Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebase on 15.7 #20

Closed
wants to merge 152 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
152 commits
Select commit Hold shift + click to select a range
493bd94
Don't call QueryVariableInfo() on EFI 1.10 machines
vathpela Apr 10, 2021
05875f3
Post-process our PE to be sure.
vathpela May 14, 2021
9f973e4
Relax the check for import_mok_state()
lcp May 11, 2021
9a8a6cd
SBAT.md: trivial fixes
hallyn Jul 14, 2021
0f40cb0
SBAT.md: fix "will should"
hallyn Jul 14, 2021
4d64389
shim: another attempt to fix load options handling
chrisccoulson Jun 7, 2021
352a741
.gitignore: ignore .gdb*, not just .gdbinit
vathpela Jul 2, 2021
3ecfa30
shim: rename pause() to wait_for_debug()
vathpela Jul 2, 2021
3269735
test.h: make some of the asserts a little more friendly to pointer ty…
vathpela Jul 2, 2021
5f08e67
test.h: add some decls for some of the stuff in efilib.h
vathpela Jul 2, 2021
b092c85
test.c: Conditionally do not declare stuff that's in other places
vathpela Jul 2, 2021
f1ef8df
Make test cases link against libefi.a
vathpela Jul 15, 2021
8600b63
test.c: add some simple mock functions for BS->{Allocate,Free}*
vathpela Jul 2, 2021
fea0a3f
test.h: add assert_not_equal_*()
vathpela Jul 2, 2021
cedfa69
test: Add a basic traceback printer
vathpela Jul 14, 2021
9e4f38a
shim: move the bulk of set_second_stage() to its own file
vathpela Jul 2, 2021
3ea1f37
Add a tester for parse_load_options()
vathpela Jul 2, 2021
ada7ff6
shim: don't fail on the odd LoadOptions length
lcp Jun 4, 2021
34e3ef2
arm/aa64: fix the size of .rela* sections
lcp Jun 16, 2021
7501b6b
mok: fix potential buffer overrun in import_mok_state
jyong2 Apr 16, 2021
3f327f5
mok: relax the maximum variable size check
lcp May 5, 2021
4583db4
Don't unhook ExitBootServices() when EBS protection is disabled
Jun 5, 2021
1b30c2b
fallback: find_boot_option() needs to return the index for the boot e…
jsetje Jul 27, 2021
204f6bb
httpboot: Ignore case when checking HTTP headers
frozencemetery Sep 1, 2021
c578407
fallback: incorrect check after AllocateZeroPool()
xypron Aug 29, 2021
cff8db7
fallback: free the right variable on the read_file() error path.
vathpela Aug 31, 2021
f9ced70
shim: avoid BOOTx64.EFI in message on other architectures
xypron Sep 2, 2021
44f1863
str: remove duplicate parameter check
xypron Aug 29, 2021
437caec
fallback: Print info on GetNextVariableName errors
jprvita Feb 16, 2019
77648c5
fallback: Use a dynamic buffer when list var names
jprvita Feb 15, 2019
0837d01
fallback: add compile option FALLBACK_NONINTERACTIVE
xnox Apr 6, 2021
e13ac73
Make CopyMem() work with EFI's declaration
vathpela Aug 4, 2021
b1fead0
mok: delete the existing RT variables only when only_first=TRUE
lcp Jun 30, 2021
9ddd8fc
Update gnu-efi
vathpela Aug 4, 2021
588e2dd
Add some more stuff to .gitignore
vathpela Aug 2, 2021
3f7050d
Ignore a gcc issue in test-str.c
vathpela Aug 4, 2021
116a831
More minor improvements to support for COMPILER=clang
vathpela Aug 2, 2021
6ea93a2
cleanup: always use BS and RT, not gBS and gRT
vathpela Jul 23, 2021
284f306
tests: clean up temp data after running tests
vathpela Aug 2, 2021
1f434aa
tests: make the CompareGuid() comparison size be less stupid
vathpela Aug 2, 2021
3cc53c7
mok: move the mok_state_variables definitions to their own header
vathpela Jul 23, 2021
cae5e2f
shim/mm/fb: move global state to its own source file
vathpela Jul 23, 2021
11080ef
tpm: free measureddata when SHIM_UNIT_TEST is set
vathpela Aug 3, 2021
e5a406b
tests: Disable some logging when SHIM_UNIT_TEST is enabled
vathpela Aug 16, 2021
97350bd
tests: link all tests against libefivar
vathpela Jul 23, 2021
6a95bea
tests: Add a 'test-coverage' make target for gcov
vathpela Aug 4, 2021
1368d9a
tests: add an efi error decoder
vathpela Aug 3, 2021
5ed2730
tests: add some slightly better EFIAPI error mocks
vathpela Aug 3, 2021
2c9eebc
tests: add a mock implementation of {Get,Set}Variable and tests for it
vathpela Jul 22, 2021
54bc72c
tests: model different behaviors for deleting variables
vathpela Aug 3, 2021
3386d4f
tests: add pre and post hooks to the mock variable store
vathpela Jul 22, 2021
63a5ae1
tests: Add config table support
vathpela Jul 26, 2021
397f820
tests: Add a unit test for mok mirroring
vathpela Jul 23, 2021
35dc110
mok: Fix memory leak in mok mirroring
vathpela Aug 4, 2021
72a95ae
Modify sbat.md to help with readability.
