]>
git.proxmox.com Git - efi-boot-shim.git/log
Matthew Garrett [Tue, 23 Oct 2012 19:06:59 +0000 (15:06 -0400)]
Update image validation enable/disable
Update this to match the new mokutil behaviour
Matthew Garrett [Tue, 23 Oct 2012 15:57:22 +0000 (11:57 -0400)]
Delete MokList properly
A cut and paste error meant that attempts to delete MokList were instead
appending a zero-length addition.
Matthew Garrett [Tue, 23 Oct 2012 15:36:02 +0000 (11:36 -0400)]
Clean up checks for MokManager entry
Add a helper function and tidy up the calls for getting into MokManager
Matthew Garrett [Tue, 23 Oct 2012 14:04:02 +0000 (10:04 -0400)]
Fix key database parsing
The pointer to the certificate needs to be incremented by the size of the
entire certificate, not just the certificate data.
Matthew Garrett [Thu, 18 Oct 2012 21:34:14 +0000 (17:34 -0400)]
Clear screen before prompting
We were drawing prompts on top of existing text, which was less than
ideal.
Matthew Garrett [Thu, 18 Oct 2012 21:29:01 +0000 (17:29 -0400)]
Don't print SHA1 sum when calculating file fingerprints
There's no point in printing the SHA1 of a SHA256...
Matthew Garrett [Thu, 18 Oct 2012 21:24:52 +0000 (17:24 -0400)]
Clean up timeout counter handling
Reduce menu redrawing by only redrawing the invalidated section of the menu
during the timeout countdown.
Matthew Garrett [Thu, 18 Oct 2012 01:40:05 +0000 (21:40 -0400)]
Add MOK password auth
Add support for setting an MOK password. The OS passes down a password hash.
MokManager then presents an option for setting a password. Selecting it
prompts the user for the same password again. If they match, the hash is
enrolled into a boot services variable and MokManager will prompt for the
password whenever it's started.
Matthew Garrett [Wed, 17 Oct 2012 22:23:35 +0000 (18:23 -0400)]
Pause on callback failures
If a callback returns any kind of failure, wait for a keypress in order to
give the user an opportunity to read any failure messages.
Matthew Garrett [Wed, 17 Oct 2012 22:36:07 +0000 (18:36 -0400)]
Skip signature checking if insecure
If we're configured to run untrusted code, print a message and skip the
validation checks.
Matthew Garrett [Wed, 17 Oct 2012 22:22:11 +0000 (18:22 -0400)]
Add support for disabling signature verification
Provide a mechanism for a physically present end user to disable signature
verification. This is handled by the OS passing down a variable that
contains a UINT32 and a SHA256 hash. If this variable is present, MokManager
prompts the user to choose whether to enable or disable signature validation
(depending on the value of the UINT32). They are then asked to type the
passphrase that matches the hash. This then saves a boot services variable
which is checked by shim, and if set will skip verification of signatures.
Matthew Garrett [Sat, 13 Oct 2012 05:07:43 +0000 (01:07 -0400)]
Add section headers
Provide a little more contextual information when people are in shim
menus.
Gary Ching-Pang Lin [Fri, 12 Oct 2012 09:55:09 +0000 (17:55 +0800)]
Reallocate the DevPath space for the volume label
The size of the DevPath string array was not sufficient to append
the volume label. This patch extends the size for the label and
re-enables the menu freeing.
Matthew Garrett [Fri, 12 Oct 2012 01:05:01 +0000 (21:05 -0400)]
Remove LoadImage/StartImage support
Some systems will show an error dialog if LoadImage() returned
EFI_ACCESS_DENIED, which then requires physical user interaction to skip.
Let's just remove the LoadImage/StartImage code, since the built-in code
is theoretically equivalent.
Matthew Garrett [Thu, 11 Oct 2012 19:54:36 +0000 (15:54 -0400)]
Switch to using db format for MokList and MokNew
Using the same format as the UEFI key databases makes it easier for the
kernel to parse and extract keys from MOK, and also permits MOK to contain
multiple key or hash types. Additionally, add support for enrolling hashes.
Matthew Garrett [Thu, 11 Oct 2012 16:24:36 +0000 (12:24 -0400)]
Split out hashing
We want to be able to generate hashes, so split out the hash generation
function from the verification function
Matthew Garrett [Thu, 11 Oct 2012 16:13:18 +0000 (12:13 -0400)]
Add missing header define
Matthew Garrett [Thu, 11 Oct 2012 15:30:41 +0000 (11:30 -0400)]
Add SHA1 support
In theory vendors could blacklist binaries with SHA1, so make sure we
calculate and check that hash as well.
Matthew Garrett [Thu, 11 Oct 2012 13:55:14 +0000 (09:55 -0400)]
Add menu header
Add a basic header to the menu to make it clearer what's going on.
