Google Git
Sign in
kernel / pub / scm / linux / kernel / git / jejb / efitools / 491059569251cb86c3ea8d62ada0331b8c274725
commit491059569251cb86c3ea8d62ada0331b8c274725[log] [tgz]
authorJames Bottomley <James.Bottomley@HansenPartnership.com>Tue Feb 23 16:56:07 2016 -0800
committerJames Bottomley <James.Bottomley@HansenPartnership.com>Tue Feb 23 16:56:07 2016 -0800
treede3a36d51641a8c3e423d8e997814a611566f4d1
parent58e7a21b04e53faf0499fb826b1f14b22894e722 [diff]
ShimReplace: add new shim loader simply to install protocol

The way grub currently works on Linux is that it relies on the shim
protocol to verify images.  Without this, the secure boot chain is
broken.  Fix this by adding a shim replacement whose sole job is to
install the protocol and call the boot loader via the normal fashion
(meaning the bootloader must be signed with a key in the secure boot
database).  The second stage loader can then use the protocol to
verify any images against the secure boot database as well.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2 files changed
tree: de3a36d51641a8c3e423d8e997814a611566f4d1
  1. doc/
  2. include/
  3. lib/
  4. .gitignore
  5. cert-to-efi-hash-list.c
  6. cert-to-efi-sig-list.c
  7. COPYING
  8. efi-keytool.c
  9. efi-readvar.c
  10. efi-updatevar.c
  11. flash-var.c
  12. hash-to-efi-sig-list.c
  13. HashTool.c
  14. HelloWorld.c
  15. KeyTool.c
  16. Loader.c
  17. LockDown.c
  18. Make.rules
  19. Makefile
  20. mkusb.sh
  21. ms-kek.crt
  22. ms-uefi.crt
  23. PreLoader.c
  24. README
  25. ReadVars.c
  26. SetNull.c
  27. ShimReplace.c
  28. sig-list-to-certs.c
  29. sign-efi-sig-list.c
  30. UpdateVars.c
  31. xxdi.pl