Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Clean up password setting

Permit clearing of the password, and avoid a case where choosing not to set
a password would result in an error message on exit. Fix the same problem
with MokSB.
  • Loading branch information...
commit 0e3ff89ac7983bed2feaaa47c699fbd6173293b0 1 parent cccc613
Matthew Garrett authored
Showing with 21 additions and 4 deletions.
  1. +21 −4 MokManager.c
View
25 MokManager.c
@@ -703,8 +703,6 @@ static INTN mok_sb_prompt (void *MokSB, void *data2, void *data3) {
UINT8 sbval = 1;
UINT8 pos1, pos2, pos3;
- LibDeleteVariable(L"MokSB", &shim_lock_guid);
-
if (MokSBSize != sizeof(MokSBvar)) {
Print(L"Invalid MokSB variable contents\n");
return -1;
@@ -776,6 +774,8 @@ static INTN mok_sb_prompt (void *MokSB, void *data2, void *data3) {
&shim_lock_guid);
}
+ LibDeleteVariable(L"MokSB", &shim_lock_guid);
+
Print(L"Press a key to reboot system\n");
Pause();
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
@@ -804,10 +804,25 @@ static INTN mok_pw_prompt (void *MokPW, void *data2, void *data3) {
return -1;
}
- LibDeleteVariable(L"MokPW", &shim_lock_guid);
-
uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);
+ SetMem(hash, SHA256_DIGEST_SIZE, 0);
+
+ if (CompareMem(MokPW, hash, SHA256_DIGEST_SIZE) == 0) {
+ Print(L"Clear MOK password? (y/n): ");
+
+ do {
+ get_line (&length, line, 1, 1);
+
+ if (line[0] == 'Y' || line[0] == 'y') {
+ LibDeleteVariable(L"MokPWStore", &shim_lock_guid);
+ LibDeleteVariable(L"MokPW", &shim_lock_guid);
+ }
+ } while (line[0] != 'N' && line[0] != 'n');
+
+ return 0;
+ }
+
while (fail_count < 3) {
Print(L"Confirm MOK passphrase: ");
get_line(&length, password, PASSWORD_MAX, 0);
@@ -857,6 +872,8 @@ static INTN mok_pw_prompt (void *MokPW, void *data2, void *data3) {
return -1;
}
+ LibDeleteVariable(L"MokPW", &shim_lock_guid);
+
Print(L"Press a key to reboot system\n");
Pause();
uefi_call_wrapper(RT->ResetSystem, 4, EfiResetWarm,
Please sign in to comment.
Something went wrong with that request. Please try again.