proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-06 12:30:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
236 Commits 1 Branch 3 Tags 11 MiB
a1f2863584
Commit Graph

236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Jones
a1f2863584 Make vendor_cert/vendor_dbx actually replaceable by an external tool. 
This moves them both to be computed at runtime from a pointer+offset
rather than just a pointer, so that their real address can be entirely
derived from the section they're in.

This means you can replace the whole .vendor_cert section with a new one
with certs that don't have the same size.
 2013-10-01 14:03:16 -04:00
Peter Jones
2efb269ba6 Remove TODO items fixed by merging lf_merge and lcp/lf-security-override. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-10-01 14:03:16 -04:00
Peter Jones
8317a1f0ad Don't use LibGetVariable(), since it doesn't give us real error codes. 2013-09-26 13:44:05 -04:00
Gary Ching-Pang Lin
59dcd9d1b8 integrate security override 2013-09-26 11:58:03 -04:00
Peter Jones
6d6aff1bab Clean up tarballs in "make clean" 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
7f0208a0f9 Merge variable retrieving functions 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
53862ddace Merge signature.h into efiauthenticated.h and guid.h 
Conflicts:
	shim.c
 2013-09-26 11:58:02 -04:00
Peter Jones
40375a8bea Merge two PeImage.h into one 
Conflicts:
	Makefile
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
ca2e00d067 Free unused memory space 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
87bcb40438 Adjust the result of gmtime() to fit the definition 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
744cb2109b Rand: check the status of the pseudorandom number generator 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
71e70c72df MokManager: check the suffix of the key file 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
913f33d366 MokManager: fetch more info from X509 name 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
2648d29f00 MokManager: reboot the system after clearing MOK password 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
5f7ade1950 MokManager: enhance the password prompt for SB state 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
7ed6b96365 MokManager: rearrange the output of MOK info 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
c34ed0ae2f Disable floating points in b_print 
The long double declaration will enable SSE and cause a compilation
error. Disabling everything related to floating points avoids the
error.
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
3c5b49ec5a Enable openssl bio_printf() 
bio_printf() was replaced with a dummy function and this made
several openssl functions useless. This commit adds the print
functions back, so that we don't have to implement our own
ASN1 time print function.
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
5326c090be MokManager: enhance the password prompt 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
44d7d0e668 MokManager: remove the duplicate get_keystroke() 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
9a86568e19 MokManager: draw the countdown screen 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
8371c49ce7 MokManager: Remove the unnecessary string duplication 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
d71240bfff Correct the certificate count of the signature list 2013-09-26 11:58:02 -04:00
Peter Jones
e053c22701 Since different distros name grub*.efi differently, make it compile-time. 
Basically, if you don't want grub.efi, you do:

make 'DEFAULT_LOADER=\\\\grubx64.efi'

Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
bd145c6082 Define the PXE 2nd stage loader in the beginning of the file 
Make it easier to change the PXE 2nd stage loader.

Conflicts:
	netboot.c
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
436afcc276 Remove double-separators from the bootpath 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
f9f81a22dd Fix the broken bootpath 
- The file path from DevicePathToStr may use slash as the file
  seperator. Change all slashes to backslashes to avoid the strange
  bootpath.
- Remove the redundant backslashes.
- ImagePath no longer requires the leading backslash.
- Fix a memory leak

Based on the patch from Michal Marek <mmarek@suse.com>
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
908eacc225 MokManager: support Tradition DES hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
be5c35e1ac MokManager: support MD5-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
114dad494c MokManager: support blowfish-based crypt() hash 
Conflicts:
	Makefile
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
5a89835189 MokManager: support SHA512-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
3a838b14f0 MokManager: support crypt() password hash 
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.

This commit implements the sha256-based crypt() hash function.

Conflicts:
	Makefile
	MokManager.c
 2013-09-26 11:58:01 -04:00
Peter Jones
5e9fee2158 Make EFI_PATH easily resettable from the build command line. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
cdd2dc9132 Clean lib/, too 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
b1a00240ab simple_file: Allocate buffers for file entries 
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
 2013-09-26 11:58:01 -04:00
Matthew Garrett
17857eb8b5 Port MokManager to Linux Foundation loader UI code 
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
 2013-09-26 11:57:59 -04:00
Peter Jones
2aa2ddd8a8 Port MokManager to Linux Foundation loader UI code 
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.

Conflicts:
	MokManager.c
 2013-09-26 11:57:51 -04:00
Peter Jones
227d13a2d9 We have to declare SHIM_LOCK_GUID here as well. 
Signed-off-by: Peter Jones <pjones@redhat.com>

Conflicts:
	MokManager.c
 2013-09-26 11:56:52 -04:00
Peter Jones
ebda1052c9 Ignore tarballs. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 09:56:32 -04:00
Peter Jones
a869915a1d MokManager needs to disable the graphics console. 
Without this patch, on some machines we never see MokManager's UI.  This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.

If you're looking for a reference, look at:

EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c

in the edk2 tree from Tiano.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 09:56:26 -04:00
Steve Langasek
5ccacd3a48 Fix a memory leak 2013-09-24 12:05:51 -04:00
Steve Langasek
69a54db486 Correct limits on the length of ipv6 addresses 
The maximum length of a string representation of an ipv6 address is 39
characters (8 groups of 4 hex chars, with 7 colons in between).  So don't
allocate more room than this - and more importantly, don't blindly accept
strings from the server that are longer than our buffer...
 2013-09-24 12:05:47 -04:00
Steve Langasek
af049ff457 More consistent types, fewer casts 2013-09-24 12:05:38 -04:00
Steve Langasek
6eaa1a9c9e Misc allocation cleanups 2013-09-24 12:05:34 -04:00
Steve Langasek
3816832bc5 Fix an off-by-one error 
We don't need to add one because our end pointer is already off the end of
the string we want to copy.
 2013-09-24 12:05:31 -04:00
Steve Langasek
e2979f2c5f Fix nul termination errors in filenames passed to tftp 
Fix various errors in the tftp string handling, to ensure we always have
properly nul-terminated strings.
 2013-09-24 12:05:28 -04:00
Steve Langasek
2d8cfca2ce Build with -Werror to catch future prototype mismatches. 2013-09-24 12:05:25 -04:00
Steve Langasek
fbc486b50d Pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE 
A wrong pointer was being passed to EFI_PXE_BASE_CODE_TFTP_READ_FILE,
preventing us from getting the file size back from the tftp call, ensuring
that we don't have enough information to properly secureboot-validate the
retrieved image.
 2013-09-24 12:05:21 -04:00
Peter Jones
bea90083d2 Add MokListRT option rom entry. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-23 13:24:48 -04:00
Peter Jones
43df9d24f2 Update TODO with missing description. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-23 11:05:08 -04:00