proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-26 22:03:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
205 Commits 1 Branch 3 Tags 11 MiB
C 97.8%
Makefile 0.8%
Shell 0.7%
Assembly 0.7%
afb61e7902
Go to file
Gary Ching-Pang Lin afb61e7902 MokManager: support crypt() password hash 
The password format is introduced for the password hash generated by crypt(),
so that the user can import the password hash from /etc/shadow. The packager,
especially those who packages 3rd party drivers, can utilize this feature to
import a 3rd party certificate without interfering the package installation.

This commit implements the sha256-based crypt() hash function.

Conflicts:
	Makefile
	MokManager.c
2013-09-26 11:58:01 -04:00
Cryptlib Make sure all the Makefiles use the same arguments for mmx/sse/ms_abi. 2013-06-10 16:38:05 -04:00
include Port MokManager to Linux Foundation loader UI code 2013-09-26 11:57:59 -04:00
lib Make EFI_PATH easily resettable from the build command line. 2013-09-26 11:58:01 -04:00
.gitignore Ignore tarballs. 2013-09-26 09:56:32 -04:00
cert.S Fix some pointer casting issues. 2013-06-11 14:59:48 -04:00
console_control.h MokManager needs to disable the graphics console. 2013-09-26 09:56:26 -04:00
COPYRIGHT Add copyright file 2012-07-09 11:03:12 -04:00
dbx.S Make .vendor_cert get the right flags set. 2013-06-10 17:36:23 -04:00
elf_ia32_efi.lds Move embedded certificates to their own section. 2013-06-10 17:35:33 -04:00
elf_ia64_efi.lds Move embedded certificates to their own section. 2013-06-10 17:35:33 -04:00
elf_x86_64_efi.lds Move embedded certificates to their own section. 2013-06-10 17:35:33 -04:00
fallback.c Fix some minor type errors. 2013-05-15 13:37:15 -04:00
make-certs Sign MokManager with a locally-generated key 2012-11-26 13:43:50 -05:00
Makefile MokManager: support crypt() password hash 2013-09-26 11:58:01 -04:00
MokManager.c MokManager: support crypt() password hash 2013-09-26 11:58:01 -04:00
MokVars.txt Add documentation of the Mok variables 2012-10-30 16:14:02 -04:00
netboot.c Fix a memory leak 2013-09-24 12:05:51 -04:00
netboot.h Add draft version of Neil's netboot code 2012-10-12 20:14:14 -04:00
PasswordCrypt.c MokManager: support crypt() password hash 2013-09-26 11:58:01 -04:00
PasswordCrypt.h MokManager: support crypt() password hash 2013-09-26 11:58:01 -04:00
PeImage.h dos2unix PeImage.h 2012-09-06 12:01:43 -04:00
README Add basic documentation 2012-07-28 00:42:43 -04:00
shim.c Pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE 2013-09-24 12:05:21 -04:00
shim.h Make SHIM_LOCK_GUID a first-class object with a symbol. 2013-09-23 10:40:49 -04:00
signature.h Switch to using db format for MokList and MokNew 2012-10-12 19:55:20 -04:00
TODO Add MokListRT option rom entry. 2013-09-23 13:24:48 -04:00
ucs2.h Add StrCSpn() 2013-04-30 09:46:22 -04:00

README 

shim is a trivial EFI application that, when run, attempts to open and
execute another application. It will initially attempt to do this via the
standard EFI LoadImage() and StartImage() calls. If these fail (because secure
boot is enabled and the binary is not signed with an appropriate key, for
instance) it will then validate the binary against a built-in certificate. If
this succeeds and if the binary or signing key are not blacklisted then shim
will relocate and execute the binary.

shim will also install a protocol which permits the second-stage bootloader
to perform similar binary validation. This protocol has a GUID as described
in the shim.h header file and provides a single entry point. On 64-bit systems
this entry point expects to be called with SysV ABI rather than MSABI, and
so calls to it should not be wrapped.

To use shim, simply place a hex dump of the public certificate in cert.h
and build it with make.