proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-13 15:47:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
69 Commits 1 Branch 3 Tags 11 MiB
f42825e60e
Commit Graph

69 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gary Ching-Pang Lin
f42825e60e Erase stored keys when there is no key in the new key list 2012-09-21 16:45:02 +08:00
Gary Ching-Pang Lin
ce2384495c Make sure the variables are not broken 2012-09-21 16:44:56 +08:00
Gary Ching-Pang Lin
b386860250 Allow the new keys to be listed again 2012-09-21 15:36:57 +08:00
Gary Ching-Pang Lin
03953e08bc Reject the binary when there is no key in MokList 2012-09-21 15:10:31 +08:00
Gary Ching-Pang Lin
12e2d62500 Make the key list interactive 2012-09-20 18:15:50 +08:00
Gary Ching-Pang Lin
caf006b44f Make sure the time string is set 2012-09-20 15:54:57 +08:00
Gary Ching-Pang Lin
ff8d867c68 Improve the layout of the key info 2012-09-20 15:22:53 +08:00
Gary Ching-Pang Lin
e6194ddd0a Remove the unused debug message 2012-09-20 10:35:43 +08:00
Gary Ching-Pang Lin
b3ff35663b Check the MOK list correctly 2012-09-20 10:28:00 +08:00
Gary Ching-Pang Lin
1d7c0f8602 Simplify the key management 
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
 2012-09-19 17:12:30 +08:00
Gary Ching-Pang Lin
5d4b6ba037 Abandon the variable, MokMgmt 2012-09-19 14:54:35 +08:00
Gary Ching-Pang Lin
ed2ecf8655 Copy the MOK list to a RT variable 
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
 2012-09-11 17:43:44 +08:00
Gary Ching-Pang Lin
28c581335e Use the machine owner keys to verify images 2012-09-11 16:39:12 +08:00
Gary Ching-Pang Lin
481c1e1e76 Add a separate efi application to manage MOKs 2012-09-11 16:38:29 +08:00
Gary Ching-Pang Lin
1395a9916b Always try StartImage first 2012-09-11 16:37:02 +08:00
Gary Ching-Pang Lin
5f00e44f9a Only launch MokManager when necessary 2012-09-11 16:34:25 +08:00
Gary Ching-Pang Lin
19e957f489 Retrieve attributes of variables 
We have to make sure the machine owner key is stored in a BS
variable.
 2012-09-11 16:31:05 +08:00
Gary Ching-Pang Lin
1fe0d49c9b Merge branch 'master' into mok-prototype3 
Conflicts:
	shim.c
 2012-09-07 18:22:34 +08:00
Gary Ching-Pang Lin
0d7c3dbde5 Load MokManager for MOK management 2012-09-07 18:11:45 +08:00
Gary Ching-Pang Lin
e235c85af1 Make the image loading process more generic 2012-09-07 17:43:21 +08:00
Peter Jones
bcd0a4e8df Fix data alignment on vendor_cert so we don't wind up with padding. 2012-09-06 16:43:30 -04:00
Peter Jones
07c21a109d Add some convenience make targets. 
Adds targets for "test-archive" and "archive"
 2012-09-06 12:38:30 -04:00
Peter Jones
3c2f1d6c3d Break out of our db checking loop at the appropriate time. 
The break in check_db_cert is at the wrong level due to a typo in
indentation, and as a result only the last cert in the list can
correctly match.  Rectify that.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2012-09-06 12:13:44 -04:00
Matthew Garrett
3682a89543 Use the file size, not the image size field, for verification. 2012-09-06 12:13:44 -04:00
Peter Jones
178b5681b8 Allow specification of vendor_cert through a build command line option. 
This allows you to specify the vendor_cert as a file on the command line
during build.
 2012-09-06 12:13:44 -04:00
Peter Jones
2295594a47 dos2unix PeImage.h 2012-09-06 12:01:43 -04:00
Matthew Garrett
3df9e294b7 Add basic documentation 2012-07-28 00:42:43 -04:00
Matthew Garrett
590b34492d Handle slightly stranger device paths 2012-07-13 00:30:22 -04:00
Matthew Garrett
d3ee0bed5e Make path generation more sensible 2012-07-11 10:58:15 -04:00
Matthew Garrett
8c173876d1 Make sure ImageBase is set appropriately in the loaded_image protocol 2012-07-11 10:57:46 -04:00
Matthew Garrett
ea863d8471 Add copyright file 2012-07-09 11:03:12 -04:00
Matthew Garrett
2d60227779 Update TODO 2012-07-09 10:39:14 -04:00
Matthew Garrett
7f5ccba57e Remove temp file checked in by accident 2012-07-09 10:38:30 -04:00
Matthew Garrett
d64a85f068 Improve makefile 2012-07-09 10:38:19 -04:00
Matthew Garrett
cd99713ac3 Make it easier to update Cryptlib 2012-07-09 10:17:19 -04:00
Matthew Garrett
f7d6ecac5f Cryptlib update 2012-07-09 10:17:13 -04:00
Matthew Garrett
85bbd2c4cc Re-add whitelisting - needed for protocol validation 2012-07-05 16:39:25 -04:00
Matthew Garrett
21543b6c8e We're not MSABI, so don't advertise this as such 2012-07-05 12:52:42 -04:00
Matthew Garrett
cc1116ced6 Check whether secure boot is enabled before performing verify call 2012-07-05 12:51:12 -04:00
Matthew Garrett
96b0c2f981 Fix up blacklist checking 
This was not quite as bugfree as would be hoped for.
 2012-07-02 14:43:18 -04:00
Matthew Garrett
f9435d9664 Remove whitelisting - the firmware will handle it via LoadImage/StartImage 2012-07-02 13:49:32 -04:00
Matthew Garrett
d259b14060 Update OpenSSL 2012-07-02 12:33:42 -04:00
Matthew Garrett
20094cb55d Build a debug image 2012-07-02 12:29:03 -04:00
Matthew Garrett
6d3e62ef2f Fix type of buffersize 2012-07-02 11:54:21 -04:00
Matthew Garrett
cfdefb0ebe Remove redundant header 2012-07-02 09:40:18 -04:00
Matthew Garrett
c08d0ceb05 Fix get_variable 2012-06-25 17:46:11 -04:00
Matthew Garrett
1a109376ab Add black/white listing 2012-06-25 10:59:08 -04:00
Matthew Garrett
390191c607 Fix build somewhat 2012-06-19 15:25:59 -04:00
Matthew Garrett
301f41f053 Fix cert size 2012-06-19 15:25:02 -04:00
Matthew Garrett
849eff34f4 Fix error path 2012-06-19 15:23:31 -04:00