Skip to content
Commits on Nov 1, 2012
  1. Add comments

    Matthew Garrett committed Nov 1, 2012
  2. Fix AuthenticodeVerify loop

    Matthew Garrett committed Nov 1, 2012
    Cert needs to be modified inside the Index loop, not outside it. This is unlikely to
    ever trigger since there will typically only be one X509 certificate per
    EFI_SIGNATURE_LIST, but fix it anyway.
  3. Fix signature checking

    Matthew Garrett committed Nov 1, 2012
    We could potentially find a valid signature and then fail to validate it
    due to not breaking out of the outer while loop.
  4. Fix double free

    Matthew Garrett committed Nov 1, 2012
    load_image() didn't allocate PathName, don't have it free it.
  5. Fix up some types

    Matthew Garrett committed Nov 1, 2012
    Type-checking the UEFI calls picked up a couple of problems. Fix them up.
Commits on Oct 30, 2012
  1. Add documentation of the Mok variables

    Matthew Garrett committed Oct 30, 2012
    Brief overview of the function and format of the various variables used
    by Shim and MokManager.
  2. Merge branch 'mok' of github.com:mjg59/shim into mok

    Matthew Garrett committed Oct 30, 2012
  3. @lcp @vathpela

    Check the vendor blacklist correctly

    lcp committed with vathpela Oct 30, 2012
  4. @lcp @vathpela

    Initialize the size of vendor dbx as 0

    lcp committed with vathpela Oct 30, 2012
    The size of vendor dbx must be 0 if there is no vendor dbx provided
    or the functions of db check will crash.
Commits on Oct 24, 2012
  1. Clean up password setting

    Matthew Garrett committed Oct 24, 2012
    Permit clearing of the password, and avoid a case where choosing not to set
    a password would result in an error message on exit. Fix the same problem
    with MokSB.
  2. Improve signature validation enable/disable

    Matthew Garrett committed Oct 24, 2012
    The logic used in checking the signature validation password was a bit
    ugly. Improve that so it behaves rather more as expected.
  3. Boot unsigned binaries if we're not in secure mode

    Matthew Garrett committed Oct 24, 2012
    read_header would fail if the binary was unsigned, even if we weren't then
    going to verify the signature. Move that check to the verify function
    instead.
  4. Miscellaneous small fixups

    Matthew Garrett committed Oct 24, 2012
    Fixes for some small bugs noticed during review
  5. Add another missing screen clearing

    Matthew Garrett committed Oct 23, 2012
    Another case where we were drawing text over existing text.
Commits on Oct 23, 2012
  1. Merge branch 'mok' of github.com:mjg59/shim into mok

    Matthew Garrett committed Oct 23, 2012
  2. Fix password hash calculation

    Matthew Garrett committed Oct 23, 2012
    This was hardcoded, rather than being based on the actual password length,
    resulting in incorrect hashes being generated.
  3. Update image validation enable/disable

    Matthew Garrett committed Oct 23, 2012
    Update this to match the new mokutil behaviour
  4. Delete MokList properly

    Matthew Garrett committed Oct 23, 2012
    A cut and paste error meant that attempts to delete MokList were instead
    appending a zero-length addition.
  5. Clean up checks for MokManager entry

    Matthew Garrett committed Oct 23, 2012
    Add a helper function and tidy up the calls for getting into MokManager
  6. Fix key database parsing

    Matthew Garrett committed Oct 23, 2012
    The pointer to the certificate needs to be incremented by the size of the
    entire certificate, not just the certificate data.
  7. @vathpela

    Support a vendor-specific DBX list.

    vathpela committed Oct 23, 2012
    In some rare corner cases, it's useful to add a blacklist of things that
    were allowed by a copy of shim that was never signed by the UEFI signing
    service.  In these cases it's okay for them to go into a local dbx,
    rather than taking up precious flash.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>
Commits on Oct 18, 2012
  1. Clear screen before prompting

    Matthew Garrett committed Oct 18, 2012
    We were drawing prompts on top of existing text, which was less than
    ideal.
  2. Don't print SHA1 sum when calculating file fingerprints

    Matthew Garrett committed Oct 18, 2012
    There's no point in printing the SHA1 of a SHA256...
  3. Clean up timeout counter handling

    Matthew Garrett committed Oct 18, 2012
    Reduce menu redrawing by only redrawing the invalidated section of the menu
    during the timeout countdown.
  4. Add MOK password auth

    Matthew Garrett committed Oct 17, 2012
    Add support for setting an MOK password. The OS passes down a password hash.
    MokManager then presents an option for setting a password. Selecting it
    prompts the user for the same password again. If they match, the hash is
    enrolled into a boot services variable and MokManager will prompt for the
    password whenever it's started.
  5. Pause on callback failures

    Matthew Garrett committed Oct 17, 2012
    If a callback returns any kind of failure, wait for a keypress in order to
    give the user an opportunity to read any failure messages.
  6. Skip signature checking if insecure

    Matthew Garrett committed Oct 17, 2012
    If we're configured to run untrusted code, print a message and skip the
    validation checks.
  7. Add support for disabling signature verification

    Matthew Garrett committed Oct 17, 2012
    Provide a mechanism for a physically present end user to disable signature
    verification. This is handled by the OS passing down a variable that
    contains a UINT32 and a SHA256 hash. If this variable is present, MokManager
    prompts the user to choose whether to enable or disable signature validation
    (depending on the value of the UINT32). They are then asked to type the
    passphrase that matches the hash. This then saves a boot services variable
    which is checked by shim, and if set will skip verification of signatures.
Commits on Oct 13, 2012
  1. Add section headers

    Matthew Garrett committed Oct 13, 2012
    Provide a little more contextual information when people are in shim
    menus.
  2. @lcp

    Reallocate the DevPath space for the volume label

    lcp committed with Matthew Garrett Oct 12, 2012
    The size of the DevPath string array was not sufficient to append
    the volume label. This patch extends the size for the label and
    re-enables the menu freeing.
Commits on Oct 12, 2012
  1. Remove LoadImage/StartImage support

    Matthew Garrett committed Oct 11, 2012
    Some systems will show an error dialog if LoadImage() returned
    EFI_ACCESS_DENIED, which then requires physical user interaction to skip.
    Let's just remove the LoadImage/StartImage code, since the built-in code
    is theoretically equivalent.
  2. Switch to using db format for MokList and MokNew

    Matthew Garrett committed Oct 11, 2012
    Using the same format as the UEFI key databases makes it easier for the
    kernel to parse and extract keys from MOK, and also permits MOK to contain
    multiple key or hash types. Additionally, add support for enrolling hashes.
Commits on Oct 11, 2012
  1. Split out hashing

    Matthew Garrett committed Oct 11, 2012
    We want to be able to generate hashes, so split out the hash generation
    function from the verification function
  2. Add missing header define

    Matthew Garrett committed Oct 11, 2012
  3. Add SHA1 support

    Matthew Garrett committed Oct 11, 2012
    In theory vendors could blacklist binaries with SHA1, so make sure we
    calculate and check that hash as well.
Something went wrong with that request. Please try again.