) {
menu_strings[i] = L"Delete MOK";
menu_item[i] = MOK_DELETE_MOK;
i++;
}
if (MokXNew || MokXAuth) {
if (!MokXNew) {
menu_strings[i] = L"Reset MOKX";
menu_item[i] = MOK_RESET_MOKX;
} else {
menu_strings[i] = L"Enroll MOKX";
menu_item[i] = MOK_ENROLL_MOKX;
}
i++;
}
if (MokXDel || MokXDelAuth) {
menu_strings[i] = L"Delete MOKX";
menu_item[i] = MOK_DELETE_MOKX;
i++;
}
if (MokSB) {
menu_strings[i] = L"Change Secure Boot state";
menu_item[i] = MOK_CHANGE_SB;
i++;
}
if (MokPW) {
menu_strings[i] = L"Set MOK password";
menu_item[i] = MOK_SET_PW;
i++;
}
if (MokDB) {
menu_strings[i] = L"Change DB state";
menu_item[i] = MOK_CHANGE_DB;
i++;
}
menu_strings[i] = L"Enroll key from disk";
menu_item[i] = MOK_KEY_ENROLL;
i++;
menu_strings[i] = L"Enroll hash from disk";
menu_item[i] = MOK_HASH_ENROLL;
i++;
menu_strings[i] = NULL;
choice = console_select((CHAR16 *[]){ L"Perform MOK management", NULL }, choice = console_select((CHAR16 *[]){ L"Perform MOK management", NULL },
menu_strings, 0); menu_strings, 0);
@ -2361,27 +2358,41 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
break; break;
case MOK_ENROLL_MOK: case MOK_ENROLL_MOK:
efi_status = mok_enrollment_prompt(MokNew, MokNewSize, TRUE, FALSE); efi_status = mok_enrollment_prompt(MokNew, MokNewSize, TRUE, FALSE);
if (efi_status == EFI_SUCCESS)
MokNew = NULL;
break; break;
case MOK_DELETE_MOK: case MOK_DELETE_MOK:
efi_status = mok_deletion_prompt(MokDel, MokDelSize, FALSE); efi_status = mok_deletion_prompt(MokDel, MokDelSize, FALSE);
if (efi_status == EFI_SUCCESS)
MokDel = NULL;
break; break;
case MOK_RESET_MOKX: case MOK_RESET_MOKX:
efi_status = mok_reset_prompt(TRUE); efi_status = mok_reset_prompt(TRUE);
break; break;
case MOK_ENROLL_MOKX: case MOK_ENROLL_MOKX:
efi_status = mok_enrollment_prompt(MokXNew, MokXNewSize, TRUE, TRUE); efi_status = mok_enrollment_prompt(MokXNew, MokXNewSize, TRUE, TRUE);
if (efi_status == EFI_SUCCESS)
MokXNew = NULL;
break; break;
case MOK_DELETE_MOKX: case MOK_DELETE_MOKX:
efi_status = mok_deletion_prompt(MokXDel, MokXDelSize, TRUE); efi_status = mok_deletion_prompt(MokXDel, MokXDelSize, TRUE);
if (efi_status == EFI_SUCCESS)
MokXDel = NULL;
break; break;
case MOK_CHANGE_SB: case MOK_CHANGE_SB:
efi_status = mok_sb_prompt(MokSB, MokSBSize); efi_status = mok_sb_prompt(MokSB, MokSBSize);
if (efi_status == EFI_SUCCESS)
MokSB = NULL;
break; break;
case MOK_SET_PW: case MOK_SET_PW:
efi_status = mok_pw_prompt(MokPW, MokPWSize); efi_status = mok_pw_prompt(MokPW, MokPWSize);
if (efi_status == EFI_SUCCESS)
MokPW = NULL;
break; break;
case MOK_CHANGE_DB: case MOK_CHANGE_DB:
efi_status = mok_db_prompt(MokDB, MokDBSize); efi_status = mok_db_prompt(MokDB, MokDBSize);
if (efi_status == EFI_SUCCESS)
MokDB = NULL;
break; break;
case MOK_KEY_ENROLL: case MOK_KEY_ENROLL:
efi_status = mok_key_enroll(); efi_status = mok_key_enroll();
@ -2390,29 +2401,21 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle,
efi_status = mok_hash_enroll(); efi_status = mok_hash_enroll();
break; break;
} }
if (efi_status == EFI_SUCCESS)
mok_changed = 1;
free_menu(menu_item, menu_strings);
} }
if (efi_status == EFI_SUCCESS) out:
mok_changed = 1;
else
mok_changed = 0;
free_menu(menu_item, menu_strings); free_menu(menu_item, menu_strings);
mok_changed = enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel,
MokDelSize, MokSB, MokSBSize, MokPW,
MokPWSize, MokDB, MokDBSize, MokXNew,
MokXNewSize, MokXDel, MokXDelSize,
mok_changed);
out:
if (mok_changed) if (mok_changed)
return reset_system(); return reset_system();
console_reset(); console_reset();
free_menu(menu_item, menu_strings);
return ret; return ret;
} }
@ -2502,7 +2505,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle)
enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize, enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize,
MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize, MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize,
MokXNew, MokXNewSize, MokXDel, MokXDelSize, 0); MokXNew, MokXNewSize, MokXDel, MokXDelSize);
if (MokNew) if (MokNew)
FreePool (MokNew); FreePool (MokNew);

2
commit
View File

@ -1 +1 @@
b58617505096e3940430d8d8bba033bb6bf75a8a 478f9bb2ea91b361ab52dac6604fdfb47e1e963c