proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-06-13 11:11:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
486 Commits 1 Branch 3 Tags 11 MiB
C 97.8%
Makefile 0.8%
Shell 0.7%
Assembly 0.7%
d89b722ef7
Go to file
Peter Jones d89b722ef7 Exit our dir->Read() loop if it says there's 0 bytes of data to read. 
When dir->Read() says bs=0, we shouldn't try to allocate a buffer and
read into it. On edk2 this works because there's an implicit (possibly
accidental) minimum size of one pool list entry that can be allocated,
so you wind up getting (I think) 8 bytes.

When Rob Clark tried to run this under uboot's emulated UEFI
environment, dir->Read() returned 0 and when we passed that to
AllocateZeroPool() less good things happened.

So just check for that case and exit appropriately.

Signed-off-by: Peter Jones <pjones@redhat.com>
2017-07-24 14:02:37 -04:00
Cryptlib Cryptlib: replace CryptPem with the Null version 2017-04-11 10:42:19 -04:00
include Add HTTP and IpConfig headers 2016-09-06 14:49:52 -04:00
lib become more friendly for the cross compilation 2017-06-15 11:30:05 -04:00
.gitignore Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00
cert.S Add support for 32-bit ARM 2014-08-12 10:54:05 -04:00
COPYRIGHT Add copyright file 2012-07-09 11:03:12 -04:00
crypt_blowfish.c MokManager: support blowfish-based crypt() hash 2013-09-26 11:58:01 -04:00
crypt_blowfish.h MokManager: support blowfish-based crypt() hash 2013-09-26 11:58:01 -04:00
elf_aarch64_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_arm_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_ia32_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
elf_ia64_efi.lds Make shim_version live in a special aligned section. 2017-02-23 16:08:42 -05:00
elf_x86_64_efi.lds Don't allow anything with a small alignment in our PE files. 2017-04-26 21:52:23 -04:00
fallback.c Exit our dir->Read() loop if it says there's 0 bytes of data to read. 2017-07-24 14:02:37 -04:00
hexdump.h Add a utility hexdump() call we can use when we need it. 2015-11-17 11:39:28 -05:00
httpboot.c httpboot: fix OVMF crash 2017-07-17 13:13:00 -04:00
httpboot.h Fix some type errors gcc7 finds in http boot code. 2017-02-27 15:45:54 -05:00
make-certs Sign MokManager with a locally-generated key 2012-11-26 13:43:50 -05:00
Makefile Make ARCH overridable 2017-07-18 15:43:27 -04:00
MokManager.c MokManager: Update to new openssl API 2017-04-11 10:42:19 -04:00
MokVars.txt Add support for disabling db for verification 2013-10-02 11:29:34 -04:00
netboot.c Make translate_slashes() public 2016-09-06 14:49:52 -04:00
netboot.h netboot.h: fix build error on 32-bit systems 2013-11-12 10:25:40 -05:00
PasswordCrypt.c Cryptlib: remove DES 2017-04-11 10:42:19 -04:00
PasswordCrypt.h MokManager: support Tradition DES hash 2013-09-26 11:58:01 -04:00
README Replace build instructions in README with something not completely wrong. 2014-07-21 16:15:07 -04:00
README.fallback Improve BOOT${ARCH}.CSV support. 2016-09-06 14:39:15 -04:00
replacements.c Ensure that apps launched by shim get correct BS->Exit() behavior 2015-06-11 13:25:56 -04:00
replacements.h Ensure that apps launched by shim get correct BS->Exit() behavior 2015-06-11 13:25:56 -04:00
shim.c update verification_method if the loaded image is signed by shim/vendor cert 2017-06-15 11:30:11 -04:00
shim.h Ensure that apps launched by shim get correct BS->Exit() behavior 2015-06-11 13:25:56 -04:00
testplan.txt Another testplan error. 2014-10-02 01:01:46 -04:00
TODO Update for Josh's changes. 2013-10-02 13:33:52 -04:00
tpm.c tpm2_present(): remove unused tpm2 protocol argument. 2017-06-20 16:41:44 -04:00
tpm.h shim/tpm: Avoid passing an usupported event log format to GetEventLogs() 2017-06-15 11:30:22 -04:00
ucs2.h Don't test for the 0 character on the wrong half of the UCS2-LE char. 2015-11-17 11:41:12 -05:00
version.c.in Make shim_version live in a special aligned section. 2017-02-23 16:08:42 -05:00
version.h Add ident-like blobs to shim.efi for version checking. 2013-10-03 11:11:09 -04:00

README 

shim is a trivial EFI application that, when run, attempts to open and
execute another application. It will initially attempt to do this via the
standard EFI LoadImage() and StartImage() calls. If these fail (because secure
boot is enabled and the binary is not signed with an appropriate key, for
instance) it will then validate the binary against a built-in certificate. If
this succeeds and if the binary or signing key are not blacklisted then shim
will relocate and execute the binary.

shim will also install a protocol which permits the second-stage bootloader
to perform similar binary validation. This protocol has a GUID as described
in the shim.h header file and provides a single entry point. On 64-bit systems
this entry point expects to be called with SysV ABI rather than MSABI, and
so calls to it should not be wrapped.

To use shim, simply place a DER-encoded public certificate in a file such as
pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".