Skip to content


Subversion checkout URL

You can clone with
Download ZIP


shim 0.9

Gary Ching-Pang Lin (19):
      Add nostdinc to the CFLAGS for lib
      Update Cryptlib and openssl
      Make the build failed with objcopy < 2.24
      Support MOK blacklist
      MokManager: show the hash list properly
      MokManager: delete the hash properly
      MokManager: Match all hashes in the list
      MokManager: Write the hash list properly
      Copy the MOK blacklist to a RT variable
      Verify the EFI images with MOK blacklist
      Make shim to check MokXAuth for MOKX reset
      MokManager: calculate the variable size correctly
      MokManager: fix the hash list counting in delete
      MokManager: Support SHA1 hash in MOK
      MokManager: fix the return value and type
      MokManager: Add more key list safe checks
      MokManager: Support SHA224, SHA384, and SHA512
      MokManager: Discard the list contains an invalid signature
      MokManager: fix comparison between signed and unsigned integer

Laszlo Ersek (1):
      Fix length of allocated buffer for boot option comparison.

Matthew Garrett (1):
      Explicitly request sysv-style ELF hash sections

Peter Jones (17):
      Align the sections we're loading, and check for validity /after/ discarding.
      Don't install our protocols if we're not in secure mode.
      Make lib/ build right with the cflags it should be using...
      Make lib/ use the right CFLAGS.
      gcc 5.0 changes some include bits, so copy what arm does on x86.
      Only run MokManager if asked or a security violation occurs.
      Don't leave in_protocol==1 when shim_verify() isn't enforcing.
      Ensure that apps launched by shim get correct BS->Exit() behavior
      Fix console_print_box*() parameters.
      MokManager: Nerf SHA-1 again for actual hashes and signatures.
      Don't print anything or delay when start_image() succeeds.
      More incorrect unsigned vs signed fixups from yours truly.
      Add a conditional point for a debugger to attach.
      Only be verbose the first time secure_mode() is called.
      Make sure our build-id notes wind up at a reasonable place.
      Improve our debuginfo path print

Richard W.M. Jones (1):
      fallback: Fix comparison between signed and unsigned in debugging code.

Read release notes

Read release notes


- Handle the SetupMode variable correctly.

Read release notes


Bump version to 0.5
Signed-off-by: Peter Jones <>


Bump version to 0.4
Since I've finally merged in the "sections" branch, best to increment
the version number.

Signed-off-by: Peter Jones <>


Bump version to 0.3
Signed-off-by: Peter Jones <>
Something went wrong with that request. Please try again.