Commit Graph

209 Commits

Author SHA1 Message Date
Gary Ching-Pang Lin
be9108a8b9 MokManager: support Tradition DES hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
09f6afbe72 MokManager: support MD5-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
83d1c30608 MokManager: support blowfish-based crypt() hash
Conflicts:
	Makefile
2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
9b41d26597 MokManager: support SHA512-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
afb61e7902 MokManager: support crypt() password hash
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.

This commit implements the sha256-based crypt() hash function.

Conflicts:
	Makefile
	MokManager.c
2013-09-26 11:58:01 -04:00
Peter Jones
4a7f9bd4a6 Make EFI_PATH easily resettable from the build command line.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
c0f8cd721c Clean lib/, too 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
b82d6d7cb1 simple_file: Allocate buffers for file entries
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
2013-09-26 11:58:01 -04:00
Matthew Garrett
d359712e1b Port MokManager to Linux Foundation loader UI code
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
2013-09-26 11:57:59 -04:00
Peter Jones
c62b9d16de Port MokManager to Linux Foundation loader UI code
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.

Conflicts:
	MokManager.c
2013-09-26 11:57:51 -04:00
Peter Jones
100ae9fdba We have to declare SHIM_LOCK_GUID here as well.
Signed-off-by: Peter Jones <pjones@redhat.com>

Conflicts:
	MokManager.c
2013-09-26 11:56:52 -04:00
Peter Jones
49ad36a8ad Ignore tarballs.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26 09:56:32 -04:00
Peter Jones
193b5b6120 MokManager needs to disable the graphics console.
Without this patch, on some machines we never see MokManager's UI.  This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.

If you're looking for a reference, look at:

EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c

in the edk2 tree from Tiano.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-26 09:56:26 -04:00
Steve Langasek
d65cbcfa6f Fix a memory leak 2013-09-24 12:05:51 -04:00
Steve Langasek
45ab8962ae Correct limits on the length of ipv6 addresses
The maximum length of a string representation of an ipv6 address is 39
characters (8 groups of 4 hex chars, with 7 colons in between).  So don't
allocate more room than this - and more importantly, don't blindly accept
strings from the server that are longer than our buffer...
2013-09-24 12:05:47 -04:00
Steve Langasek
0f603fa81a More consistent types, fewer casts 2013-09-24 12:05:38 -04:00
Steve Langasek
3756f0b8e5 Misc allocation cleanups 2013-09-24 12:05:34 -04:00
Steve Langasek
e4642cca38 Fix an off-by-one error
We don't need to add one because our end pointer is already off the end of
the string we want to copy.
2013-09-24 12:05:31 -04:00
Steve Langasek
37b87f8e03 Fix nul termination errors in filenames passed to tftp
Fix various errors in the tftp string handling, to ensure we always have
properly nul-terminated strings.
2013-09-24 12:05:28 -04:00
Steve Langasek
73a22c51ad Build with -Werror to catch future prototype mismatches. 2013-09-24 12:05:25 -04:00
Steve Langasek
d98242e3c5 Pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE
A wrong pointer was being passed to EFI_PXE_BASE_CODE_TFTP_READ_FILE,
preventing us from getting the file size back from the tftp call, ensuring
that we don't have enough information to properly secureboot-validate the
retrieved image.
2013-09-24 12:05:21 -04:00
Peter Jones
f4ce20cca9 Add MokListRT option rom entry.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-23 13:24:48 -04:00
Peter Jones
6321fec2bf Update TODO with missing description.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-23 11:05:08 -04:00
Peter Jones
877a021ee1 Made TODO represent the present.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-23 10:48:41 -04:00
Peter Jones
2901506937 Make SHIM_LOCK_GUID a first-class object with a symbol.
Right now the CA is checking if shim builds expose a particular version
of the shim protocol.  To do this, they're looking for SHIM_LOCK_GUID's
value in the resulting binary.

Currently, with SHIM_LOCK_GUID as a macro that gets assigned to local
variables, that means they have to compensate for mov instructions mixed
in with the actual value.  This is completely absurd, so promote it to a
first-class object with a symbol to make it both easy to find and
continuous.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-23 10:40:49 -04:00
Peter Jones
16854e364c Don't print things on the screen by default when everything works.
There's no point to this text, and it generally confuses people.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-16 09:27:08 -04:00
Peter Jones
41e18d4334 Don't print that fallback isn't found in should_use_fallback()
The call can simply fail if it isn't found - which will be the case on
removeable install media.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-09-16 09:27:08 -04:00
Peter Jones
23002e8e5c Fix some pointer casting issues.
This also fixes the size of an empty vendor_cert or dbx_cert.

