proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-10-31 02:42:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
78 Commits 1 Branch 3 Tags 11 MiB
5e43e91f3d
Commit Graph

78 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gary Ching-Pang Lin
5e43e91f3d Calculate SHA1 fingerprint 
openssl shows sha1 fingerprint by default.
 2012-10-02 14:51:42 +08:00
Gary Ching-Pang Lin
5816917f72 Replace functions with the ones in gnu-efi 2012-10-02 12:58:32 +08:00
Gary Ching-Pang Lin
f3104a7314 Use LibDeleteVariable in gnu-efi 2012-10-02 11:55:44 +08:00
Gary Ching-Pang Lin
aa8e90679d More tips for the MOK password 2012-09-27 16:54:38 +08:00
Gary Ching-Pang Lin
44423f01a4 Filter out newline from the password array 2012-09-26 17:19:27 +08:00
Gary Ching-Pang Lin
a4c1e5965f correct wording 2012-09-26 16:36:53 +08:00
Gary Ching-Pang Lin
e676d64a62 Build debug image for all efi files 2012-09-26 15:46:42 +08:00
Gary Ching-Pang Lin
ff857b4b8d Define the max length of password 2012-09-24 17:27:52 +08:00
Gary Ching-Pang Lin
215e462b10 Request a password to verify the key list 
The password must contain 8 characters at least and 16 characters
at most and will be hashed with the key list altogether. The keys
in MokNew won't be allowed to be enrolled unless the user provides
the correct password.
 2012-09-24 15:48:01 +08:00
Gary Ching-Pang Lin
5d328c6c45 Erase stored keys when there is no key in the new key list 2012-09-21 16:45:02 +08:00
Gary Ching-Pang Lin
6919a3f7c7 Make sure the variables are not broken 2012-09-21 16:44:56 +08:00
Gary Ching-Pang Lin
6306b495c5 Allow the new keys to be listed again 2012-09-21 15:36:57 +08:00
Gary Ching-Pang Lin
6577945fba Reject the binary when there is no key in MokList 2012-09-21 15:10:31 +08:00
Gary Ching-Pang Lin
f775849e12 Make the key list interactive 2012-09-20 18:15:50 +08:00
Gary Ching-Pang Lin
f78ff3bf0e Make sure the time string is set 2012-09-20 15:54:57 +08:00
Gary Ching-Pang Lin
ea8ee44476 Improve the layout of the key info 2012-09-20 15:22:53 +08:00
Gary Ching-Pang Lin
2db8a14ad4 Remove the unused debug message 2012-09-20 10:35:43 +08:00
Gary Ching-Pang Lin
a1239f096b Check the MOK list correctly 2012-09-20 10:28:00 +08:00
Gary Ching-Pang Lin
c326e2dff4 Simplify the key management 
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
 2012-09-19 17:12:30 +08:00
Gary Ching-Pang Lin
1041805a18 Abandon the variable, MokMgmt 2012-09-19 14:54:35 +08:00
Gary Ching-Pang Lin
a903fb1088 Copy the MOK list to a RT variable 
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
 2012-09-11 17:43:44 +08:00
Gary Ching-Pang Lin
1342297309 Use the machine owner keys to verify images 2012-09-11 16:39:12 +08:00
Gary Ching-Pang Lin
333bd97743 Add a separate efi application to manage MOKs 2012-09-11 16:38:29 +08:00
Gary Ching-Pang Lin
cec6a0a964 Always try StartImage first 2012-09-11 16:37:02 +08:00
Gary Ching-Pang Lin
e470969e4e Only launch MokManager when necessary 2012-09-11 16:34:25 +08:00
Gary Ching-Pang Lin
31d3bd054a Retrieve attributes of variables 
We have to make sure the machine owner key is stored in a BS
variable.
 2012-09-11 16:31:05 +08:00
Gary Ching-Pang Lin
000c565c06 Merge branch 'master' into mok-prototype3 
Conflicts:
	shim.c
 2012-09-07 18:22:34 +08:00
Gary Ching-Pang Lin
4b34567dd5 Load MokManager for MOK management 2012-09-07 18:11:45 +08:00
Gary Ching-Pang Lin
822d089e3d Make the image loading process more generic 2012-09-07 17:43:21 +08:00
Peter Jones
13a68a9959 Fix data alignment on vendor_cert so we don't wind up with padding. 2012-09-06 16:43:30 -04:00
Peter Jones
43eeb538d7 Add some convenience make targets. 
Adds targets for "test-archive" and "archive"
 2012-09-06 12:38:30 -04:00
Peter Jones
7430b90148 Break out of our db checking loop at the appropriate time. 
The break in check_db_cert is at the wrong level due to a typo in
indentation, and as a result only the last cert in the list can
correctly match.  Rectify that.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2012-09-06 12:13:44 -04:00
Matthew Garrett
ce78d2d250 Use the file size, not the image size field, for verification. 2012-09-06 12:13:44 -04:00
Peter Jones
8518b8cc1f Allow specification of vendor_cert through a build command line option. 
This allows you to specify the vendor_cert as a file on the command line
during build.
 2012-09-06 12:13:44 -04:00
Peter Jones
7edb4fedfd dos2unix PeImage.h 2012-09-06 12:01:43 -04:00
Matthew Garrett
ffc0e2424b Add basic documentation 2012-07-28 00:42:43 -04:00
Matthew Garrett
00ced0c125 Handle slightly stranger device paths 2012-07-13 00:30:22 -04:00
Matthew Garrett
bc6aaefa2d Make path generation more sensible 2012-07-11 10:58:15 -04:00
Matthew Garrett
5fe882ba74 Make sure ImageBase is set appropriately in the loaded_image protocol 2012-07-11 10:57:46 -04:00
Matthew Garrett
745b7f93ce Add copyright file 2012-07-09 11:03:12 -04:00
Matthew Garrett
8c1d71c7f5 Update TODO 2012-07-09 10:39:14 -04:00
Matthew Garrett
4d8092e7b2 Remove temp file checked in by accident 2012-07-09 10:38:30 -04:00
Matthew Garrett
37e456be5c Improve makefile 2012-07-09 10:38:19 -04:00
Matthew Garrett
a3996218ba Make it easier to update Cryptlib 2012-07-09 10:17:19 -04:00
Matthew Garrett
5f64876076 Cryptlib update 2012-07-09 10:17:13 -04:00
Matthew Garrett
b2058cf897 Re-add whitelisting - needed for protocol validation 2012-07-05 16:39:25 -04:00
Matthew Garrett
041dd2b42a We're not MSABI, so don't advertise this as such 2012-07-05 12:52:42 -04:00
Matthew Garrett
6279b58e83 Check whether secure boot is enabled before performing verify call 2012-07-05 12:51:12 -04:00
Matthew Garrett
c13fc2f71f Fix up blacklist checking 
This was not quite as bugfree as would be hoped for.
 2012-07-02 14:43:18 -04:00
Matthew Garrett
1348448255 Remove whitelisting - the firmware will handle it via LoadImage/StartImage 2012-07-02 13:49:32 -04:00