proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-27 11:03:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
269 Commits 1 Branch 3 Tags 11 MiB
6ae4e4f946
Commit Graph

269 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gary Ching-Pang Lin
5d328c6c45 Erase stored keys when there is no key in the new key list 2012-09-21 16:45:02 +08:00
Gary Ching-Pang Lin
6919a3f7c7 Make sure the variables are not broken 2012-09-21 16:44:56 +08:00
Gary Ching-Pang Lin
6306b495c5 Allow the new keys to be listed again 2012-09-21 15:36:57 +08:00
Gary Ching-Pang Lin
6577945fba Reject the binary when there is no key in MokList 2012-09-21 15:10:31 +08:00
Gary Ching-Pang Lin
f775849e12 Make the key list interactive 2012-09-20 18:15:50 +08:00
Gary Ching-Pang Lin
f78ff3bf0e Make sure the time string is set 2012-09-20 15:54:57 +08:00
Gary Ching-Pang Lin
ea8ee44476 Improve the layout of the key info 2012-09-20 15:22:53 +08:00
Gary Ching-Pang Lin
2db8a14ad4 Remove the unused debug message 2012-09-20 10:35:43 +08:00
Gary Ching-Pang Lin
a1239f096b Check the MOK list correctly 2012-09-20 10:28:00 +08:00
Gary Ching-Pang Lin
c326e2dff4 Simplify the key management 
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
 2012-09-19 17:12:30 +08:00
Gary Ching-Pang Lin
1041805a18 Abandon the variable, MokMgmt 2012-09-19 14:54:35 +08:00
Gary Ching-Pang Lin
a903fb1088 Copy the MOK list to a RT variable 
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
 2012-09-11 17:43:44 +08:00
Gary Ching-Pang Lin
1342297309 Use the machine owner keys to verify images 2012-09-11 16:39:12 +08:00
Gary Ching-Pang Lin
333bd97743 Add a separate efi application to manage MOKs 2012-09-11 16:38:29 +08:00
Gary Ching-Pang Lin
cec6a0a964 Always try StartImage first 2012-09-11 16:37:02 +08:00
Gary Ching-Pang Lin
e470969e4e Only launch MokManager when necessary 2012-09-11 16:34:25 +08:00
Gary Ching-Pang Lin
31d3bd054a Retrieve attributes of variables 
We have to make sure the machine owner key is stored in a BS
variable.
 2012-09-11 16:31:05 +08:00
Gary Ching-Pang Lin
000c565c06 Merge branch 'master' into mok-prototype3 
Conflicts:
	shim.c
 2012-09-07 18:22:34 +08:00
Gary Ching-Pang Lin
4b34567dd5 Load MokManager for MOK management 2012-09-07 18:11:45 +08:00
Gary Ching-Pang Lin
822d089e3d Make the image loading process more generic 2012-09-07 17:43:21 +08:00
Peter Jones
13a68a9959 Fix data alignment on vendor_cert so we don't wind up with padding. 2012-09-06 16:43:30 -04:00
Peter Jones
43eeb538d7 Add some convenience make targets. 
Adds targets for "test-archive" and "archive"
 2012-09-06 12:38:30 -04:00
Peter Jones
7430b90148 Break out of our db checking loop at the appropriate time. 
The break in check_db_cert is at the wrong level due to a typo in
indentation, and as a result only the last cert in the list can
correctly match.  Rectify that.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2012-09-06 12:13:44 -04:00
Matthew Garrett
ce78d2d250 Use the file size, not the image size field, for verification. 2012-09-06 12:13:44 -04:00
Peter Jones
8518b8cc1f Allow specification of vendor_cert through a build command line option. 
This allows you to specify the vendor_cert as a file on the command line
during build.
 2012-09-06 12:13:44 -04:00
Peter Jones
7edb4fedfd dos2unix PeImage.h 2012-09-06 12:01:43 -04:00
Matthew Garrett
ffc0e2424b Add basic documentation 2012-07-28 00:42:43 -04:00
Matthew Garrett
00ced0c125 Handle slightly stranger device paths 2012-07-13 00:30:22 -04:00
Matthew Garrett
bc6aaefa2d Make path generation more sensible 2012-07-11 10:58:15 -04:00
Matthew Garrett
5fe882ba74 Make sure ImageBase is set appropriately in the loaded_image protocol 2012-07-11 10:57:46 -04:00
Matthew Garrett
745b7f93ce Add copyright file 2012-07-09 11:03:12 -04:00
Matthew Garrett
8c1d71c7f5 Update TODO 2012-07-09 10:39:14 -04:00
Matthew Garrett
4d8092e7b2 Remove temp file checked in by accident 2012-07-09 10:38:30 -04:00
Matthew Garrett
37e456be5c Improve makefile 2012-07-09 10:38:19 -04:00
Matthew Garrett
a3996218ba Make it easier to update Cryptlib 2012-07-09 10:17:19 -04:00
Matthew Garrett
5f64876076 Cryptlib update 2012-07-09 10:17:13 -04:00
Matthew Garrett
b2058cf897 Re-add whitelisting - needed for protocol validation 2012-07-05 16:39:25 -04:00
Matthew Garrett
041dd2b42a We're not MSABI, so don't advertise this as such 2012-07-05 12:52:42 -04:00
Matthew Garrett
6279b58e83 Check whether secure boot is enabled before performing verify call 2012-07-05 12:51:12 -04:00
Matthew Garrett
c13fc2f71f Fix up blacklist checking 
This was not quite as bugfree as would be hoped for.
 2012-07-02 14:43:18 -04:00
Matthew Garrett
1348448255 Remove whitelisting - the firmware will handle it via LoadImage/StartImage 2012-07-02 13:49:32 -04:00
Matthew Garrett
e21cbf4d9b Update OpenSSL 2012-07-02 12:33:42 -04:00
Matthew Garrett
5b1bf5583c Build a debug image 2012-07-02 12:29:03 -04:00
Matthew Garrett
6eb1eca4f3 Fix type of buffersize 2012-07-02 11:54:21 -04:00
Matthew Garrett
45c13d2989 Remove redundant header 2012-07-02 09:40:18 -04:00
Matthew Garrett
f23d769727 Fix get_variable 2012-06-25 17:46:11 -04:00
Matthew Garrett
c16548d08b Add black/white listing 2012-06-25 10:59:08 -04:00
Matthew Garrett
8877e13127 Fix build somewhat 2012-06-19 15:25:59 -04:00
Matthew Garrett
3e890667fe Fix cert size 2012-06-19 15:25:02 -04:00
Matthew Garrett
6e1c111bc3 Fix error path 2012-06-19 15:23:31 -04:00