1. 10 Apr, 2018 2 commits
  2. 08 Apr, 2018 4 commits
    • Philipp Hahn's avatar
      Rename to shim-unsigned · c3a96c75
      Philipp Hahn authored
      as all EFI binaries are now unsigned. They are useless to any normal
      user as
      - shim is useless without being signed by an external UEFI CA.
      - mm and fb won't be loaded by shim as they are now no longer linked to
        corresponding shim by the ephemeral key any longer.
      c3a96c75
    • Philipp Hahn's avatar
      Disable ephemeral key · d4756479
      Philipp Hahn authored
      shim creates an ephemeral key, which gets embedded into shim and is used
      to sign the corresponding mok-manager (mm*.efi) and fall-back-manager
      (fb*.efi).
      This makes the build unreproducible.
      
      For Debian we will get those two binaries signed by our Debian-UEFI-CA,
      which is the primary (and only) key embedded in shim.
      d4756479
    • Philipp Hahn's avatar
      debian/control: Add build-dependency on libelf-dev · 6a2c14ad
      Philipp Hahn authored
      required for buildid
      6a2c14ad
    • Philipp Hahn's avatar
      debian/rules: fixing permissions no longer required · d23648d6
      Philipp Hahn authored
      as Makefiles used "install -m 0644" by now.
      d23648d6
  3. 07 Apr, 2018 12 commits
  4. 19 Dec, 2017 4 commits
  5. 29 Sep, 2017 4 commits
  6. 26 Sep, 2017 1 commit
    • Peter Jones's avatar
      Use iconv for UCS-2 encoding. · 23ce039c
      Peter Jones authored
      Cyphermox discovered that when you run this:
      
        ( printf "\xff\x00\xfe\x00" ; echo "shimx64.efi,foo,,This is the boot entry for foo" ) | sed -z 's/./&\x00/g'
      
      on some debian machines, printf(1) doesn't interpret the \x.. characters,
      and that results in this being the encoded text:
      
      00000000  5c 78 66 66 5c 78 66 65  73 00 68 00 69 00 6d 00  |\xff\xfes.h.i.m.|
      00000010  78 00 36 00 34 00 2e 00  65 00 66 00 69 00 2c 00  |x.6.4...e.f.i.,.|
      00000020  66 00 6f 00 6f 00 2c 00  2c 00 54 00 68 00 69 00  |f.o.o.,.,.T.h.i.|
      
      which... yeah, that's wrong.  So instead, use iconv instead of
      printf+sed to encode it in UCS-2.  Unfortunately, that means we don't
      get endian markers, because for some reason iconv(1) doesn't have any way
      to say it should include them.  But that's okay; fallback already
      handles not having them and just assumes the second byte being \x00
      means UCS-2LE.
      Signed-off-by: 's avatarPeter Jones <pjones@redhat.com>
      23ce039c
  7. 19 Sep, 2017 2 commits
  8. 14 Sep, 2017 2 commits
  9. 13 Sep, 2017 3 commits
  10. 08 Sep, 2017 5 commits
  11. 31 Aug, 2017 1 commit