Tags: jsetje/shim
Tags
shim 0.9
========
Gary Ching-Pang Lin (19):
Add nostdinc to the CFLAGS for lib
Update Cryptlib and openssl
Make the build failed with objcopy < 2.24
Support MOK blacklist
MokManager: show the hash list properly
MokManager: delete the hash properly
MokManager: Match all hashes in the list
MokManager: Write the hash list properly
Copy the MOK blacklist to a RT variable
Verify the EFI images with MOK blacklist
Make shim to check MokXAuth for MOKX reset
MokManager: calculate the variable size correctly
MokManager: fix the hash list counting in delete
MokManager: Support SHA1 hash in MOK
MokManager: fix the return value and type
MokManager: Add more key list safe checks
MokManager: Support SHA224, SHA384, and SHA512
MokManager: Discard the list contains an invalid signature
MokManager: fix comparison between signed and unsigned integer
Laszlo Ersek (1):
Fix length of allocated buffer for boot option comparison.
Matthew Garrett (1):
Explicitly request sysv-style ELF hash sections
Peter Jones (17):
Align the sections we're loading, and check for validity /after/ discarding.
Don't install our protocols if we're not in secure mode.
Make lib/ build right with the cflags it should be using...
Make lib/ use the right CFLAGS.
gcc 5.0 changes some include bits, so copy what arm does on x86.
Only run MokManager if asked or a security violation occurs.
Don't leave in_protocol==1 when shim_verify() isn't enforcing.
Ensure that apps launched by shim get correct BS->Exit() behavior
Fix console_print_box*() parameters.
MokManager: Nerf SHA-1 again for actual hashes and signatures.
Don't print anything or delay when start_image() succeeds.
More incorrect unsigned vs signed fixups from yours truly.
Add a conditional point for a debugger to attach.
Only be verbose the first time secure_mode() is called.
Make sure our build-id notes wind up at a reasonable place.
Improve our debuginfo path print
0.9
Richard W.M. Jones (1):
fallback: Fix comparison between signed and unsigned in debugging code.