eshiman Jul 30, 2021
ecaf92a
csv: detect end of csv file correctly
xypron Aug 29, 2021
58e8dce
test-csv: test handling of trailing NUL byte
xypron Sep 2, 2021
69b7bbf
Specify that the section is ASCII not UTF-8
daxtens Sep 7, 2021
c1a84dc
tests: add "include-fixed" GCC directory to include directories
diabonas Sep 9, 2021
2699836
pe: simplify generate_hash()
xypron Sep 3, 2021
11740ea
Don't make shim abort when TPM log event fails (RHBZ #2002265)
rmetrich Sep 8, 2021
50732ee
Fallback to default loader if parsed one does not exist
julian-klode Jul 26, 2021
e54e585
shim: Dump load options in verbose mode
julian-klode Jul 30, 2021
1e4a858
Revert "fallback: find_boot_option() needs to return the index for th…
rmetrich Oct 5, 2021
41319e1
fallback: fix crash when boot entry index >= size of BootOrder list
rmetrich Oct 5, 2021
1872c92
console: check that ST->ConIn and ST->ConOut are non-NULL
vathpela Sep 16, 2021
35ca373
console: add a clear_screen() primitive
vathpela Sep 16, 2021
885feaf
docs: update SBAT UEFI variable name
nicholasbishop Sep 30, 2021
7cbf118
Extract is_removable_media_path() out of should_use_fallback()
julian-klode Aug 4, 2021
b437584
shim: Don't parse load options if invoked from removable media path
julian-klode Aug 4, 2021
0199301
Bump the version number to 15.5~rc1
vathpela Oct 14, 2021
899314b
Fix a component version in SBAT.example.md
nicholasbishop Oct 20, 2021
4e51340
Introduce a new MOK variable called MokListTrustedRT
esnowberg Oct 5, 2021
4804ba0
fallback: fix fallback not passing arguments of the first boot option
martinezjavier Nov 9, 2021
0dd4c78
shim: Don't stop forever at "Secure Boot not enabled" notification
rmetrich Dec 3, 2021
2e78cd9
stdarg: use sysv varargs when we build with coverity
vathpela Dec 10, 2021
d0df930
Minor coverity fixes
vathpela Dec 9, 2021
7ccc6c3
Fix the version string for -rc2
vathpela Jan 19, 2022
8c52a84
Make Mok config table be runtime services memory.
vathpela Jan 19, 2022
fee352a
Remove post-proccess-pe on 'make clean'
vathpela Feb 3, 2022
382568e
pe: missing perror argument
xypron Jan 18, 2022
f2c598b
Update to version 15.5
frozencemetery Feb 15, 2022
448f096
MokManager: removed Locate graphic output protocol fail error message
joeyli Dec 15, 2021
a2da05f
shim: implement SBAT verification for the shim_lock protocol
chrisccoulson Feb 28, 2022
bda03b8
post-process-pe: Fix a missing return code check
vathpela Apr 19, 2022
af18810
CI: don't cancel testing when one fails
frozencemetery May 3, 2022
ba580f9
CI: remove EOL Fedoras from github actions
frozencemetery May 3, 2022
bfeb4b3
Remove aarch64 build tests before f35
vathpela May 4, 2022
38cc646
CI: Add f36 and centos9 CI build tests.
vathpela May 4, 2022
b5185cb
post-process-pe: Fix format string warnings on 32-bit platforms
Apr 28, 2022
31094e5
tests: also look for system headers in multi-arch directories
Apr 28, 2022
4df989a
mock-variables.c: fix gcc warning
akodanev Apr 20, 2022
6aac595
test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
akodanev Apr 21, 2022
2670c6a
Allow MokListTrusted to be enabled by default
esnowberg Feb 17, 2022
5c44aaf
Add code of conduct
frozencemetery Oct 26, 2021
d6eb9c6
Modernize aarch64
vathpela Apr 26, 2022
9af50c1
Use ASCII as fallback if Unicode Box Drawing characters fail
tonper Feb 22, 2021
de87985
make: don't treat cert.S specially
vathpela Apr 29, 2022
803dc5c
shim: use SHIM_DEVEL_VERBOSE when built in devel mode
vathpela Apr 27, 2022
6402f1f
SBAT matching: Break out of the inner sbat loop if we find the entry.
vathpela May 17, 2022
bb4b60e
Add verify_image
esnowberg Jan 27, 2022
acfd48f
Abstract out image reading
esnowberg Jan 27, 2022
35d7378
Load additional certs from a signed binary
esnowberg Feb 1, 2022
8ce2832
post-process-pe: there is no 's' argument.
