proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-11 18:30:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
408 Commits 1 Branch 3 Tags 11 MiB
acd2cc1e4f
Commit Graph

408 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthew Garrett
d1c2586c23 Fix filesystem enrollment 
We would always enrol a single key, deleting any existing keys in the
database. Fix that up.
 2012-10-08 17:35:50 -04:00
Matthew Garrett
1e9de96f8a Add an auth argument to store_keys() 
If the user is manually installing keys from a filesystem then we don't need
to ask for the key password.
 2012-10-08 17:34:55 -04:00
Matthew Garrett
cb22de62e7 Add __attribute__ ((packed)) to MokListNode definition 
Packing this lets us use MokListNode with the binary MokList representation.
 2012-10-08 17:33:32 -04:00
Matthew Garrett
9201fa9ec6 Disable menu freeing 
This looks like it ought to work, but is currently failing. Leaking here
isn't a big deal, so just disable it until I figure out what's wrong.
 2012-10-06 17:52:38 -04:00
Matthew Garrett
a68a0c7b03 Fix menucount 
Menucount wasn't being incremented for the final top level menu, so
the file explorer menu item wasn't appearing.
 2012-10-06 17:39:21 -04:00
Matthew Garrett
c9d2ff8c40 Free menus and add statics 
Make sure we free menu items after exiting a menu. Also, add some missing
static annotations.
 2012-10-06 17:30:49 -04:00
Matthew Garrett
24eace9953 Fix menu items 
Only show the MOK manipulation menu item if MokNew existed
 2012-10-06 17:30:46 -04:00
Matthew Garrett
27a8fc9fd1 Always show the MokManager UI 
If someone explicitly starts MokManager then we want to show the UI
 2012-10-06 17:22:33 -04:00
Matthew Garrett
8cf182af8b Fall back to MokManager if grub failed to validate 
If we can't verify grub, fall back to MokManager. This permits shipping a
copy of shim and MokManager without distributing a key, letting
distributions provide their own for user installation.
 2012-10-06 17:20:30 -04:00
Matthew Garrett
d991c4a178 Add filesystem browsing and enrollment 
Add a basic menu system and file explorer. This makes it possible for the
user to enrol keys from media from within shim rather than having to boot
an OS first. This would permit vendors to distribute a signed shim without
having to install their own keys first - the keys could be stored on the
install media instead.
 2012-10-05 19:04:57 -04:00
Steve Langasek
1d8992c51b releasing version 0~20120906.bcd0a4e8-0ubuntu3 2012-10-05 11:21:05 -07:00
Steve Langasek
5ea013bd81 debian/patches/second-stage-path: Chainload grubx64.efi, not 
grub.efi.
 2012-10-05 11:20:56 -07:00
Steve Langasek
be30a8502c releasing version 0~20120906.bcd0a4e8-0ubuntu2 2012-10-04 17:47:08 +00:00
Steve Langasek
63e313d753 Only build the package for amd64; we're not signing an i386 shim at this 
stage so there's no point in building it.
 2012-10-04 17:46:51 +00:00
Steve Langasek
76e675cb49 debian/patches/prototypes: Include missing prototypes, and disable 
use of BIO_new_file.
 2012-10-04 17:46:23 +00:00
Gary Ching-Pang Lin
577029ad75 Don't show the invalid key number 2012-10-04 17:39:59 +08:00
Gary Ching-Pang Lin
3ece2b337e Use the same function to get commands and password 2012-10-04 17:39:54 +08:00
Gary Ching-Pang Lin
67f1e0b259 Print the key number for the non-existent key also 2012-10-04 16:28:52 +08:00
Steve Langasek
b54fc10a6b releasing version 0~20120906.bcd0a4e8-0ubuntu1 2012-10-04 00:01:09 -07:00
Steve Langasek
10d096d494 Fix the changelog, which is inaccurate now that we just include the file 2012-10-04 00:00:50 -07:00
Steve Langasek
6e063b90b6 Use a clearer name for the VENDOR_CERT_FILE. 2012-10-04 06:23:13 +00:00
Steve Langasek
3a420208fc Pull newer upstream snapshot, which fixes verification of the signature on our signed GRUB efi 2012-10-04 06:21:19 +00:00
Steve Langasek
750a67ea1e Import upstream version 0~20120906.bcd0a4e8 2012-10-03 23:02:40 -07:00
Steve Langasek
2c0e3cc05f Include the Canonical Secure Boot master CA (cert.der) and include as 
cert.h at build time.
