Skip to content
Commits on Sep 18, 2015
  1. @vathpela

    Fix recursive reference for RELEASE

    Linn Crosetto committed with vathpela
    Building 0.9 with GNU Make 4.0 fails with the following error:
    
    Makefile:4: *** Recursive variable 'RELEASE' references itself (eventually).  Stop.
    
    Change RELEASE to simply-expanded.
    
    Signed-off-by: Linn Crosetto <linn@hpe.com>
Commits on Jul 28, 2015
  1. @lcp @vathpela

    Specify the gnu89 standard

    lcp committed with vathpela
    According to the gcc5 porting guideline (*), gcc5 defaults to
    -std=gnu11 instead of -std=gnu89. Append -std=gnu89 to CFLAGS
    to avoid the potential problems.
    
    (*) https://gcc.gnu.org/gcc-5/porting_to.html
    
    Based on the patch from Cristian Rodriguez <crrodriguez@opensuse.org>
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  2. @lcp @vathpela

    Openssl: Add EFIAPI for ERR_add_error_vdata

    lcp committed with vathpela
    Without declaring EFIAPI for ERR_add_error_vdata, shim would crash
    while verifying the loaded image.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  3. @lcp @vathpela

    Update openssl to 1.0.2d

    lcp committed with vathpela
    Also update Cryptlib to edk2 r17731
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Commits on Jun 30, 2015
  1. @vathpela

    Typo on aarch64 :/

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. @vathpela

    0.9

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
  3. @vathpela

    Improve our debuginfo path print

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
  4. @vathpela

    Make sure our build-id notes wind up at a reasonable place.

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 29, 2015
  1. @vathpela

    Only be verbose the first time secure_mode() is called.

    vathpela committed
    It's annoying to find out we're not in SB mode over and over.  Really it
    is.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. @vathpela

    Add a conditional point for a debugger to attach.

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
  3. @vathpela

    More incorrect unsigned vs signed fixups from yours truly.

    vathpela committed
    Woops.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  4. @vathpela

    Don't print anything or delay when start_image() succeeds.

    vathpela committed
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 16, 2015
  1. @vathpela

    MokManager: Nerf SHA-1 again for actual hashes and signatures.

    vathpela committed
    Nobody should be deploying SHA-1.  No hardware deploys it, and the rate
    of change on https://en.wikipedia.org/wiki/SHA-1#Attacks is wildly
    uninspiring.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. @lcp @vathpela

    MokManager: fix comparison between signed and unsigned integer

    lcp committed with vathpela
    Patch from Johannes Segitz <jsegitz@suse.com>
  3. @lcp @vathpela

    MokManager: Discard the list contains an invalid signature

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  4. @lcp @vathpela

    MokManager: Support SHA224, SHA384, and SHA512

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  5. @lcp @vathpela

    MokManager: Add more key list safe checks

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  6. @lcp @vathpela

    MokManager: fix the return value and type

    lcp committed with vathpela
    There are some functions that the return value and the type
    didn't match.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  7. @lcp @vathpela

    MokManager: Support SHA1 hash in MOK

    lcp committed with vathpela
    Add SHA1 hash support and amend the code to make it easier to support
    other SHA digests.
  8. @lcp @vathpela

    MokManager: fix the hash list counting in delete

    lcp committed with vathpela
    match_hash() requests the number of keys in a list and it was
    mistakenly replaced with the size of the Mok node. This would
    made MokManager to remove the whole Mok node instead of one
    hash.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  9. @lcp @vathpela

    MokManager: calculate the variable size correctly

    lcp committed with vathpela
    MokSize of the hash signature list includes the owner GUID,
    so we should not add the 16bytes compensation.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  10. @lcp @vathpela

    Make shim to check MokXAuth for MOKX reset

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  11. @lcp @vathpela

    Verify the EFI images with MOK blacklist

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  12. @lcp @vathpela

    Copy the MOK blacklist to a RT variable

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  13. @lcp @vathpela

    MokManager: Write the hash list properly

    lcp committed with vathpela
    also return to the previous entry in the list
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  14. @lcp @vathpela

    MokManager: Match all hashes in the list

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  15. @lcp @vathpela

    MokManager: delete the hash properly

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  16. @lcp @vathpela

    MokManager: show the hash list properly

    lcp committed with vathpela
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  17. @lcp @vathpela

    Support MOK blacklist

    lcp committed with vathpela
    The new blacklist, MokListX, stores the keys and hashes that are
    banned.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  18. @vathpela

    Fix console_print_box*() parameters.

    vathpela committed
    When we made lib build with the correct CFLAGS, it inherited
    -Werror=sign-compare, and I fixed up some parameters on
    console_print_box() and console_print_box_at() to avoid sign comparison
    errors.
    
    The fixups were *completely wrong*, as some behavior relies on negative
    values.  So this fixes them in a completely different way, by casting
    appropriately to signed types where we're doing comparisons.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 11, 2015
  1. @vathpela

    Ensure that apps launched by shim get correct BS->Exit() behavior

    vathpela committed
    Right now applications run by shim get our wrapper for Exit(), but it
    doesn't do as much cleanup as it should - shim itself also exits, but
    currently is not doing all the cleanup it should be doing.
    
    This changes it so all of shim's cleanup is also performed.
    
    Based on a patch and lots of review from Gary Lin.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. @vathpela

    Don't leave in_protocol==1 when shim_verify() isn't enforcing.

    vathpela committed
    Right now if shim_verify() sees secure_mode()==0, it exits with
    EFI_SUCCESS, but accidentally leaves in_protocol=1.  This means any
    other call will have supressed error/warning messages.
    
    That's wrong, so don't do it.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 4, 2015
  1. @vathpela

    Only run MokManager if asked or a security violation occurs.

    vathpela committed
    Don't run MokManager on any random error from start_image(second_stage);
    only try it if it /is/ the second stage, or if start_image gave us
    EFI_SECURITY_VIOLATION.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on May 12, 2015
  1. @lcp @vathpela

    Make the build failed with objcopy < 2.24

    lcp committed with vathpela
    The wildcard support was introduced in objcopy since binutils 2.24.
    However, objcopy < 2.24 never issues any warning message with the
    wildcard and a faulty binary will be generated. This commit makes
    the build failed as a notification for the usage of binutils < 2.24.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  2. @lcp @vathpela

    Update Cryptlib and openssl

    lcp committed with vathpela
    Update Cryptlib to r16559 and openssl to 0.9.8zf
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Something went wrong with that request. Please try again.