vathpela Dec 2, 2021
465663e
Add some missing PE image flag definitions
vathpela Dec 2, 2021
226fee2
PE Loader: support and require NX
vathpela Dec 2, 2021
df96f48
Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
vathpela Mar 31, 2022
b104fc4
post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
vathpela Dec 2, 2021
f81a7cc
SBAT revocation management
jsetje Apr 22, 2022
abe41ab
make: unbreak scan-build again for gnu-efi
vathpela May 18, 2022
610a1ac
sbat.h: minor reformatting for legibility
vathpela May 18, 2022
f28833f
peimage.h: make our signature macros force the type
vathpela May 18, 2022
5d789ca
Always initialize data/datasize before calling read_image()
vathpela May 18, 2022
a50d364
sbat policy: make our policy change actions symbolic
vathpela May 18, 2022
5868789
load_certs: trust dir->Read() slightly less.
vathpela May 18, 2022
a78673b
mok.c: fix a trivial dead assignment
vathpela May 18, 2022
759f061
Fix preserve_sbat_uefi_variable() logic
jsetje May 18, 2022
aa61fdf
Give the Coverity scanner some more GCC blinders...
vathpela May 19, 2022
0214cd9
load_cert_file(): don't defererence NULL
vathpela May 18, 2022
1eca363
mok import: handle OOM case
vathpela May 18, 2022
75449bc
sbat: Make nth_sbat_field() honor the size limit
vathpela May 23, 2022
c0bcd04
shim-15.6~rc1
vathpela May 23, 2022
77144e5
SBAT Policy latest should be a one-shot
jsetje May 24, 2022
e99bdbb
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
chrisccoulson May 3, 2022
5a82d79
pe: Perform image verification earlier when loading grub
chrisccoulson May 3, 2022
80e34fc
Update advertised sbat generation number for shim
jsetje May 10, 2022
9a09faf
Update SBAT generation requirements for 05/24/22
jsetje May 10, 2022
159151b
Also avoid CVE-2022-28737 in verify_image()
vathpela May 3, 2022
8ee1e1c
shim-15.6~rc2
vathpela May 31, 2022
a674ede
sbat: add the parsed SBAT variable entries to the debug log
vathpela Jun 1, 2022
505cdb6
bump version to shim-15.6
vathpela Jun 1, 2022
0eb07e1
Make SBAT variable payload introspectable
chrisccoulson May 31, 2022
092c2b2
Reference MokListRT instead of MokList
esnowberg Jun 17, 2022
8b59b69
Add a link to the test plan in the readme.
vathpela Aug 4, 2022
4fd484e
Enable TDX measurement to RTMR register
kenplusplus May 22, 2022
14d6339
Discard load-options that start with a NUL
frozencemetery Aug 23, 2022
5c537b3
shim: Flush the memory region from i-cache before execution
Sep 6, 2022
2d4ebb5
load_cert_file: Fix stack issue
esnowberg Nov 2, 2022
ea4911c
load_cert_file: Use EFI RT memory function
esnowberg Nov 2, 2022
0cf43ac
Add -malign-double to IA32 compiler flags
nicholasbishop Oct 6, 2022
17f0233
pe: Fix image section entry-point validation
iokomin Oct 7, 2022
5169769
make-archive: Build reproducible tarball
julian-klode Nov 14, 2022
aa1b289
mok: remove MokListTrusted from PCR 7
baloo Oct 21, 2022
53509ea
CryptoPkg/BaseCryptLib: fix NULL dereference
Apr 25, 2019
616c566
More coverity modeling
vathpela Nov 15, 2022
ea0d0a5
Update shim's .sbat to sbat,3
vathpela Nov 15, 2022
dd8be98
Bump grub's sbat requirement to grub,3
vathpela Nov 16, 2022
1149161
Update version to 15.7
vathpela Nov 16, 2022
166700c
Revert "fallback: work around the issue of boot option creation with …
jprvita Apr 6, 2021
12bc68b
fallback: Clean-up duplicate boot entries
jprvita Dec 8, 2018
cf1d9c8
Make sbat_var.S parse right with buggy gcc/binutils
vathpela Dec 5, 2022
fc50918
Enable the NX compatibility flag by default.
vathpela Nov 17, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
SBAT.md: fix "will should"
Use the stronger "will" rather than "will should".  I'm not sure based on
what's there, but suspect "must" would be appropriate instead?

Signed-off-by: Serge Hallyn <[email protected]>
hallyn authored and vathpela committed Jul 15, 2021
commit 0f40cb0d08798ed7557887958b382a42253c715d
2 changes: 1 addition & 1 deletion SBAT.md
Original file line number Diff line number Diff line change
@@ -310,7 +310,7 @@ compromise.
The initial SBAT implementation will add SBAT metadata to Shim and GRUB and
enforce SBAT on all components labeled with it. Until a component (e.g. the
Linux kernel) gains SBAT metadata it can not be revoked via SBAT, but only by
revoking the keys signing that component. These keys will should live in
revoking the keys signing that component. These keys will live in
separate, product-specific signed PE files that contain **only** the
certificate and SBAT metadata for the key files. These key files can then be
revoked via SBAT in order to invalidate and replace a specific key. While