Permalink
Commits on Sep 18, 2015
  1. Fix recursive reference for RELEASE

    lcrosetto authored and vathpela committed Sep 17, 2015
    Building 0.9 with GNU Make 4.0 fails with the following error:
    
    Makefile:4: *** Recursive variable 'RELEASE' references itself (eventually).  Stop.
    
    Change RELEASE to simply-expanded.
    
    Signed-off-by: Linn Crosetto <linn@hpe.com>
Commits on Jul 28, 2015
  1. Specify the gnu89 standard

    lcp authored and vathpela committed Jul 13, 2015
    According to the gcc5 porting guideline (*), gcc5 defaults to
    -std=gnu11 instead of -std=gnu89. Append -std=gnu89 to CFLAGS
    to avoid the potential problems.
    
    (*) https://gcc.gnu.org/gcc-5/porting_to.html
    
    Based on the patch from Cristian Rodriguez <crrodriguez@opensuse.org>
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  2. Openssl: Add EFIAPI for ERR_add_error_vdata

    lcp authored and vathpela committed Jul 15, 2015
    Without declaring EFIAPI for ERR_add_error_vdata, shim would crash
    while verifying the loaded image.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  3. Update openssl to 1.0.2d

    lcp authored and vathpela committed Jul 13, 2015
    Also update Cryptlib to edk2 r17731
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Commits on Jun 30, 2015
  1. Typo on aarch64 :/

    vathpela committed Jun 30, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. 0.9

    vathpela committed Jun 19, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
  3. Improve our debuginfo path print

    vathpela committed Jun 30, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
  4. Make sure our build-id notes wind up at a reasonable place.

    vathpela committed Jun 29, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 29, 2015
  1. Only be verbose the first time secure_mode() is called.

    vathpela committed Jun 21, 2015
    It's annoying to find out we're not in SB mode over and over.  Really it
    is.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. Add a conditional point for a debugger to attach.

    vathpela committed Jun 20, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
  3. More incorrect unsigned vs signed fixups from yours truly.

    vathpela committed Jun 19, 2015
    Woops.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  4. Don't print anything or delay when start_image() succeeds.

    vathpela committed Jun 19, 2015
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 16, 2015
  1. MokManager: Nerf SHA-1 again for actual hashes and signatures.

    vathpela committed Jun 16, 2015
    Nobody should be deploying SHA-1.  No hardware deploys it, and the rate
    of change on https://en.wikipedia.org/wiki/SHA-1#Attacks is wildly
    uninspiring.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. MokManager: fix comparison between signed and unsigned integer

    lcp authored and vathpela committed Oct 28, 2014
    Patch from Johannes Segitz <jsegitz@suse.com>
  3. MokManager: Discard the list contains an invalid signature

    lcp authored and vathpela committed Apr 10, 2014
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  4. MokManager: Support SHA224, SHA384, and SHA512

    lcp authored and vathpela committed Apr 10, 2014
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  5. MokManager: Add more key list safe checks

    lcp authored and vathpela committed Apr 10, 2014
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  6. MokManager: fix the return value and type

    lcp authored and vathpela committed Apr 9, 2014
    There are some functions that the return value and the type
    didn't match.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  7. MokManager: Support SHA1 hash in MOK

    lcp authored and vathpela committed Apr 3, 2014
    Add SHA1 hash support and amend the code to make it easier to support
    other SHA digests.
  8. MokManager: fix the hash list counting in delete

    lcp authored and vathpela committed Feb 17, 2014
    match_hash() requests the number of keys in a list and it was
    mistakenly replaced with the size of the Mok node. This would
    made MokManager to remove the whole Mok node instead of one
    hash.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  9. MokManager: calculate the variable size correctly

    lcp authored and vathpela committed Feb 13, 2014
    MokSize of the hash signature list includes the owner GUID,
    so we should not add the 16bytes compensation.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  10. Make shim to check MokXAuth for MOKX reset

    lcp authored and vathpela committed Feb 11, 2014
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  11. Verify the EFI images with MOK blacklist

    lcp authored and vathpela committed Nov 4, 2013
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  12. Copy the MOK blacklist to a RT variable

    lcp authored and vathpela committed Oct 28, 2013
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  13. MokManager: Write the hash list properly

    lcp authored and vathpela committed Oct 25, 2013
    also return to the previous entry in the list
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  14. MokManager: Match all hashes in the list

    lcp authored and vathpela committed Oct 25, 2013
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  15. MokManager: delete the hash properly

    lcp authored and vathpela committed Oct 25, 2013
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  16. MokManager: show the hash list properly

    lcp authored and vathpela committed Oct 24, 2013
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  17. Support MOK blacklist

    lcp authored and vathpela committed Oct 24, 2013
    The new blacklist, MokListX, stores the keys and hashes that are
    banned.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  18. Fix console_print_box*() parameters.

    vathpela committed Jun 11, 2015
    When we made lib build with the correct CFLAGS, it inherited
    -Werror=sign-compare, and I fixed up some parameters on
    console_print_box() and console_print_box_at() to avoid sign comparison
    errors.
    
    The fixups were *completely wrong*, as some behavior relies on negative
    values.  So this fixes them in a completely different way, by casting
    appropriately to signed types where we're doing comparisons.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 11, 2015
  1. Ensure that apps launched by shim get correct BS->Exit() behavior

    vathpela committed Jun 5, 2015
    Right now applications run by shim get our wrapper for Exit(), but it
    doesn't do as much cleanup as it should - shim itself also exits, but
    currently is not doing all the cleanup it should be doing.
    
    This changes it so all of shim's cleanup is also performed.
    
    Based on a patch and lots of review from Gary Lin.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
  2. Don't leave in_protocol==1 when shim_verify() isn't enforcing.

    vathpela committed Jun 11, 2015
    Right now if shim_verify() sees secure_mode()==0, it exits with
    EFI_SUCCESS, but accidentally leaves in_protocol=1.  This means any
    other call will have supressed error/warning messages.
    
    That's wrong, so don't do it.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Jun 4, 2015
  1. Only run MokManager if asked or a security violation occurs.

    vathpela committed Jun 4, 2015
    Don't run MokManager on any random error from start_image(second_stage);
    only try it if it /is/ the second stage, or if start_image gave us
    EFI_SECURITY_VIOLATION.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on May 12, 2015
  1. Make the build failed with objcopy < 2.24

    lcp authored and vathpela committed Dec 12, 2014
    The wildcard support was introduced in objcopy since binutils 2.24.
    However, objcopy < 2.24 never issues any warning message with the
    wildcard and a faulty binary will be generated. This commit makes
    the build failed as a notification for the usage of binutils < 2.24.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
  2. Update Cryptlib and openssl

    lcp authored and vathpela committed Mar 31, 2015
    Update Cryptlib to r16559 and openssl to 0.9.8zf
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>