proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-14 08:22:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
486 Commits 1 Branch 3 Tags 11 MiB
d89b722ef7
Commit Graph

486 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Jones
02388bcd58 Make vendor_cert/vendor_dbx actually replaceable by an external tool. 
This moves them both to be computed at runtime from a pointer+offset
rather than just a pointer, so that their real address can be entirely
derived from the section they're in.

This means you can replace the whole .vendor_cert section with a new one
with certs that don't have the same size.
 2013-10-01 14:03:16 -04:00
Peter Jones
73de2ec2d8 Remove TODO items fixed by merging lf_merge and lcp/lf-security-override. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-10-01 14:03:16 -04:00
Peter Jones
195e63f911 Don't use LibGetVariable(), since it doesn't give us real error codes. 2013-09-26 13:44:05 -04:00
Gary Ching-Pang Lin
3508c40c39 integrate security override 2013-09-26 11:58:03 -04:00
Peter Jones
9197943206 Clean up tarballs in "make clean" 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
7d602e843c Merge variable retrieving functions 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
79424b09ca Merge signature.h into efiauthenticated.h and guid.h 
Conflicts:
	shim.c
 2013-09-26 11:58:02 -04:00
Peter Jones
526ed5a231 Merge two PeImage.h into one 
Conflicts:
	Makefile
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
804f8f7797 Free unused memory space 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
f6d1f6aa32 Adjust the result of gmtime() to fit the definition 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
681082e6c4 Rand: check the status of the pseudorandom number generator 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
9fd4e4a54e MokManager: check the suffix of the key file 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
6212d9baa6 MokManager: fetch more info from X509 name 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
09f11d6aae MokManager: reboot the system after clearing MOK password 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
e727d6007c MokManager: enhance the password prompt for SB state 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
f514439923 MokManager: rearrange the output of MOK info 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
9222860d32 Disable floating points in b_print 
The long double declaration will enable SSE and cause a compilation
error. Disabling everything related to floating points avoids the
error.
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
ad23233e2d Enable openssl bio_printf() 
bio_printf() was replaced with a dummy function and this made
several openssl functions useless. This commit adds the print
functions back, so that we don't have to implement our own
ASN1 time print function.
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
e9e320e474 MokManager: enhance the password prompt 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
8494a1a323 MokManager: remove the duplicate get_keystroke() 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
cc62e19d05 MokManager: draw the countdown screen 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
fc5f6d59f5 MokManager: Remove the unnecessary string duplication 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
19e4fc298c Correct the certificate count of the signature list 2013-09-26 11:58:02 -04:00
Peter Jones
8e9124227d Since different distros name grub*.efi differently, make it compile-time. 
Basically, if you don't want grub.efi, you do:

make 'DEFAULT_LOADER=\\\\grubx64.efi'

Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
b0f1e57897 Define the PXE 2nd stage loader in the beginning of the file 
Make it easier to change the PXE 2nd stage loader.

Conflicts:
	netboot.c
 2013-09-26 11:58:02 -04:00
Gary Ching-Pang Lin
aa3dca0ba5 Remove double-separators from the bootpath 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
ca22da9def Fix the broken bootpath 
- The file path from DevicePathToStr may use slash as the file
  seperator. Change all slashes to backslashes to avoid the strange
  bootpath.
- Remove the redundant backslashes.
- ImagePath no longer requires the leading backslash.
- Fix a memory leak

Based on the patch from Michal Marek <mmarek@suse.com>
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
be9108a8b9 MokManager: support Tradition DES hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
09f6afbe72 MokManager: support MD5-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
83d1c30608 MokManager: support blowfish-based crypt() hash 
Conflicts:
	Makefile
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
9b41d26597 MokManager: support SHA512-based crypt() hash 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
afb61e7902 MokManager: support crypt() password hash 
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.

This commit implements the sha256-based crypt() hash function.

Conflicts:
	Makefile
	MokManager.c
 2013-09-26 11:58:01 -04:00
Peter Jones
4a7f9bd4a6 Make EFI_PATH easily resettable from the build command line. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
c0f8cd721c Clean lib/, too 2013-09-26 11:58:01 -04:00
Gary Ching-Pang Lin
b82d6d7cb1 simple_file: Allocate buffers for file entries 
The dir filter appends L'/' to the directory entries without
allocating a new buffer, and this could crash the whole program.
 2013-09-26 11:58:01 -04:00
Matthew Garrett
d359712e1b Port MokManager to Linux Foundation loader UI code 
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.
 2013-09-26 11:57:59 -04:00
Peter Jones
c62b9d16de Port MokManager to Linux Foundation loader UI code 
This is the first stage of porting the MokManager UI to the UI code used
by the Linux Foundation UEFI loader.

Conflicts:
	MokManager.c
 2013-09-26 11:57:51 -04:00
Peter Jones
100ae9fdba We have to declare SHIM_LOCK_GUID here as well. 
Signed-off-by: Peter Jones <pjones@redhat.com>

Conflicts:
	MokManager.c
 2013-09-26 11:56:52 -04:00
Peter Jones
49ad36a8ad Ignore tarballs. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 09:56:32 -04:00
Peter Jones
193b5b6120 MokManager needs to disable the graphics console. 
Without this patch, on some machines we never see MokManager's UI.  This
protocol has never (I think?) been officially published, and yet I still
have new hardware that needs it.

If you're looking for a reference, look at:

EdkCompatibilityPkg/Foundation/Protocol/ConsoleControl/ConsoleControl.c

in the edk2 tree from Tiano.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-26 09:56:26 -04:00
Steve Langasek
d65cbcfa6f Fix a memory leak 2013-09-24 12:05:51 -04:00
Steve Langasek
45ab8962ae Correct limits on the length of ipv6 addresses 
The maximum length of a string representation of an ipv6 address is 39
characters (8 groups of 4 hex chars, with 7 colons in between).  So don't
allocate more room than this - and more importantly, don't blindly accept
strings from the server that are longer than our buffer...
 2013-09-24 12:05:47 -04:00
Steve Langasek
0f603fa81a More consistent types, fewer casts 2013-09-24 12:05:38 -04:00
Steve Langasek
3756f0b8e5 Misc allocation cleanups 2013-09-24 12:05:34 -04:00
Steve Langasek
e4642cca38 Fix an off-by-one error 
We don't need to add one because our end pointer is already off the end of
the string we want to copy.
 2013-09-24 12:05:31 -04:00
Steve Langasek
37b87f8e03 Fix nul termination errors in filenames passed to tftp 
Fix various errors in the tftp string handling, to ensure we always have
properly nul-terminated strings.
 2013-09-24 12:05:28 -04:00
Steve Langasek
73a22c51ad Build with -Werror to catch future prototype mismatches. 2013-09-24 12:05:25 -04:00
Steve Langasek
d98242e3c5 Pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE 
A wrong pointer was being passed to EFI_PXE_BASE_CODE_TFTP_READ_FILE,
preventing us from getting the file size back from the tftp call, ensuring
that we don't have enough information to properly secureboot-validate the
retrieved image.
 2013-09-24 12:05:21 -04:00
Peter Jones
f4ce20cca9 Add MokListRT option rom entry. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-23 13:24:48 -04:00
Peter Jones
6321fec2bf Update TODO with missing description. 
Signed-off-by: Peter Jones <pjones@redhat.com>
 2013-09-23 11:05:08 -04:00