Define SHIM_VENDOR in order to override the default.
Matthew Garrett [Thu, 11 Oct 2012 13:45:14 +0000 (09:45 -0400)]
Clear screen on exit
Matthew Garrett [Thu, 11 Oct 2012 13:44:27 +0000 (09:44 -0400)]
Add timeout support
We should time out if there aren't any keypresses at the top level menu
within a reasonable timeframe.
Matthew Garrett [Thu, 11 Oct 2012 13:26:16 +0000 (09:26 -0400)]
Fix whitespace
Gary Ching-Pang Lin [Thu, 11 Oct 2012 13:20:30 +0000 (09:20 -0400)]
Remove unnecessary newline
The newline character shouldn't be present in the menu item string
Gary Ching-Pang Lin [Thu, 11 Oct 2012 13:19:32 +0000 (09:19 -0400)]
Pass the size of MokNew to the key enrollment function
The size of MokNew was missing and it caused crash when enrolling new MOKs
with mokutil
Matthew Garrett [Tue, 9 Oct 2012 13:44:55 +0000 (09:44 -0400)]
Callbacks should return INTN, not UINTN
Matthew Garrett [Tue, 9 Oct 2012 13:43:37 +0000 (09:43 -0400)]
Remove unused variable
Matthew Garrett [Tue, 9 Oct 2012 13:39:36 +0000 (09:39 -0400)]
Don't lose the last file in top-level directories
The filesystem callback was failing to account for the additional menu
item to return to the filesystem list, and so the last file entry in the
root directory would be missing from the list.
Matthew Garrett [Mon, 8 Oct 2012 19:17:49 +0000 (15:17 -0400)]
Fix filesystem enrollment
We would always enrol a single key, deleting any existing keys in the
database. Fix that up.
Matthew Garrett [Tue, 9 Oct 2012 01:45:38 +0000 (21:45 -0400)]
Add an auth argument to store_keys()
If the user is manually installing keys from a filesystem then we don't need
to ask for the key password.
Matthew Garrett [Tue, 9 Oct 2012 01:44:43 +0000 (21:44 -0400)]
Add __attribute__ ((packed)) to MokListNode definition
Packing this lets us use MokListNode with the binary MokList representation.
Matthew Garrett [Sat, 6 Oct 2012 21:52:38 +0000 (17:52 -0400)]
Disable menu freeing
This looks like it ought to work, but is currently failing. Leaking here
isn't a big deal, so just disable it until I figure out what's wrong.
Matthew Garrett [Sat, 6 Oct 2012 21:39:21 +0000 (17:39 -0400)]
Fix menucount
Menucount wasn't being incremented for the final top level menu, so
the file explorer menu item wasn't appearing.
Matthew Garrett [Sat, 6 Oct 2012 21:28:03 +0000 (17:28 -0400)]
Free menus and add statics
Make sure we free menu items after exiting a menu. Also, add some missing
static annotations.
Matthew Garrett [Sat, 6 Oct 2012 21:25:57 +0000 (17:25 -0400)]
Fix menu items
Only show the MOK manipulation menu item if MokNew existed
Matthew Garrett [Sat, 6 Oct 2012 21:22:33 +0000 (17:22 -0400)]
Always show the MokManager UI
If someone explicitly starts MokManager then we want to show the UI
Matthew Garrett [Sat, 6 Oct 2012 21:20:30 +0000 (17:20 -0400)]
Fall back to MokManager if grub failed to validate
If we can't verify grub, fall back to MokManager. This permits shipping a
copy of shim and MokManager without distributing a key, letting
distributions provide their own for user installation.
Matthew Garrett [Fri, 5 Oct 2012 23:03:42 +0000 (19:03 -0400)]
Add filesystem browsing and enrollment
Add a basic menu system and file explorer. This makes it possible for the
user to enrol keys from media from within shim rather than having to boot
an OS first. This would permit vendors to distribute a signed shim without
having to install their own keys first - the keys could be stored on the
install media instead.
Gary Ching-Pang Lin [Thu, 4 Oct 2012 09:35:02 +0000 (17:35 +0800)]
Don't show the invalid key number
Gary Ching-Pang Lin [Thu, 4 Oct 2012 09:23:18 +0000 (17:23 +0800)]
Use the same function to get commands and password
Gary Ching-Pang Lin [Thu, 4 Oct 2012 08:28:52 +0000 (16:28 +0800)]
Print the key number for the non-existent key also
Gary Ching-Pang Lin [Tue, 2 Oct 2012 10:17:29 +0000 (18:17 +0800)]
Don't print Backspace as we print nothing
Gary Ching-Pang Lin [Tue, 2 Oct 2012 06:51:42 +0000 (14:51 +0800)]
Calculate SHA1 fingerprint
openssl shows sha1 fingerprint by default.
