1ac1ba5fd6
- Add mokutil-more-details-for-skipped-keys.patch to show the reason to skip the key - Add mokutil-check-secure-boot-support.patch to check whether the system supports Secure Boot or not OBS-URL: https://build.opensuse.org/request/show/227281 OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=20
165 lines
6.3 KiB
Diff
165 lines
6.3 KiB
Diff
From 98fe9bfda3bcf6c532d57e07e6ba25c350e7b7a1 Mon Sep 17 00:00:00 2001
|
|
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
Date: Thu, 13 Feb 2014 14:32:18 +0800
|
|
Subject: [PATCH 1/3] Be more verbose while skipping a key
|
|
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
---
|
|
src/mokutil.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index 1c32313..3655b92 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -1228,7 +1228,8 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
|
|
printf ("Removed %s from %s\n", files[i], reverse_req);
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
} else {
|
|
- printf ("Skip %s\n", files[i]);
|
|
+ printf ("%s is already enrolled or in %s request\n", files[i],
|
|
+ import?"an enrollment":"a deletion");
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
}
|
|
|
|
--
|
|
1.8.4.5
|
|
|
|
|
|
From 2e5560600b213e35e59d4a7923c01f8b9c095323 Mon Sep 17 00:00:00 2001
|
|
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
Date: Mon, 24 Mar 2014 14:48:53 +0800
|
|
Subject: [PATCH 2/3] Show more details when skipping a key
|
|
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
---
|
|
src/mokutil.c | 26 ++++++++++++++++++++++++--
|
|
1 file changed, 24 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index 3655b92..cd039f0 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -1111,6 +1111,29 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
|
|
return 0;
|
|
}
|
|
|
|
+static void
|
|
+print_skip_message (const char *filename, void *mok, uint32_t mok_size,
|
|
+ uint8_t import)
|
|
+{
|
|
+ if (import) {
|
|
+ if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
|
|
+ printf ("SKIP: %s is already in PK\n", filename);
|
|
+ else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
|
|
+ printf ("SKIP: %s is already in KEK\n", filename);
|
|
+ else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
|
|
+ printf ("SKIP: %s is already in db\n", filename);
|
|
+ else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
|
|
+ printf ("SKIP: %s is already enrolled\n", filename);
|
|
+ else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
|
|
+ printf ("SKIP: %s is already in the enrollement request\n", filename);
|
|
+ } else {
|
|
+ if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
|
|
+ printf ("SKIP: %s is not in MokList\n", filename);
|
|
+ else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
|
|
+ printf ("SKIP: %s is already in the deletion request\n", filename);
|
|
+ }
|
|
+}
|
|
+
|
|
static int
|
|
issue_mok_request (char **files, uint32_t total, MokRequest req,
|
|
const char *hash_file, const int root_pw)
|
|
@@ -1228,8 +1251,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
|
|
printf ("Removed %s from %s\n", files[i], reverse_req);
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
} else {
|
|
- printf ("%s is already enrolled or in %s request\n", files[i],
|
|
- import?"an enrollment":"a deletion");
|
|
+ print_skip_message (files[i], ptr, sizes[i], import);
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
}
|
|
|
|
--
|
|
1.8.4.5
|
|
|
|
|
|
From 19df75d89e636293c93686e1edd8529f4b68170e Mon Sep 17 00:00:00 2001
|
|
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
Date: Mon, 24 Mar 2014 16:27:06 +0800
|
|
Subject: [PATCH 3/3] Merge MokX for print_skip_message()
|
|
|
|
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
---
|
|
src/mokutil.c | 39 ++++++++++++++++++++++++++++-----------
|
|
1 file changed, 28 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index cd039f0..492dffc 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -1113,24 +1113,41 @@ in_pending_request (efi_guid_t type, void *data, uint32_t data_size,
|
|
|
|
static void
|
|
print_skip_message (const char *filename, void *mok, uint32_t mok_size,
|
|
- uint8_t import)
|
|
+ MokRequest req)
|
|
{
|
|
- if (import) {
|
|
- if (is_duplicate (mok, mok_size, "PK", EFI_GLOBAL_VARIABLE))
|
|
+ efi_guid_t type = EfiCertX509Guid;
|
|
+
|
|
+ switch (req) {
|
|
+ case ENROLL_MOK:
|
|
+ if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "PK"))
|
|
printf ("SKIP: %s is already in PK\n", filename);
|
|
- else if (is_duplicate (mok, mok_size, "KEK", EFI_GLOBAL_VARIABLE))
|
|
+ else if (is_duplicate (type, mok, mok_size, EFI_GLOBAL_VARIABLE, "KEK"))
|
|
printf ("SKIP: %s is already in KEK\n", filename);
|
|
- else if (is_duplicate (mok, mok_size, "db", EFI_IMAGE_SECURITY_DATABASE_GUID))
|
|
+ else if (is_duplicate (type, mok, mok_size, EFI_IMAGE_SECURITY_DATABASE_GUID, "db"))
|
|
printf ("SKIP: %s is already in db\n", filename);
|
|
- else if (is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
|
|
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
|
|
printf ("SKIP: %s is already enrolled\n", filename);
|
|
- else if (is_duplicate (mok, mok_size, "MokNew", SHIM_LOCK_GUID))
|
|
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokNew"))
|
|
printf ("SKIP: %s is already in the enrollement request\n", filename);
|
|
- } else {
|
|
- if (!is_duplicate (mok, mok_size, "MokListRT", SHIM_LOCK_GUID))
|
|
+ break;
|
|
+ case DELETE_MOK:
|
|
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListRT"))
|
|
printf ("SKIP: %s is not in MokList\n", filename);
|
|
- else if (is_duplicate (mok, mok_size, "MokDel", SHIM_LOCK_GUID))
|
|
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokDel"))
|
|
printf ("SKIP: %s is already in the deletion request\n", filename);
|
|
+ break;
|
|
+ case ENROLL_BLACKLIST:
|
|
+ if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
|
|
+ printf ("SKIP: %s is already in MokListX\n", filename);
|
|
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXNew"))
|
|
+ printf ("SKIP: %s is already in the MokX enrollment request\n", filename);
|
|
+ break;
|
|
+ case DELETE_BLACKLIST:
|
|
+ if (!is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokListXRT"))
|
|
+ printf ("SKIP: %s is not in MokListX\n", filename);
|
|
+ else if (is_duplicate (type, mok, mok_size, SHIM_LOCK_GUID, "MokXDel"))
|
|
+ printf ("SKIP: %s is already in the MokX deletion request\n", filename);
|
|
+ break;
|
|
}
|
|
}
|
|
|
|
@@ -1251,7 +1268,7 @@ issue_mok_request (char **files, uint32_t total, MokRequest req,
|
|
printf ("Removed %s from %s\n", files[i], reverse_req);
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
} else {
|
|
- print_skip_message (files[i], ptr, sizes[i], import);
|
|
+ print_skip_message (files[i], ptr, sizes[i], req);
|
|
ptr -= sizeof(EFI_SIGNATURE_LIST) + sizeof(efi_guid_t);
|
|
}
|
|
|
|
--
|
|
1.8.4.5
|
|
|