shim 0.9 ======== Gary Ching-Pang Lin (19): Add nostdinc to the CFLAGS for lib Update Cryptlib and openssl Make the build failed with objcopy < 2.24 Support MOK blacklist MokManager: show the hash list properly MokManager: delete the hash properly MokManager: Match all hashes in the list MokManager: Write the hash list properly Copy the MOK blacklist to a RT variable Verify the EFI images with MOK blacklist Make shim to check MokXAuth for MOKX reset MokManager: calculate the variable size correctly MokManager: fix the hash list counting in delete MokManager: Support SHA1 hash in MOK MokManager: fix the return value and type MokManager: Add more key list safe checks MokManager: Support SHA224, SHA384, and SHA512 MokManager: Discard the list contains an invalid signature MokManager: fix comparison between signed and unsigned integer Laszlo Ersek (1): Fix length of allocated buffer for boot option comparison. Matthew Garrett (1): Explicitly request sysv-style ELF hash sections Peter Jones (17): Align the sections we're loading, and check for validity /after/ discarding. Don't install our protocols if we're not in secure mode. Make lib/ build right with the cflags it should be using... Make lib/ use the right CFLAGS. gcc 5.0 changes some include bits, so copy what arm does on x86. Only run MokManager if asked or a security violation occurs. Don't leave in_protocol==1 when shim_verify() isn't enforcing. Ensure that apps launched by shim get correct BS->Exit() behavior Fix console_print_box*() parameters. MokManager: Nerf SHA-1 again for actual hashes and signatures. Don't print anything or delay when start_image() succeeds. More incorrect unsigned vs signed fixups from yours truly. Add a conditional point for a debugger to attach. Only be verbose the first time secure_mode() is called. Make sure our build-id notes wind up at a reasonable place. Improve our debuginfo path print 0.9 Richard W.M. Jones (1): fallback: Fix comparison between signed and unsigned in debugging code.