Gary Ching-Pang Lin [Tue, 2 Oct 2012 04:45:46 +0000 (12:45 +0800)]
Replace functions with the ones in gnu-efi
Gary Ching-Pang Lin [Tue, 2 Oct 2012 03:55:44 +0000 (11:55 +0800)]
Use LibDeleteVariable in gnu-efi
Gary Ching-Pang Lin [Thu, 27 Sep 2012 08:54:38 +0000 (16:54 +0800)]
More tips for the MOK password
Gary Ching-Pang Lin [Wed, 26 Sep 2012 09:19:27 +0000 (17:19 +0800)]
Filter out newline from the password array
Gary Ching-Pang Lin [Wed, 26 Sep 2012 08:36:53 +0000 (16:36 +0800)]
correct wording
Gary Ching-Pang Lin [Wed, 26 Sep 2012 07:46:42 +0000 (15:46 +0800)]
Build debug image for all efi files
Gary Ching-Pang Lin [Mon, 24 Sep 2012 09:27:52 +0000 (17:27 +0800)]
Define the max length of password
Gary Ching-Pang Lin [Fri, 21 Sep 2012 10:38:31 +0000 (18:38 +0800)]
Request a password to verify the key list
The password must contain 8 characters at least and 16 characters
at most and will be hashed with the key list altogether. The keys
in MokNew won't be allowed to be enrolled unless the user provides
the correct password.
Gary Ching-Pang Lin [Fri, 21 Sep 2012 08:43:07 +0000 (16:43 +0800)]
Erase stored keys when there is no key in the new key list
Gary Ching-Pang Lin [Fri, 21 Sep 2012 07:46:10 +0000 (15:46 +0800)]
Make sure the variables are not broken
Gary Ching-Pang Lin [Fri, 21 Sep 2012 07:36:57 +0000 (15:36 +0800)]
Allow the new keys to be listed again
Gary Ching-Pang Lin [Fri, 21 Sep 2012 07:10:31 +0000 (15:10 +0800)]
Reject the binary when there is no key in MokList
Gary Ching-Pang Lin [Thu, 20 Sep 2012 10:15:50 +0000 (18:15 +0800)]
Make the key list interactive
Gary Ching-Pang Lin [Thu, 20 Sep 2012 07:54:57 +0000 (15:54 +0800)]
Make sure the time string is set
Gary Ching-Pang Lin [Thu, 20 Sep 2012 06:27:15 +0000 (14:27 +0800)]
Improve the layout of the key info
Gary Ching-Pang Lin [Thu, 20 Sep 2012 02:35:43 +0000 (10:35 +0800)]
Remove the unused debug message
Gary Ching-Pang Lin [Thu, 20 Sep 2012 02:28:00 +0000 (10:28 +0800)]
Check the MOK list correctly
Gary Ching-Pang Lin [Wed, 19 Sep 2012 09:12:30 +0000 (17:12 +0800)]
Simplify the key management
Move the key list building and management to mokutil to keep
MokManager as simple as possible.
Gary Ching-Pang Lin [Wed, 19 Sep 2012 06:54:35 +0000 (14:54 +0800)]
Abandon the variable, MokMgmt
Gary Ching-Pang Lin [Tue, 11 Sep 2012 09:43:44 +0000 (17:43 +0800)]
Copy the MOK list to a RT variable
The RT variable, MokListRT, is a copy of MokList so that the
runtime applications can synchronize the key list without touching
the BS variable.
Gary Ching-Pang Lin [Tue, 11 Sep 2012 08:39:12 +0000 (16:39 +0800)]
Use the machine owner keys to verify images
Gary Ching-Pang Lin [Tue, 11 Sep 2012 08:38:29 +0000 (16:38 +0800)]
Add a separate efi application to manage MOKs
Gary Ching-Pang Lin [Tue, 11 Sep 2012 08:37:02 +0000 (16:37 +0800)]
Always try StartImage first
Gary Ching-Pang Lin [Tue, 11 Sep 2012 08:34:25 +0000 (16:34 +0800)]
Only launch MokManager when necessary
Gary Ching-Pang Lin [Tue, 11 Sep 2012 08:31:05 +0000 (16:31 +0800)]
Retrieve attributes of variables
We have to make sure the machine owner key is stored in a BS
variable.
Gary Ching-Pang Lin [Fri, 7 Sep 2012 10:22:34 +0000 (18:22 +0800)]
Merge branch 'master' into mok-prototype3
Conflicts:
shim.c
Gary Ching-Pang Lin [Fri, 7 Sep 2012 10:11:45 +0000 (18:11 +0800)]
Load MokManager for MOK management
Gary Ching-Pang Lin [Fri, 7 Sep 2012 09:43:21 +0000 (17:43 +0800)]
Make the image loading process more generic
Peter Jones [Thu, 6 Sep 2012 20:32:41 +0000 (16:32 -0400)]
Fix data alignment on vendor_cert so we don't wind up with padding.
