proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-15 12:12:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
587 Commits 1 Branch 3 Tags 11 MiB
C 97.8%
Makefile 0.8%
Shell 0.7%
Assembly 0.7%
111f82f2f6
Go to file
Peter Jones 111f82f2f6 fallback: find_boot_csv(): eliminate dead code. 
Covscan sez:

720        FreePool(buffer);
   assignment: Assigning: buffer = NULL.
721        buffer = NULL;
722
723        CHAR16 *bootcsv=NULL, *bootarchcsv=NULL;
724
725        bs = 0;
726        do {
727                bs = 0;
728                rc = uefi_call_wrapper(fh->Read, 3, fh, &bs, NULL);
729                if (EFI_ERROR(rc) && rc != EFI_BUFFER_TOO_SMALL) {
730                        Print(L"Could not read \\EFI\\%s\\: %d\n", dirname, rc);
   null: At condition buffer, the value of buffer must be NULL.
   dead_error_condition: The condition buffer cannot be true.
731                        if (buffer)
   CID 182851 (#1 of 1): Logically dead code (DEADCODE)dead_error_line:
   Execution cannot reach this statement: FreePool(buffer);.
732                                FreePool(buffer);
733                        return rc;
734                }

And it's right; buffer can never be non-NULL there.  So just take that
out.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-12 16:21:43 -04:00
Cryptlib CryptLib: Add the AsciiStrCpy() decl. 2018-03-12 16:21:43 -04:00
include Use gcc's offsetof() instead of hacking out our own. 2018-03-12 16:21:43 -04:00
lib lib/shell.c: minor cleanup 2018-03-12 16:21:43 -04:00
.gitignore Add "make scan-build" target. 2018-03-12 16:21:43 -04:00
.syntastic_c_config Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
buildid.c buildid: Check the return values of write() calls 2017-09-29 11:10:32 -04:00
BUILDING Document REQUIRE_TPM 2018-03-12 16:21:43 -04:00
cert.S Add support for 32-bit ARM 2014-08-12 10:54:05 -04:00
COPYRIGHT Add copyright file 2012-07-09 11:03:12 -04:00
crypt_blowfish.c Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
elf_aarch64_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_arm_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_ia32_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_ia64_efi.lds Make shim_version live in a special aligned section. 2017-02-23 16:08:42 -05:00
elf_x86_64_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
errlog.c try to show errors more usefully. 2017-09-13 15:18:28 -04:00
fallback.c fallback: find_boot_csv(): eliminate dead code. 2018-03-12 16:21:43 -04:00
httpboot.c Don't have tons of local guid definitions for no reason at all. 2018-03-12 16:21:43 -04:00
make-certs Sign MokManager with a locally-generated key 2012-11-26 13:43:50 -05:00
Make.coverity Add 'make coverity' target. 2018-03-12 16:21:43 -04:00
Make.defaults Add 'make coverity' target. 2018-03-12 16:21:43 -04:00
Make.rules Add 'make coverity' target. 2018-03-12 16:21:43 -04:00
Make.scan-build Add "make scan-build" target. 2018-03-12 16:21:43 -04:00
Makefile Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
model.c Add a model file for coverity. 2018-03-12 16:21:43 -04:00
MokManager.c MokManager: get rid of struct menu_item, it is unused. 2018-03-12 16:21:43 -04:00
MokVars.txt Add MokListX to MokVars.txt 2017-08-03 11:00:58 -04:00
netboot.c Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
PasswordCrypt.c Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
README Add install targets. 2017-08-11 15:18:39 -04:00
README.fallback README.fallback: correct the path of BOOT.CSV in layout example 2017-07-24 14:12:31 -04:00
README.tpm Log measurements in PCR4 for applications being verified through shim_lock 2018-03-06 14:37:07 -05:00
replacements.c Move includes around to clean the source tree up a bit. 2018-03-12 16:21:43 -04:00
shim.c Don't have tons of local guid definitions for no reason at all. 2018-03-12 16:21:43 -04:00
shim.h Use gcc's offsetof() instead of hacking out our own. 2018-03-12 16:21:43 -04:00
testplan.txt Another testplan error. 2014-10-02 01:01:46 -04:00
TODO Update TODO with some stuff 2017-08-11 15:18:39 -04:00
tpm.c Don't have tons of local guid definitions for no reason at all. 2018-03-12 16:21:43 -04:00
version.c.in Make shim_version live in a special aligned section. 2017-02-23 16:08:42 -05:00
version.h Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00

README 

shim is a trivial EFI application that, when run, attempts to open and
execute another application. It will initially attempt to do this via the
standard EFI LoadImage() and StartImage() calls. If these fail (because secure
boot is enabled and the binary is not signed with an appropriate key, for
instance) it will then validate the binary against a built-in certificate. If
this succeeds and if the binary or signing key are not blacklisted then shim
will relocate and execute the binary.

shim will also install a protocol which permits the second-stage bootloader
to perform similar binary validation. This protocol has a GUID as described
in the shim.h header file and provides a single entry point. On 64-bit systems
this entry point expects to be called with SysV ABI rather than MSABI, and
so calls to it should not be wrapped.

On systems with a TPM chip enabled and supported by the system firmware,
shim will extend various PCRs with the digests of the targets it is
loading.  A full list is in the file README.tpm .

To use shim, simply place a DER-encoded public certificate in a file such as
pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".

There are a couple of build options, and a couple of ways to customize the
build, described in BUILDING.