Rename check_{white,black}list to check_{allow,deny}list

v2 - updated for conflicts and to include documentation (pjones)

MokVars.txt

@@ -55,12 +55,12 @@ matches MokAuth, the user will be prompted to enrol the keys. BS,RT,NV
 
 State variables:
 
-MokList: A list of whitelisted keys and hashes. An EFI_SIGNATURE_LIST 
+MokList: A list of authorized keys and hashes. An EFI_SIGNATURE_LIST 
 as described in the UEFI specification. BS,NV
 
 MokListRT: A copy of MokList made available to the kernel at runtime. RT
 
-MokListX: A list of blacklisted keys and hashes.  An EFI_SIGNATURE_LIST
+MokListX: A list of forbidden keys and hashes.  An EFI_SIGNATURE_LIST
 as described in the UEFI specification. BS,NV
 
 MokListXRT: A copy of MokListX made available to the kernel at runtime. RT

README.md

@@ -5,7 +5,7 @@ execute another application. It will initially attempt to do this via the
 standard EFI `LoadImage()` and `StartImage()` calls. If these fail (because Secure
 Boot is enabled and the binary is not signed with an appropriate key, for
 instance) it will then validate the binary against a built-in certificate. If
-this succeeds and if the binary or signing key are not blacklisted then shim
+this succeeds and if the binary or signing key are not forbidden then shim
 will relocate and execute the binary.
 
 shim will also install a protocol which permits the second-stage bootloader

README.tpm

@@ -9,14 +9,14 @@ PCR4:
 PCR7:
 - Any certificate in one of our certificate databases that matches a binary
   we try to load will be extended into PCR7.  That includes:
-  - DBX - the system blacklist, logged as "dbx"
-  - MokListX - the Mok blacklist, logged as "MokListX"
-  - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx"
-  - DB - the system whitelist, logged as "db"
-  - vendor_db - shim's built-in vendor whitelist, logged as "db"
-  - MokList the Mok whitelist, logged as "MokList"
-  - vendor_cert - shim's built-in vendor whitelist, logged as "Shim"
-  - shim_cert - shim's build-time generated whitelist, logged as "Shim"
+  - DBX - the system denylist, logged as "dbx"
+  - MokListX - the Mok denylist, logged as "MokListX"
+  - vendor_dbx - shim's built-in vendor denylist, logged as "dbx"
+  - DB - the system allowlist, logged as "db"
+  - vendor_db - shim's built-in vendor allowlist, logged as "db"
+  - MokList the Mok allowlist, logged as "MokList"
+  - vendor_cert - shim's built-in vendor allowlist, logged as "Shim"
+  - shim_cert - shim's build-time generated allowlist, logged as "Shim"
 - MokSBState will be extended into PCR7 if it is set, logged as
   "MokSBState".
 

src/shim.c

@@ -487,10 +487,10 @@ static CHECK_STATUS check_db_hash(CHAR16 *dbname, EFI_GUID guid, UINT8 *data,
 
 /*
  * Check whether the binary signature or hash are present in dbx or the
- * built-in blacklist
+ * built-in denylist
  */
-static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert,
-				   UINT8 *sha256hash, UINT8 *sha1hash)
+static EFI_STATUS check_denylist (WIN_CERTIFICATE_EFI_PKCS *cert,
+				  UINT8 *sha256hash, UINT8 *sha1hash)
 {
 	EFI_SIGNATURE_LIST *dbx = (EFI_SIGNATURE_LIST *)vendor_deauthorized;
 
@@ -553,7 +553,7 @@ static void update_verification_method(verification_method_t method)
 /*
  * Check whether the binary signature or hash are present in db or MokList
  */
-static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert,
+static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
 				   UINT8 *sha256hash, UINT8 *sha1hash)
 {
 	if (!ignore_db) {
@@ -951,27 +951,27 @@ verify_one_signature(WIN_CERTIFICATE_EFI_PKCS *sig,
 	EFI_STATUS efi_status;
 
 	/*
-	 * Ensure that the binary isn't blacklisted
+	 * Ensure that the binary isn't forbidden
 	 */
 	drain_openssl_errors();
-	efi_status = check_blacklist(sig, sha256hash, sha1hash);
+	efi_status = check_denylist(sig, sha256hash, sha1hash);
 	if (EFI_ERROR(efi_status)) {
-		perror(L"Binary is blacklisted: %r\n", efi_status);
+		perror(L"Binary is forbidden: %r\n", efi_status);
 		PrintErrors();
 		ClearErrors();
 		crypterr(efi_status);
 		return efi_status;
 	}
 
 	/*
-	 * Check whether the binary is whitelisted in any of the firmware
+	 * Check whether the binary is authorized in any of the firmware
 	 * databases
 	 */
 	drain_openssl_errors();
-	efi_status = check_whitelist(sig, sha256hash, sha1hash);
+	efi_status = check_allowlist(sig, sha256hash, sha1hash);
 	if (EFI_ERROR(efi_status)) {
 		if (efi_status != EFI_NOT_FOUND) {
-			dprint(L"check_whitelist(): %r\n", efi_status);
+			dprint(L"check_allowlist(): %r\n", efi_status);
 			PrintErrors();
 			ClearErrors();
 			crypterr(efi_status);
@@ -1075,30 +1075,30 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	}
 
 	/*
-	 * Ensure that the binary isn't blacklisted by hash
+	 * Ensure that the binary isn't forbidden by hash
 	 */
 	drain_openssl_errors();
-	ret_efi_status = check_blacklist(NULL, sha256hash, sha1hash);
+	ret_efi_status = check_denylist(NULL, sha256hash, sha1hash);
 	if (EFI_ERROR(ret_efi_status)) {
-		perror(L"Binary is blacklisted\n");
-		dprint(L"Binary is blacklisted: %r\n", ret_efi_status);
+//		perror(L"Binary is forbidden\n");
+//		dprint(L"Binary is forbidden: %r\n", ret_efi_status);
 		PrintErrors();
 		ClearErrors();
 		crypterr(ret_efi_status);
 		return ret_efi_status;
 	}
 
 	/*
-	 * Check whether the binary is whitelisted by hash in any of the
+	 * Check whether the binary is authorized by hash in any of the
 	 * firmware databases
 	 */
 	drain_openssl_errors();
-	ret_efi_status = check_whitelist(NULL, sha256hash, sha1hash);
+	ret_efi_status = check_allowlist(NULL, sha256hash, sha1hash);
 	if (EFI_ERROR(ret_efi_status)) {
-		LogError(L"check_whitelist(): %r\n", efi_status);
-		dprint(L"check_whitelist: %r\n", ret_efi_status);
+		LogError(L"check_allowlist(): %r\n", ret_efi_status);
+		dprint(L"check_allowlist: %r\n", ret_efi_status);
 		if (ret_efi_status != EFI_NOT_FOUND) {
-			dprint(L"check_whitelist(): %r\n", ret_efi_status);
+			dprint(L"check_allowlist(): %r\n", ret_efi_status);
 			PrintErrors();
 			ClearErrors();
 			crypterr(ret_efi_status);
@@ -1173,7 +1173,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	} while (offset < context->SecDir->Size);
 
 	if (ret_efi_status != EFI_SUCCESS) {
-		dprint(L"Binary is not whitelisted\n");
+		dprint(L"Binary is not authorized\n");
 		PrintErrors();
 		ClearErrors();
 		crypterr(EFI_SECURITY_VIOLATION);