Peter Jones [Thu, 6 Sep 2012 16:37:58 +0000 (12:37 -0400)]
Add some convenience make targets.
Adds targets for "test-archive" and "archive"
Peter Jones [Thu, 6 Sep 2012 15:08:09 +0000 (11:08 -0400)]
Break out of our db checking loop at the appropriate time.
The break in check_db_cert is at the wrong level due to a typo in
indentation, and as a result only the last cert in the list can
correctly match. Rectify that.
Signed-off-by: Peter Jones <pjones@redhat.com>
Matthew Garrett [Tue, 14 Aug 2012 10:50:00 +0000 (06:50 -0400)]
Use the file size, not the image size field, for verification.
Peter Jones [Mon, 13 Aug 2012 21:06:46 +0000 (17:06 -0400)]
Allow specification of vendor_cert through a build command line option.
This allows you to specify the vendor_cert as a file on the command line
during build.
Peter Jones [Thu, 6 Sep 2012 16:01:43 +0000 (12:01 -0400)]
dos2unix PeImage.h
Matthew Garrett [Sat, 28 Jul 2012 04:42:43 +0000 (00:42 -0400)]
Add basic documentation
Matthew Garrett [Fri, 13 Jul 2012 04:30:22 +0000 (00:30 -0400)]
Handle slightly stranger device paths
Matthew Garrett [Wed, 11 Jul 2012 14:58:15 +0000 (10:58 -0400)]
Make path generation more sensible
Matthew Garrett [Wed, 11 Jul 2012 14:57:46 +0000 (10:57 -0400)]
Make sure ImageBase is set appropriately in the loaded_image protocol
Matthew Garrett [Mon, 9 Jul 2012 15:03:12 +0000 (11:03 -0400)]
Add copyright file
Matthew Garrett [Mon, 9 Jul 2012 14:39:14 +0000 (10:39 -0400)]
Update TODO
Matthew Garrett [Mon, 9 Jul 2012 14:38:30 +0000 (10:38 -0400)]
Remove temp file checked in by accident
Matthew Garrett [Mon, 9 Jul 2012 14:38:19 +0000 (10:38 -0400)]
Improve makefile
Matthew Garrett [Mon, 9 Jul 2012 14:17:19 +0000 (10:17 -0400)]
Make it easier to update Cryptlib
Matthew Garrett [Mon, 9 Jul 2012 14:14:28 +0000 (10:14 -0400)]
Cryptlib update
Matthew Garrett [Thu, 5 Jul 2012 20:37:29 +0000 (16:37 -0400)]
Re-add whitelisting - needed for protocol validation
Matthew Garrett [Thu, 5 Jul 2012 16:52:42 +0000 (12:52 -0400)]
We're not MSABI, so don't advertise this as such
Matthew Garrett [Thu, 5 Jul 2012 16:51:12 +0000 (12:51 -0400)]
Check whether secure boot is enabled before performing verify call
Matthew Garrett [Mon, 2 Jul 2012 18:43:18 +0000 (14:43 -0400)]
Fix up blacklist checking
This was not quite as bugfree as would be hoped for.
Matthew Garrett [Mon, 2 Jul 2012 17:49:32 +0000 (13:49 -0400)]
Remove whitelisting - the firmware will handle it via LoadImage/StartImage
Matthew Garrett [Mon, 2 Jul 2012 16:33:42 +0000 (12:33 -0400)]
Update OpenSSL
Matthew Garrett [Mon, 2 Jul 2012 16:29:03 +0000 (12:29 -0400)]
Build a debug image
Matthew Garrett [Mon, 2 Jul 2012 15:54:21 +0000 (11:54 -0400)]
Fix type of buffersize
Matthew Garrett [Mon, 2 Jul 2012 13:40:18 +0000 (09:40 -0400)]
Remove redundant header
Matthew Garrett [Mon, 25 Jun 2012 21:46:11 +0000 (17:46 -0400)]
Fix get_variable
Matthew Garrett [Mon, 25 Jun 2012 14:59:08 +0000 (10:59 -0400)]
Add black/white listing
Matthew Garrett [Tue, 19 Jun 2012 19:25:59 +0000 (15:25 -0400)]
Fix build somewhat
Matthew Garrett [Tue, 19 Jun 2012 19:25:02 +0000 (15:25 -0400)]
Fix cert size
Matthew Garrett [Tue, 19 Jun 2012 19:23:31 +0000 (15:23 -0400)]
Fix error path