efi-boot-shim

proxmox-mirrors/efi-boot-shim

Fork 0

mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-05-28 08:00:33 +00:00

Commit Graph

Author	SHA1	Message	Date
Peter Jones	cf90edfff5	Allow fallback to use the system's LoadImage/StartImage . Track use of the system's LoadImage(), and when the next StartImage() call is for an image the system verified, allow that to count as participating, since it has been verified by the system's db. Signed-off-by: Peter Jones <pjones@redhat.com>	2014-02-14 17:48:01 -05:00
Peter Jones	98a9957866	Unhook system services as we exit. If we never find a valid thing to boot, we need to undo the weird things we've done. Signed-off-by: Peter Jones <pjones@redhat.com>	2013-10-04 15:31:48 -04:00
Peter Jones	cbef697a96	Harden shim against non-participating bootloaders. It works like this: during startup of shim, we hook into the system's ExitBootServices() and StartImage(). If the system's StartImage() is called, we automatically unhook, because we're chainloading to something the system can verify. When shim's verify is called, we record what kind of certificate the image was verified against. If the call /succeeds/, we remove our hooks. If ExitBootServices() is called, we check how the bootloader verified whatever it is loading. If it was verified by its hash, we unhook everything and call the system's EBS(). If it was verified by certificate, we check if it has called shim_verify(). If it has, we unhook everything and call the system's EBS() If the bootloader has not verified anything, and is itself verified by a certificate, we display a security violation warning and halt the machine.	2013-10-01 14:03:16 -04:00

Author

SHA1

Message

Date

Peter Jones

cf90edfff5

Allow fallback to use the system's LoadImage/StartImage .

Track use of the system's LoadImage(), and when the next StartImage()
call is for an image the system verified, allow that to count as
participating, since it has been verified by the system's db.

Signed-off-by: Peter Jones <pjones@redhat.com>

2014-02-14 17:48:01 -05:00

Peter Jones

98a9957866

Unhook system services as we exit.

If we never find a valid thing to boot, we need to undo the weird things
we've done.

Signed-off-by: Peter Jones <pjones@redhat.com>

2013-10-04 15:31:48 -04:00

Peter Jones

cbef697a96

Harden shim against non-participating bootloaders.

It works like this: during startup of shim, we hook into the system's
ExitBootServices() and StartImage().  If the system's StartImage() is
called, we automatically unhook, because we're chainloading to something
the system can verify.

When shim's verify is called, we record what kind of certificate the
image was verified against.  If the call /succeeds/, we remove our
hooks.

If ExitBootServices() is called, we check how the bootloader verified
whatever it is loading.  If it was verified by its hash, we unhook
everything and call the system's EBS().  If it was verified by
certificate, we check if it has called shim_verify().  If it has, we
unhook everything and call the system's EBS()

If the bootloader has not verified anything, and is itself verified by
a certificate, we display a security violation warning and halt the
machine.

2013-10-01 14:03:16 -04:00

3 Commits