• Peter Jones's avatar
    Harden shim against non-participating bootloaders. · cbef697a
    Peter Jones authored
    It works like this: during startup of shim, we hook into the system's
    ExitBootServices() and StartImage().  If the system's StartImage() is
    called, we automatically unhook, because we're chainloading to something
    the system can verify.
    
    When shim's verify is called, we record what kind of certificate the
    image was verified against.  If the call /succeeds/, we remove our
    hooks.
    
    If ExitBootServices() is called, we check how the bootloader verified
    whatever it is loading.  If it was verified by its hash, we unhook
    everything and call the system's EBS().  If it was verified by
    certificate, we check if it has called shim_verify().  If it has, we
    unhook everything and call the system's EBS()
    
    If the bootloader has not verified anything, and is itself verified by
    a certificate, we display a security violation warning and halt the
    machine.
    cbef697a
replacements.c 5.01 KB