 2012-10-03 22:45:07 -07:00
Gary Ching-Pang Lin
0692f833c9 Don't print Backspace as we print nothing 2012-10-02 18:17:29 +08:00
Gary Ching-Pang Lin
5e43e91f3d Calculate SHA1 fingerprint 
openssl shows sha1 fingerprint by default.
 2012-10-02 14:51:42 +08:00
Gary Ching-Pang Lin
5816917f72 Replace functions with the ones in gnu-efi 2012-10-02 12:58:32 +08:00
Gary Ching-Pang Lin
f3104a7314 Use LibDeleteVariable in gnu-efi 2012-10-02 11:55:44 +08:00
Gary Ching-Pang Lin
aa8e90679d More tips for the MOK password 2012-09-27 16:54:38 +08:00
Gary Ching-Pang Lin
44423f01a4 Filter out newline from the password array 2012-09-26 17:19:27 +08:00
Gary Ching-Pang Lin
a4c1e5965f correct wording 2012-09-26 16:36:53 +08:00
Gary Ching-Pang Lin
e676d64a62 Build debug image for all efi files 2012-09-26 15:46:42 +08:00
Gary Ching-Pang Lin
ff857b4b8d Define the max length of password 2012-09-24 17:27:52 +08:00
Gary Ching-Pang Lin
215e462b10 Request a password to verify the key list 
The password must contain 8 characters at least and 16 characters
at most and will be hashed with the key list altogether. The keys
in MokNew won't be allowed to be enrolled unless the user provides
the correct password.
 2012-09-24 15:48:01 +08:00
Gary Ching-Pang Lin
5d328c6c45 Erase stored keys when there is no key in the new key list 2012-09-21 16:45:02 +08:00
Gary Ching-Pang Lin
6919a3f7c7 Make sure the variables are not broken 2012-09-21 16:44:56 +08:00
Gary Ching-Pang Lin
6306b495c5 Allow the new keys to be listed again 2012-09-21 15:36:57 +08:00
Gary Ching-Pang Lin
6577945fba Reject the binary when there is no key in MokList 2012-09-21 15:10:31 +08:00
Gary Ching-Pang Lin
f775849e12 Make the key list interactive 2012-09-20 18:15:50 +08:00
Gary Ching-Pang Lin
f78ff3bf0e Make sure the time string is set 2012-09-20 15:54:57 +08:00
Gary Ching-Pang Lin
ea8ee44476 Improve the layout of the key info 2012-09-20 15:22:53 +08:00
Gary Ching-Pang Lin
2db8a14ad4 Remove the unused debug message 2012-09-20 10:35:43 +08:00
Gary Ching-Pang Lin
a1239f096b Check the MOK list correctly 2012-09-20 10:28:00 +08:00
Gary Ching-Pang Lin
c326e2dff4 Simplify the key management 
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
 2012-09-19 17:12:30 +08:00
Gary Ching-Pang Lin
1041805a18 Abandon the variable, MokMgmt 2012-09-19 14:54:35 +08:00
Gary Ching-Pang Lin
a903fb1088 Copy the MOK list to a RT variable 
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
 2012-09-11 17:43:44 +08:00
Gary Ching-Pang Lin
1342297309 Use the machine owner keys to verify images 2012-09-11 16:39:12 +08:00
Gary Ching-Pang Lin
333bd97743 Add a separate efi application to manage MOKs 2012-09-11 16:38:29 +08:00
Gary Ching-Pang Lin
cec6a0a964 Always try StartImage first 2012-09-11 16:37:02 +08:00
Gary Ching-Pang Lin
e470969e4e Only launch MokManager when necessary 2012-09-11 16:34:25 +08:00