Signed-off-by: Peter Jones <shim-owner@fedoraproject.org>
2013-06-11 14:59:48 -04:00
Peter Jones
967152aa9c Bump version to 0.4
Since I've finally merged in the "sections" branch, best to increment
the version number.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:51:57 -04:00
Peter Jones
24c9d9d059 Make DBX be included in build if the environment is set right.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:51:57 -04:00
Peter Jones
030d4748cb Make .vendor_cert get the right flags set.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:36:23 -04:00
Peter Jones
738fbe2761 add a .gitignore
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:36:22 -04:00
Peter Jones
4541fce44f Move embedded certificates to their own section.
With this change, the embedded certificate and dbx lists (vendor_cert,
vendor_cert_size, vendor_dbx, and vendor_dbx_size) wind up being in a
section named .vendor_cert, and so will look something like:
------
fenchurch:~/devel/github.com/shim$ objdump -h shim.efi

shim.efi:     file format pei-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .eh_frame     000174a8  0000000000005000  0000000000005000  00000400  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .text         000aa7e1  000000000001d000  000000000001d000  00017a00  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  2 .reloc        0000000a  00000000000c8000  00000000000c8000  000c2200  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .data         00031228  00000000000c9000  00000000000c9000  000c2400  2**5
                  CONTENTS, ALLOC, LOAD, DATA
  4 .vendor_cert  00000375  00000000000fb000  00000000000fb000  000f3800  2**0
                  CONTENTS, READONLY
  5 .dynamic      000000f0  00000000000fc000  00000000000fc000  000f3c00  2**3
                  CONTENTS, ALLOC, LOAD, DATA
  6 .rela         0002afa8  00000000000fd000  00000000000fd000  000f3e00  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .dynsym       0000f1f8  0000000000128000  0000000000128000  0011ee00  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
------

This simplifies a security audit, because it means that different
versions of shim with substantially the same code with different keys
will be more easily comperable, and therefore logic differences may be
more easily identified.

This also means that if there's a trusted build you want to use, you can
remove the certificates, implant new ones, and have it signed, and the
code sections won't change.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:35:33 -04:00
Peter Jones
829fd24f18 vendor_cert_size's size in the binary should be 4, not -4.
The thing about subtraction is that the minuend needs to be before the
subtrahend in the text.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:35:33 -04:00
Peter Jones
6c49c04551 Remove FALLBACK_OBJS during clean as well.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 17:34:55 -04:00
Peter Jones
b78a8d656e Make sure all the Makefiles use the same arguments for mmx/sse/ms_abi.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10 16:38:05 -04:00
Peter Jones
5a82ef99c8 EFI_PXE_BASE_CODE_DHCPV6_PACKET is in gnu-efi-3.0t 2013-05-31 15:34:11 -04:00
Peter Jones
547d57156f Don't use MMX and SSE registers, they aren't initialized.
GCC 4.8.0 will try to use these by default, and you'll wind up looping
across the (uninitialized!) trap handler for uninitialized instructions.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-31 15:34:11 -04:00
Peter Jones
ea3a0a0b87 Bump version to 0.3
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-16 11:03:32 -04:00
Peter Jones
25d6c434df Use MS ABI instead of terrible wrappers.
This means that we now require gnu-efi 3.0s

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-16 10:21:15 -04:00
Peter Jones
1da87c0073 Use the correct define on Open.
The value here doesn't actually change any, but we should still use the
right name.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-15 13:38:44 -04:00
Peter Jones
b0712c5fc8 Add some error messages when things don't work.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-15 13:38:27 -04:00
Peter Jones
df87084fca Remove some unnecessary code.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-15 13:38:00 -04:00
Peter Jones
073f3b3caf Fix some minor type errors.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-15 13:37:15 -04:00
Peter Jones
a41306e8f4 Pass parameters correctly when booting.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-14 13:10:52 -04:00
Peter Jones
3fa9a53425 [fallback] Try to execute the first new boot option.
I'm told rebooting is sometimes unreliable when called here, and we'll
get bootx64.efi loaded anyway.  I'll just assume that's true and try to
load the first option, since it's clearly what we'd prefer happens next.

Signed-off-by: Peter Jones <pjones@redhat.com>
2013-05-02 14:58:44 -04:00
Peter Jones
f0e4df7d5f Explain byte order handling better.
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-04-30 14:21:41 -04:00
Gary Ching-Pang Lin
8adfd201fe Don't update BootOrder until all csv files are processed 2013-04-30 09:46:23 -04:00
Gary Ching-Pang Lin
f7fbcdce36 Reset the system after restoring the boot entries 2013-04-30 09:46:23 -04:00
Gary Ching-Pang Lin
4665fcab62 Fix crash due to memory allocation 2013-04-30 09:46:23 -04:00