proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-14 08:43:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
223 Commits 1 Branch 3 Tags 11 MiB
09f11d6aae
Commit Graph

223 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gary Ching-Pang Lin
a2cc3b0d11 correct wording 2012-09-26 16:36:53 +08:00
Gary Ching-Pang Lin
c6bd45d065 Build debug image for all efi files 2012-09-26 15:46:42 +08:00
Gary Ching-Pang Lin
c83f32162d Define the max length of password 2012-09-24 17:27:52 +08:00
Gary Ching-Pang Lin
7dc45398d6 Request a password to verify the key list 
The password must contain 8 characters at least and 16 characters
at most and will be hashed with the key list altogether. The keys
in MokNew won't be allowed to be enrolled unless the user provides
the correct password.
 2012-09-24 15:48:01 +08:00
Gary Ching-Pang Lin
f42825e60e Erase stored keys when there is no key in the new key list 2012-09-21 16:45:02 +08:00
Gary Ching-Pang Lin
ce2384495c Make sure the variables are not broken 2012-09-21 16:44:56 +08:00
Gary Ching-Pang Lin
b386860250 Allow the new keys to be listed again 2012-09-21 15:36:57 +08:00
Gary Ching-Pang Lin
03953e08bc Reject the binary when there is no key in MokList 2012-09-21 15:10:31 +08:00
Gary Ching-Pang Lin
12e2d62500 Make the key list interactive 2012-09-20 18:15:50 +08:00
Gary Ching-Pang Lin
caf006b44f Make sure the time string is set 2012-09-20 15:54:57 +08:00
Gary Ching-Pang Lin
ff8d867c68 Improve the layout of the key info 2012-09-20 15:22:53 +08:00
Gary Ching-Pang Lin
e6194ddd0a Remove the unused debug message 2012-09-20 10:35:43 +08:00
Gary Ching-Pang Lin
b3ff35663b Check the MOK list correctly 2012-09-20 10:28:00 +08:00
Gary Ching-Pang Lin
1d7c0f8602 Simplify the key management 
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
 2012-09-19 17:12:30 +08:00
Gary Ching-Pang Lin
5d4b6ba037 Abandon the variable, MokMgmt 2012-09-19 14:54:35 +08:00
Gary Ching-Pang Lin
ed2ecf8655 Copy the MOK list to a RT variable 
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
 2012-09-11 17:43:44 +08:00
Gary Ching-Pang Lin
28c581335e Use the machine owner keys to verify images 2012-09-11 16:39:12 +08:00
Gary Ching-Pang Lin
481c1e1e76 Add a separate efi application to manage MOKs 2012-09-11 16:38:29 +08:00
Gary Ching-Pang Lin
1395a9916b Always try StartImage first 2012-09-11 16:37:02 +08:00
Gary Ching-Pang Lin
5f00e44f9a Only launch MokManager when necessary 2012-09-11 16:34:25 +08:00
Gary Ching-Pang Lin
19e957f489 Retrieve attributes of variables 
We have to make sure the machine owner key is stored in a BS
variable.
 2012-09-11 16:31:05 +08:00
Gary Ching-Pang Lin
1fe0d49c9b Merge branch 'master' into mok-prototype3 
Conflicts:
	shim.c
 2012-09-07 18:22:34 +08:00
Gary Ching-Pang Lin
0d7c3dbde5 Load MokManager for MOK management 2012-09-07 18:11:45 +08:00
Gary Ching-Pang Lin
e235c85af1 Make the image loading process more generic 2012-09-07 17:43:21 +08:00
Peter Jones
bcd0a4e8df Fix data alignment on vendor_cert so we don't wind up with padding. 2012-09-06 16:43:30 -04:00
Peter Jones
07c21a109d Add some convenience make targets. 
Adds targets for "test-archive" and "archive"
 2012-09-06 12:38:30 -04:00
Peter Jones
3c2f1d6c3d Break out of our db checking loop at the appropriate time. 
The break in check_db_cert is at the wrong level due to a typo in
indentation, and as a result only the last cert in the list can
correctly match.  Rectify that.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2012-09-06 12:13:44 -04:00
Matthew Garrett
3682a89543 Use the file size, not the image size field, for verification. 2012-09-06 12:13:44 -04:00
Peter Jones
178b5681b8 Allow specification of vendor_cert through a build command line option. 
This allows you to specify the vendor_cert as a file on the command line
during build.
 2012-09-06 12:13:44 -04:00
Peter Jones
2295594a47 dos2unix PeImage.h 2012-09-06 12:01:43 -04:00
Matthew Garrett
3df9e294b7 Add basic documentation 2012-07-28 00:42:43 -04:00
Matthew Garrett
590b34492d Handle slightly stranger device paths 2012-07-13 00:30:22 -04:00
Matthew Garrett
d3ee0bed5e Make path generation more sensible 2012-07-11 10:58:15 -04:00
Matthew Garrett
8c173876d1 Make sure ImageBase is set appropriately in the loaded_image protocol 2012-07-11 10:57:46 -04:00
Matthew Garrett
ea863d8471 Add copyright file 2012-07-09 11:03:12 -04:00
Matthew Garrett
2d60227779 Update TODO 2012-07-09 10:39:14 -04:00
Matthew Garrett
7f5ccba57e Remove temp file checked in by accident 2012-07-09 10:38:30 -04:00
Matthew Garrett
d64a85f068 Improve makefile 2012-07-09 10:38:19 -04:00
Matthew Garrett
cd99713ac3 Make it easier to update Cryptlib 2012-07-09 10:17:19 -04:00
Matthew Garrett
f7d6ecac5f Cryptlib update 2012-07-09 10:17:13 -04:00
Matthew Garrett
85bbd2c4cc Re-add whitelisting - needed for protocol validation 2012-07-05 16:39:25 -04:00
Matthew Garrett
21543b6c8e We're not MSABI, so don't advertise this as such 2012-07-05 12:52:42 -04:00
Matthew Garrett
cc1116ced6 Check whether secure boot is enabled before performing verify call 2012-07-05 12:51:12 -04:00
Matthew Garrett
96b0c2f981 Fix up blacklist checking 
This was not quite as bugfree as would be hoped for.
 2012-07-02 14:43:18 -04:00
Matthew Garrett
f9435d9664 Remove whitelisting - the firmware will handle it via LoadImage/StartImage 2012-07-02 13:49:32 -04:00
Matthew Garrett
d259b14060 Update OpenSSL 2012-07-02 12:33:42 -04:00
Matthew Garrett
20094cb55d Build a debug image 2012-07-02 12:29:03 -04:00
Matthew Garrett
6d3e62ef2f Fix type of buffersize 2012-07-02 11:54:21 -04:00
Matthew Garrett
cfdefb0ebe Remove redundant header 2012-07-02 09:40:18 -04:00
Matthew Garrett
c08d0ceb05 Fix get_variable 2012-06-25 17:46:11 -04:00